Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, and Director of National Intelligence James R. Clapper Jr. discussed a NSA-managed classified intelligence program, at a hearing before the Senate Select Committee on Intelligence.
The program is one of two made public by a security leak in June.
Joining Alexander and Clapper was Deputy Attorney General James Cole. All were called to testify about both programs leaked to the press by former NSA systems administrator Edward Snowden — Section 215 of the Patriot Act, also known as NSA’s 215 business records program, and Section 702 of the Foreign Intelligence Surveillance Act, or FISA.
In the months since the leaks, media reports have said the programs involve secret surveillance by NSA of phone calls and online activities of U.S. citizens, and revealed unauthorized disclosures of information by NSA, generating distrust of the agency and calls for an end to the programs.
Section 702 of FISA and Section 215 of the Patriot Act both were authorized by the Foreign Intelligence Surveillance Act, first approved by Congress in 1978.
Section 702 authorizes access, under court oversight, to records and other items belonging to foreign targets located outside the United States. Section 215 broadens FISA to allow the FBI director or other high-ranking officials there to apply for orders to examine telephone metadata to help with terrorism investigations.
In 2012, these programs resulted in the examination of fewer than 300 selectors, or phone numbers, in the NSA database, Alexander said during a congressional hearing in July.
In his remarks, Cole described the 215 program, explaining that it involves collecting only metadata from telephone calls.
“What is collected as metadata is quite limited…It is the number a telephone calls…It doesn’t include the name of the person called,” Cole said. “It doesn’t include the location of the person called. It doesn’t include any content of that communication. It doesn’t include financial information … It is just the number that was called, the date and the length of the call.”
“If you want any additional information beyond that, you would have to go and get other legal processes to find that information and acquire it.”
Such metadata can only be looked at when there is a reasonable, articulable suspicion for a specific phone number to be queried in the database, Cole said.
“Otherwise,” he said, “we do not and cannot just roam through this database looking for whatever connections we may think are interesting or in any way look at it beyond the restrictions in the court order.”
Only a small number of analysts can make such a determination, and that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes, Cole added.
The program is conducted according to authorization by the FISA Court, which must reapprove the program every 90 days.
“Since the court originally authorized this program in 2006, it has been reapproved on 34 separate occasions by 14 individual Article Three judges of the FISA Court,” Cole said. “Each reapproval indicates the court’s conclusion that the collection was permissible under Section 215 and satisfied all constitutional requirements.”
Article Three of the U.S. Constitution establishes the judicial branch of the federal government.
Oversight of the 215 program involves all three branches of government, including the FISA Court and the Intelligence and Judiciary Committees of both houses of Congress, Cole said. Every 90 days, the Department of Justice reviews a sample of NSA’s queries to determine whether the reasonable articulable requirement has been met.
DOJ lawyers meet every 90 days with NSA operators and with the NSA inspector general to discuss the program’s operation and any compliance issues that may arise, Cole explained.
With respect to Congress, “we have reported any significant compliance problems, such as those uncovered in 2009, to the Intelligence and Judiciary Committees of both houses,” he said.
“Those documents have since been declassified and released by the DNI to give the public a better understanding of how the government and the FISA court respond to compliance problems once they’re identified,” Cole said.
In his testimony, Alexander told the panel that NSA’s implementation of Section 215 of the Patriot Act focuses on defending the homeland by linking foreign and domestic threats.
Section 702 of FISA focuses on acquiring foreign intelligence, he said, including critical information concerning international terrorist organizations, by targeting non-U.S. persons who are reasonably believed to be outside the United States.
NSA also operates under other sections of the FISA statute in accordance with the law’s provisions, Alexander said.
“To target a U.S. person anywhere in the world, under the FISA statute we are required to obtain a court order based on a probable cause showing that the prospective target of the surveillance is a foreign power or agent of a foreign power,” he said.
“As I have said before, these authorities and capabilities are powerful,” Alexander said. “We take our responsibility seriously.”
NSA stood up a directorate of compliance in 2009 and regularly trains the entire workforce in privacy protections and the proper use of capabilities, he said.
“We do make mistakes,” Alexander noted.
“Compliance incidents, with very rare exceptions, are unintentional and reflect the sorts of errors that occur in any complex system of technical activity,” he said.
The press has claimed evidence of thousands of privacy violations but that is false and misleading, Alexander said.
“According to NSA’s independent inspector general, there have been only 12 substantiated cases of willful violation over 10 years. Essentially one per year,” he said. “Several of these cases were referred to the Department of Justice for potential prosecution, and appropriate disciplinary action in other cases. We hold ourselves accountable every day.”
Of 2,776 violations noted in the press, he said, about 75 percent were not violations of court-approved procedures but rather were NSA’s detection of valid foreign targets that traveled to the United States. The targets are called roamers and failure to stop collecting on them as soon as they enter the United States from a foreign country is considered a violation that must be reported.
“NSA has a privacy compliance program that any leader of a large, complex organization would be proud of,” Alexander said. “We welcome an ongoing discussion about how the public can, going forward, have increased information about NSA’s compliance program and its compliance posture, much the same way all three branches of the government have today.”
NSA’s programs have contributed to understanding and disrupting 54 terrorism-related events, Alexander told the panel, with 25 in Europe, 11 in Asia, five in Africa, and 13 in the United States.
“This was no accident. This was not coincidence. These are the direct results of a dedicated workforce, appropriate policy, and well-scoped authorities created in the wake of 9/11, to make sure 9/11 never happens again,” Alexander said.
In the week ending 23 Sept., he said, there were 972 terrorism-related deaths in Kenya, Pakistan, Afghanistan, Syria, Yemen and Iraq. Another 1,030 people were injured in the same countries.
“The programs I’ve been talking about — we need these programs to protect this nation, to ensure that we don’t have those same statistics here,” Alexander said.
With respect to reforms, he said, on Aug. 9 President Barack Obama laid out specific steps to increase the confidence of the American people in the NSA foreign intelligence collection programs.
“We are always looking for ways to better protect privacy and security,” Alexander said. “We have improved over time our ability to reconcile our technology with our operations and with the rules and authorities. We will continue to do so as we go forward and strive to improve how we protect the American people, their privacy and their security.”
In his remarks to the panel, Clapper said that over past 3 months he’s declassified and publicly released a series of documents related to Section 215 Section 702.
“We did that to facilitate informed public debate about the important intelligence collection programs,” he said. “We felt in the light of the unauthorized disclosures, the public interest in these documents far outweigh the potential additional damage to national security. These documents [allow them to] see the seriousness, thoroughness and rigor with which the FISA Court exercises its responsibilities.”
Even in these documents, Clapper said, officials had to redact some information to protect sensitive sources and methods such as particular targets of surveillance.
“We’ll continue to declassify more documents. It’s what the American people want,” he said. “It’s what the president has asked us to do. And I personally believe it’s the only way we can reassure our citizens that the intelligence community is using its tools and authorities appropriately.”
But, Clapper said, “we also have to remain mindful of potentially negative long-term impact of over-correcting to the authorizations granted to the intelligence community.”
Clapper added, “As Americans we face an unending array of threats to our way of life — more than I’ve seen in my 50 years in intelligence. We need to sustain our ability to detect these threats. We welcome a balanced discussion about civil liberties but it’s not an either-or situation. We need to continue to protect both.”
Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense of this website or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.