 Good morning, welcome to CSIS's shiny new building and we're pleased that it's finally up and running and I'm glad you could be here for this panel which will be on surveillance and legislation post-Snowden. I'm not going to talk much more after this. The moderator is Ellen Nakashima. She will introduce people. The chairman of our board, however, has asked me to make an announcement about a hashtag. What am I supposed to say? That's CSIS GSF 2013. So there you go. Oh, up there. Thank you. But so I've done my duty here now and with that, let me, thanks for coming, let me turn it over to Ellen. Hello, I just want to first of all thank CSIS for hosting this conference today. It's a great honor to be here and the topic could not be more timely. I recently heard from a colleague who is talking to a senior White House official that equipped before 9-11, intelligence officers used to get criticized for not knowing enough. Now they get criticized for knowing too much. The public's concerns about the national security agency have surfaced only recently thanks to the actions of a former NSA analyst, Edward Snowden. Whatever you might think about the merits of his actions, Edward Snowden has single-handedly upended the system. He has provoked a national and international debate about whether the surveillance activities of the world's most technologically advanced spy agency have gone too far. As President Obama has said, just because you can do it doesn't mean you should. So now we find ourselves confronted with questions that just six months ago would have seemed unthinkable. Should we extend privacy rights to foreigners in overseas surveillance? Should we put a public advocate on the Foreign Intelligence Surveillance Court? Can we even, as the title of our panel rightfully asks, reach a surveillance consensus post Snowden? And if so, what would it look like? Well, we're not going to get to the answers to all those questions here in the next hour or so. But we're lucky to have five of the most highly qualified congressional and public policy experts here to help us think through some of them. So in the interest of maximizing our time for discussion and Q&A, I'm going to just briefly introduce the panelists, and then we'll launch into our discussion. I'm going to start the far end. We have Sean Park, the general counsel for the Senate Judiciary Committee led by Patrick Leahy of Vermont. Next to him is Jim Lewis, senior fellow and director of the Public Policy and Technology Program at CSIS. And Jim's extensive experience in government and out, he was in the State Department in commerce and Clinton years out there, Jim, have made him a go-to guy in these public policy issues. Next to him we have David Granis, staff director of the Senate's Committee on Intelligence led by Senator Dianne Feinstein of California. And then Liza Goitin. Liza, I want to make sure I get your title right. You are the co-director of the Brennan Center for Justice, Liberty and National Security Program and former counsel to Senator Russ Feingold. And we have here Darren Dick, who is David's counterpart on the House Permanent Select Committee on Intelligence, which is led by Congressman Mike Rogers of Michigan. So we have a great panel here and I just want to dive right in. So this is the age of Edward Snowden, where program secrecy cannot be assured and public trust in Congress' ability to serve as a check on agency excesses has diminished. My question to you all is, has the current oversight system failed? Do we need a better structure than the ones set up in the 1970s that use Congress as a proxy for full public oversight to protect the secrecy of surveillance programs? And so what types of reform would be helpful? Jump all, but Darren, do you want to start with that? Sure. First of all, good morning and thank you, Ellen, for the question. Your question has the current oversight structure failed? I would say no. The structure hasn't failed at all. In fact, I think what's interesting about the Snowden leaks and the programs that have been revealed by the leaks is that in not a single instance has the NSA or any of the other agencies in the intelligence community had to run up to the committee and say, oh, that's something we didn't tell you about. In not one instance has there been a revelation about an activity of the intelligence community that the committee has not been informed of. In fact, the only illegal act that has been unveiled by the Snowden leaks is the illegal act on the part of Mr. Snowden himself. So I would say that the oversight structure has not failed. And I think it's important to keep in mind, you know, I've read and I've seen allusions to Church and Pike and a need for new investigatory committees or panels, but what Snowden has revealed are a set of authorized, approved, and overseen programs that occur in the context that's very different than the programs that were revealed in the times of the Church and Pike Commission. I mean, now we have both the House and the Senate Intelligence Committees, the programs most of interest in the Snowden leaks, the 215 and the 702 programs are also overseen by the Judiciary Committees. These programs are overseen by Inspectors General, the Department of Justice plays a role in these programs. So it's a very different construct. And it's a very, very different set of facts here than those facts that were present when Church and Pike were on the panel. Sean, did you, Sean, and then Liza, okay. Sorry, sorry, Liza, just to jump in on this. Just to piggyback, I do, I do agree that there is congressional oversight there. The Intelligence Committees obviously have a central role in this. I do think to your question though, Ellen. Nothing didn't go perfectly right if you've got members of Congress, you know, for better or for worse, saying that they were not aware of certain things that were going on or certain legal interpretations that may have been handed down by the FISA court. So we can talk about where things may have gone wrong or what the gaps may be that need to be filled. But I think there has to be some reassessment as to what the oversight structure is, how things should actually occur, and the role of the IGs. I agree with what Darren is saying. The IGs are empowered to a certain extent to have oversight over 702 and 215. That's part of why Senator Leahy and others have pushed for IG reports, both for 215 and 702. I think last year, for example, for the FISA Memmage Act, one of the parts of the bill which had bipartisan support, including from Senator Feinstein, was to have a comprehensive look at the 702 program. By the ICIG, the Intelligence Committee Inspector General. But none of that has ever happened, and unfortunately that didn't get passed, because folks decided to go for a straight reauthorization to 2017. Just as a quick interjection, do you want to briefly describe for people who might be watching this what 215 and 702 are two of the biggest or most comprehensive surveillance plans? Yeah, I mean, again, I'm happy to be corrected by the folks from the Intel Committee, but I mean, I think just in terms of the kind of bullet points, 215 is a telephony metadata program. It's a well-collection of telephone metadata here domestically, and then 702's internet content collected overseas or targeting foreigners overseas. And that's also a well-collection program. I think part of what I wanted to interject, though, is that in terms of the oversight, there is a role for Congress to play, but there are also roles that the independent Specter General can play, a role for the FISA court to play as well. And I think that's part of why we're also thinking that their structure and their role can be enhanced by having a special advocate and somebody can provide an independent perspective. Okay. Thank you. David? And then the FISA. Yeah, let me, my first thank you, thank you, Ellen, thank you CSIS. I'll try to be as forthcoming as I can today, subject to all of the usual limitations, but I'll be expressing my views and no one else's. Let me take a step back from your question about intelligence oversight. I mean, fundamentally what we're doing here is talking about ways to put checks and balances on executive branch programs that are done in secret by necessity in order to prevent the people who we are trying to collect information on from knowing that and evading that collection in order to do things like counter terrorist threats, prevent cyber attacks, prevent proliferation of weapons of mass destruction, and collect generally foreign intelligence that our nation's leaders need in order to make good decisions. So how do you do that with checks to make sure that things are done properly, legally in a cost effective manner and in keeping with sort of our nation's values? And the committees that were set up in the late 70s have been doing that continuously at times have been fits and starts, but I think that the committees right now are filled with members who are interested in the performance of their mission even though it's something that they cannot talk about back home, it doesn't bring them additional funding for bridges or anything else like that, it is sitting behind closed doors listening to testimony from intelligence officials about what they're doing. That takes place in the context of inspectors general who do the same or a similar mission from inside the agencies, the Department of Justice who in the programs that John outlined briefly conduct reviews every 30 or 60 or 90 days depending on the nature of it, a FISA court in the case of collection under the foreign intelligence surveillance act that has been shown through some of the authorized and