[Declan McCullagh's note: This call took place on Wednesday, October 11, 2007. Here's some background on the legislation.]
TRANSCRIPT FOR CONFERENCE CALL WITH
ASSISTANT ATTORNEY GENERAL KENNETH L. WAINSTEIN ON FISA LEGISLATION
3:36 P.M. EDT
MR. ROEHRKASSE: Hi. This is Brian Roehrkasse. Thank you for joining us this afternoon. Ken Wainstein, the Assistant Attorney General for the National Security Division is here with me and we'd like to take this opportunity to provide you with some information regarding the FISA modernization legislation that was marked up today in the House.
I'd like to turn it over to Ken to provide an overview on some of the administration's concerns with this bill, and then we'll take your questions. So with that I'll turn it over to Ken.
MR. WAINSTEIN: Okay. Good afternoon everybody. Ken Wainstein here, and I'm here with a number of my colleagues who will chime in as we go.
Let me just take a minute to just sort of set the scene and then give a little background, tell you where I think we are in this process and explain a few things, a few concerns and observations we have about the legislation that got marked up today.
Just to sort of make sure we're on the same page, everybody who has followed this recognizes that this is all in an effort to remedy a problem that's developed with the FISA statute since it was enacted back in 1978 in which we've seen over the years a sort of jurisdictional creep of the FISA statute because of changing technology such that we've ended up getting to a point where we've had to go to the FISA court to get FISA court orders to permit us to target persons for surveillance who are overseas.
That has been recognized by everybody as a problem. Last year in 2006 there was a good bit of activity on the Hill about this. House actually passed a statute to fix that problem but it didn't get through Congress. As you know, in April of this year, the director of national intelligence proposed a FISA modernization bill that included a fix of this problem. We then had a couple hearings back in May. Then we got to July and the PAA got passed, which sort of was a targeted fix of the definitional problem with electronic surveillance and also gave us a mechanism for compelling assistance from providers, and that was in a very targeted sort of stop-gap kind of fix.
We've now gone through a whole series of hearings. I've testified in four or five of them over the last few weeks. I think it's been a healthy process, a number of different concerns have been raised about the PAA and how and whether the PAA addresses the concerns that we have with original FISA statute, and I think it's been a good process.
We're still in the middle of that process, and I think today we saw legislation get marked up in the House that was a product of that process and product of the various -- some of these concerns and are a proposed means of addressing the concerns that were raised in the hearings.
While the House bill does provide a means of the government having a sort of programmatic approach to getting authorization to do electronics or to do surveillance overseas, there are certain concerns that we have about this legislation, and I just wanted to kick off a few and then I'll just open it up for questions.
There are a few particular things about this legislation that give us serious concern. One is that, as you see, it has a provision that requires that we get FISA court approval before directing surveillance at persons overseas, and that was the fundamental problem that we all set out to address at the beginning of this process, that that was never the intent of FISA. Based on historical backdrop, the constitutional backdrop, based on the legislative history of the deliberations of FISA and based on the technological reality at the time, it was clear it was not intended for us to have to go to the FISA court to get FISA court authority to direct surveillance at persons overseas.
This would require us to do so. It also, as a practical matter, gives us some serious concerns because as I read the bill we have 45 days to go up on surveillance on an emergency basis but if we do not get the approval of the FISA court for one reason or another that surveillance will go dark. We'd have to go down with that surveillance. There is no sort of mechanism built into the bill, as far as I can see, that allows for an appeals process and for us to continue that surveillance while we undergo the appellate process as we do have in the PAA.
So that's the first concern. Another concern that we have is by its term the legislation limits the type of foreign intelligence that we can collect pursuant to this authority and it takes out a category of foreign intelligence information that FISA allows us to collect, which operationally can be very problematic for us.
It doesn't permit us to collect information that relates to foreign affairs, which I think could cause problems for us operationally because we then have to distinguish between those pieces of information that might relate to foreign affairs and those that might relate to preventing terrorist attacks and the other categories of foreign intelligence that we're allowed to collect under FISA.
It also might even mean that the FISA court will have to draw distinctions like that, which would be even more problematic for a court to have to draw those distinctions. And you know, in short it means that we'd be in a position of being able to service maybe the Department of Defense or Department of Justice but not the State Department, which seems somewhat awkward.
