antiquities. but i think they'll exhaust data some point. it's the oil that is going to be committed going to be sustainable system here, an organization, it's going to be the oil. out of we get at that in terms of our strategy? i know that we are doing targeted missile strikes and bombings, and but to really take away the capacity to produce oil, you've got to occupy the ground. i'm just curious if you think that our current strategy that really looks at population centers like mosul is the right strategy. would it not be better for us to encourage the iraqis and the kurds to really focus on the oil production areas and try to take them away from isis control?

>> thanks for the question. i think that the appropriate way to do this is pretty much what's being done right now actually, and such using airstrikes to limit the freedom of movement and the ability to move oil and smuggle it as easily as isil was able to be for the airstrikes started. meanwhile, buying time for an advice and assist effort and capacity building effort to try to stand up in some cases local security forces or the iraqi army to conduct effective operations is insulated to push isil back from the territory is controlling. >> i appreciate that, i don't mean to cut you off but from 2003-2011 we spent $24 billion, the united states taxpayer spent $24 billion training 938,000

iraqis how to fight. and to equip them, train them. and who we have 30,000 sunni that are over running the country. as isis gets stronger and stronger, we are back again with this training operation and i just have some misgivings about, you know, what's that saying that the definition of insanity is doing the same thing over and over again and hoping for a different result. i'm just a little bit, i think the training piece in kurdistan what we did not train before is probably money well spent, but i'm a little skeptical about what we're doing with the folks we trained already. >> the gentleman's time has expired. to china recognizes the gentleman from kentucky for five

minutes. >> thank you, mr. chairman. would you all a sense, and let me just direct this first question to dr. levitt. would you assess that the primary source of revenue for isil is the oil revenue? >> by far. >> okay. how effective as u.s. efforts in so far, the coalition's efforts been so far at targeting the middlemen in the iraqi kurds or, to the turkish elements that constitute the middlemen, how effective how we been in identifying those middlemen that are delivering the oil to other parts of? >> there's very little in the open source about.

when i talk to people privately miners and is there has been some progress in identifying these people, then take some time to put together packages and fully get to the point where you can designate somebody that i expect those designations will be forthcoming. we've seen more success in working with partners in places like turkey and in the kurdish areas of the north of iraq where the problem isn't so much criminal middlemen, that corrupt politicians who are involved in this as well. keep in mind these are oil smuggling routes, and individuals have been involved in this for your since the oil for food program. combating something that has the kind of attraction is difficult. >> would've a airstrikes with these mobile refineries, how effective has not been? >> military says the been there very effective but if you look at the numbers we were saying that isis was making $3 million a day. now most say about 1 million, maybe even a little us. i would say that's about

two-thirds reduction. that's a tremendously successful. we are not near where we need to be yet but headed in the right direction. >> to follow-up mr. lynch's line of questioning, is there anyway even if we have had some modest success with respect to these mobile refineries in the airstrikes, is there any way we can truly come back or is it practical to believe we can truly combat the sort of oil revenue without we taking identifiable oil fields from isil control? >> to fully deal with the problem you're going to have to retake the oil fields, but even short of that if you can deny your adversary the ability to extract, to move, to refine that oil, if they're sitting on it but not making money on it or only make as much money as they can make domestically which is happening already come in some cases then you can further degraded their capabilities. >> how well do we know whether or not the assad regime is a

primary purchaser or a small purchaser of some of this illicit oil trade? >> my understanding is there's no question but that the assad regime purchases isis oil, has been doing so for something. we are talking about oil fields on both sides of the border. but other point i didn't get to him a oral remarks is the need to make sure we're doing things, combating the financing not only in iraq but also within syria. the extent which fluctuates i'm not sure. sure. >> what about turkish cooperation with respect to the oil trade? >> its increased significantly. it's going to be difficult though. this is something that's been going on for years and years and years. the price of oil in southern turkey is very expensive per liter. there's a built-in supply and demand, even at a sharp discount the people are selling the oil out in southern turkey you can still make a profit because the market will bear it because market oil is so high.

>> quick final shifting gears to the issue of kidnapping-for-ransom. under secretary cohen's testimony was that it's been used policy for many years to reduce the payment of ransom or make other concessions to hostage takers but can any of you access to assess how the release of the five taliban war criminals from guantánamo in exchange for sergeant bergdahl impacted the u.s. position with respect to sending that signal to partner nations of? >> it wasn't helpful. i think it's inconsistent but i think it's in a mixed message to our european allies who were being critical of, the french and spain, for making ransom payments for the release of isis hostages. i think it again was counterproductive and it undermines our efforts. at the end of the day this is a

significant, may not be the most significant source of funding by the vices making $20 million a year or up to this point, that significant. we need to undercut that the billy and when we are engaging in this type of conduct i think it's counter productive. >> thank you. yield back. >> the gentleman's time has expired. now recognize that children from wisconsin for five minutes. >> thank you, mr. chairman. a lot of the topics have been covered today but my concern with the administration is its initial designation as isis as being a gdp and. i look at the strategy of the administration in regard to its mission to disrupt, degrade and defeat isis, take issue with the way they've with the way the light it up if i wished to say we're going to do the isis. spending $500 trying to train 500 will moderate unquote rebels today, 40-80,000 jihadists doesn't seem like a sound strategy to defeat this group of

radicals. and then as i think it was mr. roth is indicated on average seven bombing missions a day compared to what we present time in prior engagements seems far too little and too late. my concern is come has been with the administration's strategy and i'm concerned that the lackluster approach that just reference is taking place on the finance side. does the panel think treasury has been adequate engaged on the care finance side of disrupting the money that flows to isis? >> as i stated in my opening statement, i think they are struggling to i think certainly they have good intentions and disputed treasure is struggling. >> but they're struggling with getting footing. that's reflected in the low number of designations spent

isis is an struggling to to struggling? >> yes. >> i think mr. pearce asked this question but i'm confused. moving oil is not like moving nuggets of gold or diamonds come right? there's a large quantity of oil that has to be moved from the oil fields and/or the refineries, correct? >> or talk about 20,000, 30,000 barrels a day. there may be some, it's not an exact figure but it's a significant amount of oil that's been transported every single day. >> and wants it sold understand it to be more difficult to identify those operatives made in the finance side and the purchase side and the middleman side of oil, but does it seem impossible that we could bomb tankers of oil as they leave the refinery only the wells? why aren't we engage in military action to destroy the oil as it leaves? why aren't we doing that? anyone on the panel.

mr. levitt. >> i don't have the answer to that. it's more of a militant question than not. the my guess is if it were that simple we would be doing it. i don't have the perfect answer to question. i would just say i am absolutely certain that the approach of treasure is not lackluster in the least. people are working very, very hard on these issues. it's the nature of the problem they're facing. is what congress we wanted him to do is designate 40 people, we could do that tomorrow. >> i'm not saying that. we are moving large quantities of oil in the drones in the air. we have air superiority. that we can take that is somewhat a concern. we cannot do with a small tear network. we are doing with large amounts of money and i would imagine it's easy to trace large amounts

of money rather than a few million dollars here and there. we are talking hundreds of millions of dollars, write a? >> correct. i would just shove the i.t. with complete coverage at all times. it's better asked to a military person. >> fair enough. i want to switch to another topic. the united states and turkey are collating an initiative within the financial action task force. are you aware that? is it fair to say that turkey was just removed from the gray list from that task force, from the task force? >> that's right. that was a lot of treasure and other work to get them listed and then to get them to the point where they ce delisted. we don't have a choice as to who sits on the boards of cedar and iraq. if you can get turkey not only to get off that list but not to be helpful on this, which by the way isn't a favor to us but this is on the border, not ours, then that's a good thing. we need to sit on them very

carefully. >> looking at turkey, kuwait, iraq, qatar, are we applying adequate pressure to those countries to get into engage with us on the finance side of the isis? >> i think there's always more that can be done, and one of the points that i made in my written testimony is i think there has been an effective or inadequate use of the psa enforcement actions. they can impose significant civil fines on banks that are not compliant with the counterterrorism financing regulation with respect to counterterrorist financing, i think treasury has done a good job on anti-money-laundering side with respect to designate or i should say finding banks that are not in compliance with theirs financing regulations, i've only identified to banks in the last 10 years. does include the air bank and the doha bank from qatar. i think treasury can be doing a much better job in that area.

>> the gentleman's time has expired. chair recognizes the gentlemen from california. >> isis rules territory, gets money, the lights are on in mosul, not all the time but electric, electricity continuity is shoddy in much of iraq. for this outbreak a lot of the electricity for mosul came from the mosul bam. is that still providing electricity to those living under isis? does anyone have an answer to? >> is isis collecting money from the people who received at electricity? >> my understanding is it is not under the control speech i know. >> money from -- >> how are they getting electricity from mosul?

>> my disenius the government that controls the damnest align electricity to go into the city because there are citizens who live there. >> that's basically the point. electricity goes into mosul. isis collects without electricity speedy i don't know the last part is true. >> we do know they are in a position to collect for the electricity. >> we know there able to tax or anything the one. for the and the breed or anything else. >> when we were series about world war ii, we didn't provide electricity or food or anything else to the people of france when they lived under nazi occupation. yet you are saying the government is providing electricity to mosul the is the iraqi government being paid for that? >> i don't know. i think the iraqi -- >> so it supports the economy of mosul and the other areas under isis control to isis then taxes those people, and spent we are

short of world war right now and if you want one sure way for the center government in iraq to go even further to losing the support of more of their constituencies, tonight electricity to iraqi citizens who are -- >> let me get this, you supply the economy under isis control. isis then taxes that economy and that, did we lose the hearts and minds of those who were resisting nazis because we not only did not provide free food or electricity to the people of france, august the electricity would have worked but food, but, in fact, we prevented food imports in france?

did we retain the support of the civilian population that was under nazi occupation? is there any other wa word you could point to a free electricity goes from one side to the other? >> again, unless you have information, i don't know that free electricity, i don't know if they're taxing electricity. this is a deeply sectarian war more than anything else. so the further you make divisions between the sectarian communities in iraq, the worse it's going to be. >> so you our foreign policy of supporting the strategic elements of the economy under isis control. you know, that's certainly -- >> i think you know that's not what i said. >> what? >> i think you know that's not what i said. >> you can clarify for the record in writing what your position is. now, and i guess that would also

apply to petroleum. if you're in favor of the lights being on in mosul, and people are to be up to drive from north mosul to self mosul. we are preventing them from exporting oil. i wouldn't everything possible to prevent them from producing enough oil for the civilians under the control? >> again, i think this is, as we've already discussed in a very important source of income for -- >> on a talk about exporting to him talk about providing for the millions of civilians under the control. >> i don't think it has been a priority but i don't think has been a focus. >> so turning off, we did not hesitate to bomb oil fields during world war ii. we do not think that making sure that the people of france to drive around paris was essential to retaining the support of those civilians. the idea that they would be people driving civilian cars in mosul but that somehow the tanks now captured by isis would not

have, obviously, a lot of issuing us focus on the oil exported by isis. isis has no shortage of oil for its own military operations, given for the civilians under its control. i yield back. >> the gentleman yields back. the chair wishes to announce that we will clear the remaining three members who are in the hearing room, and then we will adjourn the hearing. chair recognizes the gentleman from virginia, vice chairman of the capital market subcommittee. >> thank you, mr. chairman for i want to thank the witnesses for providing testimony today. i represent virginia's fifth district and i can tell you that most of the people that i represent have concerns about the way this administration has approached this crisis in syria, and iraq, and i think that there's a lot of concern that

the administration either didn't know or ignored critical information that could have prevented us from being in the situation we find ourselves. with that said, i was interested in the testimony of each of you as it relates to the hard work that goes into identifying those who should be subject to the sanctions that are allowed by u.s. law and law of other countries. and it strikes me that that information has to be gathered really on the ground, and has to come to treasury fruit, again, department of defense and intelligence agencies who are in the business. so i guess my question is, is after listening to under secretary cohen for two hours, i

came away with a little concerned that maybe he is not, treasury is not at the table as much as he indicated that it was the kind i wanted to start with you, dr. johnston, to maybe get comments from the other two witnesses, but my question is this, is secretary cohen indicated that he was, i think in his words, at the table. there were a lot of questions he couldn't answer, and perhaps the nature of an open meeting like this in an unclassified setting. but i do wonder whether or not he is getting the cooperation and the precise information about these targets from intelligence agencies and from the defense department. is to treasury getting what it needs to be able to make these decisions and impose these sanctions? and secondly if not, what can be done to make sure that treasury

is at the table? i think we all agree, those of us sitting here today, that stopping the financing is extremely important. dr. johnston, if i could start with you. >> so on the first part of the question i think it's hard to say the extent to which he's at the table for any given decision, but my sense is that the treasury has done extremely well working with and agency partners to include the department of defense and various parts of the intelligence committee to get the capabilities that it needs to make the impact that's desired for a policy out,. >> why do you say that? can you explain that? >> so since the, i mean, since 9/11 and the realization that terrorist financing really

matters, and the to disrupt terrorist networks and terrorist attacks, going after the financing is really a useful instrument to have among the various tools that we have. treasury couldn't do it alone. didn't have the capacity and its worked successfully with in the agency partners in iraq, among other places, during the second war. but i think for the purposes of the current treasury effort, it's still a young effort. think the programs and approach this kind of still developing, and i think that we'll see more as the policy becomes more clear and kind of the overall posture and footprint that the administration wants to have becomes clear. treasuries role -- >> thank you.

just briefly, we'll have a few seconds, but the question is, are they getting enough information? are the at the table? if not, what can we do ask congress to help that out the? >> i think the portion where mr. cohen was saying that he's at the table, he couldn't answer the question, was on military strikes. i don't think there at the meeting were specific targets are being selected. not only are they at the meeting at the senior level, his level, assistant secretary level, but treasury now has its own office of intelligence and analysis which i helped run. because of that they're not only getting information from, they are part of the intelligence community everywhere. part of the problem is not that there's been enough ever, not enough people of the table but developing the intelligence takes time. it's an actual question as to why we're only development that intelligence now. that's a very strong question. the interagency structure, the way people from other agencies in the department are located in treasure and vice versa means there at the table. >> thank you, mr. chairman.

>> the gentleman's time has expired. the chair recognizes the adjustment from pennsylvania, mr. fitzpatrick spent i think the term. i question for dr. levitt or perhaps any of the witnesses who want to answer the question about the mobil refineries. what do they look like? where are they coming from? whose manufacturing than? how are they deliver to the regions where the oil fields exist? >> i would love to know that, too. spirit i think it's quite clear these were there already. not something that sun has been imported into iraq from someplace. it's a capability that. apparently the out relatively low-tech so you put a very small refinery, put in the back of a truck but more than that, i do know. >> do you believe that manufactured in that region are being imported from somewhere else? >> my understanding is this is something that is slapped together. so it's been put together by people right there.

i don't get the sense this is something is being imported. extent i'm wrong, that this is a more sophisticated that needs to be imported, my sense is this happened some time ago. spin once the oil is refined, you've testified that the assad regime is producing some of that will put some of it is being smuggled into the southern regions of turkey where you said at the price of gasoline is higher than we would expect here, or you would see in europe it if you're purchasing barrels of oil at $30 or so of their common reason to know this may be illicit oil. are we doing enough, treasury, united states, our intelligence agencies to determine who the middlemen are that are oil at 30 charles a. barrel in making sure we're following that money into what accounts for? >> that's exactly what to treasury and others are doing, identifying those middlemen. that's what i do secretary cohen was referring to and that's what

i discussed more explicitly in my testimony. i think there's a more significant diplomatic push to get the turks to do more in southern turkey. people know tha that this is ony supposed to they really don't care. oil costs so much there. evil have been for years putting basically garden hoses across the river and air pumping oil from the syrian side to the turkey site. there's lots of ingenious ways that this has been moved and there's a market for it. >> one of the concerns i have are the banks that helped move the proceeds, the prophet from the sale of the ice as well. if, in fact, i said is making between one to $2 million a day, that money is not being transported in shoe boxes placed under somebody's mattress. that money has to enter into the financial system at some point. i think whe we need to better j, department justice, treasury needs to be doing a better job or intensify its efforts to identify the financial

institutions that are knowingly receiving and transferring isis related funds. spin where are the gaps in the system that? >> one of the gaps could be the fact that some of the money may be going to iraqi banks. i think that's the difficulty. the same time, if those banks have u.s. branches in the united states, we do have control over those. said it would be an opportunity where we could exert greater leverage with respect to the u.s. branches to ensure that the foreign banks are not being used to move isis, oil money. >> nothing further, thank you. >> gentleman yields back to the last members to directors will be the gentleman from north carolina, mr. binger. >> thank you, mr. chairman.

professor gurule, in your testimony you stated that there were only two banks who have violated our bank secrecy act, the air bank in jordan and the bank in new york, if i heard correctly. that's just over the last 10 years. is that as a result of our lack of capacity to track these folks, or are there others you are complicit that we haven't been successfully get tracking? ..

>> the other federal regulators art focusing and emphasizing on whether or not these banks are in compliance with the counterterrorist financing regulations under the bsa. but it seems to me that it's unacceptable that we could have only two banks where if you look at the actual orders issued, the only two banks where i could find references in those orders to threats regarding terrorist financing. >> yes, sir. in that light as we look at our partners throughout the world, we have relationships with them, many of whom we give tens and even hundreds of millions of dollars of foreign aid, it's always of concern to me of how

we are not honored by our relationships with our partners, and particularly in this situation that's so critical for our national security and for theirs as well. to what extent, what would you advise us as a congress in going forward in how we could put greater pressure on these respective countries and their banks to be in compliance with our bsa requirements? >> one point that i haven't made and my testimony -- in my testimony today has to do with the antiterrorism act. and it does have a civil provision that authorizes private litigants to bring civil tort actions against individuals that commit acts of international terrorism. and i think that that statute could be enhanced through amendment to make it a more effective remedy for victims of terrorism, including, including

people, entities that aid and abet terrorists. for example, banks that knowingly provide financial services and transfer money to suspected terrorists. there's a problem, there's several problems with the current legislation as it stands. one, it doesn't explicitly authorizing aiding and abetting. and if we're going after the banks, they're really the aiders and abetters. so the plaintiffs are left with the dilemma of having to prove that the bank is primarily responsible for the acts of international terrorism through secondary action by being an aider and abetter with respect to the acts of terrorists. so i think in that way we could unleash plaintiffs, we could unleash an army of litigants to go after banks and charities and other entities that are facilitating the financing of terrorism. and, again, i think from an equitable stand point, it's the right thing to do. these are victims.

these are the surviving family members of victims of violent acts of terrorism. >> thank you. i yield back. >> gentleman yields back. there are no other members in the coup, so i want to -- in the queue, so i want to thank our witnesses today. additional written questions will be submitted to the chair which will be forwarded to the witnesses for their response. without objection, all members will have five legislative days in which to submit extraneous materials to the chair for inclusion in the record. this hearing stands adjourned. [inaudible conversations]

>> monday dr. martin salia, a surgeon who contracted ebola while treating patients in sierra leone, died at the nebraska medical center where he was being treated for the disease. today on capitol hill, two hearings on the ebola outbreak in west africa. at 10 a.m. representatives from doctors without borders and the international medical corps testify about the worldwide response and the need for trained health care workers. live coverage of that house foreign affairs subcommittee on africa and global health on c-span3. and at one p.m. eastern, a look at the u.s. response to the outbreak with cdc director dr. tom frieden. we'll have live coverage of the house energy and commerce subcommittee on oversight and investigations also on c-span3.

>> the 2015 c-span student cam video competition is underway, open to all middle and high school students to create a 5-7 minute documentary on the theme "the three branches and you." showing how a policy, law or action by the,tive, legislative or judicial branch of the federal government has affected you or your community. there's 200 cash prizes for students and teachers totaling $100,000. for the list of rules and how to get started, go to studentcam.org. >> the privacy and civil liberties oversight board held a public meeting last week to look at the implications of government counterterrorism programs and technology on privacy rights. next, remarks by goth officials from -- government officials from the office of the director of national intelligence, the justice department and the national security agency. this is an hour and 15 minutes.

[inaudible conversations] >> good afternoon. civil liberties oversight board's meeting on finding privacy, we'll continue with our afternoon session with government panelists moderated by a member of efco. >> so welcome back to those who were here earlier or welcome to those who were not here. just one quick piece of housekeeping. what a we've noted this morning is making sure it will be particularly relevant for you, make sure the microphone is actually the direction you are talking so even if you pull it in front of you but then turn to talk to us, make sure the microphone is picking up. they were having problems this morning, and we've all been gently reminded as well. all right. so this panel is about the

privacy interests identified and addressed by government can privacy officials -- government privacy officials. obviously, in the counterterrorism context, defining and expressly or articulating individual privacy interests while balancing the need of national security is extremely challenging task. as we discussed a bit this morning, widely accepted privacy frameworks like the fair information process principles or traditional privacy impact assessments may very well be intentioned with the necessity to protect information regarding the operation of a particular counterterrorism program. by the same token, somedown terrorism programs -- counterterrorism programs could be greater served with greater transparency with what information is being collected about the statue story authorities and about what protections the government utilizes to minimize the

negative impacts on individuals' privacy. so the panel that we have assembled today for this forum is, i think, uniquely situated to discuss these privacy issues that arise in the context of federal counterterrorism programs. these officials not only assess the privacy impacts of a full spectrum of counterterrorism programs, they have also been pioneers, many of them, in the practice of working proactively within the agencies to insure privacy and civil liberties concerns are taken into consideration from the beginning of programs. and if that were not enough of their duties, they also are learning to live with us and work with us. so joining me today are three individuals, unfortunately, dhs was not able to make anyone available for this as it turned out. so we have three folks, they will have ten minutes begin they have a little bit of extra time,

but we'll follow the same basic framework. i will then ask a series of questions for a period of time and then invite my fellow panelists and the public to submit questions as well. so leading us off a is alex joel who is the civil liberties protection officer for the office of the director of national intelligence. do you actually fit that on one card? [laughter] >> yes, i do. [laughter] >> it's amazing. so in that capacity, he leads the od mixer's civil liberties and privacy office, and he reports directly to the director of national intelligence. prior to joining the government -- and i think this is also relevant based on our other panels -- alex served as the privacy and technology officer for marriott where he helped implement their global privacy programs, including the drugs of marriott's first privacy officer position. so, alex, do you want to kick us

off? >> yes, thank you. and i want to thank the board -- >> oh, sorry. there's a stoplight function going on here. green, good to go, yellow, start wrapping up, red, stop in the front. >> okay. i want to thank the board for inviting us here to address the public in this very important hearing, and as you said, the board does work very closely with us. we feel that the board, the board's role in providing both transparency and oversight as well as advice to the intelligence community has been extremely valuable and is a critical part of how the intelligence community protects privacy and civil liberty. so i want to thank the board for the board's very diligent and careful efforts to exercise their statutory functions which i think have been critically important. this topic is, of course, one that consumes all of us. not specifically how to define privacy, but how to apply

protections required to protect privacy in the context of our activities and in particular in the context of counterterrorism activities. i'd like to just get to the, what i think of as the heart of the matter from an intelligence community perspective in any event which is that we operate by necessity within a sphere of secrecy. we have to be able to maintain secrets in order to be effective. the more publicly transparent an intelligence service is, the more it informs adversaries of how the agencies are collecting information and the better able those adversaries are to avoid detection. so as i've said in the past, a fully transparent intelligence service is by definition an ineffective one. so the key for us then is how within the sphere of necessary secrecy do you make sure that the intelligence agencies are acting appropriately, lawfully

and in a way that protects people's privacy and civil liberties consistent with the values of the nation? in the past what we have done, as you know, is focused on insuring that we are providing full transparency to our oversight entities. and there are -- our oversight system is something that i'd like to characterize as a system of many layers with many players. we had not only within each agency office of general counsel and offices of inspector general as well as newly-created privacy and civil liberties offices, but we also have outside of the agency, we have entities like the department of justice which is responsible on a government wide basis for exercising some of these authorities and oversight controls. we have, of course, newly-created entities like the privacy and civil liberties oversight board -- perhaps not that new anymore -- which, again, is designed to make sure there is a secure place for

information to be disclosed and discussed so that the oversight institutions are satisfied that the activities being conducted are proper ones. and then, of course, we have congress and the judiciary, both of which exercise robust oversight. and i would mention that, for example, the congressional oversight committees which were established particularly after the church committee hearings in the 1970s to provide this granular level of oversight over intelligence activities has been, in effect, has been very effective, in my view, in providing careful oversight of what we do. so that's the, that's sort of the oversight part of the equation. i think what we have now more fully realized is the need to enhance transparency. so if you think of it, i mean, i was just thinking about this before i started talking which is always dangerous, but if you think of it as operating within

a sphere of chris, one way is to make sure the mechanisms, the rules and oversight structure within that sphere are robust enough to make sure civil liberties interests are being adequately protected. and then there's the other way of approaching this which we're also focusing on doing which is reducing that sphere. in other words, providing greater transparency into what goes on inside the intelligence agencies so that the public at large can get reassurance and also provide input and feedback into how we conduct these activities. i think if i could just continue along this theme, there are two aspects in particular of what goes on to regulate our activities that i think is of interest. one is the rules that we follow. and the other is the oversight framework and mechanisms designed to make sure we're following those rules. so i think on the former, what are the rules we follow, we can and should provide greater transparency, but a lot of those rules are currently being debated and discussed, and you

can think soft of some -- think of some of those as being moderated. for example, the usa freedom act and similar legislative initiatives. you have as part of that also the proposal to create an advocate of some kind, an adversarial mechanism for the foreign intelligence surveillance corps. here again, in my view, is an attempt to influence or affect what are the rules that the intelligence agencies are expected to follow. and a different part of that question is what oversight mechanisms, what assurances do we have that the agencies are, in fact, following those rules? and you're part of that. i already mentioned in the congressional committees the foreign court and all the layers within the executive branch itself at the intelligence community and the department of justice level. so i think, i hope that the public discussion has been shifting a bit from whether or not we're following the rules.

i think what i've perceived in the public discussion is a greater acceptance that we are, in fact, trying our best to follow the rules. we're not perfect, and we make mistakes, but we're trying to follow those rules as best as we can. and now the discussion has been shifting to, well, what should those rules be? what are the rules, and what should those rules be? i think we can and must provide greater transparency into both sides of that equation, and we're working on that. i would also say that another thing that i know the board has been pursuing which is the recommendation that the board made in the 702 report regarding efficacy, to what extent are the counterterrorism programs and measures effective and to what extent do they provide value is a key part, in my view, of the transparency equation as well. we have to figure out ways to identify the specific value associated with particular programs and activities and then be more transparent about that

so that the american people can render a judgment as well as everyone else on the need or desirability for a particular kind of program. it is very difficult to do all this stuff and still maintain secrets. the intelligence community is not built for transparency. i've said this before, it's built for exactly the opposite, of course. we train, provide policies and systems and reminders to our work force of the importance of maintaining secrets, you know, maintaining secret the sources and methods that the intelligence community uses to carry out its activities. and this is vital. i mean, we have to do that, and we're reminded of that need all the time. but at the same time, we have to find ways to enhance transparency. it's going to involve some changes in culture, training, a look at policies and processes within the intelligence community, and i know that you may want to ask questions about that, so i look forward to that

discussion. so thank you again. i appreciate it. >> turning now to erika brown-lee, she is the chief privacy and civil liberties officer of the department of justice. in that capacity, she is the principal adviser to the attorney general on privacy and civil liberties matters affecting the department's missions and operations. and as part of the office of deputy attorney general, ms. brown-lee oversees the department's privacy and civil liberties programs and initiatives implemented by department components and component privacy and civil liberties officials. she also has the office of privacy and civil liberties which use and evaluate department programs and initiatives and provide department-wide legal advice and guidance to insure compliance with applicable privacy laws and policies including the privacy act. thank you for coming. >> thank you. and thank you to the board for inviting me here to talk about

what is a very important topic. you asked about private sector experience and other government experience. i also come from the federal trade commission which in particular the division of privacy and identity protection which, of course, the federal trade commission is a very different orientation toward the commercial side of privacy, but nonetheless, an important perspective and an interesting one to bring to this position. but counterterrorism is a significant part of of the department's mission. since my colleagues on the dais today will be talking from more of an intelligence lens, i thought i would orient my remarks more towards the department's efforts to fight terrorism from within the criminal law enforcement context. the department has an elaborate architecture that protects privacy in our counterterrorism work, and since i only have a few minutes, i'll focus on the lead agency in those efforts which is the fbi and focus a

little bit more on the efforts with their counterterrorism activities. but stepping back for a minute, of course, as we know after 9/11 it was recognized that in order to address the current threat environment, fbi's functions needed to be expanded, but it was not intended that the expansions would come at a cost of civil liberties. and so in 2008 the department issued the attorney general guidelines for domestic fbi operations and later that year issued the domestic investigations operations manual and combined those two documents to provide significance guidance for fbi activities. but what i wanted to talk about and i know i don't have enough time to get too far into the weeds is just to explain how privacy is sort of embedded

throughout the stages of an investigation from the initial phase throughout the process. and so, for example, one of the key tenets of both documents is the least intrusive method. so, in other words, in any activity that the fbi engages, that's the baseline. but, of course, within thedown terrorism context, it's got to be calibrated against the threat to national security in which case truths and methods would be used. but in terms of a little bit more detail from an operational context when an fbi conducts an assessment, for example, which necessarily -- well, not necessarily, but oftentimes is proactive -- that would involve, require a factual predication, but it does require a clearly-defined objective, and the least intrusive methods in

that context would be even starting with, you know, publicly-available information to voluntarily provided information in that perspective. and then moving up from there with regard to predicated investigations which, of course, implies a title, there requires a factual presentation to open that investigation, but that has to have supervisory approval. and both types of investigative activities, whether it's assessments or predicated investigations, require or are, i should say, subject to oversight. alex mentioned doj oversight on the intelligence side but also on the law enforcement side for counterterrorism. the department's national security division has oversight authority for those kinds of activities. now, beth mentioned to talk about or think about how it

applies. if you're looking for the acronym, there are lots of them in documents, but it's not actually in the agg-dom or the diog. however, they are vetted throughout, really, the principles. if you think about even from a transparency perspective, right? all that i'm discussing with regard to the diog, all 700 pages of it for a little light reading if for anyone interested, it's on the web with certain redactions, but also we have privacy impact assessments that are available, and one that i wanted to just mention in particular regards the, is the e-guardian system because that is a specific system or incident reporting system that is designed as a platform to share terrorism-related information across law enforcement, you know, federal, state, local, tribal, territorial

jurisdictions. so e-guardian, i don't have time to go into much detail about it, but it has an entire architecture of privacy protections governing how information comes into e-guardian, how it's shared across those entities, how it's stored and how it's retained. individual participation as a fifth principle, obviously, that's more of a challenge in a law enforcement context. it's not realistic to be able to obtain individual consent for, in order to pursue criminal investigations. but nonetheless, the privacy act provides some measure of review in the sense that if access or amendment to records is denied, there is judicial review of an agency's decision, and subject to court order records may be amended or access may be granted. on the minimization side, i

mentioned the least intrusive means already with the diog. there's also a prescriptive measure in the diog with regard to evidence collected, that if the evidence collected through an assessment or through a predicated investigation has no foreseeable future evidentiary or intelligence value, it should be returned and destroyed and then marked in the file in terms of the disposition of that piece of evidence. otherwise, you know, information is retained according to the schedule set by nara, the national archives records administration. and approved through, which department of justice would seek approval for. with regard to use, i think that's also a challenge. on the criminal side, of course,

willful disclosures of protected information under the privacy act are not something that any agency can exempt themselves from, and to the extent that information is released that's not subject to a routine use or other permitted disclosure -- and, of course, you know, routine uses are subject to a compatibility standard. that tracks phipps language. if the information is disclosed or even shared in violation of that, that's potentially a wrongful disclosure subject to not only civil damages, but criminal penalties. and then in terms of accountability, i mentioned oversight from the national security division but also the fbi has the national security review -- sorry, national security law branch which conducts national security reviews. and that's a significant review

process in that they go out to all of the field offices and review the investigative activities i mentioned, the assessments, the predicated investigations and look to see whether, in fact, supervisory approval was obtained, whether in fact there was a clearly defined objective for the assessment, and it's written up into a report. that report actually comes through and up through fbi channels, of course, but then also comes for review by the chief privacy and civil liberties officer, and i look at those, obviously, through a privacy and civil liberties lens. so as alex was mentioning, there are lots of layers that are applicable, and i know i don't have much time remaining, but in my, in conclusion i guess i would like to leave you with a couple of takeaways. one is that phipps, you know,

quite to the contrary of certain statements, is not dead, it's just embedded. and i would also say that the processes can always be improved. certainly, i work with the components, each component of 40 components in doj, but each component has a senior component for privacy, and i host regular meetings. in fact, we're having a privacy forum next week that will cover privacy-related activities focusing on law enforcement but other components as well, activities, common privacy issues across components. it is internal, though, so none of you are actually invited -- [laughter] unless you happen to get a job by monday at the doj. but that's, that's also something that is a way to

improve. and i would also say that, you know, while privacy impact assessments are very important and a critical part of a program because they're sort of this tangible proof that we actually evaluate privacy, that we mitigate the risks, that we take into account security and accountability, they really only form a part of the architecture for the department of justice's privacy program. so -- and i welcome your comments. >> thank you, erika, for that nice education about the fbi's operations in particular. so becky richards is the national security agency's civil liberties and privacy officer. in this relatively new role, i think it's fair to say, she provides expert advice to the director of nsa on all issues pertaining to privacy and civil liberties protections, and she conducts oversight of nsa's

civil liberties and privacy-related activities. she also develops measures, which i hope she will talk about, to further strengthen nsa's privacy protections. prior to joining the national security agency, she worked as the senior director for privacy compliance at the department of homeland security. >> thank you, and thank you for hosting us. i am very honored to have been selected to be the first civil liberties and privacy officer. this is an exciting time to be a member of the civil liberties privacy community. our community is growing and evolving and will help inform the debate as the nation's reshapes its expectations for and limb taxes on the intelligence community activities. changes in the nature of the threat to our national security alongside rapid advances of technology, as was discussed earlier, make my job both interesting and challenging. technology provides us with both opportunities and challenges, but ultimately, we must guide and shape its use to insure the fundamental rights we hold dear

as a nation are neighbored. -- maintained. today i'd like to take time to discuss nsa's civil liberties and privacy programs both in the past, present and a few thoughts on the future. part of nsa's mission is to obtain foreign intelligence worth knowing directly from foreign communications in response to requirements and priorities validated and levied upon us by the executive branch. one such priority is counterterrorism, but there are other in the nation such as the spread of nuclear, chemical or biological weapons or cyber attacks. nsa supports our troops and allies by providing foreign intelligence for military operations abroad. as we consider nsa's civil liberties and privacy programs over the past 62 years, it's important to think about how the threat, technological and societal landscape in which nsa conducts its mission has changed. first, the threat has changed. nsa previously operated in a cold war era when the focus of