unauthorized disclosures of this program to be enormously involved and to be more than willing to find fault where they believe it is to be found and take action in consultation. So I think the question is not simply do the oversight mechanisms work, it's what can be done to enhance them and to add some amount of understanding about what these committees do and the other oversight mechanisms in place do without necessarily getting into the substance in all parts. So I think both the House Intelligence Committee and we put out reports to the extent we can detailing what we've been doing. There are certainly a number of very capable national security reporters in this town and others who certainly know where we are and contact us on a regular basis as well as a number of other mechanisms. So are we open to ways to change that? Would we like more people in order to help carry out that mission? Absolutely. But does the structure fundamentally need to be changed? I don't think so. Okay. Liza, did you want to respond to some of that or? That is true as far as it goes. I mean, yes, there is oversight by the Foreign Intelligence Surveillance Court. Yes, there's oversight by committees of Congress. Yes, there are multiple levels of internal review. All of that is true. On paper, it looks good. In practice, it's pretty clear it didn't work. I say that, I mean, the main reason I say that stems from something I think we're not going to all agree on, which is that to me there are at least two programs that we know of, the bulk collection of telephone metadata and the backdoor searches for Americans' information within pools of communications content that were acquired without a warrant. These two programs to me can only be described as legal by the most creative and contorted possible interpretation of the law. And the fact that this got through the Foreign Intelligence Surveillance Court on multiple occasions, the fact that it got passed the intelligence committees and anybody else in Congress who is paying attention to me shows that those oversight bodies were not doing their jobs and that something needs to be done in order to enhance their ability to engage in more effective oversight. Now you don't have to agree with me that these programs were illegal to see the problems that happen in oversight. Whether people support or oppose the bulk collection of telephonic metadata, I haven't seen a single person, I haven't talked to a single lawyer who read the FISA Court's 2013 opinion justifying bulk collection of metadata who didn't say this is one of the worst reasoned, least supported legal opinions I've ever seen from a judge. It was a results-oriented decision. It was not conscientious legal reasoning. There are strong arguments a person could make for the legality of bulk metadata. I think they're wrong, but those arguments were not really even made in this opinion. Aside from that, we had the FISA Court, I mean that was one opinion by one judge, but we also have had several public statements by judges on the FISA Court saying we have no ability to police the NSA's compliance with our orders, we are entirely reliant on what the NSA tells us, chooses to tell us about what it's doing, and on top of that then we have at least two now public FISA Court opinions in which the Court says the government has repeatedly misrepresented to the Court major, not deliberately, not deliberately as far as we know, not deliberately, but on several occasions a pattern of serious misrepresentation about systemic non-compliance over collection of information, yes it was reported, yes it was corrected, but then it happened again and again and again, so something is not working with that part of the oversight. When you talk about the congressional oversight, we have members of Congress who said, I never knew about this, okay maybe in theory it was somehow made available to them, I was a judiciary committee staffer for a while, I have some sense of what it means when the intelligence committees or the executive branch even makes information available to members of Congress who are not part of the intelligence committees, it is not a user friendly process, it is not designed to educate members of Congress in any sort of meaningful way, the memos about bulk collection that were made available to members of Congress that were written by the executive branch have been made public, they don't include any of the substantive information about some of the non-compliance incidents, if you read the description of the compliance problems in those memos and you compare it with the FISA court's opinions describing the non-compliance issues, you would think you were reading about two different agencies and two different programs, so when you look beyond the sort of nice words of yes there's oversight by the FISA court, yes there's oversight by Congress, you look at what actually happened, you look at the details, this system has broken down, the oversight system has broken down and needs reform and finally, very quickly, if you think that these programs are perfectly legal then that only underscores the next thing I'm about to say which I think would be a mistake to focus too much on solely this question of oversight at the expense of substantive authorities, oversight is a means to an end, it's a way to determine whether the law is being faithfully followed and if the law itself doesn't have the right privacy protections, you know, allows the government to collect too much information with too little justification, all the oversight in the world isn't going to cure that problem. You've raised a host of, I'm sorry, important points there, Liza, that I think would be important for the panelists to engage on, so I will ask a question but also let you respond to any of the points Liza made if you could, hopefully by answering my question. So how much of an overhaul do you really think we need in terms of, in domestic surveillance, in particular with regards to perhaps the program that really set off this whole controversy or fewer in the first place which is the bulk telephone metadata records collection that Liza was talking about where, in fact, the FISA court did have some serious concerns with it but these decisions were not made public and as Liza noted that their issues with the non-compliance were not captured in any of the memos that were shared with Congress, so does this also point to the need for more reform in terms of substantive reforms of authorities and Jim, feel free as well. Let me start, Liza, I think you need to hit your button. Okay, a couple quick points. First, I don't like what you read in the press because I think it's mainly spin, right? There's a lot of detail there but it's being spun in a way that paints a very negative portrayal of U.S. activities and there's an intent there certainly from the people acting overseas and so when I read this stuff in the press it's not a good way to base your debate and a lot of it is the intent of the people who work at MSA. Just, it makes me really unhappy to see these misrepresentations. Second, I think the oversight system works great where its needs reform is probably on transparency. There's a lot that we haven't adjusted, this has been a debate going on since the end of the Cold War, why do we keep so much secret? A lot of the stuff that's come out could have been discussed in a public way without compromising operational effectiveness. The question people aren't asking and probably because it's too hard is how much is enough and so if you were a consumer of this intelligence you might very well say to yourself, I really didn't need this, I could get the same thing with a subscription to the financial times. We aren't having that debate. I mean, that's an important one. It's one that makes me nervous about the idea of what I'm going to call the breakmeister. Somebody whose job is to step on the brakes on the FISA court. This is part of the problem we had before 9-11. So that sort of procedural mechanical fix makes me uncomfortable. I'd rather have the larger discussion of what we need. Finally, we could think of an alternate tool set not based on massive data collection and retention that could possibly provide the same security benefits but to assemble that alternate tool set to technical discussion and it could easily take two or three years. So what are we going to do? So I'd say more transparency. Think about research and how to do this a little less intrusively and maybe avoid procedural approaches that are just going to make us a little more vulnerable. OK. I'll let David go for it. Thanks, Ellen. So first, I agree on the need to discuss transparency. I think that's right and it's a difficult balance to strike and it's probably easier to see in the big picture than it is on any case-by-case basis. Let me also agree with one thing my colleague said, which is that I think we're not going to agree on a lot of these things. I think from there you can have some disagreements, but let's start with a couple of them. On the programs you mentioned that were reauthorized multiple times in the last part of the last decade and beginning of this one, Congress acted to reauthorize both the Section 215 phone metadata program and the Section 702 surveillance of non-Americans overseas, both under a system of court checks. I can't speak for the House Committee. I believe it's the same. But in the Senate Intelligence Committee, which shares jurisdiction over these matters with the Judiciary Committee, there were informed debates. Amendments raised on both of the issues you mentioned, the use of searches of 702 data, and the collection of metadata in large amount. By and large, the result of those amendments were 12 to 3 or 13 to 2. Now, we can have a disagreement over where we think the line should have been drawn or what the Congress should authorize and how much security is too much and how much privacy is enough. But the fact is that there was an informed debate. In our case, it was done behind closed doors because when we debate legislation of classified matters, the details matter. And so you have to get in and say, in this case, this information was gathered in this way, and here's how it was used, and here's how it stopped something, or the Congress. The Judiciary Committee also had briefings on the subject. There were briefings available for all members of the Senate. There was a white paper circulated. There were multiple opportunities, including, in fact, as the debate on the floor was taking place to reauthorize this legislation, General Alexander and Director Mueller and DNI Clapper were standing in a room off the floor. So if members had questions, they were there to answer them. Now, contrary to a couple of things that were said, there were compliance incidents noted in the white paper, and they were elaborated upon to anyone who wanted to ask about them. Now, there is a limit on how much any one member of Congress can master every single matter that becomes before Congress for a vote. And that's an inherent shortcoming of the system. You're not going to change that. In the Senate case, 100 senators who are acting on everything from environmental policy to health care to discrimination based on sexual orientation is the topic for today, all the way through the collection of records under highly complicated systems. Now, that's why we've got committees, and that's why committees focus on the subject matters in their jurisdiction. And they have staff who come from the Congress, who come from the executive branch or who are lawyers from the private practice to look at all of this. And you've got committee votes and the committees make recommendations to the full body. That's how it works across the system. Now, again, I'm completely open to saying that it can be done better. Alan, to your point briefly, where should the line be drawn? Should it be adjusted? Especially on the program you mentioned about phone metadata. Our committee voted on a bill last week, which means I can talk about it, which I couldn't get a panel last week, to make a number of changes, to codify a series of protections and to add new ones. So for the first time, if our bill would become locked, you would have the FISA court getting to review every single determination within a prompt period of time when a phone number is believed to have a reasonable, articulable suspicion to be associated with terrorism. If the court says no, then they can erase all of the results from that query. I doubt that will happen, because like the case that's been built up over the past 30 years, the government is extremely careful in its exercise of these authorities. The reason that so many applications are approved by the FISA court is because they are scrubbed at every level from the operator to the NSA attorney or an FBI attorney up through the Department of Justice, and they don't like to lose, and they don't want to do anything that is going to violate the trust of the court, so they make sure that they've got a belt and suspenders for every single application they put through. But the FISA court will take a look at it and send it back. There will be additional information put out in public. There will be additional checks on the flexibility for the use, which will roll back its operational flexibility and effectiveness, but in the mind of our members anyway, it is appropriate to sacrifice the last five or 10% of effectiveness in order to gain additional trust in the system and make sure that it is supported within the Congress as well as in the public. That's a perfect lead into you, Sean, since your committee also is working on a bill that would, in stark contrast to the Senate Intelligence Committee's approach, would actually end bulk collection. Right, right, there's a significant area of disagreement. Let me, if I can, jump back though, I think to the title of the panel, consensus. I think there is consensus. I think we are hearing and we've heard that there is consensus when it comes to folks wanting there to be transparency. Strong, vigorous oversight by the Congressional committees as well as by the FISA court. I think those are areas where Senator Feinstein, Senator Leahy have in the past and I think will continue to work together to try and build that up. There may be disagreements as to how far to go on some of these issues, but I think particularly on the Inspector Generals, that's something where we have not seen comprehensive Inspector General reports. I know there's language in the statutes about that, but we really haven't seen the reports come out that are adequate and I think that's something to push on. I want to comment on something that Jim said though in terms of the spin that we're allegedly hearing from reporters and from others. I don't disagree that there are certainly folks who are writing columns or reports out there that may have their own spin on things. President Cummings accepted obviously, but I don't think it's also accurate to somehow leave folks with the impression that the NSA or the executive branch is not doing their own fair share of spin. When it comes to the substance of the bulk metadata collection and the arguments being made and that were made by the administration as to why this telephony metadata collection should continue and the value of it, it went from dozens of terrorist plots and attacks that were thwarted to 50 plus to 54. Senator Lay asked repeatedly in a succession of hearings as to the value of these programs or this particular program, it went from dozens to 54 to I think 12 in the homeland down to pretty much one or two that had a but for causal relationship between the 215 mandate program and a plot or an incident. Now they're calling them events or incidents. Effectively it was $8,500 being sent by an Alshabab, not, frankly, not even defined as to whether or not that person was an Alshabab member, somebody who was in San Diego sending 8,500 bucks to folks in Somalia who were allegedly part of Alshabab. That is essentially the case that is now being touted as the reason or the justification, one of the justifications for that. So in terms of the spin and the characterization as the value of the bulk metadata collection, I think it's important also to see what the administration has said and to weigh that against the invasion of privacy or at least the potential invasion of privacy that folks are talking about when you're talking about millions and millions of phone records that are being collected on a daily basis by the government, folks who have no connection whatsoever to terrorism or to a foreign agent. Everybody in this room, frankly, your phone metadata has been collected over the past number of years, whether or not you have any connection whatsoever to terrorism or not. And that's what Senator Leahy is very concerned about along with a good deal of members on the Senate and the House side who are concerned about this program. We can talk about and we are debating where is the line, when is enough enough? I think that debate is happening, it has happened for a number of years. And I think that's the question is, sorry, but based on the legal reason, I want to get back to what Liza was saying because it's important here, the legal reasoning that the justification is relevance. There is no limiting principle to that notion of relevance as set forth by the administration and as frankly ratified by the FISA court up to this point. It could be your financial records, it could be internet metadata, it could be the geolocation of your cell phone communications. That is all basically relevant under the legal analysis set forth by the administration. The question is, where is enough enough? Okay, Darren. The disadvantage of being the House member, the representing the House up here is my Senate colleagues are used to their debate rules and the length of time they get for debate. Yeah, we'll have a little time right here. I say that jokingly, I spent most of my time on the Senate side before coming to the House. Yeah. Yeah. First of all, I want to associate myself with several of the remarks David made. I think he made some good points about oversight and how it works and how the Congress has acted in reauthorizing these programs. And secondly, with regard to the fact that we can point to incidents being reported to the court and acted on by the court is not demonstration of oversight failing. That's demonstration of oversight working. And in all of these instances, this was brought to the court by NSA, NSA self-reported. They explained why these incidents were occurring and then they took corrective actions and the court monitored the implementation of those corrective actions. And then the court continued to approve the programs going forward. So I think that's evidence of oversight working, not evidence of no oversight or failed oversight. Additionally, with respect to the question about how much reform of the 215 program is needed, unlike David, our committee has not yet acted. So I don't want to prejudge or what action the committee might take. I'll just say, first of all, the chairman has made clear on the floor that he is open to and in fact has charged us with pursuing a number of initiatives to increase transparency and oversight of these programs. And we've been working on that throughout the summer. And I'm sure he'll want the committee to act on that soon. But I think in determining what changes to make to the program, and this gets to the issue of how many cases was it, but for causally helpful and the 215 needs to be understood as an insurance program in some respects. It is a program by which we collect telephone data and analysts use that data to do call chaining to identify patterns and those patterns identify risks. Or threats. And then that information is passed to the right elements of the executive branch to take action, whether it's overseas or in the United States. So in judging what changes to make to 215, one has to understand that that's what the program does. And so you can make changes, but in making those changes, you are then agreeing to change your risk tolerance. So while it may be useful, while you may only point to one definitive threat, although I'm not saying that that's an accurate portrayal, but for the sake of argument, if you say that only one threat was stopped, if the threat would have resulted in the deaths of 3,000 people, is that a risk that you're willing to take? And then with respect to one other point, one other description of the program that's been made up here, that it involves privacy. Again, we can debate whether or not we like the program. We can debate whether or not we're comfortable with the program. But the program, as described multiple times on the public record, is results in the government getting less information than is available in the phone book. So this is not, and all it deals with is business record information. So this is information that the Supreme Court has ruled, we do not have a legitimate privacy interest in. So I think it's important that while we may not like the 215 program and while the scope and size of it may be bothersome, it's not an invasion of privacy rights as defined by the Supreme Court. Can I jump in real quick, Ellen? Let me just jump in real quick. All right. This will be quick, I promise. No Senate rules for you. I was at a meeting with a Five-Eye Partner where the most senior intelligence official for that Five-Eye Partner, this was a closed meeting, said that because of the programs we're talking about, they had been able to stop four mass casualty events. All right? Which program though? 215 or 702? He didn't specify, he just said that, but you're going to tinker with a system in ways that create risk that you don't understand and then we're going to stand back and say, oh, one mass casualty event, that was okay. And so I don't feel comfortable with that and I think we're not having a good discussion. But I think it's important to have a good discussion about, sorry to jump in, a good discussion about which program we're talking about. I don't disagree. And when you're talking about tinkering with substantive programmatic pieces of the surveillance authorities, yes, absolutely agree, which is why there had been discussions about 702 and 215 separately. But when you conflate the two, that's when you have frankly not an honest, intellectually honest discussion about what the value of this program. So I think it's important to parse that out, which is part of the reason why we're trying to get in the administration to be more specific about the value of that. Well, I think it's interesting that you had more transparency from a five eye partner than you have in the US. So that reinforces a consensus here. He was talking about both programs though. And so I don't want to know that we're going to tinker with one and increase risk. I'm not willing to accept that risk necessarily. But are there compromises? With respect to the phone metadata program, maybe Darren, you can elaborate a little on this because it is Vice Chairman Dutch Rufersberger of your committee who's been exploring the idea of having companies maintain the data rather than having NSA hold the mass, the database, which is I think the issue that concerns the privacy and civil liberties community the most, which is having the intelligence agency hold that pot of data, the haystack, billions of phone records of Americans. Is there an alternative to that with the companies? What do you think? Well, I don't want to speak for Mr. Rufersberger. I know that that's an issue that he has charged his staff with looking at and that they are looking at it closely and doing their due diligence before making a final determination. I will say that that is an issue that we on the majority side of the staff looked at earlier in the summer as well. And again, I don't want to prejudge what the committee might do, but initially the idea of having the data held at the company seemed like it might be an easy solution to address one of the chief concerns. But the more we delve into it, the more we identified a number of issues with it that are issues that members will have to confront and make decisions about. I mean, there is, if you have it held at the service providers, there's issues about how quickly that information can be accessed and searched and utilized for analysis and how it's presented to the government for their use. And so then there's questions about how those requirements are addressed, are they addressed through contract, are they addressed through statute, mandate, things like that that would have to be addressed in any alternative at which the telcos retain the data. Additionally, there's, and then I'll yield, additionally there's privacy concerns that have been voiced to us by some if the data is held at the telcos. For the program to be as effective as it is now, there would have to be a certain construct about collecting the data together. And people are concerned about the company sharing that data with each other. There is an extensive, as we've alluded to now, there's an extensive oversight of the NSA's database that probably doesn't exist in the private sector because they don't have the need for that. And so there's questions about how secure and how protected that data would be if it were retained at the telcos. Dave, two fingers, right? Yeah, just very briefly. I, first of all, I agree with Aaron. We took a very close look and got reports on the feasibility of this model. At the end of the day, you would, in either system, regardless of who holds what's colloquially being called the haystack, the NSA would be getting the same needles. Whether they hold it or the phone companies, either way you would have a system of queries in which reports of phone communications would be provided to NSA analysts who would do something with it. So the question really is, is there a fundamental trust in the phone companies as opposed to the government? I would note that the title of the panel talks about surveillance, it doesn't talk about government surveillance. And so something that our members have been wrestling with as looking through this is, phone companies have large amounts of data, internet companies have vast amounts of data, and they all do things with it for their own interests, whether it's producing a phone book or whether it's selling lists based on customer behavior or whatever else. And all of us have a digital footprint out there and fingerprints that can be followed and tracked. Except in the case of the government, there are very careful rules about what you can do and how you can do it and who has to approve it and then what the ultimate disposition might be. And the legislation and policy on how that is controlled in the private sector is lagging quite a bit behind. So part of what we ought to be thinking about here, I think, is not just government access to information and use of information for very specific national security policies, but also a more general conversation about what it means to live in a digital society and who's able to do what with what. Maybe have sort of a general data privacy protection act, which is the Europeans are trying to urge us to do. I wanted to ask sort of. Sorry, I've been waiting. I just wanted to jump in on section 215 and the division of the program because I think. Hello. I wanted to talk a little bit more about what section 215 does and doesn't do because I think it's important that we all have that understanding before we go on. It contains this database, contains vastly more information than you get in a phone book. If you look in a phone book, you are not gonna get everyone I've called, when I've called them, how long those conversations lasted. That's not in the phone book. Now it's true. The phone book has my name and my address and NSA only gets telephone numbers. It is child's play to connect a telephone number to a name and an address. I mean, forget about getting an NSL, a national security letter to get that information. You can Google it. Google your own telephone number. You'll get your name and your address. So it's a trove of extremely personal information that in some cases can be even more personal than the content of the communications themselves. And the other sort of myth I want to dispel is this idea that we can either have bulk collection and be able to access this data or no bulk collection and therefore no access. What happened before bulk collection is that if you had a basis to query the data, because right now the NSA doesn't query the data unless it has reasonable, articulable suspicion. So beforehand, if you had reasonable articulable suspicion, you would take that same phone number and instead of plugging it into all the data the NSA holds, you would go to the telephone companies who do keep that data and you would give them the number and they would give you back the exact same information that the NSA would have gotten on its own. The only two distinctions that anyone has