Another issue, as you know, there's no immunity for providers who allegedly assisted the government since 9/11 in its efforts to protect the country against terrorists. I've laid out those arguments, we've all laid out those arguments for why fairness dictates that any such providers should not be subject to crushing liability, to the costs of litigation and that litigation should not precede and possibly disclose very sensitive sources and methods of information that could assist our adversaries.
Another problem is that this has a sunset, and the sunset, I believe is the end of 2009, which seems just around the corner. And while I understand the concern that maybe we want to continue to assess this legislation, the reality is, for us to be effective in the intelligence community, for us to be effective in operations, intelligence agencies need predictability, they need certainty. We have to build systems and processes and procedures based on the law that we have, and every time there's a change of law we then have to redo those processes, procedures and the like, and that is very disruptive.
We also just need to know, as a matter of security for our personnel, that we know what the law is and what we reasonably expect the law to remain. And when we have short sunsets like this it causes serious problems for our operations.
There is also a raft of provisions about oversight, and as anybody who has followed the hearings would know, we're not reflexively resistant to oversight at all. In fact, we made it clear and I have particularly made it very clear with Congress that we have implemented a whole host of oversight procedures in relation to our implementation of the PAA authority. And so it's not something that we're reflexively resistant to, but if provisions that are in here seem like they could be pretty burdensome and that the burden might well outweigh any benefits.
There's a couple particular issues about why the Department of Justice Inspector General, for whom I have a lot of respect, he's a very effective Inspector General, but according to this legislation it appears that he would be the one who would be doing oversight of the intelligence community agencies, which seems a little awkward.
So those are just a number of the concerns that sort of occur to me, and I have to admit we haven't had a lot of time with this bill, so there's probably more for us to learn about it. But at least 24 hours into receiving this bill, that's where we stand.
MR. ROEHRKASSE: Okay. We'll take your questions now, but I should add that this call is on the record but then we also have a number of DOJ officials here with us that may choose to chime in with some very detailed -- they have detailed information in regard to your questions, and those officials can be attributed on background, and we'll make clear if there's any confusion.
With that, we'll take your calls.
QUESTION: Hi, Ken. With regard to the telecom liability question, why -- I guess if you can just run through it. I know you say you've explained it a million times to us, but what is the problem with letting the judicial process work itself out? I mean, you guys say that, you know, you're trying to protect companies that, you know, helped the government out after 9/11.
But if right now there's a dispute over whether or not that was legal, you know, what's the problem with letting that work itself out, and why do you have to protect the companies?
MR. WAINSTEIN: Well, I guess there are sort of several things I'd point to. One is, as I mentioned earlier, just sort of a fundamental notion of fairness I think, which is, I mean, here you have allegedly companies that stepped up and answered the government's request to assist the government in efforts to protect against a second wave of attacks after 9/11 and protect against the ongoing terrorist threat.
And any such companies who would have undertaken anything like that would have presumably done it for that very purpose. As far as I can see, there's no real, you know, other ulterior motive or economic motive for doing it.
And it just seems at sort of a gut level it seems to me to be unfair to now turn around and have them face, you know, not only the costs and difficult consequences of having to defend against litigation, but based on what I read, you know, potentially crushing liability, you know, to the tune of billions of dollars. And so it's sort of a fairness matter. That's where I come out.
I also, as we've mentioned before, this litigation does run the risk of disclosing secret information, very classified, sensitive information. Because as you know, all such operations, any alleged operations like this, would be very sensitive and be the kind of thing our adversaries would want to know about. And whenever you litigate something like this, you run the risk that you're going to disclose this information.
And another thing that also resonates with me is that, you know, any companies that might allegedly have assisted us in the effort against terrorists might well not want it disclosed that, you know, for security reasons, that they did help us out. These would be -- any such companies would be companies that would have valid concerns for the safety of their own assets and their own personnel.
So, you know, that's sort of a number of reasons why it occurs to me that immunity is called for in this situation.
QUESTION: Hi again. Would you go over again the provision that deals with getting court approval in the case of those who call the U.S.? How would that work? And I know you and others have said it is unworkable and brings the court into an area it was not previously involved in, but could you just talk a little bit more about that and what the operational difficulties would be?
