Bob Litt, general counsel to the DNI, is speaking at the Brookings Institution at this hour on “Privacy, Technology and National Security: An Overview of Intelligence Collection.” His prepared remarks are below:
PRIVACY, TECHNOLOGY AND NATIONAL SECURITY:
An Overview of Intelligence Collection
I wish that I was here in happier times for the Intelligence Community. The last several weeks have seen a series of reckless disclosures of classified information about intelligence activities. These disclosures threaten to cause long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our Nation. And because the disclosures were made by people who did not fully understand what they were talking about, they were sensationalized and led to mistaken and misleading impressions. I hope to be able to correct some of these misimpressions today.
My speech today is prompted by disclosures about two programs that collect valuable foreign intelligence that has protected our Nation and its allies: the bulk collection of telephony metadata, and the so-called “PRISM” program. Some people claim that these disclosures were a form of “whistleblowing.” But let’s be clear. These programs are not illegal. They are authorized by Congress and are carefully overseen by the Congressional intelligence and judiciary committees. They are conducted with the approval of the Foreign Intelligence Surveillance Court and under its supervision. And they are subject to extensive, court-ordered oversight by the Executive Branch. In short, all three branches of Government knew about these programs, approved them, and helped to ensure that they complied with the law. Only time will tell the full extent of the damage caused by the unlawful disclosures of these lawful programs.
Nevertheless, I fully appreciate that it’s not enough for us simply to assert that our activities are consistent with the letter of the law. Our Government’s activities must always reflect and reinforce our core democratic values. Those of us who work in the intelligence profession share these values, including the importance of privacy. But security and privacy are not zero-sum. We have an obligation to give full meaning to both: to protect security while at the same time protecting privacy and other constitutional rights. But although our values are enduring, the manner in which our activities reflect those values must necessarily adapt to changing societal expectations and norms. Thus, the Intelligence Community continually evaluates and improves the safeguards we have in place to protect privacy, while at the same time ensuring that we can carry out our mission of protecting national security.
So I’d like to do three things today. First, I’d like to discuss very briefly the laws that govern intelligence collection activities. Second, I want to talk about the effect of changing technology, and the corresponding need to adapt how we protect privacy, on those collection activities. And third, I want to bring these two strands together, to talk about how some of these laws play out in practice—how we structure the Intelligence Community’s collection activities under FISA to respond to these changes in a way that remains faithful to our democratic values.
II. Legal Framework
Let me begin by discussing in general terms the legal framework that governs intelligence collection activities. And it is a bedrock concept that those activities are bound by the rule of law. This is a topic that has been well addressed by others, including the general counsels of the CIA and NSA, so I will make this brief. We begin, of course, with the Constitution. Article II makes the President the Commander in Chief and gives him extensive responsibility for the conduct of foreign affairs. The ability to collect foreign intelligence derives from that constitutional source. The First Amendment protects freedom of speech. And the Fourth Amendment prohibits unreasonable searches and seizures.
I want to make a few points about the Fourth Amendment. First, under established Supreme Court rulings a person has no legally recognized expectation of privacy in information that he or she gives to a third party. So obtaining those records from the third party is not a search as to that person. I’ll return to this point in a moment. Second, the Fourth Amendment doesn’t apply to foreigners outside of the United States. Third, the Supreme Court has said that the “reasonableness” of a warrantless search depends on balancing the “intrusion on the individual’s Fourth Amendment interests against” the search’s “promotion of legitimate Governmental interests.”
In addition to the Constitution, a variety of statutes govern our collection activities. First, the National Security Act and a number of laws relating to specific agencies, such as the CIA Act and the NSA Act, limit what agencies can do, so that, for example, the CIA cannot engage in domestic law enforcement. We are also governed by laws such as the Electronic Communications Privacy Act, the Privacy Act and, in particular, the Foreign Intelligence Surveillance Act, or FISA. FISA was passed by Congress in 1978 and significantly amended in 2001 and 2008. It regulates electronic surveillance and certain other activities carried out for foreign intelligence purposes. I’ll have much more to say about FISA later.