articulated publicly between these two ways of doing it is that the telephone companies don't always keep the information as long. It's sometimes 18 months instead of five years, which is how long the NSA keeps it. And it may be a little more cumbersome because you may have to go to multiple providers in order to pull the information together. Now, in terms of how cumbersome it is, you know, I think that is absolutely a price we should be willing to pay for the added security of not having the NSA have all this personal data. But more to the point, there had been no examples put forward of cases where Section 215 bulk collection was used where going to the telephone companies would have taken too long and whatever plot was thwarted would have happened. No examples. Similarly, there had been no examples put forward where the information that was collected through bulk collection was more than, was between 18 months and five years old, such that the plot could not have been intercepted if documents older than 18 months had been discarded. Unless or until we see that kind of proof, there has been no persuasive case made for any value added of bulk collection by the NSA rather than letting the telephone companies continue to keep these records as they do in the course of business. And using Section 250 and the way it was used right up until 2006, which is to go to the telephone companies with your telephone number and get the information from them. David, Darren, before I move on, do you have any information to the contrary? Well, I said about the... Yes. Oh. Take the floor. We have seen lists of information where specific plots or arrests were made on the basis of business record information going back beyond 18 months. We have also seen cases where a specific query was done that the timeliness was at issue and going to the phone companies would not be feasible for those specific cases. Happy to grant that not all that information has been made public. Why not? There are still some classified information and plots that have not been declassified. Presumably what you just said is not classified or you couldn't have said it. The administration has not said what you have said. They have every incentive to say that in order to defend the legality of this program. There has been no... In fact, the administration has basically come down to saying that section 215 was useful in maybe one case. I'm not sure the government has said that. I am here invited to speak on behalf of the committee and the Congress. I believe that my statement was unclassified. I'm quite certain of it. If the government would like to release more information, I'm sure they're welcome to do so. And one final point. It is commonly accepted and easy for anyone in this room to do to go and Google their own phone number. That doesn't actually mean that the law would allow or internal regulations would allow an NSA analyst to do the same thing. In fact, they can't. If an NSA analyst has a number and they're interested in it and it's a U.S. person or they have any reason to think it's a U.S. person, what they do is they turn it over to the FBI who goes and gets a national security letter or a grand jury subpoena. And as part of an authorized investigation goes through the investigative steps. Now at the end of the day, after legal process is obtained, maybe they can Google the information. But the fact is that there are enormous controls placed on the NSA, which are appropriate in this case because they have enormous access to information. But they, like the rest of the government, operate under the principle of following the least intrusive method, meaning that you have to start from the thing that is going to impact privacy of your American target the least and move up through the chain to the point where at the end of a full investigation, you're talking about things that could involve a physical search of someone's house or something that anyone who watches procedural dramas on TV is well aware of all the time, but that with the intrusiveness of the search, so also goes the legal requirements and checks. So you get the court sign off, you're getting probable cause orders, you're getting AG approvals for various things. So the system works in that way and people should not be confused by the capability to get information or use information and the authority to do it, because especially in the NSA's case and as well as other intelligence agencies, they are very different things. This gets to John's point about spinning though. It's true both sides spin. It's just that one side is better than the other. Which side? And it also leads back to the transparency issue, which is it's hard for people to have a reasonable discussion of the benefits and risks of these programs if you don't have as much of the record as possible. And I kind of think that's sort of a duty for espionage in a democratic society is you have to get more data out there so people can make up their minds. And we don't really have enough at the moment to have a reasonable discussion in public. I agree. Okay. Sean? Ellen, I know you wanna move on, but just on 215, I think it's important. Just to go back to what we were talking about before is not just the oversight. I mean, I think oversight obviously is a discussion we've had at length here, but also in terms of the substance of the 215 program and the statute itself. It's not just about business records. The statute talks about any tangible thing. So we're not just talking about business records. Business records, the phone business records are what are being collected right now under the current 215 telephony metadata program, but the statute itself does not restrict the government to that. The government can seek an order for any tangible thing. Now, I don't imagine that the government's gonna be seeking to collect every single car or every single refrigerator, whatever it might be, but when it comes to financial transaction data, when it comes to internet metadata, when it comes to social network participation and information there, when it comes to sell site location, that information can be obtained if the government could potentially be obtained. And frankly, it was obtained in terms of email metadata up until 2011, as was disclosed under the PRTT statute, but still it was disclosed under essentially the same standard. So the question, I think, to put to maybe Jim and David and Darren, because I have a thing I know where Eliza will come out on this, would be not just in terms of the bulk phone records collection now, but then also what impact does this have if we continue to kind of keep with the statutory framework and the standard right now, what does that mean for surveillance into the future? And what does that mean? As technology, frankly, develops and there's more metadata out there, I mean, David was talking about the digital footprint that we all have that's just getting larger and larger every day. Where is the line? When is enough enough? And I think that's an important policy decision that needs to take place as we engage in this debate. In fact, what you just said gets at my next question and David was also sort of describing the series of limitations and protections put on once data is collected, but I kind of want to get back to these sort of first principles about the, with advances in technology, what we have seen over the years is a fundamental shift in our approach to surveillance where you collect as much as you can, collect it all if you can, collect as much as you can at the front end, and then you put the limitations and the privacy protections on at the back end or after it's collected when it comes time to search, use, or disseminate. 9-11 gave impetus to this, but there is some sense that NSA, given its mission and the fact that it has great technological tools at its disposal, would be inclined to try to collect as much as it can in order to have the largest amount of data possible to sift through for the needles. The question is, do we need to rethink this approach at all, the collect first, minimize later? Do we need to think about putting more finely tuned restrictions on what can be collected at the front end in the name of foreign intelligence? Well, I blame all you people who went paperless because we used to just be able to fish this out of your garbage can. Now we have to, you know. And it's a good question. NSA's normal approach is to collect as much as possible, and I was thinking about that this morning for the panel, is if you were a customer, would you always say, no, no, no, that's okay, I don't want more information? Customers never say no, right? More is always better. And that might be a mistake. We have a cryptologic enterprise that is based on as extensive a collection as possible. You could think of other approaches that might produce the same results, but what worries me is the transition to folk, the things that replace resource constraints with policy constraints. During that transition, we might face additional risk. Liza? Yeah, I mean, I think there are, somehow this might, I cannot wrap my mind around it. There are sort of two related shifts that have happened, and the first shift is that basically since the 1970s, before the 1970s, there were, as I'm sure many of you know, widespread abuses by the intelligence community during the early part of the Cold War. The FBI, the NSA, the CIA, the church committee revealed these, there was a lot of targeting of political dissent and social justice activism. When these abuses were revealed, a set of laws and policies were put in place that enshrined what I think of as a kind of golden rule, which is that the government