MR. WAINSTEIN: Well, it would -- the bill that was marked up today would require that -- it would require us to apply to the FISA Court for approval. Now this is as opposed to the Protect America Act, the PAA, where we didn't have to go to the FISA Court to get approval to do this surveillance.
Rather what we did is we submitted to the FISA Court the procedures that we used to determine that a target of the surveillance was overseas. And so long as the FISA Court reviewed those procedures and found that they were reasonable, that they were reasonable in reasonably determining that a target was overseas and the FISA Court would pass on those procedures. The court did not have the responsibility of reviewing an application by us and approving or not approving that surveillance.
And as sort of a jurisdictional matter and kind of a general legal matter, that is an extension of the FISA Court's jurisdiction in a way that has not be extended before. It's officially extending the FISA Court's jurisdiction to surveillances targeted against persons overseas.
The FISA, original FISA, as I explained earlier, sort of crept out because of the changes in communication technology, crept out such that we had to go to the FISA Court to get approval to do a number of these surveillances, but it was never the, you know, that was never the explicit intent of the statute.
So I think that would be a departure. And in terms of sort of our operational concerns, you know, it's really hard to predict exactly how operationally difficult it would be, but -- and as I said, we just got this bill just recently.
But it is something that gives us a lot of concern, that we would have to go a FISA Court to get these approvals in an area where we really need flexibility. We need to be nimble and we need to be able to move around to get these surveillances. And keep in mind, these are surveillances of people outside the United States.
QUESTION: But you would, your reading of the bill is that you would indeed need to get court approval to listen to anyone overseas that you're targeting overseas if and when they call the U.S.?
MR. WAINSTEIN: Yeah. Just to be clear, there's a carveout at the very beginning of this legislation that says if, you know, we're certain that it's foreign-to-foreign that we could do it without court order.
But I think we've explained at all these hearings -- now let me step back a second. You know, a number of people have suggested from the beginning, well, why don't we just have a carveout for foreign-to-foreign? Doesn't that satisfy everybody? And, you know, once calls are made in the United States, then you'd have to get a court order.
A number of objections to that, but one of which is that, you know, we don't always know -- we will often know -- we'll know where the person is, or the facility is that's making the call, let's say, but we won't know necessarily where that communication goes. So at the time that we intercept the communication, we won't know that it's foreign-to-foreign. It might well be foreign to the United States.
So that carveout, which actually really just restates what FISA says originally, doesn't really give us much comfort operationally because it means that we would still have to go to the FISA Court for the vast majority of the surveillances we'd be focused on.
QUESTION: Okay. Thanks.
QUESTION: Yeah. Hi. I think you just answered it, but just to be clear, the law currently allows the wiretapping of an American citizen if the person on the other end of the line is the target of an investigation, and if that person is a foreigner living abroad. But the proposed bill would say that in that situation, you have to get FISA Court approval before you can do that surveillance. Am I understanding this correctly?
MR. WAINSTEIN: I missed your scenario there.
QUESTION: Oh, sorry. Currently allows the wiretapping of an American -- of somebody in the United States, I assume is a citizen, if the person on the other end is the target of the investigation, and is a foreigner living abroad. Is that correct?
And then if that's true, then from what I'm understanding from your just -- your recent answer, the proposed bill would say that that has to go through the court now when it does not have to go through the court under the current law.
MR. WAINSTEIN: Okay. I'm sorry. I guess what you're talking about is if we're under the PAA, if we target somebody overseas --
MR. WAINSTEIN: -- and we're collecting on that person, we don't have to get a court order to do that.
QUESTION: Right. Even if the person calls somebody or somebody in the United States calls them, if one end is in London, then you don't need an order. But that's the current law. Now does the proposed bill say that you'd have to go through FISA Court to get approval for that kind of surveillance?
MR. WAINSTEIN: Yes.
MR. WAINSTEIN: Yeah. And it can be done on a programmatic basis. That's what I mentioned early on, that this bill does allow for us to go to the FISA Court on a programmatic basis so that we wouldn't necessarily have to go for individual warrants or individual orders, which is what we'd have to do under the original FISA prior to the PAA.
So that of course is, you know, that's better than before, but it's still -- it would mean we'd have to go to the FISA -- got to go to the FISA Court initially to get approval.