A final important source of legal restrictions is Executive Order 12333. This order provides additional limits on what intelligence agencies can do, defining each agency’s authorities and responsibilities. In particular, Section 2.3 of EO 12333 provides that elements of the Intelligence Community “are authorized to collect, retain, or disseminate information concerning United States persons only in accordance with procedures . . . approved by the Attorney General . . . after consultation with” the Director of National Intelligence. These procedures must be consistent with the agencies’ authorities. They must also establish strict limits on collecting, retaining or disseminating information about U.S. persons, unless that information is actually of foreign intelligence value, or in certain other limited circumstances spelled out in the order, such as to protect against a threat to life. These so-called “U.S. person rules” are basic to the operation of the Intelligence Community. They are among the first things that our employees are trained in, and they are at the core of our institutional culture.
It’s not surprising that our legal regime provides special rules for activities directed at U.S. persons. So far as I know, every nation recognizes legal distinctions between citizens and non-citizens. But as I hope to make clear, our intelligence collection procedures also provide protection for the privacy rights of non-citizens.
III. Impact of Changing Societal Norms
Let me turn now to the impact of changing technology on privacy. Prior to the end of the nineteenth century there was little discussion about a “right to privacy.” In the absence of mass media, photography and other technologies of the industrial age, the most serious invasions of privacy were the result of gossip or Peeping Toms. Indeed, in the 1890 article that first articulated the idea of a legal right to privacy, Louis Brandeis and Samuel Warren explicitly grounded that idea on changing technologies:
Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right “to be let alone.” Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-top.”
Today, as a result of the way digital technology has developed, each of us shares massive amounts of information about ourselves with third parties. Sometimes this is obvious, as when we post pictures on social media or transmit our credit card numbers to buy products online. Other times it is less obvious, as when telephone companies store records listing every call we make. All in all, there’s little doubt that the amount of data that each of us provides to strangers every day would astonish Brandeis and Warren—let alone Jefferson and Madison.
And this leads me to what I consider to be the key question. Why is it that people are willing to expose large quantities of information to private parties but don’t want the Government to have the same information? Why, for example, don’t we care if the telephone company keeps records of all of our phone calls on its servers, but we feel very differently about the prospect of the same information being on NSA servers? This does not seem to me to be a difficult question: we care because of what the Government could do with the information. Unlike a phone company, the Government has the power to audit our tax returns, to prosecute and imprison us, to grant or deny licenses to do business, and many other things. And there is an entirely understandable concern that the Government may abuse this power. I don’t mean to say that private companies don’t have a lot of power over us. Indeed, the growth of corporate privacy policies, and the strong public reaction to the inadvertent release or commercial use of personal information, reinforces my belief that our primary privacy concern today is less with who has information than with what they do with it. But there is no question that the Government, because of its powers, is properly viewed in a different light.
On the other hand, just as consumers around the world make extensive use of modern technology, so too do potentially hostile foreign governments and foreign terrorist organizations. Indeed, we know that terrorists and weapons proliferators are using global information networks to conduct research, to communicate and to plan attacks. Information that can help us identify and prevent terrorist attacks or other threats to our security is often hiding in plain sight among the vast amounts of information flowing around the globe. New technology means that the Intelligence Community must continue to find new ways to locate and analyze foreign intelligence. We need to be able to do more than connect the dots when we happen to find them; we need to be able to find the right dots in the first place.
One approach to protecting privacy would be to limit the Intelligence Community to a targeted, focused query looking for specific information about an identified individual based on probable cause. But from the national security perspective, that would not be sufficient. The business of foreign intelligence has always been fundamentally different from the business of criminal investigation. Rather than attempting to solve crimes that have happened already, we are trying to find out what is going to happen before it happens. We may have only fragmentary information about someone who is plotting a terrorist attack, and need to find him and stop him. We may get information that is useless to us without a store of data to match it against, such as when we get the telephone number of a terrorist and want to find out who he has been in touch with. Or we may learn about a plot that we were previously unaware of, causing us to revisit old information and find connections that we didn’t notice before—and that we would never know about if we hadn’t collected the information and kept it for some period of time. We worry all the time about what we are missing in our daily effort to protect the Nation and our allies.
So on the one hand there are vast amounts of data that contains intelligence needed to protect us not only from terrorism, but from cyber attacks, weapons of mass destruction, and good old-fashioned espionage. And on the other hand, giving the Intelligence Community access to this data has obvious privacy implications. We achieve both security and privacy protection in this context in large part by a framework that establishes appropriate controls on what the Government can do with the information it lawfully collects, and appropriate oversight to ensure that it respects those controls. The protections depend on such factors as the type of information we collect, where we collect it, the scope of the collection, and the use the Government intends to make of the information. In this way we can allow the Intelligence Community to acquire necessary foreign intelligence, while providing privacy protections that take account of modern technology.
