Future of internet governance. Last years conference showed us that through this deep International Division of over whether to subordinate the open internet to world governments, including repressive regimes, the u. S. Needs to be a beacon for freedom and openness in this battle. Given these risks, we propose enhanced transparency and procedural reform, clearer protection for americans, and baseline protections for international users. With regard to transparency and procedural reform, we think all governments should share with citizens meaningful information about their surveillance laws, their legal interpretations, and judicial procedures that govern the exercise of this powerful authority. Of course, the u. S. Cannot demand this from others unless it leads by example. Furthermore, companies should be permitted to disclose publicly to their users the precise volumes of requests from governments. Businesses should not only be prermted to release transparency reports but encouraged to do so. We categorically reject the notion that open government will cause undue damage to security. Transparency and criminal surveillance have been the norm for years and have not appeared to materially affected Law Enforcement. In order to present a robust check on the government, the fisc must also evolve to include a wellresourced advocate to provide an alternative view point, particularly in situations involving novel questions of law. Second, focusing on protection for americans. Federal laws addressing the circumstances in which the government may collect american data for National Security purposes are badly in need of reform. Collection of metadata is one area that is most obvious as it reveals a great deal of sensitive, private information. Furthermore, important First Amendment rights of association are implicated by the government assembling its own version of your social network and their own analysis. The usa freedom act addresses this problem by explicitly prohibiting this type of collection, both on the internet and on telephone net works. Thats one of the reasons we are supporting it. Third and finally, protections for foreigners. A difficult subject to deal with but despite the global interconnected nature of the internet, the u. S. National Security Policy continues to presume u. S. Citizens deserve protection from unwanted surveillance while others do not. If foreigners lack baseline privacy assurances, foreign competitors will supplant u. S. Leadership in Internet Innovation and digital commerce. Thus, undermining strategic economic and other security interests. This is especially true Going Forward as foreign markets are increasingly important. Thank you very much for the opportunity to testify. Look forward to your questions. Thank you very much, mr. Black. Our next witness is julian sanchez, who is currently a Research Fellow at the cato institute, focusing on the intersection of technology, prooif circumstances and Civil Liberties with a focus on National Security and surveillance issues. He previously served as the washington editor for a Technology News site and has written for a wide array of publications. Mr. Sanchez, welcome. Thank you, senator whitehouse. Its a privilege to address this committee. I want to begin my suggestion to step back from the details of the disclosures in recent months, we find a disturbing pattern across multiple programs and authorities focusing in particular on the Metadata Program, the now defunct internet Metadata Program and upstream collection under section 702 of the fisa amendments act. In each of these cases what we see is extraordinary but nevertheless limited authorities were secretly interpreted in ways that permitted far more extensive collection than certainly members of the general public and even i think many legislators believed at the time of passage had been authorized. This was done in part because the fisa court, which was established on the premise that it would be authorizing and finding probable cause in cases of specific and traditional targeted surveillance, instead found itself in the position of addressing broad programs of surveillance, often involving novel, legal, or technological issues. Its not clear that body was well established to consider. In the metadata cases, these interpretations took to form of an unprecedented reading of relevance that held entire databases containing information about millions of admittedly innocent americans to be relevant on the grounds that a fishing expedition through those records might ultimately turn up evidence that would not otherwise be detected in the absence of some specific grounds for suspicion. That is probably true, but it is of course true of any phishing expediti expedition. There is no real limiting principle in that argument for any type of records. I was particularly disturbed to hear earlier, mr. Litt refuse to reassure us that the scope of the records obtainable under section 215 does not exclude the contents of Digital Communications or cloud stored documents. Its also particularly troubling to see this applied in the case of the internet Metadata Program, because in that case, the shortsighted holding of smith versus maryland was applied as though it referred to metadata generally, which is certainly not a term we find in had the 1975 decision. When in this case, it involved e ma email metadata thats never processed by the internet backbone provider from whom it was presumably obtained. Theres an additional constitutional question in that case. In the case of 702, we know the Supreme Court relied on the recent ruling in amnesty v. Clapper on representations that only communications to or from specific overseas targets were being intercepted. We now learned, of