QUESTION: Okay. Thanks.
QUESTION: Hi, Ken. Thanks very much for this. Now can you just go over the difference between the procedures that you spell out in the PAA for going to the court to make sure that you're doing everything right in terms of reasonably believing that a person who's targeted is overseas and isn't a U.S. person versus what it says in the RESTORE bill. Because it seems to say that what it's taking to the FISA Court is in fact a determination of your method. So it's a little hard to see what the distinction is that you're finding fault with here.
MR. WAINSTEIN: Under the PAA, as I said, what we can do is if we -- well, under 105(b) of the PAA, the Director of National Intelligence and the Attorney General have to certify a number of things before undertaking surveillance.
One of the things is that there are procedures in place that reasonably determine that the target of the surveillance is outside the United States. Those procedures have to get drafted, signed, filed with the court. They are provided to Congress, and the court reviews them. We had under the PAA, we had 120 days to give them to the court, and the court had up to 180 days to review them. The procedures are filed. And the court would then, to review those procedures and make sure that they did reasonably determine the person was outside the United States.
So that's what we had under the PAA. Here, where this is not a matter -- here being in the RESTORE Act -- it is not a matter of the court just reviewing the procedures by which we determine a person is outside the United States and therefore outside the jurisdiction of the FISA Court, rather, this bill says that that surveillance would be within the jurisdiction of the FISA Court, and the FISA Court would have to approve it.
We actually have to file an application for FISA Court approval for the surveillance. It could be a programmatic application. But the FISA Court would have to approve it, and if the FISA Court does not do so within 45 days, we have to go down. So that's the end of that surveillance. We then have to submit the procedures by which we determine a person is outside the United States and the person we want to surveil is not a U.S. person, and also minimization procedures.
We have to submit them to the court and we have to report a number of things to the court as well. So, it's a very different process on a number of different levels. One, it's approval and not just review and approval of the procedures, and two, it's we provide the court a good bit more in terms of the procedures and they spend a good bit more time assessing compliance with those procedures.
QUESTION: Just to follow up, do you have a problem with the second part and not the first in terms of if negotiations further decide that it would look more like what the PAA says but with the further additional reporting requirements, would you still have a problem with that bill?
MR. WAINSTEIN: Well, you know, I don't really want to sort of engage in kind of hypotheticals as to what negotiations will bring down the road. We've been, you know, Director McConnell and I in our series of hearings were asked questions about, you know, whether it's conceivable that the FISA Court could review minimization procedures and that kind of thing, and we answered the -- we sort of laid out the pros and cons, operational pros and cons of that.
But in terms of sort of what our negotiating position would be, bottom line is, as I think the President and the Director of National Intelligence have said a number of times, that the sort of -- where the rubber meets the road on this is that the DNI is going to be asked, is this sufficient for you to have the operational flexibility to protect the country as you think the country needs -- as we need to?
And all these things are going to be factored in as to -- all these things being, you know, whatever procedures are in place, we just have to make sure they're not too cumbersome to slow down our operations.
QUESTION: Hi Ken, two questions, one that they're willing to let Congress know exactly what they'd be offering that immunity for. Is that something that you guys are willing to do?
MR. WAINSTEIN: Yeah, I've been asked that a number of times in hearings, sort of where things are in terms of the discussions about what documents would be turned over to Congress and what parts of Congress would see them. I just don't know what the state of play is in those discussions, I know they're ongoing however and will continue to be, but I really couldn't tell you sort of where they stand right now.
QUESTION: Right, but their argument is you're asking us to immunize people for doing things that we don't know what they've done, so why should we offer them immunity? It sounds like a fairly reasonable objection, you're asking them to immunize someone for something and they don't know what it is.
MR. WAINSTEIN: Right now this is a matter that's being discussed by different parts of the executive branch, with members of Congress, and I'm just going to sort of leave it to them to play it out.
QUESTION: Second question is it seems to me that the entire reason for the programmatic warrant is the concern that under the PAA there is a huge possibility that American communications would be intercepted and there's no court review at all after the fact or during the fact of that interception that those communications are being handled correctly -- other than the fact that Justice Department is full of professionals who would want to handle them in the correct way. So it seems that the programmatic warrants were created in order to insert the court to make sure that there's some court oversight, some independent jurisdiction on that. What is your response to that concern, and if there's some other way of ensuring judicial oversight on that without doing this and the programmatic warrant?