IV. FISA Collection
In showing that this approach is in fact the way our system deals with intelligence collection, I’ll use FISA as an example for a couple of reasons. First, because FISA is an important mechanism through which Congress has legislated in the area of foreign intelligence collection. Second, because it covers a wide range of activities, and involves all three sources of law I mentioned earlier: constitutional, statutory and executive. And third, because several previously classified examples of what we do under FISA have recently been declassified, and I know people want to hear more about them.
I don’t mean to suggest that FISA is the only way we collect foreign intelligence. But it’s important to know that, by virtue of Executive Order 12333, all of the collection activities of our intelligence agencies have to be directed at the acquisition of foreign intelligence or counterintelligence. Our intelligence priorities are set annually through an interagency process. The leaders of our Nation tell the Intelligence Community what information they need in the service of the Nation, its citizens and its interests, and we collect information in support of those priorities.
I want to emphasize that the United States, as a democratic nation, takes seriously this requirement that collection activities have a valid foreign intelligence purpose. We do not use our foreign intelligence collection capabilities to steal the trade secrets of foreign companies in order to give American companies a competitive advantage. We do not indiscriminately sweep up and store the contents of the communications of Americans, or of the citizenry of any country. We do not use our intelligence collection for the purpose of repressing the citizens of any country because of their political, religious or other beliefs. We collect metadata—information about communications—more broadly than we collect the actual content of communications, because it is less intrusive than collecting content and in fact can provide us information that helps us more narrowly focus our collection of content on appropriate targets. But it simply is not true that the United States Government is listening to everything said by every citizen of any country.
Let me turn now to FISA. I’m going to talk about three provisions of that law: traditional FISA orders, the FISA business records provision, and Section 702. These provisions impose limits on what kind of information can be collected and how it can be collected, require procedures restricting what we can do with the information we collect and how long we can keep it, and impose oversight to ensure that the rules are followed. This sets up a coherent regime in which protections are afforded at the front end, when information is collected; in the middle, when information is reviewed and used; and at the back end, through oversight, all working together to protect both national security and privacy. The rules vary depending on factors such as the type of information being collected (and in particular whether or not we are collecting the content of communications), the nature of the person or persons being targeted, and how narrowly or broadly focused the collection is. They aren’t identical in every respect to the rules that apply to criminal investigations, but I hope to persuade you that they are reasonable and appropriate in the very different context of foreign intelligence.
So let’s begin by talking about traditional FISA collection. Prior to the passage of FISA in 1978, the collection of foreign intelligence was essentially unregulated by statutory law. It was viewed as a core function of the Executive Branch. In fact, when the criminal wiretap provisions were originally enacted, Congress expressly provided that they did not “limit the constitutional power of the President . . . to obtain foreign intelligence information . . . deemed essential to the national security of the United States.” However, ten years later, as a result of abuses revealed by the Church and Pike Committees, Congress imposed a judicial check on some aspects of electronic surveillance for foreign intelligence purposes. This is what is now codified in Title I of FISA, sometimes referred to as “traditional FISA.”
FISA established a special court, the Foreign Intelligence Surveillance Court, to hear applications by the Government to conduct electronic surveillance for foreign intelligence purposes. Because traditional FISA surveillance involves acquiring the content of communications, it is intrusive, implicating recognized privacy interests; and because it can be directed at individuals inside the United States, including American citizens, it implicates the Fourth Amendment. In FISA, Congress required that to get a “traditional” FISA electronic surveillance order, the Government must establish probable cause to believe that the target of surveillance is a foreign power or an agent of a foreign power, a probable cause standard derived from the standard used for wiretaps in criminal cases. And if the target is a U.S. person, he or she cannot be deemed an agent of a foreign power based solely on activity protected by the First Amendment—you cannot be the subject of surveillance merely because of what you believe or think.
