Transcript: Sen. Jeff Flake’s Q&A with Robert Litt and Brad Wiegmann on the Surveillance Transparency Act – Nov. 13, 2013

Partial transcript of Sen. Jeff Flake’s (R-Arizona) Q&A with Robert Litt, General Counsel at the Office of the Director of National Intelligence, and Brad Wiegmann, Deputy Assistant Attorney General, National Security Division, on the Surveillance Transparency Act of 2013. The Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing was held on Nov. 13, 2013:

Sen. Jeff Flake (R-Arizona):
…Mr. Litt, if you could kind of drill down a bit in terms of increased manpower and what it would take to actually make some determination of the percentage of individuals who are U.S. citizens who are surveilled. What would that look like without revealing more than you need to reveal here? What would that take to actually go through and determine what percentage?

Robert Litt, General Counsel at the Office of the Director of National Intelligence:
So I can offer, actually, an example in that regard. The Chairman made reference to the FISA court opinion that we’ve released from 2011, which involved a compliance violation under the collection interception 702. And in connection with that, NSA did do a statistical sample to try to determine how many wholly domestic communication may have been intercepted through one portion of this collection. And they did a statistical sample where they reviewed, I think, approximately 50,000 communications, which was a very small percentage of that. My understanding is that it took a number of NSA analysts about 2 months to do that and that even in that regard, there were a number of instances where they simply couldn’t come up with the right necessary information, that the actual information was in a wide – ended up with numbers in a wide range based on a lot of assumptions. And the last point I want to make on that is that was actually an easier task than the one that’s being asked here because they were looking for a wholly domestic communication, which means that anytime they found a communication where there was one non-U.S. person, they could immediately throw it out and not look any further. So they never actually go through and look at every single party to every single communication to determine whether or not it was a U.S. person. So I think that that example gives a sense of the resource intensiveness that would be required and the difficulty even if you apply all those resources in coming up with reliable numbers at the end of the process.

Sen. Jeff Flake (R-Arizona):
So you’d maintain that it would take – it would probably lead a lot of resources away from the main task just to comply with this provision?

Robert Litt, General Counsel at the Office of the Director of National Intelligence:
Yeah, I think those 1,000 mathematicians have other things they can be doing in protecting the nation rather than go through and count U.S. persons.

Sen. Jeff Flake (R-Arizona):
In your testimony, you mentioned that it may have a greater impact on privacy to actually have to drill down and determine who is a U.S. person and who is not. What level of detail do you typically have to have – have to run search of what other communications have come to this person and whatever else, and those are the things that you kind of explain by what you mean by saying that you impact more on people’s privacy by drilling down and complying with this law than are currently out there.

Robert Litt, General Counsel at the Office of the Director of National Intelligence:
Yeah, that’s exactly right. NSA’s mission is to collect foreign intelligence. They’re looking for the foreign side of things and it’s not what they ordinarily do to go out and try to find U.S. persons and so if you impose upon them some sort of obligation to identify U.S. persons, they’re going to take an email address that may be Joe@hotmail.com and they’re going to have to dig down and say “What else can we find out about Joe@hotmail.com?” And that’s going to require learning more about that person than NSA otherwise would learn.

Sen. Jeff Flake (R-Arizona):
Mr. Wiegmann, when we allowed the companies out there – Google and others – to reveal more than they were able to reveal before, Google has procedures that they follow. What other companies have taken advantage of the opportunity they have to reveal more information about what is surveilled and what is not? Are they all? Is it universal? All of them are taking advantage of this or some of them or what?

Brad Wiegmann, Deputy Assistant Attorney General, National Security Division:
I’d have to get back to you and give you the list of companies. I believe Microsoft has issued a transparency report about with certain data. Facebook, I believe. I’d have to give you the complete list. I don’t want to give you the wrong list of companies here but I could give you the information about which ones have taken advantage of the government’s offer thus far.

Sen. Jeff Flake (R-Arizona):
I’m sure we’ll learn in the next panel. But is it your understanding – how universal is the request for the ability to give broader information or more information about what is being surveilled, what is being collected, whatever else?

Brad Wiegmann, Deputy Assistant Attorney General, National Security Division:
I think it’s fair to say a lot of the major Internet service providers do want to provide more information about their – how their users are affected by government surveillance. A number of them in the initial stages of this in the wake of the initial Snowden unauthorized disclosures came to us and so we worked with them to [come up with] the proposal that Bob described, which was that we would release the aggregate number of law enforcement plus national security demands in the aggregate for those companies. I think they found that useful at the time because they put out press statements and so forth saying – identifying those numbers and showing that that was a tiny fraction. I think in most cases, less than 1 in 10,000, there are 1 in 100,000 of their user base was affected by not only the national security demands but also the law enforcement demands together. So whether you slice out the national security or whether you include the law enforcement, it’s a tiny, tiny fraction of their total user accounts and that’s what they wanted to be able to show, as Sen. Franken said, to debunk the idea that we’re engaged in some kind of dragnet surveillance whereby we’re getting access to all of their users. And in fact, the opposite is true. It’s a tiny, tiny number and they’re able to do that with the disclosures that we authorized at that time.

Sen. Jeff Flake (R-Arizona):
Thank you. Mr. Litt, getting back to what we talked about before, in order to comply with provisions in this legislation, would you sometimes require more of the companies in terms of trying to follow down and drill down on how many U.S. persons were affected here? Might there be additional concerns from the private providers that we’re – might they be more uncomfortable with additional requests to try to determine – and we already have minimization procedures that apply in order to exclude U.S. persons but this would seem to be a lot more drilling down as you mentioned before. What concerns do others have about this and should they be concerned about more intrusiveness on the part of the government to determine who is U.S. person and who is not just for the purpose of complying with the act?

Robert Litt, General Counsel at the Office of the Director of National Intelligence:
Well, I do think people should be concerned about the greater intrusiveness. I’m not sure technically whether it would require any more of the companies or not. I think more likely NSA would simply rely on its own internal resources rather than – because they’d need some additional authority to go back to the companies to get subscriber information or whatever. So I’m not sure it would impose an additional burden on the companies, which does not in any way mitigate the intrusion on the individual.

Sen. Jeff Flake (R-Arizona):
But you don’t anticipate having to go back to the companies and say we need additional information in order to determine or to comply with the law.

Robert Litt, General Counsel at the Office of the Director of National Intelligence:
I guess I wouldn’t say that I don’t anticipate it but I’m not sure that it would happen or that frankly that there would be a way we would do it legally to get that information from companies.

###

Learn More: