The 2015 usa freedom act banned bulk collection of private records. The Senate Judiciary committee recently held a hearing on reauthorizing the legislation. Among the witnesses were officials from the fbi, the Justice Department and the nsa. This is two hours. 2015. We have two panels, basically, four parts of the act. I want the panel to tell us the good, the bad and the ugly why we need these four people, why we need to reauthorize the program n your view, what happens if we dont. Would you accept any changes . What would those changes be. And other than recite your testimony, im very interested in hearing from the National Security perspective how the usa freedom act of 2015 is still relevant in 2019 and beyond and the tools available, how theyre relevant to the fight were still in. I would end with this. Baghdadi is dead but the cause lives. The effort to penetrate our country is ongoing every day. Terrorists groups with a lot of different names are trying to come here to do us harm to hurt americans abroad and the war is far from over. I wish it were, but it is not. There is no air force to shoot down, theres no navy to sink, theres no capital to conquer. This is ideology that must be combatted and those that embrace this ideology, embrace death. The only way you protect america is to hit them before they hit you. Stop them over there before they get here. And the only way you can do that is to find out what theyre up to using acceptable tools within our constitutional democracy. With that ill turn it over to senator feinstein. Thanks, mr. Chairman. Ill try not to be redundant but this hearing, i think, is important because it provides an opportunities to take a good look at provisions of the usa freedom act that are set to expire at the end of this year, on december 15. These are section 215, otherwise known as the Business Record provision as well as roving wiretap Congress Prohibited this bulk collection in the 2015 usa freedom act introduced by senators leahy and lee. Now instead of bulk collection by the government, records remain with phone providers and are searchable only with a fisa order for a, quote, specific selection term, end quote. Thats generally a specific phone number or address. This call detail record, we call a cdr, is meant to make sure its sufficiently targeted, but in june 2015 nsa publicly announced that due to technical irregularities, the cdr program it had received data that it was not legally authorized to receive. Moreover, the agency could no longer distinguish between records that were obtained lawfully and those that were obtained unlawfully. As a result, nsa announced it would delete all call detail records acquired over the last three years. In august the director of National Intelligence, dan coates, confirmed nsa had suspended the cdr program indefinitely due to its lack of intelligence valley as well as its cost and compliance issues. Despite this the administration is asking congress to permanently authorize this program. Now, its really not clear to me why a program with limited intelligence value and clear compliance problems should be reauthorized. And unless there is good reason to believe that it should, i do not believe we should reauthorize it. Thank you very much, mr. Chairman. Thank you, senator feinstein. First witness is brad wiegmann, michael orlando, Deputy Assistant director for the Counterterrorism Division and susan morgan from the National Security agency. Mr. Wiegmann. Chairman graham, Ranking Member feinstein, members of the committee, thank you for the opportunity to testify today about four provisions about fisa. These are authorities that will expire at the end of this year unless theyre reauthorized by congress. The administration strongly supports permanent reauthorization of these provisions. Three of the thoeshgts the roving wiretap, Business Records and lone wolf provisions have been part of fisa for well over a decade. Theyve been renewed by congress multiple times. These same authorities were reauthorized multiple times between 2005 and 2012 and each renewal gained bipartisan support. Today im going to give you a brief overview of three of the legal authorities and then ill turn it over to my colleagues from fbi to determine how theyve been used in practice and theyre value to National Security. Then my colleague from the nsa is going to address the fourth authority, the cdr authority that senator feinstein described under which nsa can collecting metadata. First, the roving wiretap authority. This enables the government to continue surveilling a fisa Court ApprovedNational Security target when the target takes affirmative steps to thwart the surveillance. They repeatedly and rapidly change communication broadwayers to evade government monitoring. Roving provision allows us to continue surveying without going back to the court for a new order. The government has used this in a relatively small number much cases each year. They tend to involve highly trained foreign Intelligence Officers operating within the United States who use these countersurveillance techniques or other important investigative targets. The wiretap act on the criminal side has for decades contained a similar roving provision for ordinary criminal investigations of, lets say, drug dealer or organized crime dealer who might also take steps to thwart surveillance. Second, the Business Records authority. This allows the government to apply to the fisa court for an order to collect records, papers and other documents relevant to an authorized National Security investigation. It allows the government to obtain many of the same type of records it can obtain through a grand jury subpoena in an ordinary criminal case. For example, it can be used to obtain drivers license records, hotel records, car rental records, shipping records and the like. In most cases these are records the government obts without any court order. A fisa Business Record is usually sought because they use less secure criminal authorities or there may be no criminal investigation under be way and something that is purely an intelligence matter. This authority has been used several dozen times a year on average over the last few years. The Business Records provision is also the mechanism for the targeted collection of cdrs from telecommunication provider. My colleague from nsa will discuss in a few minutes this provision provides a way for the government to identify telephone contacts of suspected terrorists who may be within the United States. Finally, we have the lone wolf provision. This enables the government to surveil it also applies to foreign persons engaged in international proliferation of weapons of mass destructions. The government has want had occasion to use the lone wolf authority to date but it fills an important gap in the governments collection capabilities where isolated actors are concerned. It allows for the surveillance of a foreign terrorist who might be inspired by a Foreign Terrorist Group but is not technically an agent of that group. For example, it would allow surveillance of a foreign person who has selfradicalized of a Foreign Organization on the internet or a known International Terrorist who severs connections with a torist groups. Any of the three requires approval from the fisa court. Each of them also requires strict rules governing how the government would handle any information contained concerning u. S. Persons. And each is subject to oversight. As ive said, each has been renewed by congress multiple times in the past. With that ill stop and turn it over to my cleelgz. Good morning, chairman graham, ramging member feinstein and members of the committee. Thank you for the opportunity to testify about important provisions of the usa freedom act that will expire unless reauthorized by congress. These provisions have been integral to the fbis success in many National Security investigations. I will likely not be able to get into specific examples of our use of these but i will do my best to provide you with hypothetical situations that demonstrate the critical roles these tools play in National Security investigations. I have seen the new england of these provisions in my time as counterintelligence agents. And im looking forward to answering your questions. New technology has allowed actors to work increasingly in the shadows. Today we have nearly universal access to the internet and anyone with a cell phone can view and become radicalized by extremist contexts. Our forces no longer have to travel to other countries and interact with other extremists. Instead they can do this with from their home. Because of this theres a shift towards individuals acting alone with multiple ideologies and without clear ties to any one foreign adversary. Our window for identification and disruption is shrinking. As these threats have evolved, congress has helped us ensure we are prepared to the appropriate tools to continue to protect the u. S. And its interests. Im here today to talk about the expiring provisions which the fbi uses with fisa quort approved oversight. As my colleague from the department of justice explained, we use the Business Records provision to obtain records for other tangible things for use in a National Security investigation. We often describe the Business Records provision as a Building Block authority. That means we use it in early investigation to build our case against National Security threats. Its important to note response Business Records do not contain content. The information we get from a Business Records order often helps us meet the legal threshold needed in order to get a report from the fisa court for a wiretap. For example, once we receive the Business Record returns, if the suspected terrorist is communicating with a known bomb maker, we would have relevant information to help establish probable cause for a wiretap. Similarly if we receive Business Records showing the terrorist is buying bomb materials like fertilizer and a large amount of ball baergz that information can help us establish probable cause. The roving authority detailed in the usa freedom act is also an important provision that counteracts efforts by various National Security threats, including terrorists and Intelligence Officers to avoid courtauthorized surveillance. These individuals often employ tactics such as using multiple burner phones or creating multiple email accounts we use this authority regularly in our National Security investigations as a tool to missing critical intelligence that would be lost if our ability to initiate surveillance was a fisa warrant on each new facility. The last authority is the lone wolf provision. Even though its not yet been used we believe its critical. Homegrown violent extremists are among the top threat to the homeland. These individuals are, by definition, not in direct collaboration with foreign terrorist organizations. Homegrown violent extremists are often selfradicalized online with propaganda and motivated to attack with individuals associated with a foreign terrorist organization. Rest assured, the lone wolf provision is narrowly tailored as it is only for nonu. S. Persons. These are critical important in our fight to keep the American Public safe. Thank you for the opportunity to appear before you today. Im happy to answer any questions related to these authorities. Chairman, Ranking Member, distinguishes members of the committee, thank you for the opportunity to testify today about the National Security agencys call detail Records Program. The authority for the call detail records, or cdr program, is among the important provisions of the Foreign Intelligence Surveillance Act that will expire at the end of the year, this year, unless reauthorized by congress. Congress added this authority to the Foreign Intelligence Surveillance Act four years ago in the usa freedom act as one of several significant reforms designed to enhance privacy and Civil Liberties. It replaced nsas bulk telephany with a new authority where the bulk metadata would remain with the teleservice providers. As this committee 2015 report described, the cdr authority provides a, quote, narrowly tailored mechanism for the targeted collection of telephone metadata for possible connections between foreign powers or agents of foreign powers and others as part of an authorized investigation to protect against International Terrorism, end quote. Critically, the provision authorizes the collection of certain metadata associated with telephone calls such as the originating or terminating telephone number and the date and time of a call, but does not authorize collecting the content of any communication, the name, address or Financial Information of a subscriber or customer or locational information. As this committee is aware, the nsa recently discontinued the cdr program and deleted the records acquired under the cdr authority after balancing the prament every programs intelligence value, associated costs and compliance and data integrity concerns. Nsas decision to suspend the cdr program does not mean that congress should allow the cdr authority to expire. Rather, that decision shows that the executive branch is a responsible steward of the Authority Congress affords it. As Technology Change cans, our adversaries trade craft and communication habits continue to evolve and adapt. In light of this dynamic environment, nsa supports reauthorization of the cdr provision so that the government will retain this potentially valuable tool should it prove useful in the future. Thank you again for the opportunity to testify today. I look forward to your questions. Senator leahy, you would like to make an Opening Statement . I would. I appreciate that. I was proud to join with senator lee in requesting this hearing. I think i speak for both senator lee and myself. We thank you for holding the hearing, mr. Chairman. Im proud of my successful efforts in 2015 to pass usa freedom act. This is the first Major Overhaul of government surveillance powers in decades. It added significant privacy protections for the American People. Now, though, we didnt look at it, see how it works. We have the opportunity to learn from it and respond to whats happened over the past four years. What have we learned . We know the government issued only 14 cdr program orders in 2018, but they collect over 434 million records relating to over 19 million phone calls. Did all that with their 14 orders. We know two incidence of significant overcollection. In fact, resulted in the nsa purging all of their records and ultimately decommissioning the program. We know director dan coates acknowledged, even as he requested permanent reauthorization of all the authorities granted in the usa freedom, that the cdrs programs relative intelligence value was negligible. Given all that, what dont we know . Unfortunately, quite a bit. Were only a month away from these authorities expiring. We dont know what caused the massive overcollection. What companies were responsible or why it was not feasible for the nsa to identify or isolate the improperly produced data. Its not as though senator lee and i have not tried to learn the answers to these questions. We tried to make sure that this was not a republican or democrat issue. This was an issue the United States care about. Almost a year ago in december 2018, senator lee and i wrote a letter to the dni and Justice Department asking these and other questions. So, almost seven months later in july we wrote again. Unfortunately, we have yet to get a substantive response to either of these letters. Despite this, despite not answering our question, the government is now requesting permanent reauthorization of all the authorities granted in the usa freedom, including the cdr program. They argue that, well, it might, eventually be useful in technology might evolve to the point they could collect metadata in compliance with the law. We might be able to obey the law. Let me be clear. Maybe some day it will be of some use. Hopefully well develop technologies to not again violate the law. Well, thats not appropriate justifications to reauthorization these powers. If we reauthorize maybe we could actually follow the law. If at some point in the future the technology develops to allow for metadata collection, it is appropriately limited, that follows the rules, thats fair, come back to congress and let us revisit the question. Until that time theres no reason to reauthorize the cdr program. Well be legislating in the dark. So, mr. Chairman, i thank you for holding this hearing. I look forward to the testimony, but lets lets not say lets not pass