Moreover, by law the use of information collected under traditional FISA must be subject to minimization procedures, a concept that is key throughout FISA. Minimization procedures are procedures, approved by the FISA Court, that must be “reasonably designed in light of the purpose and technique of the particular surveillance, to minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” For example, they generally prohibit disseminating the identity of a U.S. person unless the identity itself is necessary to understand the foreign intelligence or is evidence of a crime. The reference to the purpose and technique of the particular surveillance is important. Minimization procedures can and do differ depending on the purpose of the surveillance and the technique used to implement it. These tailored minimization procedures are an important way in which we provide appropriate protections for privacy.
So let me explain in general terms how traditional FISA surveillance works in practice. Let’s say that the FBI suspects someone inside the United States of being a spy, or a terrorist, and they want to conduct electronic surveillance. While there are some exceptions spelled out in the law, such as in the case of an emergency, as a general rule they have to present an application to the FISA Court establishing probable cause to believe that the person is an agent of a foreign power, according to the statutory definition. That application, by the way, is reviewed at several levels within both the FBI and Department of Justice before it is submitted to the Court. Now, the target may have a conversation with a U.S. person that has nothing to do with the foreign intelligence purpose of the surveillance, such as talking to a neighbor about a dinner party. Under the minimization procedures, an analyst who listens to a conversation involving a U.S. person that has no foreign intelligence value cannot generally share it or disseminate it unless it is evidence of a crime. Even if a conversation has foreign intelligence value—let’s say a terrorist is talking to a confederate—that information may only be disseminated to someone with an appropriate need to know the information pursuant to his or her mission.
In other words, electronic surveillance under FISA’s Title I implicates the well-recognized privacy interest in the contents of communications, and is subject to corresponding protections for that privacy interest—in terms of the requirements that it be narrowly targeted and that it have a substantial factual basis approved by the Court, and in terms of the limitations imposed on use of the information.
Now let me turn to the second activity, the collection of business records. After FISA was passed, it became apparent that it left some significant gaps in our intelligence collection authority. In particular, while the Government had the power in a criminal investigation to compel the production of records with a grand jury subpoena, it lacked similar authority in a foreign intelligence investigation. So a provision was added in 1998 to provide such authority, and was amended by Section 215 of the USA-PATRIOT Act passed shortly after 9/11. This provision, which is generally referred to as “Section 215,” allows us to apply to the FISA Court for an order requiring production of documents or other tangible things when they are relevant to an authorized national security investigation. Records can be produced only if they are the type of records that could be obtained pursuant to a grand jury subpoena or other court process—in other words, where there is no statutory or other protection that would prevent use of a grand jury subpoena. In some respects this process is more restrictive than a grand jury subpoena. A grand jury subpoena is issued by a prosecutor without any prior judicial review, whereas under the FISA business records provision we have to get court approval. Moreover, as with traditional FISA, records obtained pursuant to the FISA business records provision are subject to court-approved minimization procedures that limit the retention and dissemination of information about U.S. persons—another requirement that does not apply to grand jury subpoenas.
Now, of course, the FISA business records provision has been in the news because of one particular use of that provision. The FISA Court has repeatedly approved orders directing several telecommunications companies to produce certain categories of telephone metadata, such as the number calling, the number being called, and the date, time and duration of the call. It’s important to emphasize that under this program we do not get the content of any conversation; we do not get the identity of any party to the conversation; and we do not get any cell site or GPS locational information.
The limited scope of what we collect has important legal consequences. As I mentioned earlier, the Supreme Court has held that if you have voluntarily provided this kind of information to third parties, you have no reasonable expectation of privacy in that information. All of the metadata we get under this program is information that the telecommunications companies obtain and keep for their own business purposes. As a result, the Government can get this information without a warrant, consistent with the Fourth Amendment.
Nonetheless, I recognize that there is a difference between getting metadata about one telephone number and getting it in bulk. From a legal point of view. Section 215 only allows us to get records if they are “relevant” to a national security investigation, and from a privacy perspective people worry that, for example, the government could apply data mining techniques to a bulk data set and learn new personal facts about them—even though the underlying set of records is not subject to a reasonable expectation of privacy for Fourth Amendment purposes.
On the other hand, this information is clearly useful from an intelligence perspective: It can help identify links between terrorists overseas and their potential confederates in the United States. It’s important to understand the problem this program was intended to solve. Many will recall that one of the criticisms made by the 9/11 Commission was that we were unable to find the connection between a hijacker who was in California and an al-Qaida safe house in Yemen. Although NSA had collected the conversations from the Yemen safe house, they had no way to determine that the person at the other end of the conversation was in the United States, and hence to identify the homeland connection. This collection program is designed to help us find those connections.
