New information and more questions on US global surveillance after Congressional oversight hearings

Ella Cheng contributed to this post.

Yesterday, representatives of top U.S. intelligence agencies testified before the U.S. House Intelligence Committee in a public oversight hearing on “How Disclosed NSA Programs Protect Americans, and Why Disclosure Aids Our Adversaries.” True to the title, the public hearing largely served to allow officials to legitimate the recently-revealed massive US surveillance programs. While most of the questions offered by Committee members were structured to advance this narrative, a few representatives pushed back, granting the public important new information on these programs.

The hearing featured testimony from five key witnesses: Director of the National Security Agency (NSA) General Keith Alexander, Deputy Attorney General James Cole, Deputy Director of the Federal Bureau of Investigation (FBI) Sean Joyce, General Counsel at the Office of the Director of National Intelligence Charles Litt, and John Chris Inglis, Deputy Director of the NSA. They discussed two surveillance programs: the collection of domestic phone records under Section 215 of the PATRIOT Act, as revealed by the Verizon scandal, and the surveillance of the content of communications of those believed to be non-US persons under Section 702 of the FISA Amendments Act, as revealed by the PRISM scandal.

After a very favorable introduction by Committee Chair Mike Rogers and the Ranking Member, Dutch Ruppersberger, Gen. Alexander launched into his defense of the two programs. Lamenting the “incomplete, inaccurate information” presented by the media, he assured the public that the surveillance programs are a vital and legal part of our national security program and has been instrumental in diverting terrorist attacks “over fifty times since 9/11.”

What the NSA says it’s collecting
In expanding upon the details of the two programs, Deputy Attorney General Cole revealed important new information on how each works. Discussing the mobile records collection program operating under Section 215, he again affirmed that no cell site or location information was available through the database, contradicting some of what has been said about the program in the media. He also stressed that no names or identifying characteristics were included.

This information is initially reassuring. However, both of these facts are drawn into question by Mr. Cole’s subsequent assertion that the data of US citizens is subject to additional controls. The idea that intelligence agencies can identify who is and is not a US citizen without knowing anything about the location or identity of the caller is highly suspect. While Deputy Director Inglis stated later that area codes can be used to suggest a target is American, this is clearly not an effective way to determine citizenship.

Regarding the program authorized under Section 702, Mr. Cole admitted that content of user records is collected. Defending this, he stressed that the program is “only allowed to target non-US persons who are located outside of the United States,” extending the U.S. government’s narrative of reassuring it’s own citizens by discounting the rights of others.

Defense – through data sharing?
In his testimony Gen. Alexander reiterated the NSA’s position that the programs have helped prevent more than fifty attacks in twenty countries. While this comment was meant to justify the surveillance, it seems to confirm troubling reports that information is shared with other countries. This type of information sharing poses a serious threat to the privacy rights of people around the globe. In a recent UN report, the Special Rapporteur on Freedom of Expression, Frank La Rue, stressing the fact that these programs may enable governments to cooperate with one another to circumvent domestic laws restricting surveillance of their own citizens.

Gen. Alexander offered the public details on only four of the ‘over fifty’ cases, citing fear that releasing more information might compromise national security. Of the cases presented, only one case relied on information obtained via the mobile records program justified under Section 215. According to Gen. Alexander, in the aftermath of 9/11 the FBI dropped an investigation of an individual for links to terrorism, but reopened the case after the NSA provided the FBI with a tip that a phone number in the US corresponding with the earlier suspect had been in contact with known terrorists overseas.

According to the Deputy Director of the FBI, this allowed them to “disrupt this terrorist activity.” Pressed further by Rep. Ruppersberger as to what the activity was, Mr. Joyce confirmed the suspect was providing financial aid to a foreign terrorist organization. The fact that this is the only example provided by the government of how 215 has been used – and that the interruption of foreign funding is categorized as ‘preventing a terrorist attack’ – raises serious questions about what the other forty six-plus cases look like and the utility of these programs.

Only a few hard questions
While many representatives used their time to thank the witnesses for their service to the American people and offer relative softballs, a few put forward real concerns. Unfortunately, most of the harshest questions from the Committee members were those that pressed officials on how former intelligence contractor Edward Snowden was able to leak this information, how much ‘irreparable’ damage had the leak done to U.S. national security, and how the NSA intended to prevent future leaks.

However, Rep. Adam Schiff and Rep. Jim Himes pushed for real answers about the programs themselves. Rep. Schiff asked why phone records could not be stored with telcos and then requested by subpoena, which Gen. Alexander admitted was a possibility the NSA should look into, but maintained that “the concern is speed in a crisis.”

Rep. Schiff also pressed about how metadata was accessed, asking if the NSA was required to get court approval each time the database was queried. While Mr. Cole attempted to hedge in his answer by stating that the court sets standards for what can be queried, he ultimately admitted that the NSA was not required to receive court approval on per-records basis. Rather, queries were made at the discretion of intelligence officials, and those queries are then reported to the FISA court every thirty days. Pressed further about whether the details and motivations of each query had to be justified to the court, Mr. Cole also conceded that only the aggregate numbers were reported.

Rep. Jim Himes raised even more serious problems with the programs. Criticizing the scope of metadata collection, he called the program historically unprecedented. He asked officials what was to stop an agent from misusing the data, and where they drew the line as to what could be collected. Mr. Cole responded that ultimately it was up to Congress to set limits on what could be obtained. However, given the classified nature of these surveillance programs, it has been nearly impossible for congress to address them. Gen. Alexander also assured the representative that there has never been a willful abuse of information by anyone working in the program, which is an insufficient guarantee that abuses will not occur in the future.

Himes also raised important concerns about the necessity of these programs. Pressing Gen. Alexander, he asked how often information gathered under Section 215 has been essential – rather than merely useful – in stopping a terrorist attack. To this, Gen. Alexander admitted that of the more fifty cases cited, only “slightly over ten” had a domestic nexus; because information gathered under Section 215 is specific to domestic phone calls, it was only relevant in these cases. He declined to expand on how often this collected information was instrumental in the “slightly over ten” cases described.

All Section 215, no Section 702
Unfortunately, both of these lines of questioning were largely directed at the collection of US phone records under Section 215. It is disheartening to see that even the most ardent opponents showed little concern for the international implications of these programs. Similarly, the failure to explore the full scope of PRISM, which is justified under Section 702, leaves the public with little new information on perhaps the more troubling program.

Despite this failing, and the largely non-combative nature of the questions, the hearing helped expand our understanding of these controversial programs, though perhaps not in the manner the committee had hoped. It is now abundantly clear that the private content of communications outside the United States are being collected and surveilled by US intelligence agencies. Officials also confirmed that the queries for data are not subject to specific court authorization or oversight. Finally, regardless of privacy concerns the efficacy of these programs – particularly the collection of metadata – was called into serious question.

Rep. Mike Pompeo left American citizens with the priceless advice that they now had the choice to believe the heads of the NSA or “a felon who fled to communist China.” As the substance of the leaks were original documents, and the initial revelations have since been further confirmed by multiple media sources, this seems like a false dichotomy. Given the the choice between trusting those who secretly spied on the world for nearly a decade, and the whistleblower who revealed the scope and extent of these programs, many around the world – Americans and non-Americans alike – may find it a simple decision.