may not, law enforcement and intelligence agencies may not collect information on Americans unless it has some individualized level of suspicion, either suspicion of criminal activity or of a connection to a foreign power in order to make that collection. And that golden rule across a number of laws and policies was in place for decades. I think it worked very well. The 9-11 commission found fault with a lot of government practices, but it never said we need more information about U.S. citizens with less basis for suspicion. But what has happened since 9-11 is that there has been a steady and swift erosion of the level of suspicion that's required before law enforcement and intelligence can collect on U.S. person. And in some cases, that level has gone down to zero, which effectively is the case for section 215. What has been put in place instead is these back end restrictions that come into play at the point of access or use. And I think this is a dangerous shift for a few reasons. First of all, possession is 9-10 of the law. As soon as the NSA has the data in its possession, fundamentally we are reliant on the NSA to police itself. And yes, there are reporting requirements absolutely to the court, to Congress, but these oversight bodies have limited ability to really conduct discovery and look behind the representations that they get. The FISA court has said as much. And so you're relying on self-policing and that works great until it doesn't. And that's the lesson that we take from history is eventually it doesn't work and that's why we're supposed to have external oversight and not just internal self-policing. But another risk to this back end set of protections is the inevitable mission creep, the pressure to use this huge pool of data for more and more uses will be irresistible. We've already seen this. In 2008, 2009, the minimization requirements for FISA for FAA data, Section 702 data said the government may not look for US person information in this pool of data. And the government said we don't need it, we don't want it, the minimization requirements said you can't do it, well guess what? In 2011, total change. Now the NSA can look for US person data in Section 702. That's the kind of creep that will inevitably happen and the moment there is a major terrorist attack on US soil, all of these privacy, back end protections that we are so carefully weighing and discussing today will be gone. Or at least some of them will. So there's inevitable pressure once the data is collected to use it. And finally, very briefly, there is such a thing as too much data. I mean the NSA slides that we've seen from Snowden say this, useless data gums up the system. Just technologically it gums up the system. It also creates noise that obscures real threats and it vastly increases the risk of false positives of people being flagged as having some kind of suspicious connection that in reality is perfectly coincidental or innocuous and that has real implications for those people's lives. Yeah, on the last point, I think that's right. There can be too much information. And NSA is focused on achieving their mission, not just on hoovering up all the information that's out there. That's why their own slides point out that they don't want all the information. And with regard to the illusion to abuses by the intelligence community, I think it's instructive that over the last decade, 12 triple three collection, in the area of 12 triple three collection, there have been 12 incidents of intentional misuse of that authority. None of those were the NSA collecting someone's, someone for political purposes. It was 12 individuals who were assigned to or worked for NSA who misused their access to the NSA system to check up on their girlfriends, wives. One guy was just trying to improve his own capabilities, misunderstood the rules. So in 10 years, 12 intentional misuses of the system. That's starkly different than Church and Pike and that needs to be kept in mind as we have this debate and as we consider what risk we're willing to accept. And additionally, no intentional misuses of the 215 or the 702 authorities in that same time period. So that's instructive. Additionally, with respect to whether or not oversight has the ability to conduct sufficient reviews of what's going on, before June 5th, between January of 2011 and June 5th of this year when the first Snowden article was published, the House Intelligence Committee had had 294 different interactions with NSA alone. That's staff being out at NSA headquarters, that's staff being at NSA collection of operations around the world, that's members being at NSA or at other NSA locations around the world. So over 294 interactions by the committee with NSA alone and that number has only grown since June 5th, obviously. So, and then with respect to this idea should we change how we collect? I think General Alexander has made clear in his testimony, his public testimony since the Snowden leaks, look, if he's open to different constructs, if there's a different way to do this, he's open to it. Again, because it gets back to the fundamental notion that the folks at NSA who have all taken the same oath we have taken to uphold the Constitution are more interested in achieving their mission than just collecting information for information's sake. So, but as I think Jim was alluding to, as we consider other ways of doing it, the question is what risks are you willing to accept in your national security posture as a result of that change? Ellen, let me try to take a different stab at answering the question I think you asked. And first to go back to the last point, I'm aware of a couple of golden rules. One of them in Congress, he who has the gold makes the rule, which is an appropriation saying they're at a different panel right now talking about defense sequester and budget shutdown. The other one is do unto others as you would have them do unto you, which I think blatantly does not apply, generally speaking, to the intelligence community. The intelligence community is out there trying to collect information doing things that are clearly in violation of other countries' laws in order to collect information for our government. And they are doing the same thing against us, generally not as well. So the question is not a legal one. It's not, is it lawful to collect all of this information, because it's been repeatedly been upheld in the case of FISA collection by a special court. Generally, these are not violations of specific law, but they are the province of the executive branch under appropriate oversight under the Constitution, et cetera. The question is a policy one over whether in all cases it makes sense and is a good idea to go out and collect everything that can be collected. And we are seeing right now a very public controversy about the collection on foreign leaders. And partly that boils down to the question, is it a good idea to collect information on national leader X of an allied country? And it's a cost-benefit analysis. How much information are you going to get? How valuable is that to the president, the secretary of state, our ambassador in that country? On the other side, there's a couple of considerations. Number one, if it is found out how, what's going to hit the fan? And then on the other side, is it possible to engage in some kind of agreement, as we've done with some countries, to say, look, we're allies. We generally trust you. You generally trust us. We're going to tell you what we want to tell you and you're going to tell us what you want to tell us and we're going to let that go. So that's really a policy decision. Right now, I know the administration is weighing that and they have a couple of reviews underway. Senator Feinstein, the chairman of our committee has announced a review of collection that will look at questions like this. And there will be additional oversight. But I don't want to be confused as to say that this is in any way a legal or technical question. There is an enormous capability and there is a fair amount in law to allow for the collection as long as it is handled appropriately and subject to the appropriate guidelines. It's a policy one and that should probably be both an internal, executive and congressional and public discussion about what we as a nation want to do. So Jim, public policy expert, what do you think? Should there be sort of an agreement like a no spy agreement between the US and the foreign leaders in terms of spying on their communications or their personal communications? What about those of their citizens? As a policy matter, should we be extending privacy rights to non-U.S. persons overseas who do not enjoy constitutional privacy protections now? Because of the risk of political blowback and the risk of further diminishing trust in the government. I know Chan wants to say something, so I'll be quick. But one thing we haven't talked about is part of the problem might be trust in the congressional oversight. And so what would be a repair there, that we have an oversight system, people don't seem happy with it. The second one that bothers me a lot is the threshold issue. So what is it, reasonable, articulable suspicion? Where did that come from? Certainly didn't come from the Constitution. So maybe thinking about what's the threshold for collection. On foreign intelligence, this is not an area that international law has touched before. There's, I think, a very small number of international laws, mainly saying you can be shot if you're caught out of uniform. International law did not touch this. International law does not constrain it for a reason. And that is that sovereigns don't want to be constrained. And