collection for foreign intelligence was directed at nation-states, structured military units and foreign intelligence services. while threats remain from nation-states, they also now come from nonstate actors which require nsa to look at more, smaller and decentralized targets to protect the nation. the technology has changed. nsa again previously operated in an environment where the communications between foreign intelligence targets were frequently conducted over isolated, government-owned and operated communication channels and equipment. now they're intersperse with the ordinary and personal communications. the sheer volume and ability to analyze and manipulate big data, which has occurred as a result of significant advances in information technology, can expose information of a personal nature that may not have been previously discoverable and may not be of any interest. third, how society thinks about civil liberties and privacy has changed. we have come a long and positive way in thinking about what ought

to be private. personally-identifiable information was not a mainstream issue 25 years ago. for example, social security cards, social security numbers were routinely put on student id cards, and there was no thought of hipaa. so with that, i'd like to give a little historical perspective. nsa's civil liberties and privacy protections have historically been driven primarily by the fourth amendment analysis which is also reflected in nsa's authorities, foreign intelligence surveillance act or fisa. this analysis framed nsa's protection program by asking where and how the data was collected -- usually overseas -- and the status of the individual or entity being targeted -- is it a u.s. person or not? nsa has consistently conducted extensive legal analysis, answering these types of questions. it has built a strong compliance program based on these with compliance activities embedded

in our technologies and systems. it became clear while this is certainly one way to address privacy concerns, it is somewhat different from how privacy concerns are addressed outside of nsa. over the last 15 years, congress has passed a variety of laws to protect privacy and other parts of government and the commercial sector. these policies and laws focus more on the nature and contents of the data, not where -- i'm sorry, the nature and content of the data and how it is used, not where it was collected or the citizenship of the individual. i believe we have an opportunity the bring together nsa's current civil liberties and privacy analysis with a broader approach to privacy and civil liberties. this new approach also supports the president's ppd28 mandate to recognize that our signals intelligence activities must take into account that all persons should be treated with dignity and respect regardless of their nationality and wherever they might reside and that all persons have legitimate privacy interests in handling

their personal information. to address a broader set of civil liberties and privacy interests, i'm testing a civil liberties and privacy assessment process that expands nsa's views to include considerations of frameworks the private sector and nonintelligence elements of the government use to assess civil liberties and privacy. for example, for the first time in its history, nsa is using the fair information principles for considering privacy risks. the fips are one framework. while traditional nsa civil liberties and privacy questions center on citizenship and location of foreign intelligence targets as well as collection techniques, fips-related questions boil down to follow the data. data-centric perspectives mean privacy officials ask different questions; what is the data being collected, and how will it be used? we have designed a template and during the next year will refine

the questions and process to insure we're beating a repeatable, meaningful and helpful progress to identify and mitigate civil liberties and privacy risk. a critical part of the civil liberties and privacy assessment process is to make sure we're not merely checking off boxes, but fundamentally weighing the risks associated with the activity to form a holistic value proposition. in essence, we're asking should nsa conduct a given activity given the civil liberties and privacy risk? nsa is documenting both standard practices such as minimization as well as any specialized tools designed to protect civil liberties and privacy. much like the privacy analysis performed in the private sector and other parts of the government, we're using the fips as a basis for analyzing what existing structures are in place. i'd like to spend a little bit of time talking about blending the art and science of privacy. historically, privacy tends to be a bit of an art moral. several of us stand around and

think about how we're going to do the analysis. this can be difficult when we're beginning to think about big data and the complexity that was being discussed this morning. nsa is fundamentally a technology-centric organization. we have and will continue to contribute to advancing the discussion and research and protecting civil liberties and privacy. today the science of privacy has made notable strides that include developing technology and tools that promote privacy such as unique encryption capabilities, digital rights management and trustworthy functioning. great work in academia is alsoing with developed on coding privacy policies such as technology supports all specific uses. but civil liberties and privacy protections need to blend the art and science of privacy if we're going to harness the potential of technology and incorporate our core values as a nation into this era of big data. so despite significant progress in privacy technology, basic privacy principles founded in strong scientific basis have

largely proven elusive. if we can better understand what constitute personal information and how such information is used, we believe it will be possible to determine whether we can develop more practical approaches to evaluating the inherent risk of privacy to the individual. to that end, our initial thoughts are to develop five sequential building blocks and to introduce the concept of some very difficult math into what is otherwise a very nice liberal arts discussion of privacy. the first one is to categorize personal information. we would like to determine if it's possible to identify and categorize different types of personal information and what that risk is to privacy. now, we've heard different discussions today, but we want to push folks to think about certain type of data more risky to privacy, such as health data, than other information -- say, your address -- and can we think about those risks.

if we can do that, then next we would like to determine if it's possible to identify and categorize different types of use. if we take both of these together, it's possible to develop a categorization of both personal information and uses of the personal information. it should be possible to develop a scientific process to assess risk. this process could evaluate the risk of the use of individual types of personal information for different uses as well as aggregated uses of personal information. now, with these three building blocks being more of a scientific aspect, i would now suggest we would move to an art form that looks at how we build that to identify what needs to have additional privacy impact analysis conducted so that we're looking at that across the board. but all four of these together, we would look to see if we can build a responsible use framework that holds data collectors and users accountable for how they manage data and any harm it causes. building a technical means based on principled scientific technologies to support the identification of civil

liberties and privacy risks can help us better protect civil liberties and privacy in a fluid world of big data. success is dependent upon input from a variety of disciplines, ranging from technologists, social scientists, privacy and civil liberty experts, lawyers to name a few. we would welcome the opportunity to discuss this in greater detail at a later date. with that, i thank you for the opportunity and am happy to answer what i'm sure are a couple of questions. >> thank you all for your opening remarks. becky, i wanted to stick with you for just a second. when we go and meet with you all, there is frequently someone from the general counsel's office, someone from the compliance office, someone from your office. what are you doing that is different than the general counsel's office and a compliance job? >> that's a great question. so the civil liberties and privacy office at nsa is the focal point for questions

regarding civil liberties and privacy, and it's been brought to a senior leadership position at nsa in order to focus on those efforts. so generally speaking, our this legallysel will answer the permissible. they will often work with compliance for what are the rules. but we haven't had a person asking some of these more difficult questions of should we be doing this. now frequently, our oversight folks were playing that role, and so i don't want you to take away the idea those questions weren't asked, but it's really important to have that type of a role inside the building where you ar working with the operators and the technologists and spend a great deal of time understanding what we're trying to do and bring to bear those questions. >> erika, a similar question for you. fbi, for example, has its own privacy officer, its own general counsel, its own compliance shop. what is your relationship, and what is your ability to provide recommendations or to actually

impose requirements on the fbi? >> so also a very interesting question. my role and position is department wide. so, of course, i have oversight over the compliance for doj as a whole. each component has the senior official for privacy, but in addition has general counsel's office that has significant -- [inaudible] privacy. so at fbi they have their privacy and civil liberties unit that's headed by a chief. i work quite significantly with that person in that office to specifically address compliance issues, to specifically address privacy initiatives that i feel are important for the bureau to consider. ultimately, it is somewhat of a

reporting structure. in other words, if there is a recommendation or a particular policy or statutory obligation, fbi has the responsibility to comply. and so -- but part of what my job is, is to advocate a to make sure that that is occurring on a regular basis and that, you know, that looking for ways that i can improve the process, looking for ways, for example, i talked about privacy impact assessments, some of that is if you look at the government act that's written fairly broadly, i take, you know, a particularly broad view of what i think should have assessments as part of compliance there. and so that's what i work in particular with fbbi on. >> so, alex, a related but different question for you. how do you insure that you have access, do you insure that you have access to what various agencies are doing, or do you

find yourself periodically reading about new programs -- alleged new programs on the front page of the new york times? >> i'm surprised by that question. information sharing is perfect. [laughter] everywhere in government. >> i'm also seeking free advice because, obviously, one of our biggest challenges is going to be know what the agencies are doing. can't conduct oversight of something you don't know is happening. >> right. i think that is, it's a major challenge for all of us. i know that, as you said, it's something that you're focused on. i know that it's a challenge for everybody. it's a matter of, first of all, understanding the information flows within your own agency and trying to put in place markers for where it's important for you to be consulted. the main way that i have just practically done it since i've been doing this for about a decade now and when i first started, you know, it was just me and we built a small staff over time, has been to form trusted relationships inside the

intelligence community. and to make sure that the people that i'm working with and that are in positions of influence and authority to make decisions on programs and activities understand the importance of consulting with civil liberties and privacy professional. my own personal experience working within the intelligence community has been that i've been -- when i first joined, i was very pleasantly surprised that people were so focused on compliance, on protecting privacy and civil liberties, doing the right thing, following the right directives. and even when they might feel legally permitted to do something, they still gave voice to their own doubts as to whether they should be doing it. so i did not have, i did not personally experience an uphill battle in trying to persuade intelligence officers, hey, it's important for you to pay attention to civil liberties and privacy. in fact, it was sort of the opposite where many people felt they were already doing that and that it was their job to focus