course, that also communications referring to overseas targets would be intercepted and in many cases for technical reasons, a single email meeting selection criteria would lead to the entire inbox of the commune cant being obtained, including again potentially entirely domestic emails on what the court believed could be a scale of many tens of thousands per year under that one collection program. In each case, additionally, we learned that for months or years the actual Technical Details of how these programs operated were misrepresented to the fisa court, which was of course therefore not able to effectively conduct oversight and in each case, again, elaborate safeguards and restrictions imposed by the fisa court as a condition of authorizing those programs were effectively neglected because of the vast scale and complexity of those programs. Additionally in many cases, we found that the claims of efficacy made at the time dont appear to have held up well over scrutiny from many dozens of foiled terror plots weve gotten down in the case of the metadata case to one instance involving funding and Material Support where it appears to have played some uniquely valuable role. Given the limitations imposed by the fisc, its not clear why more traditional targeted records orders could not have been used without incidentally sweeping in millions of innocent persons records. We are assured that the problems detected with these programs have not been willful or intentional. This is not especially comforting to me for several reasons. The first is that if we look to history, we find that in general, abuses of intelligence powers were committed by people who were well aware of the oversight mechanisms in place who often took elaborate steps to gain those restrictions. In the cases of Bradley Manning and edward snowden, steps were taken to evade oversight mechanisms. We know that certainly happened many times in the past. Its why abuses went undetected for so long. Additionally, the scale of collection itself makes abuse more difficult to detect and less likely to be detected when it does occur. Think of the case of illegal wiretaps it of the southern christian Leadership Conferences offices. That at least was halted by an attorney general who found the suspicious fact the wiretap existed and there was record of it. When youre doing collection on this scale, the mere existence of communications or records about an Innocent Party are not themselves that kind of essential indicator. Finally and most generally, i would just encourage the committee to think architectu l architecturally. We should not authorize extraordinary architectures of surveillance on the basis that we now have great confidence in the probity of the persons controlling the levers. James otis, whose condemnation of the writ of assistance was part of the inspiration for the fourth amendment, condemned those writs saying it is from their mere existence that every household or in the province becomes less secure. And there is a sense in which while they may serve some role in protecting us against foreign attacks, we are less secure when the government maintains vast databases on americans without particularized suspicion. I thank you and look forward to your questions. Thank you, mr. Sanchez. Our final witness is professor kerry cordero, whose bio i have just mislayed, but im sure you can get me another one very quickly. Thank you. She is an adjunct professor of law and the director of National Security studies at the Georgetown University law school. Shes previously held several National Security related positions with the department of justice and the office of director of national intelligence. Shes also testified before this committee before. Welcome back, professor. Please proceed. Mr. Chairman, thanks very much. Thanks for the opportunity to return to the committee. Since the october hearing, the conversation, i would suggest, has shifted somewhat from where it first was. First, i would suggest that the conversation has evolved from objections to specific programs to a discussion of our understanding of intolerance for foreign Intelligence Surveillance activities more broadly. Second, the legislative proposals are coming closer to scaling back National Security legal authorities in a way that might take the country back to pre9 11 standards. And third, the path forward on authorized Public Disclosure in a way thats responsive to the concerns of the previous sector remains a worthy goal but still a significant challenge. With respect to the metadata collection under the Business Records provision of fisa, the power of metadata. Basically, this argument is that metadata is a powerful tool, can reveal an awful lot about us and there should be limits on the collection and use of it. I dont disagree with the general proposition, but the problem with the argument made on 215 is that the worrisome assemblage of americans metadata bears no relation to the existing 215 Program Congress is currently considers. It does collect an enormous volume of americans telephone detail records, but the collected information does not appear to include content of phone calls, names of subscribe subscribers, Payment Information or location information. The vast majority of it is never viewed by human eyes and the records are handled under court order rules. So of the arguments that congress should outlaw collection altogether for better or for worse, every day americansoutlaw bulk communication all together, we all, regular people, government leaders, as well as those who are National Security threats, use the internet, computers and smart phones to communicate. And so just as everyday citizens should not with expected to con ve convert