In order to do so, however, we need to be able to access the records of telephone calls, possibly going back many years. However, telephone companies have no legal obligation to keep this kind of information, and they generally destroy it after a period of time determined solely by their own business purposes. And the different telephone companies have separate datasets in different formats, which makes analysis of possible terrorist calls involving several providers considerably slower and more cumbersome. That could be a significant problem in a fast-moving investigation where speed and agility are critical, such as the plot to bomb the New York City subways in 2009.
The way we fill this intelligence gap while protecting privacy illustrates the analytical approach I outlined earlier. From a subscriber’s point of view, as I said before, the difference between a telephone company keeping records of his phone calls and the Intelligence Community keeping the same information is what the Government could do with the records. That’s an entirely legitimate concern. We deal with it by limiting what the Intelligence Community is allowed do with the information we get under this program—limitations that are approved by the FISA Court:
- First, we put this information in secure databases.
- Second, the only intelligence purpose for which this information can be used is counterterrorism.
- Third, we allow only a limited number of specially trained analysts to search these databases.
- Fourth, even those trained analysts are allowed to search the database only when they have a reasonable and articulable suspicion that a particular telephone number is associated with particular foreign terrorist organizations that have been identified to the Court. The basis for that suspicion has to be documented in writing and approved by a supervisor.
- Fifth, they’re allowed to use this information only in a limited way, to map a network of telephone numbers calling other telephone numbers.
- Sixth, because the database contains only metadata, even if the analyst finds a previously unknown telephone number that warrants further investigation, all she can do is disseminate the telephone number. She doesn’t even know whose number it is. Any further investigation of that number has to be done pursuant to other lawful means, and in particular, any collection of the contents of communications would have to be done using another valid legal authority, such as a traditional FISA.
- Finally, the information is destroyed after five years.
The net result is that although we collect large volumes of metadata under this program, we only look at a tiny fraction of it, and only for a carefully circumscribed purpose—to help us find links between foreign terrorists and people in the United States. The collection has to be broad to be operationally effective, but it is limited to non-content data that has a low privacy value and is not protected by the Fourth Amendment. It doesn’t even identify any individual. Only the narrowest, most important use of this data is permitted; other uses are prohibited. In this way, we protect both privacy and national security.
Some have questioned how collection of a large volume of telephone metadata could comply with the statutory requirement that business records obtained pursuant to Section 215 be “relevant to an authorized investigation.” While the Government is working to determine what additional information about the program can be declassified and disclosed, including the actual court papers, I can give a broad summary of the legal basis. First, remember that the “authorized investigation” is an intelligence investigation, not a criminal one. The statute requires that an authorized investigation be conducted in accordance with guidelines approved by the Attorney General, and those guidelines allow the FBI to conduct an investigation into a foreign terrorist entity if there is an “articulable factual basis . . . that reasonably indicates that the [entity] may have engaged in . . . international terrorism or other threat to the national security,” or may be planning or supporting such conduct. In other words, we can investigate an organization, not merely an individual or a particular act, if there is a factual basis to believe the organization is involved in terrorism. And in this case, the Government’s applications to collect the telephony metadata have identified the particular terrorist entities that are the subject of the investigations.
Second, the standard of “relevance” required by this statute is not the standard that we think of in a civil or criminal trial under the rules of evidence. The courts have recognized in other contexts that “relevance” can be an extremely broad standard. For example, in the grand jury context, the Supreme Court has held that a grand jury subpoena is proper unless “there is no reasonable possibility that the category of materials the Government seeks will produce information relevant to the general subject of the grand jury’s investigation.” And in civil discovery, relevance is “construed broadly to encompass any matter that bears on, or that reasonably could lead to other matter that could bear on, any issue that is or may be in the case.”
In each of these contexts, the meaning of “relevance” is sufficiently broad to allow for subpoenas or requests that encompass large volumes of records in order to locate within them a smaller subset of material that will be directly pertinent to or actually be used in furtherance of the investigation or proceedings. In other words, the requester is not limited to obtaining only those records that actually are potentially incriminating or pertinent to establishing liability, because to identify such records, it is often necessary to collect a much broader set of the records that might potentially bear fruit by leading to specific material that could bear on the issue.