MR. WAINSTEIN:I mean I think there definitely is. First, I could answer that a number of ways. First, I'd lay it out in a letter, I think, our Office of Legislative Affairs laid out in a letter all the different oversight mechanisms that we put in place, and I mentioned this earlier, that we put in place to ensure strict compliance with all aspects of the PAA authority.
And that's not something new. We have oversight mechanisms in place for use of FISA. And one of them, for example, when you talk about minimization, for example, is that we here, our attorneys over National Security Division do what are called minimization reviews all around the county and go in to ensure that minimization procedures are being followed by our agents and to ensure that, you know, if court orders that minimization procedures are to be followed that they then are followed. We go out and do this on a regular basis every year any number of times. And that is our own oversight of adherence to these minimization procedures.
We expect to do the exact same thing to continue that into the future. It's worked quite well, and it is really, that's the mechanism. That's the way to ensure that these minimization procedures are done. I can tell you that there's no court that can do that.
We do report problems that we find to the FISA court, but the FISA court itself is not going to be able to go out and comb through files out in the field office in Wichita to determine whether or not --
QUESTION: But the reason, I'm sorry, the reason that you report those to the FISA court is because those minimization procedures are conducted under FISA court orders. And the argument here is that without something like a programmatic warrant the FISA court would never be in that loop, you would never have to report how you were doing to them. It would just be you guys monitoring yourselves and your opponents would say, the fox monitoring the hen house.
MR. WAINSTEIN: Right, well, I mean a couple things. First we also will be reporting to Congress. In fact, the PAA requires us to report to Congress any incidence of noncompliance on a semi-annual basis. We promise to do that on a much more regular basis, I think on a monthly basis. But also, keep in mind, minimization procedures apply not just in the FISA context but in our regular collection around the world. And we self-police that; that's the way the intelligence community operates, and we have pretty strict and pretty comprehensive oversight at all the agencies, and the FISA court is not involved in that.
But we have to report on a regular basis, those agencies have to report on a regular basis to the intelligence committee what their findings are.
QUESTION: Have you finished that first monthly review?
MR. WAINSTEIN: Yes, we actually did a review I believe within 14 days of implementation.
QUESTION: And what were the results?
MR. WAINSTEIN: I can't go into the results in an open setting, but I can tell you that Congress has been -- we've had members of -- congressional staff members out to the intelligence agencies to take a look at how the implementation is going and we have told the judiciary committees and intelligence committees that we're happy to provide them any information they want about our internal reviews.
QUESTION: Okay. I'm done.
QUESTION: Hi. If I could ask about the discussion of a potential compromise on the retroactive immunity, something like indemnity that could, say, allow some lawsuits against Telecom to come through but they might not have to pay any legal damage money -- is this a bright line in terms of the President saying immunity or nothing or is there some room?
MR. WAINSTEIN: Once again, you know, I'm just not going to sort of -- it's a good question, but I'm not going to get into what the negotiations might or might not end up being. But keep in mind that any system which allows these lawsuits to go forward still runs the risk, no matter who ends up paying at the end, it still runs the risk that this litigation is going to disclose very sensitive information, sensitive for our intelligence efforts and also, as I explained earlier, sensitive for the companies themselves.
QUESTION: Hi. I have two quick questions. One was about the requirement that FISA court approve any surveillance foreign to U.S. communication, if I'm saying that correctly. Does that apply even if both participants in the conversation are foreign but their communication hits the U.S. server for email or phone lines?
MR. WAINSTEIN: I'm not sure I got the hypo, but if what you're saying is -- you said 'foreigner.' If what you mean is two people outside the United States --
MR. WAINSTEIN: Under this bill, that would not require us to go to FISA court. That of course raises the problem, as I had said earlier that while it's a theoretical matter that would seem to exclude a good bit of the communications here. As a practical matter, we don't know where the recipient is most of the time when we're trying to survey or intercept the communication, so it really doesn't do any good for us.
QUESTION: Right, I understand your point there. I just wanted -- one of the concerns of the update over the summer was that you'd get rid of the requirement that all communications over wires require FISA court approval. It sounds like this update is getting rid of at least that, is that correct?