on that. for example, you mentioned office of general counsel. i was at an office of general counsel before coming to this job, and we certainly felt when i was there that that was part of our job. we needed to look out for privacy and civil liberties. and not just the law allowed, but what was the underlying intent and what should we be doing in that light. so i certainly didn't want to take away that sense of responsibility from anybody inside the intelligence community. my approach had always been it's all of our jobs, it's part of our oath to support and defeinted the constitution. and there are -- defend the constitution. and there are someat are particularly focused on that, officer of inspector general, intelligence oversight offices, we are now creating these civil liberties and privacy offices, and i do think we add value because i think it is our full-time job to focus on civil liberties and privacy. we bring focus, we bring an external perspective, and is we have specific expertise and training and experience that we can bring to bear. and then we can become a voice,

as erika said, an internal advocate for civil liberties and privacy. but i don't have -- i mean, i think different agencies will find different ways of doing it. the odni is a small organization, and it has mechanisms for understanding what's going on across the intelligence community. so when a particular program or activity bubbles up to the point of a decision, either it comes automatically through my office, or somebody will understand that i need to see it and route it to me. >> so a follow up particularly to you, alex and erika. both of you have fairly small staffs considering the breadth of your responsibilities, and we talked a hot in this morning about the increasing technological complexity of what you are assessing. do you have the technological resources to understand what systems are actually doing? and i think that is both in terms of assessing on the front end whether systems or programs

should go live, or to the extent that there are restrictions, for example, if the fisa court puts a restriction in place on a particular program, insuring that those restrictions are actually functioning? >> so i think that's a good point. so, but as i mentioned earlier, oversight is the sort of variety of roles in the department that have oversight in particular with regard todown terrorism, but my -- counterterrorism, but my office is fairly small in the sense that given the large footprint of the department of justice, but they work incredibly hard and diligently with all of the components to insure compliance, and we rely quite a bit on internal component work that is done to produce and, you know, produce

information about what the privacy compliance is and also with regard to auditing and making sure that the privacy activities are actually effective. but i would also say that some of the oversight, just to sort of again stress that, some of the oversight isn't just through my office, it's national security division, and fbi also has their branch, and so we work very collaboratively. and like alex, i have found that within the department there are a lot of people who care very deeply about these issues. it's not specifically, you know, in a privacy role as a title, but they have oversight and, i think, meaningful insight as to what, you know, how the activities should consider and be consistent with privacy initiatives. but, you know, it is something that i take into account, and that's part of the reason why we have these internal, you know, conferences and what not that

i'm trying to do to build upon that. >> and, alex, what do you do to make sure the old adage is trust but verify? what do you do to make sure you actually understand the program? and the system? >> right. so it's a variety of things. one is although i am not personally a technologist, i have been in dealing with technology law and legal issues and privacy issues associated with technology for much of my professional career. at marriott, i was privacy commerce and i.t. lawyer there, and before that i was at a law firm in downtown d.c. focused on technology -- large-scale technology transactions. that doesn't make me in -- me a specialist in technology, but it does enable me to ask the right questions and make sure information is explained to me appropriately. i don't have the staff resources to engage a full-time technologist. i think that would be helpful. i do think that you have to be a

little bit careful with that because what you really want, in essence, is a technology generalist. there are so many different aspects to technology, as you know. that's a word that almost lacks meaning these days because we use it so frequently. but what nsa does for one particular type of activity will differ significantly from what fbi does, will differ significantly from what all agencies do in terms of database management. so you've got database issues, you have surveillance technologies, understanding communications technologies, understanding all kinds of different aspects to that issue. so, and then, of course, the engineers and technologists as we know speak a different language from lawyers, so sometimes it's hard for everyone to speak to each other. so what i have been doing is making sure that the information is clearly presented, that i see the documentation, that i personally understand it, that i trust the people who are providing me that information, are giving me a complete picture, and i also -- we

leverage technical experts in the particular field that we have access to within odni or through the agency. so if something comes up that we don't quite understand, we can reach out to somebody to have them help us understand it. i think with a larger staff i would try to have more full-time technical expertise. >> becky, you had mentioned you've got a couple of pilots, experiments going, and you mentioned also new technologies that may or may not be available. how are you working with the private sector to leverage what great thinking is going on, and is privacy a part of the procurement process, for example? and has consideration been given to that? that if we really want privacy to be from the ground up, should it be one of the procurement factors? >> i'll start with the procurement. i started with the theory on procurement because in part that's how we were doing things at dhs. it turns out nsa is a technology

company. it has a huge research portion of it, and it also has a huge technology division. so it's two different parts. i actually have a technical director who's here, dave marcos, and we've been working through how do we think about, how do we look at what's out in the world. so we're actually working with several different groups within nsa to do an initial review of what is out there right now. and they're conducting that right now so we can get a sense of both from a policy and a technical perspective what's going on as opposed to just things that we may know, you know, from knowing different people whether it's activities going on at mit or carnegie mellon, you know, to make sure we had a broad breadth of understanding of the types of research going on. so we're working on that right now, and then we're working with our research folks and trying to just leverage all of those things. the the procurement process is not really how things happen best at nsa, and i think that's, you know, each agency has its own culture and its own aspects, and so a lot of what i've been doing is taking the learning and

sort of, you know, shifting it to make sure that building the program within nsa works for how nsa works. and so that doesn't, that means that, you know, our privacy program is going to look a little bit different than fbi's or others, but it's based on, you know, sort of how the organization functions and where those key decisions are being made. and so we're working through that. but it turns out procurement really isn't quite the right place. so we'ring looing through in terms of both the technology and research director and others to make sure we understand whether those touch points are. and that's a lot of why we're beta testing the processing. >> so i think i have time for one last question before i turn it over to my fellow board members. alex, this one's for you. you explicitly pointed to congressional oversight as one of the things that the american people should be aware of, that this is happening, it's robust, it's real. a previous panelist pointed out that there is potentially one significant flaw or challenge with congressional oversight,

and that's the lack of cleared staff. what is your per -- what has your perception been? has congress struck the right -- yes, i'm going to ask you to opine on congress. [laughter] whether consideration should be given to broadening the range of individuals. i think there's some comfort level with i think someone called it delegated oversight within the congress, but when some significant majority of decision makers in a representative democracy don't have cleared staff, how is the oversight nonetheless sufficiently robust? >> so the intelligence oversight committees have very substantial cleared staff. and they, of course, have secure compartment information. they have skiffs in which to review the classified information, and we have many, many meetings, briefings and reports with our oversight committees. i guess my first, my first response is as a matter of

principle, yes, congress should have the degree of staff cleared it needs in order to assist it to perform its oversight functions. i think the intelligence community assumption had been that by clearing the staff of the oversight committees, that that was, that function was being fulfilled. i think some staff members are also cleared from some of the other committees. i don't have all of that information in front of me, but i believe judiciary has cleared staffers, etc. whether or not that's enough staff to be cleared, i don't know. i think congress, it would be from my personal perspective, it would be helpful if congress figured out for itself which committees are performing which function and which staff members need to be cleared in order to oversee our activities, and then we can assess it. but i would certainly support a desire to make sure there were enough cleared staff to perform oversight, absolutely. >> so transitioning to the member questions, and while this is happening, just a reminder there are folks with cards if you have questions that you'd

like to submit from the public. and to keep everyone on their toes, this time i'm going to start with pat. [laughter] >> okay. you may be sorry about that choice. [laughter] i might not be, they may be. [laughter] this is somewhat of a loaded question, but it's one that's sort of in the backdrop of so much of the work we have done and will continue to do. i laud becky's attempts and your attempts to inject, and erika's attempts to inject privacy into all the various phases -- thank you -- of intelligence. but drawing upon what some of the people in the first panel said this morning, let me just pose a question that, for instance, several of the panel members thought collection was a

primary focus of trying to enhance privacy interests by limiting collection somewhat and leaving apart any debate whether or not collection by itself is, can be an injury to privacy. i guess -- and that's a collection. also when you get another expert talked about the risks to privacy from aggregating data. and we found out like, for instance, in the 702 report we did, when it got to retention of data, the analysts might look at it and say, well, i don't see any foreign intelligence purpose for this piece of data. if it came from an innocent person who's not the target. but it's conceivable that there might be one down the line or some other person i don't know about in the agency so, therefore, you know, i've got to bend to make sure that the

security. so it seems to me one of the basic problems here will be what's the tipping point? in other words, assuming good faith on both sides, there really is a national security interest when you have to make a choice between privacy and national security. but the real question is how much and at what point. in other words, any -- when we were doing 215, we were told many times we need a big haystack in order to find the needle, and the bigger the haystack, the more likely we are to find the needle. but, of course, the policy judgment has to be made at some point. at this point, yes, we're going to lose some national security, but privacy is more important. i guess i want to know what your thoughts about how that decision which is a basic policy decision that seems to come up in every

program we look at, you know, how it should be raised even at the most general level. you can all take a -- >> okay, so i'll start. i'll offer some general -- >> yeah. >> -- observations. so i think on the collection and use and retention point i would say it's very important to look at each phase of that. and that's, in fact, how the intelligence community structures its determinations in many ways. it's collection, then there's retention, and there's dissemination. on the collection point -- >> and aggregation. >> right. and then, of course, when you aggregate data, you create additional risks. so there's no question that if your concern is to protect privacy and you're worried about what the government's going to do with your data, it's always better for the government not to have the data, that's the best protection. ..