to the Postal Service or land lines. It is just as unrealistic to expect citizens to unplug as it is to expect or require the nsa or the fbi to use 20th century collection, analytic or investigative techniques to protect the nation from 21st century threats. A few observations on s1599, the usa freedom act that has been submitted. Sections 101 and 201 would change the legal standards to implement devices by applying connection to an agent of a foreign power. The likely intended effect of these provisions is to eliminate the 215 bulk telephone program. It would have far more existing consequences. The standardings are currently aligned on the National Security side with investigative authorities in the criminal context which operate on a relevant standard. By raising the standard, these zexzs would render these techniques nearly useless which is when they are precisely most useful. These changes could return us to the days prior to 9 11. Similarly, section 501 would amend the National Security letters by requiring the requested record to also have a connection to an agent of a foreign power. This would have a similar effect in sterms of severely limiting the fbis ability to kublgt investigation. 301 would appear to inhibit the Intelligence Community from section 702 of fisa to search for u. S. Personifications. The nsa can query the communications already acquired under 702. The proposed legislation would only take place with a criminal warrant prior to judicial approval based on probable cause. And in my written statement, i give an example of how this could po tenl shlly play out in practice. A few words just on a particular proposal to enhance transparency thats in the bill. In my view, theres substantial value with the executive branch of the private sector to rebuild confidence between them. But a particularly problematic proposal is section 502. I believe that this is not only targets but persons of communications who are incidentally collected. If thats the sbent, it would actual actually grade the sbel juns community personnel, look at, grade, keep records aport and record on information for records that they would otherwise be in pursuit of discovering, analyzing and reporting only foreign intelligence information. So, again, thank you for the opportunity to be hear today and i look forward to your questions. Thank you very much. Let me start with a question for mr. Black. There is legitimate concern that the knowledge of our National Security activities cast a shadow on the ability of American Companies to compete internationally. That was the basis of your testimony. Do you believe that foreign customers, if they sign up for a service with waweah, that the Chinese Government is not looking into this data . Or the russian government, if they sign up, in areas under its jurisdiction, or the french government, for that matter . Do you think that the yiegts government is the only government thats frying to take advantage of Big Government . Ill do think the reality is that governments in general are inclined to want more and more information. Too much. Its what we address in our testimony is, in fact, standard that all governments should be asked to undertake disclosure in terms of limits. The difficulty is that the yiegts is in a difficult position in credibility when we are you saying the russians are more advanced than the United States is . Im not doing a come parson. Im simply saying that i dont think most people, the citizens and the customers of the world, think that United States laws first of all, i do believe you have to protect the balance of this, dont get me wrong. But are there any other countries for the next behavior . Is there another country that has a bet ere i think theres many that dont do as much as we do. I can name some. Theres very tiny little countries that probably dont have a phone system. But in terms of the Major Economic and political actors on the stage. What do we want . Tremendous empowerment, tremendous dip low matic and political opportunities and for billions of people around the world . Do we want one where people can have association with other people without being spied on by their government ord our government or any other government . Is that a desirable outcome. If so, how do we take steps in that direction . Or do we accept the reality to go into maximum collection and go in the big brother direction as far as we can go. I dont think thats a future i look forward to. Its difficult to want to restrain especially with our government who really do believe in the motivation of what theyre doing. But they are zealous and more effective. And they are, in fact, in a position where they are able to gather a great deal of information. So you think our Government Security services are more dangerous to Civil Services than china and russia . Are they more interested . Absolutely. No doubt about it. You agree that our government ov overof our national oversite is far more once again, i cant compare to other people. I dont know the details. I certainly had a presumption of that. Do i any we have lived up to the best intent and good faith of our constitution with the legal constructions, no, i dont think weve lived up to the principles. The core prince pms of the first amend. And fourth amenldsment, as faithfully as we cocould. Are we better . Of course. Thats not a question that i think is fair. You take a different view than the courts that have overlooked this. I think some are in a position of higs tor kal base. With the Business Records theres no present decision by any court that suggest that is theres been that this is operated in violation of the fourth amendment. It would take a new dwgs to decision to make that conclusion that has no