so if there's a reciprocal way to do this and say, yes, we agree, sure, that might be worth exploring. But it's the issue of reciprocity that bothers me. Can you think of other, the people who spy on us saying, okay, we'll now give American citizens the same protections? Well, for some of them, that would be easy. I mean, I think the Russians would be happy to extend the same protections to us that they give their citizens. But that's really not what I had in mind. Sorry, just to go back to one of the questions you were asking before. And a comment David was making regarding, I agree, there are policy decisions that need to be made. I don't believe though, that the legal questions have yet been resolved. I know the administration and maybe some folks on the panel would like to believe that they have been fully resolved. But when it comes to, for example, section 702, Fice Amendment Act, part of the reason it wasn't resolved is because Supreme Court rejected a case based on a standing issue. Well, now it's somewhat been revived because frankly, some of the litigants weren't really aware of some of what was going on and there potentially will be, I think there, I strongly believe there will be a constitutional challenge to that. So I think from a constitutional perspective as well, there are some issues to still be resolved. Same when it comes to 215, I think at the FISA court level, certainly there have been successive opinions now that I tend to agree with. Liza seemed to be somewhat more results oriented. That's my personal view, not my boss's view on that, but I think that that also could potentially be reviewed, whether at the FISA court review level or at the Supreme Court level potentially in the future. I don't think those issues are resolved. I think, frankly, it's something that goes to what Darren was talking about also from a policy perspective. What's the risk, I guess you were talking about? The insurance policy analogy in a way. Yes, I mean, we have to talk about what risk folks are willing to accept. And certainly when it came to the email metadata collection that was happening under the PRTT program, there was a decision made to terminate that. Many people would argue, well, it's better to have all that data anyways. It adds to our insurance policy. It's a better insurance policy if you will to use your analogy. It's better to have all the cell site location data. It's better to have all the internet metadata. It's better to have all this information to bolster the insurance policy. There are determinations that are made not to collect certain types of data by the NSA and other members of the ISC. And so where is that line? I don't think, frankly, from Senator Lay's perspective that the administration has adequately justified the utility of section 215 to left knee bulk metadata to justify the collection in bulk of all this phone records. That's a policy disagreement, right? But I think, I don't think it's fair to say also just because we're looking to tighten up the standards in 215 that it's something going to lead to X number of attacks or X number of people dying. I'm not saying, Darren, you're saying that, but I think that there are some people who characterize it that way. And I think it has to be a kind of very deliberate, careful, thoughtful process of trying to hash out where the distinctions are, what the policy considerations are, and what the cost is. Not just to the intelligence community in terms of what information they may be giving up, but frankly, also to the privacy of Americans. I think there is a privacy element here because I know that we want to think that it's just the information that's in the phone book. Well, even what folks are saying on the panel about, well, we don't want to give it to the, or leave it at the phone companies because there's a privacy consideration. Well, if there's not a privacy consideration really, and it's just the phone book information at the NSA, why is it not okay just to leave it at the companies? And again, my boss, and we're not taking a position on that right now, but that's a consideration as to the fact that what Liza was going to, the connections between the numbers, the duration, the location potentially of the calls, that's also a very, very critical information that adds to the insurance policy, if you will, and something that we need to consider, whether it's worth getting. Thank you. So we have about 10, 15 minutes for questions so I'll take, is there a microphone? Great, serve that gentleman there on the aisle. If you could you identify yourself please first. Sure, I'm Joel Meyer with Dataminer, a real-time information company recently with the government. I want to ask the panel about where they think the general public's view of privacy is going. The question is consensus here, and I think clearly laws are laws and there's a lot of technical aspects to them, but they could be changed if the consensus changes. We live in a world now where we have a billion people around the world, a sixth of humanity or a seventh on Facebook. We have people tweeting things intentionally into the public domain, their thoughts and observations in ways that were never possible before. So there may be a generational aspect to it, whatever, but clearly part of the question here is if we're talking about a trade-off, are people more willing to be part of the haystack than they were before, and is that relevant? Good question, I would like to take a stab. I think there's no question that especially the younger generation is somewhat more willing to, or believes that they care less about their privacy. What's interesting is that they are thinking in terms of Facebook privacy, they are thinking in terms of things that they put out there for their friends, and I had an interesting interaction with my 20-something year old cousin where she said, I don't care, I have nothing to hide, and we were having lunch and she looked terrible that day because she was sick and she had just rolled out a bed and she was wearing sweat pants and I grabbed my iPhone, I took a picture and I said, I'm gonna post this right now. She said, no you're not. I said, see you don't put everything on the internet, you choose, and so it's not a question of how much people make public today versus how much they made public generations ago. The question is, what is your level of control? And if you wanna share something with 500 friends, that's great, but you still retain the ability today, or you should, to say not 501, just 500, even if once upon a time you said 20. So, and when you explain it in those terms, people actually do care about privacy more than they think. The same thing if an iPhone, this is sort of a thought experiment that's been done by people doing focus groups, if an iPhone pops up and says share your location or whatever, people say yes, they don't think about it. If another window were to come up to say, and this location may also be shared with the NSA, people say no. They don't want it shared with the NSA, they don't think it's being shared with the NSA. So it's complex, there is a general overall sense in the public that they value their privacy less, but when they are brought to the specifics of whether they want some control over whether their information goes to the government, they do, they want that control. And I think we'll see that play out in this debate. Thank you. Anyone else? All right, next question. Chris. Thanks. Chris Strome with Bloomberg News. I'm wondering about the, whether you see anything shaping up in terms of changes to the activities that is taking place under 12 triple three. It seems like that the administration has talked about some areas where they're open to actually making some changes, such as limitations on spying on foreign leaders and maybe possibly fourth amendment protections for foreign citizens. And so I guess this is probably a question for Darren and David in terms of, can you say anything about what you're hearing from the administration? And it also seems like that the administration is saying don't make any substantive changes to 215, but maybe we can make some changes to what's taking place under 12 triple three. And I'm wondering kind of where you see that going. The administration hasn't officially, actually the administration even unofficially hasn't said anything to us about changes under 12 triple three. I've read the same articles you've seen and heard the same quotes, but there's been no formal discussion. And with respect to changes under 215 or 702, the administration has conducted a review and has come up and briefed the committee on its review. And I don't wanna prejudge what the committee might do since it hasn't acted, unlike David's committee. But it is accurate to say that they've taken a look at different ways of conducting these programs and really can't find a solution, a workable solution that gives the same counter-terrorism and efficacy to a construct other than the one that they have right now. David. I'd largely agree with that. I think the internal administration review is still very much underway and when they have something that they are ready to roll out, I'm sure we'll hear about it. I do wanna just make a general comment about EO 12 triple three. I think that it has not been widely understood. So we're talking here about executive order 12 triple three. I don't think that there were 12,332 before it, but begun under the Reagan administration and revised periodically since then. It is the general regulation that covers all intelligence activities in this country or by this country, I should say, just about everything that is done by the CIA, the imagery satellites