this is really necessary. you all know it's indifferent a case of situations, but that's what always seems to be sort of coming down to. i wonder if you have any thoughts about how that, it's just a policy thing. >> this is where, and -- use the term tipping point which i think is a very helpful term and

sometimes people think of us as a balance or as a skill. the way i think of the ballots metaphor as it might apply here is not that you were saying, well, that tips it over here so, therefore, we will do it, although to some extent that happens. the way i think of is that if you're going to do something new, a new or different collection program, you ask the following questions, is a lawful? it has to be lawful. is a justified? what is the purpose going to a phipps announces. which the purpose for it? is this collection focused on a valid purpose that we feel should be pursued is important to be pursued whatever the phrasing must be. and is the activity tailored to the purpose of? are you doing something him or her less waste of doing it? is this the appropriate way to go about doing it in terms of obtaining this information?

and then what are the risks to that, sort of going to the other side of the scale. and how do you guard against those risk? how to mitigate those risks? this is the way i've always thought of it. it actually fits into some fips kind of models, some defect models. if you look at the overall picture you can then, if it helps inform you, either the art or science side, i don't know that you can those which want to use. it helps inform the decision about whether this is the right thing to do. you have to look at the totality. if you're going to be one program while it's lawful and we think we needed but now you can figure out, there are major risks which can't figure out how to adequately mitigate those risk him that will play one thing about the overall risk of doing the activity. >> alex, if we could, we're trying to keep -- >> sorry. >> if there's something specific want to say. >> we've been asking some different questions to try and tease out some of this

conversation as we go through different programs. the questions we been circling around, which are lived there for then is this lawful him -- those questions, to get an overall risk, bubbling it up as we want to stop the government from doing bad things to good people. you sort of look into those different lenses, it helps us do that analysis. >> thank you. >> publishes going to follow up on the comment. i think that forcing mechanism of trying to do, having ongoing vetting and ongoing evaluation i the right people is what ago.

looking for the meaningful relationships and developing those as opposed to retaining the isolated pieces. so i would just say that trying to force the mechanism of ongoing vetting is really important. >> one of the reasons for having the forum today is to get a better understanding of what privacy interests are being protected by your offices and our agency. alex and erika both of them in either the private sector or at ftc and the private sector focus. how would you compare the privacy? what are the similarities and what are the differences? >> i actually think there are a lot of similarities but the are of course important differences. on the similarities side, anything privacy officers and people in all kinds of organizations, be the private sector or other government agencies, share a similar

challenge or problem set which is your organization wants to do something either for business purpose or for an unauthorized statutory purpose. in order to do that you need information. for businesses typically information about customers or potential customers, and then do something with that to carry out your lawful activity. it's a given that your organization will be obtaining and using personal information in many cases. so the privacy officers challenge is making sure that activity is conducted in a way that maintains your key trust relationships. there are different ways of framing it but i think that's generally speaking what happens. for a business perspective what you want to make sure you're doing is delivering value to your customer and not using that information for inappropriate means or ways that are going to essentially get your customer upset and have your customer take his business elsewhere. so a lot of those things are

similar. i think the key to sanction for e-business is of course that it has the ability to disclose a lot about what it's doing in terms of obtaining that information, and the values providing is also something that gets, should be immediately apparent to the customer. to the extent of the values further down the chain and the customer doesn't see that much that is aware is being collected, that impacts the trust the customer has with the business. from an intelligence community perspective it's hard for us to demonstrate the value. what are we doing with the information? as a result when people are worried about information being obtained, the value to them seems in college, but the risks seem real. my freedom could be impacted if the government misuses information that we can reassure people read methods in place to make sure that information will not be misused but i think we need to do better job of that. i think the other side of that equation is we have to show

what, better show what we do with information. for intelligence agencies some of the most tightly held secrets are the successful use of intelligence. because we don't want adversaries to know that that method was successful. >> so just to quickly answer your questions, i was also in the private sector at a law firm and practicing privacy but here's where they are similar. whether its clients or even from a government perspective, people tend to be reactive to privacy. one of the things that i find the biggest challenge is to be proactive. it means sometimes taking unpopular positions, whether it's with clients or internally within my organization. sort of having principal reasons for doing that, if not forcing putting very strong arguments to do what you think is the right thing i think is where it's similar and where it's hard but interesting. >> that you come to talk about

categorizing information as being sensitive. in our prior morning discussion there was talk about the mosaic theory where there may be individual bits of information that are in combination, they present sensitive profile or some its activities, thoughts and so forth. do you lose something if you focus on what seems to be sensitive information and not take into account the potential combinations of information? >> the goal is to take into all those combinations. the idea and where we've been looking at is it's very difficult. we want to push folks. i will say this is an uncomfortable place to be as a privacy person but this is where i am like it will depend, but if we look there were big date is today. there i is a lot of data and its very voluminous and there's a lot of discrepancies but if we can start to define which is what define which is one of the like will hurt in the second panel, and this is where i think we're going to try to push nsa is if we can start to define and

put mathematics behind it so that, for example, if you have vaguely adamonis -- anonymous, and the computer starts to put them together, we would want this system to pop something to say hey, look at this before you decide to go forward. the ideas technology is supporting the privacy analysis by looking at whether not the map underneath it can work. you're going to have to make some hard choices. i think healthy baby is more risky than my address? everybody gives example of them have the violent, violence against women or something along those lines. at some level if we do with only the edge cases we are not going to move forward. i think the values we will be losing some of the valley, both from a privacy perspective as well as from a tactical perspective because we are in this art form of looking at each individual case, which i've recognize that nsa, i'm not going to look at every single little thing.

we want a system to be up to identify the things that need additional analysis, additional of judgment. wanted to let tha that happen is have us back into place with a system is doing things we would find unacceptable because we didn't build something to help with that. >> thank you. rachel? >> thank you all for being here. for those of you who have been here all day, you will know that this is little bit of a hobby horse of mine but it would ask about the fifths and why you are purporting to apply -- chips to i gather, and ms. richards is attracted to these initially. i commend you for publishing the paper on target collection under 12333 and you said that you are applying the fips attic of your talking about the 2008 dhs iteration of the fips. but then you said that, for example, the individual participation fips can't really

apply to your activities. the transparency one can apply in a very limited way. i guess i'm wondering whether it doesn't make sense to come up with a new set of principles that applies to surveillance activities of the government. if you look at the dhs a fips, the transparency one cannot apply because it's talking about providing evidence to the individual regarding collection. individual participation can apply at all. some of these other ones are very, very important. specification is important to minimization, data security, some are important yet this doesn't at all address things like thresholds, evidentiary thresholds for collection which is by law but if you talk about principles that are supposed to sit on top of the fundamental legal requirements you should talk about threshold. there's other principles that don't come into play. i'd be interested in knowing why you decided to apply the fips

and if you have given some thought to coming up with new -- i don't mean to criticize this for dhs' purposes because dhs has a lot of functions that involve voluntary interaction by individual with a government where this makes a lot of sense. you're in a different position than that obviously. >> i guess what i would say it's the beginning place. i stated that a couple different times because i wanted to start with something. from my perspective i guess i want to take the parts of the fips that work well which would be basically the bottom six of the dhs ones, and look at how we can work those through. what i would say is sometimes there is analysis that needs to be done at an enterprise level. is useful for me walking into the agency which may become, he readily apparent to everybody but it was just useful to go to the process and say this is one framework we think about for privacy. and as an enterprise we don't do

the first two, one of the questions that led me to ask them some the conversations i've had with academics and advocates is to say okay, we don't do transparency in the traditional sense and we don't do individual participation. is there some proxy? is there some additional thing we should be doing given that? against you question of are there other things? that's where we are starting to work through. i think it was very beneficial to start with that as the beginning when. and then use the question, the remaining six principles as the basis for some of these questions. part of the problem with the fips is they don't give a judgment. they don't tell you this is good enough for that's bad enough. that's the place where we're trying to then look at, look at the data and what are the risks to the data. we spent a lot of time talking about what is the exact risk to this program for privacy and civil liberties goods we're working through those, and

having a lot of really fun and intellectual stimulant and conversations about what are the right questions and how do we do that for an intelligence agency? nsa. but i would say for us it was a beginning please be i don't think it's necessary the ending point but it was some place to start with. i don't want to throw everything out and start with, i don't know, you have to start somewhere. >> do the other panelists want to say anything about that? alex. >> i would just add that even though the first to do not directly apply, sort and not as written by dhs, they provide useful measures for us to determine to what extent does is raise privacy issues and what areas. i think it's helpful to use as a guide in the way that becky has been using nsa. i like the idea of developing a statement of principles that would apply to the intelligence community. so i will take that back. >> i don't have time for another question but i would suggest