MR. WAINSTEIN: No, no. It still -- I mean it puts us in a position of going to the FISA court for approval. It's a different mechanism for approval, but it still has us going to the FISA court.
QUESTION: Okay. Let me move on to my second question. You said that you don't think that the IG should be doing oversight of intelligence and I just wondered who, in your opinion, should be doing oversight.
MR. WAINSTEIN: All I was saying is I was noticing that it was the Department of Justice Inspector General. And the point is that any intelligence community agency that was subject, whose operations would be subject to this has their own Inspectors General. So that's why I was just -- I was querying why it would be a Department of Justice IG, who is a very effective IG but not somebody who is regularly overseeing the operations of an intelligence agency. And that's why I was sort of raising that question.
QUESTION: Okay. And can I just follow up on my first question to try and get it straight? My understanding is that when you guys updated FISA on a temporary basis over the summer, got rid of the provision that required FISA court approval of any communications that may have been from a foreign target to another foreign communicator but may have hit the U.S. via a wired communication, whether that's a server or a phone line. I'm correct in stating that, right?
MR. WAINSTEIN: I think the legislation did more than that. Foreign to foreign communications were already out of FISA if we would know that ahead of time and could be certain of that.
What the PAA did was ensure that if we were targeting the person outside the United States we could target them without an individualized court order regardless of where they were calling.
QUESTION: All right, thank you.
MR. ROEHRKASSE: I would like to say we have time for two more questions, but I would like to make them from two reporters. So if you could, just keep your question to one question each, that way we can have more people that ask questions.
MR. WAINSTEIN: Keep your voice up too, when you're speaking.
QUESTION: Yes, Jim Raleigh. Just to clarify, you're saying that if the call is foreign-to-foreign and it's routed through the U.S. it does not have to be, wouldn't be subject to the warrant requirement, you would only have to do that if you had no reason to know where the call is going to go and you'd have to get a programmatic warrant? And the other question I have is about whether an American oversees would have -- you'd have to get individual warrants to target them?
MR. WAINSTEIN: Another change here from the PAA is that this carves out the United States persons overseas. And so in other words, we would have to go to the FISA court for approval to survey United States persons overseas.
And as you know that was an area of much discussion in our hearing because traditionally, what we've done since 1981 is, by executive order we have -- whenever we wanted to survey a United States person overseas the necessary process is that we have to go to the Attorney General himself or herself and that Attorney General has to find probable cause to believe that that United States person is an agent of a foreign power.
So in other words, we'd have to make that -- the Attorney General personally has to make that determination before we can do surveillance of a U.S. person overseas. So it's quite rigorous, and nothing about the PAA changed that requirement. And there's been talk about whether that's adequate, et cetera, but as we've always said, that has worked quite well to protect the fourth amendment rights of Americans overseas since 1981. It's been found to be reasonable under the fourth amendment in court, and so that's why the PAA didn't change that.
MR. ROEHRKASSE: Take one more question.
QUESTION: Hi. I guess my main, quick question would be, can you elaborate a little on what's your understanding of this programmatic warrant, what are the parameters of it? How broad? I mean is this, you just get one master warrant that would cover everything overseas? Is it region by region, country by country? Does it -- group by group? What's your understanding of how that would work?
MR. WAINSTEIN: You know, I don't know for sure. And as I said, I haven't spent a lot of time with the statute and it's not clear from the face of the statute. It seems to allow for something beyond individualized warrants, but beyond that it doesn't really seem to give us a lot of guidance as to whether we're talking about bunches of people or what, but it does seem to suggest that we can do programmatic warrants that would allow for -- avoid individualized warrants, which is better than having to go back for individual FISA applications each time we want to -- an individual human being. But that's something that we'll probably only be able to define if this statute actually got passed.
At that point, as a matter of practice -- determine what the FISA courts, what lines they draw.
QUESTION: So it would be up to the FISA court, you think, to determine how broad that program could be?
MR. WAINSTEIN: Yeah, just at this point I'd just be guessing as to where the line is going to be drawn on that.
MR. ROEHRKASSE: Okay. Well, thank you very much, and we'll try to get out a transcript as soon as possible for this call, and as always feel free to call our office with any follow-up questions you have. Thank you.
END 4:14 P.M. EDT
# # #