When it passed the business records provision, Congress made clear that it had in mind such broad concepts of relevance. The telephony metadata collection program meets this relevance standard because, as I explained earlier, the effectiveness of the queries allowed under the strict limitations imposed by the court—the queries based on “reasonable and articulable suspicion”—depends on collecting and maintaining the data from which the narrowly focused queries can be made. As in the grand jury and civil discovery contexts, the concept of “relevance” is broad enough to allow for the collection of information beyond that which ultimately turns out to be important to a terrorist-related investigation. While the scope of the collection at issue here is broader than typically might be acquired through a grand jury subpoena or civil discovery request, the basic principle is similar: the information is relevant because you need to have the broader set of records in order to identify within them the information that is actually important to a terrorism investigation. And the reasonableness of this method of collection is reinforced by the all of the stringent limitations imposed by the Court to ensure that the data is used only for the approved purpose.
I want to repeat that the conclusion that the bulk metadata collection is authorized under Section 215 is not that of the Intelligence Community alone. Applications to obtain this data have been repeatedly approved by numerous judges of the FISA Court, each of whom has determined that the application complies with all legal requirements. And Congress reauthorized Section 215 in 2011, after the Intelligence and Judiciary Committees of both Houses had been briefed on the program, and after information describing the program had been made available to all Members. In short, all three branches of Government have determined that this collection is lawful and reasonable—in large part because of the substantial protections we provide for the privacy of every person whose telephone number is collected.
The third program I want to talk about is Section 702, part of the FISA Amendments Act of 2008. Again, a little history is in order. Generally speaking, as I said before, Title I of FISA, or traditional FISA, governs electronic surveillance conducted within the United States for foreign intelligence purposes. When FISA was first passed in 1978, Congress did not intend it to regulate the targeting of foreigners outside of the United States for foreign intelligence purposes. This kind of surveillance was generally carved out of coverage under FISA by the way Congress defined “electronic surveillance.” Most international communications in 1978 took place via satellite, so Congress excluded international radio communications from the definition of electronic surveillance covered by FISA, even when the radio waves were intercepted in the United States, unless the target of the collection was a U.S. person in the United States.
Over time, that technology-based differentiation fell apart. By the early twenty-first century, most international communications travelled over fiber optic cables and thus were no longer “radio communications” outside of FISA’s reach. At the same time there was a dramatic increase in the use of the Internet for communications purposes, including by terrorists. As a result, Congress’s original intention was frustrated; we were increasingly forced to go to the FISA Court to get individual warrants to conduct electronic surveillance of foreigners overseas for foreign intelligence purposes.
After 9/11, this burden began to degrade our ability to collect the communications of foreign terrorists. Section 702 created a new, more streamlined procedure to accomplish this surveillance. So Section 702 was not, as some have called it, a “defanging” of the FISA Court’s traditional authority. Rather, it extended the FISA Court’s oversight to a kind of surveillance that Congress had originally placed outside of that oversight: the surveillance, for foreign intelligence purposes, of foreigners overseas. This American regime imposing judicial supervision of a kind of foreign intelligence collection directed at citizens of other countries is a unique limitation that, so far as I am aware, goes beyond what other countries require of their intelligence services when they collect against persons who are not their own citizens.
The privacy and constitutional interests implicated by this program fall between traditional FISA and metadata collection. On the one hand we are collecting the full content of communications; on the other hand we are not collecting information in bulk and we are only targeting non-U.S. persons for valid foreign intelligence purposes. And the information involved is unquestionably of great importance for national security: collection under Section 702 is one of the most valuable sources of foreign intelligence we have. Again, the statutory scheme, and the means by which we implement it, are designed to allow us to collect this intelligence, while providing appropriate protections for privacy. Collection under Section 702 does not require individual judicial orders authorizing collection against each target. Instead, the FISA Court approves annual certifications submitted by the Attorney General and the Director of National Intelligence that identify categories of foreign intelligence that may be collected, subject to Court-approved “targeting” procedures and “minimization” procedures.
The targeting procedures are designed to ensure that we target someone only if we have a valid foreign intelligence purpose; that we target only non-U.S. persons reasonably believed to be outside of the United States; that we do not intercept wholly domestic communications; and that we do not target any person outside the United States as a “back door” means of targeting someone inside the United States. The procedures must be reviewed by the Court to ensure that they are consistent with the statute and the Fourth Amendment. In other words, the targeting procedures are a way of minimizing the privacy impact of this collection both as to Americans and as to non-Americans by limiting the collection to its intended purpose.
