Intelligence Officials Push Back in Senate Hearing Against Transparency Measures

Meeting the bill’s requirements would be “operationally difficult” and could take years of work for numerous National Security Agency analysts, Office of the Director of National Intelligence General Counsel Robert Litt said during the hearing. That estimate is “quite frankly, shocking,” said Kevin Bankston, director of the Free Expression Project at the Center for Democracy & Technology. Having more detailed information about the government’s surveillance programs is “critical to understanding whether they're being used correctly,” Bankston said, calling the administration’s transparency efforts to this point “falsely reassuring” and “misleading."

The Surveillance Transparency Act would require the NSA to release annually the number of people whose data are collected under each “key” foreign intelligence authority, Franken said. Within that dataset, the agency would also have to estimate how many of those people are American citizens or Green Card holders, and how many of those individuals actually had their information looked at by the intelligence community. Additionally, the bill would lift the “gag orders” on Internet and phone service providers, allowing these companies to reveal specific information about the different information requests from the government and the number of users affected as a result of these orders. Currently, these service providers can release only aggregate information regarding information requests, although five tech companies have petitioned the Foreign Intelligence Surveillance Court (FISC) requesting the right to disclose more information. (See separate report below in this issue.)

The bill is one of several surveillance program overhauls floating around Congress, but advocates agreed Wednesday that transparency was the uniting thread. “While opinions on the bulk collection program may differ, many of us agree on the need for more transparency,” Heller said during his statement. But intelligence officials and lawmakers disagreed on what type of transparency best balanced the need for information with national security concerns.

The administration’s ongoing disclosures of FISC decisions and agreement to start publishing the number of targets looked at under these foreign intelligence authorities are sufficient transparency steps, Litt said. Researching the number of U.S. persons whose communications are collected would “perversely require a greater invasion of privacy” since it is often not possible to determine whether a person who receives an email is a U.S. citizen, he said. “I find this kind of troubling,” Franken said. “Isn’t it a bad thing the NSA doesn’t even have a rough sense” of how many Americans’ information is collected? he asked. “There’s nothing permanent about what you're doing,” Franken said. “We're trying to create a framework."

In 2011, the NSA used statistical sampling to make an estimate of “wholly domestic” communications that were incidentally collected, Litt said. That review, which looked at only a “small portion” of all communications collected, still took six NSA analysts two months of work to produce “numbers in a wide range based on a lot of assumptions,” Litt said. And that was only to find communications in which both parties were Americans, according to Litt. Franken’s bill would require NSA to report any communication collected that included just one American. Such a report would be “resource-intensive,” Litt said, although he conceded when pressed by Sen. Richard Blumenthal, D-Conn., he wasn’t sure if there had been “an actual cost estimate” done.

National security risks would arise from allowing Internet and phone service providers to disclose more specific surveillance request numbers, said Deputy Assistant Attorney General-National Security Division Brad Wiegmann. If a company introduced a new service that caused its surveillance requests to skyrocket, “adversaries could surmise the capability of the government to collect information on that service,” Wiegmann said. It would create a “detailed roadmap” for adversaries of “which providers and which platforms to avoid,” Litt added.

But the inability to provide such information has a “negative impact on our growth and prosperity,” said Google Director of Law Enforcement and Information Security Matters Richard Salgado. Many companies, including Google, already publish aggregate information about domestic law enforcement requests, and adding national security requests to that aggregate report “would be a significant step backward” in transparency, he said. Lumping these two types of requests would “obscure important information” and “our users and the general public ... would receive less information than we disclose in our current transparency report,” Salgado said. A lack of transparency threatens to fracture the global Internet and create a “splinternet” as countries move to require companies to exclusively store their data within a single jurisdiction and block companies from cooperating with U.S. authorities around data disclosure, he said. It could become an “Internet structure based on political boundaries,” according to Salgado.

Structural changes could be “more effective” at reestablishing trust “than even the most detailed disclosure,” said Paul Rosenzweig, principal at Red Branch Consulting, a homeland security consulting company. Making the NSA inspector general a presidential appointee and expanding the Privacy and Civil Liberties Oversight Board’s authority are the type of changes that are “not as sexy,” but allow the intelligence community to do its job more effectively, he said. Franken’s bill “operates from the unstated assumption that we've already learned about all of the classified programs operating” under those authorities, he said. “I suspect there are other covert programs that have not yet been disclosed.” Owing to the disclosures required in Franken’s bill, those programs might come out, harming national security, according to Rosenzweig.