either going to engage in that exercise that you look at the thresholthresholds question ando look at oversight because they talk about accountability and auditing but creating a paper to is not the same thing as effective oversight. as i said oversight is a streaming important so just food for thought. >> i think it's important you don't have a check box. part of the problem i think with the fips also i isn't leads itsf to a checkbox process. to have a privacy statement? yes. am i doing everything? yes. i can do that. as opposed to questions of should i be doing that? that's where having an individual at the agency whose focal point is this benefits the agency in terms of that conversation because they can quickly evolve to i checked it off, i'm good. you have no privacy, but i'm good. >> oversight perspective has to be changed because i think as technology allows us to collect more data and in different ways, different data points, that the

oversight of it has less meaning if you're not also adapting on that side as fast as we are adapting to the technological changes. >> did you have some questions as to? thank you. thank you to the members of the panel. i would have some questions i want to ask but there were a lot of audience questions. were the one of two that stood out particularly? technically we only have five more minutes to go on this panel. i'm happy to have you asked one or two of the audience questions. >> i think you should know you have won the jackpot thus far on audience questions. alex, this one goes to an across on a remark from previous panel. why can't the icy inform the american people about how many phone records were collected pursuant to section 215 and make similar public disclosures regarding the breadth of you is collection under 702 and the

executive order to understand the one that targeting necessarily u.s. persons but the u.s. persons in potential collection. >> good question. i don't want to duck it. i want to say that i am going to in a certain way. no, but, i don't want to i guess i'm not going to get into the specifics of like 215 or 702, et cetera. what i will say is there are two challenges to understand the interest and understand the importance. what is technical capability. can you in fact counted? some things, some activities you should be able to count but for otherwise, they inherently involve challenges. one of the pclob recommendations in the seventh report was, in fact, the account some of the 702 collection that involves u.s. persons. there are some inherent challenges in doing that. from a national security perspective what i'll say is what i've heard internally as we

pursue these kinds of questions is that providing that kind of information can, in fact, put at risk sometimes a collection coln because especially the track in overtime. an adversary, a sophisticated adversary can put information together in terms of the falling of collection in one particular area and draw conclusions about what specific is being obtained. what are the specific channels that are being watched and, therefore, change behavior. to our job from transparent perspective is to discuss that in troy kinsey are the ways of mitigating that, what can we, in fact, disclose because of a strong interest. >> i'll direct this next monday because you mentioned that part of the civil liberties protection and privacy protections are consequences for wrongdoing. the question from the audience is in the case of a privacy violation sufficient remedial measures are critical. what, if anything, do you think

needs to be done either statutorily or administratively to strengthen existing remedial schemes? >> so yeah, i do think that the remedies for privacy act violations or for privacy violations are, as i said, in my remarks, everything could be examined and looked at for approval. i was focusing my remarks on the fbi so of course they have their own investigative unit that reviews if there's any particular activity at an agent engages in, for example, that is, you know, collecting information in violation of specifically because the first amendment purposes, that's subject to review and disciplinary action. with regard to individuals, i agree. we talked about how the fips

doesn't would have as meaningful of really a guide for law enforcement either. i think it's not something that i can do but certainly it's been attempted before the remedy the privacy act to amend it. we are the administration is committed to looking to expand the protections of judicial redress for non-u.s. persons and dhs as a policy of doing so administratively that statutory it is a hurdle. it is something i would be willing to have a conversation to further that spirit just to keep us even across the board, becky, this one is for you. i think implicit i in the questn is a very interesting comment. do you anticipate the wide swaths of the data will no longer be collected now that you're asking questions about whether they are really needed

and the civil liberties downsides? so i would say the premise is that it's your job to shut it down. which i think is a widely shared premise, and i think the basic question is do you think they're going to be effective? >> i think that also starts with the premise that the collection were doing currently is that starting with the premise that we are collecting too much information today. i think what i would say is that when we are working on this sort of the premise. at nsa is filled with a lot of people who do math for a living, we are in the process of third grade math which folks need to show the work. they need to show why they're doing what they're doing so we can then have those conversations. i do want to presuppose we're going to do more or less or either way of those by to think what we have done well is explained what we are doing.

if you sort of considering nsa has a long history of saying absolute nothing to anyone, and in the last year and a half we've had to create a voice for ourselves to explain what it is we do, and recognize that most people, there are lots of ph.d's in math at nsa don't necessarily take well to speaking in public, it's a work in progress. my hope here is not that, not to be judged on how much we turned on or turn off but by demonstrating what the value is to the country in terms of what we'rwe are doing. and demonstrating we're protecting civil liberties and privacy. >> so thank you all for your remarks and your active back and forth on the questions. >> we will be taking a break. thanks. >> thank you. [inaudible conversations]

>> monday dr. martin salida a surgeon who contracted ebola while treating patients in sierra leone died at the nebraska medical center where he was being treated for the disease. today on capitol hill, two hearings on the able outbreak in west africa. at 10 a.m. representatives from doctors without borders and the international medical court testified about the worldwide response and the need for trained health care workers. life coverage of that subcommittee on africa and global health on c-span3. at 1 p.m., look at the u.s. response to the outbreak with dr. tom frieden. life coverage of the house

energy and commerce subcommittee on oversight and investigations also on c-span3. >> it will take six hours and 60 votes by the senate tuesday will vote on keystone xl pipeline legislation to lauren gardner is covering the debate in the senate. she is with cq roll call. what's behind the senate taking up the keystone measure? >> guest: there's some political implications here on the line. senator landrieu of louisiana is in a very heated runoff race with congressman bill cassidy, a republican was currently serving in the house. for senator landrieu this is the really key to demonstrating that she can legislate and hold her own on the floor of the senate even when her leaders are not necessarily behind her. she wants another legislative win to take back home and show voters she can get things done

in one what would the keystone bill due? >> guest: it would basically take the approval process of my from the president and give it to congress. it would just be approved and consider the environmental impact statement that the state of i'm as having fulfilled the requirements under and of i'm at the policy law that has to be followed in order for a cross-border permits to be considered. >> host: let's look at the 60 votes needed to pass the measure. your article you couldn't senator landrieu as saying i am confident that we will have the 60 votes to pass the we're getting stand with accounting of the votes correctly as of right now it still appears senator landrieu has 69 votes. last week senators carper and bennett oath pledged their sport for the bill. as of right now we have found that 60 of the vote yet about

landrieu aides said they don't think she would've pushed as hard as she could have the 60 votes. we will have to wait and see going into tonight and tomorrow. >> host: seems like a fair amount of pressure. you tweeted modify tweets from bill mckibben, the b bimetal activists sang a warning shot fired, just to give us a snapshot of what some of the other pressure senators are feeling. >> guest: democrats in particular i think a lot of pressure from environmentalists who would want to die keystone to climate change and make the argument that by allowing this pipeline to go forward it which is exacerbate the level of greenhouse gas emissions, the earth is already experiencing. for any democrats who for any democrats once retaken streusel on climate change now and in the future there is pressure. for senator schumer's part, he is voting no. >> host: bill cassidy in the house last week at 31 democrats to vote for his mesh.

what happens to congressman cassidy keys to measure if senator landrieu's pass is? >> guest: if her bill passes then the house bill by congressman cassidy will be considered past. that's the actual bill that we sent to the president's desk. we'll have cassidy's name on it, not landrieu but senator landrieu says it doesn't matter to her as long as the bill reaches the president did ask. >> host: you mentioned how this is going in louisiana but you write in roll call and here's the bad -- the headline, keystone dominance the senate runoff but does louisiana care? what's the story behind that? >> guest: there's been a lot made about this keystone vote for both candidates they want to be able to take home some kind of victory however the going to get it to the voters. the question is do louisiana voters actually think this is a legit issue? senator landrieu a lot of for legislation victories that she can on the campaign trail has a

pretty direct impact on louisiana citizens. for example, earlier this year when she successfully negotiated a delay to flood insurance premiums increases. >> host: it's a big issue. president obama, the white house and whether not he will sign or veto the bill? >> guest: they had been, i haven't wanted to direct one way or another but president obama has repeatedly said while he's on foreign travel that he wants the state department process and the separate supreme court process in nebraska to play out. if he had his drugs he wouldn't have a bill at his desk but they haven't said one way or another if they would issue a veto threat. >> host: viewers can read more and following garden and twitter. thanks for that preview. >> guest: thanks for having me. >> live now to the senate floor the start a debate on a bill authorizing the construction of

the keystone xl oil pipeline. the measure is the same as the one introduced by bill cassidy in the house. that was passed thursday by a vote of 252-161. today's debate is scheduled for six hours with a final vote set for approximately 6:15 p.m. eastern time. the president pro tempore: the senate will come to order. the chaplain, dr. barry black, will lead the senate in prayer. the chaplain: let us pray. shepherd of love, our lives are open books to you, for you see our thoughts before they are formed and know our words before we utter a single sentence. your powers astound us.