The concept of minimization procedures should be familiar to you by now: they are the procedures that limit the retention and dissemination of information about U.S. persons. We may incidentally acquire the communications of Americans even though we are not targeting them, for example if they talk to non-U.S. persons outside of the United States who are properly targeted for foreign intelligence collection. Some of these communications may be pertinent; some may not be. But the incidental acquisition of non-pertinent information is not unique to Section 702. It is common whenever you lawfully collect information, whether it’s by a criminal wiretap (where the target’s conversations with his friends or family may be intercepted) or when we seize a terrorist’s computer or address book, either of which is likely to contain non-pertinent information. In passing Section 702, Congress recognized this reality and required us to establish procedures to minimize the impact of this incidental collection on privacy.
How does Section 702 work in practice? As of today, there are certifications for several different categories of foreign intelligence information. Let’s say that the Intelligence Community gets information that a terrorist is using a particular email address. NSA analysts look at available data to assess whether that email address would be a valid target under the statute—whether the email address belongs to someone who is not a U.S. person, whether the person with the email address is outside the United States, and whether targeting that email address is likely to lead to the collection of foreign intelligence relevant to one of the certifications. Only if all three requirements of the statute are met, and validated by supervisors, will the email address be approved for targeting. We don’t randomly target email addresses or collect all foreign individuals’ emails under Section 702; we target specific accounts because we are looking for foreign intelligence information. And even after a target is approved, the court-approved procedures require NSA to continue to verify that its targeting decision is valid based on any new information.
Any communications that we collect under Section 702 are placed in secure databases, again with limited access. Trained analysts are allowed to use this data for legitimate foreign intelligence purposes, but the minimization procedures require that if they review a communication that they determine involves a U.S. person or information about a U.S. person, and they further determine that it has no intelligence value and is not evidence of a crime, it must be destroyed. In any case, conversations that are not relevant are destroyed after a maximum of five years. So under Section 702, we have a regime that involves judicial approval of procedures that are designed to narrow the focus of the surveillance and limit its impact on privacy.
I’ve outlined three different collection programs, under different provisions of FISA, which all reflect the framework I described. In each case, we protect privacy by a multi-layered system of controls on what we collect and how we use what we collect, controls that are based on the nature and intrusiveness of the collection, but that take into account the ways in which that collection can be useful to protect national security. But we don’t simply set out a bunch of rules and trust people to follow them. There are substantial safeguards in place that help ensure that the rules are followed.
These safeguards operate at several levels. The first is technological. The same technological revolution that has enabled this kind of intelligence collection and made it so valuable also allows us to place relatively stringent controls on it. For one thing, intelligence agencies can work with providers so that they provide the information we are allowed to acquire under the relevant order, and not additional information. Second, we have secure databases to hold this data, to which only trained personnel have access. Finally, modern information security techniques allow us to create an audit trail tracking who uses these databases and how, so that we have a record that can enable us to identify any possible misuse. And I want to emphasize that there’s no indication so far that anyone has defeated those technological controls and improperly gained access to the databases containing people’s communications. Documents such as the leaked secondary order are kept on other NSA databases that do not contain this kind of information, to which many more NSA personnel have access.
We don’t rely solely on technology. NSA has an internal compliance officer, whose job includes developing processes that all NSA personnel must follow to ensure that NSA is complying with the law. In addition, decisions about what telephone numbers we use as a basis for searching the telephone metadata are reviewed first within NSA, and then by the Department of Justice. Decisions about targeting under Section 702 are reviewed first within NSA, and then by the Department of Justice and by my agency, the Office of the Director of National Intelligence, which has a dedicated Civil Liberties Protection Officer who actively oversees these programs. For Title I collection, the Department of Justice regularly conducts reviews to ensure that information collected is used and disseminated in accordance with the court-approved minimization procedures. Finally, independent Inspectors General also review the operation of these programs. The point is not that these individuals are perfect; it’s that as you have more and more people from more and more organizations overseeing the operation of the programs, it becomes less and less likely that unintentional errors will go unnoticed or that anyone will be able to misuse the information.