we have overseas, much of NSA's work is all EO 12 triple three collection. FISA is governed by EO 12 triple three collection in addition to being covered by the Foreign Intelligence Surveillance Act. So every year, the executive branch and the Congress engage in debates over trade-offs within EO 12 triple three collection. It's called the budget. So if you wanna add a dollar to NSA sigint collection overseas and we're in a budget constrained environment which we very much are now, it's gotta come from somewhere. And so it's gonna come from, for example, the ability to conduct radar satellite imagery from some other part of the world. And so it's a trade-off. And what goes into that trade-off are policy considerations, but also intelligence in need. What is a higher priority to be able to collect this or to collect that and how are the various ways we can collect this and how expensive are all the different setups and what are the legal frameworks and what do our customers say is of more value to them? If I'm a combatant commander, do I value having the communications of my enemy more than I value having a spy infiltrated in them? I mean, these are simplistic examples, but those trade-offs go on all the time. And I think increasingly, because of the discussions we're having right now, part of those discussions will also involve what is the policy, how do we feel about this nature of collection from a policy point of view? I'd hasten not to call it ethical or moral. I think those are the wrong terms to judge it. But these debates go on all over the place and they are legal, budgetary policy effectiveness. How much something is subject to compliance violations goes into it. If something is too hard to implement, then often it won't be implemented. Could I just take moderator's prerogative to ask a quick follow-up question since you raised the very good issue of the 12 triple three collection and that I think one of the issues coming out of recent stories based on Snowden disclosures is the fact of sort of US person and non-US person data collected overseas that is not subject to, for instance, obviously the FISA regime, given the sort of the borderless nature of the internet and the fact that sometimes US person data is caught up in some of this collection, is this distinction between collection on US soil and non-US soil meaningless now? Is that dichotomy almost sort of meaningless in the given the borderless nature of the internet? Darren, David? I don't think the distinction is meaningless. I think maybe the scope of information available or the amount of information collected from one place or the other may have changed. The ease of access may have changed, but the distinction remains. And I think it's important to note that while 12 triple three collection doesn't occur necessarily under the FISC and isn't regulated by the FISC, there are guidelines and rules and regulations about what happens if US person information is collected incidentally or otherwise under 12 triple three. So I think it's an important distinction, but I don't think we should walk away with the idea that well, if we're under 12 triple three, we don't care whether or not it's US person. That's not accurate at all. I would add just briefly to that, Ellen. It's not a dichotomy in a way that you described it so much as FISA allows for collection that is obtained inside the United States. And there's a constitutional assumption that someone in the United States gets constitutional protection, but we do spend a lot of time recently talking about section 702, which covers collection of foreigners outside the United States. We've spent a lot less time talking about section 703 and 704 of FISA, which actually for the first time imposed a warrant requirement if the government wants to collect information about an American overseas. Previously, it didn't require the court to sign off that there is probable cause to believe that this US person was a foreign power and agent of foreign power. And now you do, it was previously a solely executive branch determination. The attorney general could say, go ahead and do surveillance on that American overseas. Unfortunately, it's also a fact of life that it's not an us versus them, Americans versus non Americans. It is an unfortunately real part of our society that there are homegrown terrorists and naturalized citizens and US-born citizens who are also terrorists or spies or whatever else. And the government can't simply say, we're gonna avoid collection of... No, and for them they get the probable cause warrant and go away. They do, and there are law enforcement tools and others, but I don't want to... Okay. It's too easy to say that it's purely foreign versus domestic. You need to look at that. Fair point. I think we have time for one more question, sorry. Sir. Yeah. You have to shout. Steve Winters, local researcher. I heard Admiral Mullen speak about a year ago and he made the point, it's not just a question of defending the country or the security of the country, but you also have the values that the country stands for. And he expressed the view, I was quite surprised to hear actually from him, that he thought that we're losing touch with those values over the last decade or so. And you might reach a point at which you're defending the country, but you're not defending the values that the country stands for it. When church, I'm old enough to remember the church period, he was very unpopular with the agencies. A lot of people really resented his reforms. And what is your question, sir? Church. What is your question? The question is, I haven't heard anything about what values might be at stake here, peculiar American values. Presumably that was what Snowden has stated he was standing up for. So is there a value issue here that has anything to do with this country? Or as Mullen said, do we just end up defending a country and the values aren't there anymore? Presumably church was defending the values that he thought America stood for. I know that, so we took, we, the committee took about almost 30 members of the House Republican Conference who are not on the committee, out to NSA a little over a week ago, to get a variety of briefings. And one of the things they received was a briefing from some analysts who had been working that week. This was on a Monday, who had worked over the weekend and had worked directly with the director to use the NSA system to because U.S. forces in Afghanistan had become aware of a threat to a particular location in Afghanistan. And so they, and the U.S. forces in Afghanistan requested additional assistance from NSA and so that weekend they brought to bear NSA's capabilities to try to identify this threat and mitigate it. And the folks who were giving the briefing about what they had done and the nature of the threat and what they did were all very dedicated to the service of this country. And that's what motivated them to be there. So, you know, I don't think any of us can speak for the values of, speak to the commitment of values to the individual men and women at any of the elements of the intelligence community or to the people who conduct oversight and the various oversight organizations. But I mean, I just know from my own personal experience that there are a lot of very dedicated people who take their service seriously, who could go get other jobs and get rewards that you can't get working for the government and who are very dedicated to their mission. So I, you know, I guess we can all point to examples of people who don't share the values that of the United States, but I can't make a broad conclusion that we've departed from that. Thank you, Darren. We'll give Sean the last word. Sorry. Maybe tying it back to the theme consensus. I think there is consensus about the respect that we have for the dedicated professionals and in the intelligence community at the NSA, the fact that folks work tirelessly day in and day out. I wanna kind of go back to the question though in terms of the values and the principles that we are, I think, should be talking about. I think Senator Lay has been trying to talk about in terms of the values and principles of the Constitution, of privacy, about the fact that individuals have some expectation that if the government's going to be taking their information and looking through their information that there should be a reason for it and that reason should be justified. And that if it's for intelligence purposes or for intelligence purposes, that there should be some connection between that individual's information and a foreign intelligence purpose. And I think that goes back to the issue of not necessarily impugning or questioning the integrity of the professionals, as Darren's talking about. Those folks are working and doing what they're supposed to do because that's their job. They're doing what they're told to do based on what the law is. The question for the policymakers is what should that law be? Should the law allow for the bulk collection of telephony metadata? Should the law allow for potentially the bulk collection of other types of data? And how does that match up against the values of our nation, not just now, not just in the past but going forward, especially as technology develops? Okay, well, I'm sorry that we didn't have time to get to all of your questions, but if maybe the panelists can stay for just a few minutes, maybe you can come up and ask them. But I think we're going to have to wrap it up now. Seems like we weren't able to find a consensus yet, but we do have consensus that we are working toward it and can try to work toward it. So thank you very much for staying with us today. Thank you.