But wait, there’s more. In addition to this oversight by the Executive Branch, there is considerable oversight by both the FISA Court and the Congress. As I’ve said, the FISA Court has to review and approve the procedures by which we collect intelligence under FISA, to ensure that those procedures comply with the statute and the Fourth Amendment. In addition, any compliance matter, large or small, has to be reported to the Court. Improperly collected information generally must be deleted, subject only to some exceptions set out in the Court’s orders, and corrective measures are taken and reported to the Court until it is satisfied.
And I want to correct the erroneous claim that the FISA Court is a rubber stamp. Some people assume that because the FISA Court approves almost every application, it does not give these applications careful scrutiny. In fact the exact opposite is true. The judges and their professional staff review every application carefully, and often ask extensive and probing questions, seek additional information, or request changes, before the application is ultimately approved. Yes, the Court approves the great majority of applications at the end of this process, but before it does so, its questions and comments ensure that the application complies with the law.
Finally, there is the Congress. By law, we are required to keep the Intelligence and Judiciary Committees informed about these programs, including detailed reports about their operation and compliance matters. We regularly engage with them and discuss these authorities, as we did this week, to provide them information to further their oversight responsibilities. For example, when Congress reauthorized Section 215 in 2009 and 2011 and Section 702 in 2012, information was made available to every member of Congress, by briefings and written material, describing these programs in detail.
* * *
In short, the procedures by which we implement collection under FISA are a sensible means of accounting for the changing nature of privacy in the information age. They allow the Intelligence Community to collect information that is important to protect our Nation and its allies, while protecting privacy by imposing appropriate limits on the use of that information. Much is collected, but access, analysis and dissemination are subject to stringent controls and oversight. This same approach—making the extent and nature of controls over the use of information vary depending on the nature and sensitivity of the collection—is applied throughout our intelligence collection.
And make no mistake, our intelligence collection has helped to protect our Nation from a variety of threats—and not only our Nation, but the rest of the world. We have robust intelligence relationships with many other countries. These relationships go in both directions, but it is important to understand that we cannot use foreign intelligence to get around the limitations in our laws, and we assume that our other countries similarly expect their intelligence services to operate in compliance with their own laws. By working closely with other countries, we have helped ensure our common security. For example, while many of the details remain classified, we have provided the Congress a list of 54 cases in which the bulk metadata and Section 702 authorities have given us information that helped us understand potential terrorist activity and even disrupt it, from potential bomb attacks to material support for foreign terrorist organizations. Forty-one of these cases involved threats in other countries, including 25 in Europe. We were able to alert officials in these countries to these events, and help them fulfill their mission of protecting their nations, because of these capabilities.
I believe that our approach to achieving both security and privacy is effective and appropriate. It has been reviewed and approved by all three branches of Government as consistent with the law and the Constitution. It is not the only way we could regulate intelligence collection, however. Even before the recent disclosures, the President said that we welcomed a discussion about privacy and national security, and we are working to declassify more information about our activities to inform that discussion. In addition, the Privacy and Civil Liberties Oversight Board—an independent body charged by law with overseeing our counterterrorism activities—has announced that it intends to provide the President and Congress a public report on the Section 215 and 702 programs, including the collection of bulk metadata. The Board met recently with the President, who welcomed their review and committed to providing them access to all materials they will need to fulfill their oversight and advisory functions. We look forward to working with the Board on this important project.
This discussion can, and should, have taken place without the recent disclosures, which have brought into public view the details of sensitive operations that were previously discussed on a classified basis with the Congress and in particular with the committees that were set up precisely to oversee intelligence operations. The level of detail in the current public debate certainly reflects a departure from the historic understanding that the sensitive nature of intelligence operations demanded a more limited discussion. Whether or not the value of the exposure of these details outweighs the cost to national security is now a moot point. As the debate about our surveillance programs goes forward, I hope that my remarks today have helped provide an appreciation of the efforts that have been made—and will continue to be made—to ensure that our intelligence activities comply with our laws and reflect our values.
 Vernonia School Dist. v. Acton, 515 U.S. 646, 652-3 (1995).
 Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 195 (1890).
 82 Stat. 214, formerly codified at 18 U.S.C. § 2511(3).
 See, e.g., 50 U.S.C. §§ 1801(h)(1) & 1821(4)(A).
 Attorney General’s Guidelines for Domestic FBI Operations (2008), at 23.
 United States v. R. Enterprises, Inc., 498 U.S. 292, 301 (1991).
 Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 351 (1978).