STATEMENT FOR THE RECORD OF
NSA DIRECTOR LT GEN MICHAEL V. HAYDEN, USAF
HOUSE PERMANENT SELECT COMMITTEE ON INTELLIGENCE
12 April 2000
Thank you for this opportunity to provide an overview of the regulation and oversight of the National Security Agency's electronic surveillance activities. It is a pleasure to be here today.
The National Security Agency (NSA) performs electronic surveillance to collect foreign intelligence information for the military and policymakers. As the Director of Central Intelligence noted, NSA provides valuable intelligence to U.S. Government consumers on a wide range of issues of concern to all Americans, such as international terrorism, narcotics trafficking, and proliferation of weapons of mass destruction. NSA's electronic surveillance activities are subject to strict regulation by statute1 and Executive Order2 due to the potential intrusiveness and the implications for the privacy of U.S. persons3 of these activities. NSA's electronic surveillance activities are also subject to oversight from multiple bodies within all three branches of the Government. These safeguards have ensured that NSA is operating within its legal authority.
The Seventies were a watershed for the Intelligence Community. Congressional investigating committees, led by Senator Frank Church and Congressman Otis Pike, found that Government agencies, including NSA, conducted a number of improper intelligence activities directed against U.S. citizens. The revelations of these committees resulted in new rules for U.S. intelligence agencies, rules meant to inhibit abuses while preserving our intelligence capabilities. In other words, a concerted effort was made to balance the country's need for foreign intelligence information with the need to protect core individual privacy rights.
A wide-ranging, new intelligence oversight structure was built into U.S. law. A series of laws and Executive Orders established oversight procedures and substantive limitations on intelligence activities. In the aftermath of the Church and Pike committees' revelations, Congress passed the Foreign Intelligence Surveillance Act (FISA) which created a procedural structure with a special court for considering and approving certain surveillances that occur in the U.S. and thus have the potential to affect rights guaranteed by the Constitution. The House and Senate each established intelligence oversight committees. President Ford issued an Executive Order that established for the first time a formal system of intelligence oversight in the Executive Branch. Oversight mechanisms were established within the Department of Justice and within each intelligence agency. The President also established an independent Intelligence Oversight Board.
The result today at NSA is an intelligence gathering system that operates within detailed, constitutionally-based, substantive, and procedural limits under the watchful eyes of Congress, numerous institutions within the Executive Branch, and -- through the FISA -- the judiciary. The privacy framework is technology neutral and does not require amendment to accommodate new communications technologies.
Recently, NSA has been the subject of media reports which suggest that NSA collects all electronic communications, spies on U.S. citizens, and provides intelligence information to U.S. companies. There also have been claims that NSA activities are not subject to regulation or oversight. All of these claims are false or misleading. Today, I will describe NSA's electronic surveillance authority, the framework regulating that authority for the purpose of protecting privacy rights, and the oversight mechanisms in place to monitor NSA's activities.
NSA's Electronic Surveillance Authority
NSA's electronic surveillance authority is found in Executive Order 12333, entitled "Intelligence Activities." Executive Order 12333 authorizes NSA to collect, process, and disseminate signals intelligence information for national foreign intelligence (and counterintelligence) purposes and in support of U.S. military operations.4
NSA is not authorized to collect all electronic communications. NSA is authorized to collect information only for foreign intelligence purposes and to provide it only to authorized Government recipients. This means that NSA is not authorized to provide signals intelligence information to private U.S. companies and we do not do so. Legal proscriptions notwithstanding, as a practical matter, it is not technically possible to collect all electronic communications everywhere in the world on an indiscriminate basis.
Regulation of NSA's Electronic Surveillance Authority
Electronic surveillance conducted for foreign intelligence purposes is regulated by statutory restrictions flowing from the Foreign Intelligence Surveillance Act, and restrictions flowing from Executive Order 12333, which manifest themselves in the form of restrictions applicable to all intelligence collection activities and specific restrictions (Attorney General Procedures) regulating NSA's electronic surveillance activities.
Statutory Restriction on Electronic Surveillance in the U.S. -- Foreign Intelligence Surveillance Act (FISA)
Under FISA, NSA may only target communications of a U.S. person in the United States if a federal judge finds probable cause to believe that the U.S. person is an agent of a foreign power. Probable cause exists when facts and circumstances within the applicant's knowledge and of which he/she has reasonably trustworthy information are sufficient to warrant a person of reasonable caution to believe that the proposed target of the surveillance is an agent of a foreign power. Under the statute, a judge may determine a U.S. person to be an agent of a foreign power only if there is information to support a finding that the individual is a spy, terrorist, saboteur, or someone who aids or abets them.
All FISA collection is regulated by special minimization procedures approved by the FISA Court and the Attorney General. Since the enactment of the FISA in 1978, there have been no more than a very few instances of NSA seeking FISA authorization to target a U.S. person in the United States. In those instances there was probable cause to believe that the individuals were involved in terrorism.
Executive Order 12333 - Restrictions Imposed on All Intelligence Collection Activities
There are certain restrictions imposed by E.O. 12333 upon all intelligence collection activities engaged in by the Executive Branch agencies. Intelligence collection must be conducted in a manner "consistent with the Constitution and applicable law and respectful of the principles upon which the United States was founded." (Sec. 2.1). These include the Fourth Amendment's prohibition against unreasonable searches and seizures. Intelligence collection must not be undertaken to acquire information concerning the domestic activities of U.S. persons. (Sec. 2.3(b)). The least intrusive collection techniques feasible must be used in the United States or against U.S. persons located abroad. (Sec. 2.4). Finally, agencies in the Intelligence Community are prohibited from having other parties engage in activities forbidden by the Executive Order on their behalf. (Sec. 2.12) This means that NSA can not ask another country to illegally spy on U.S. persons on our behalf, and we do not.
Executive Order 12333 Procedures - Specific Restrictions Imposed on NSA's Collection Techniques
In delegating authority to the Director, NSA in E.O. 12333, the President recognized that certain intelligence gathering techniques, such as signals intelligence, are particularly intrusive and must be conducted in a "reasonable" manner to comport with Fourth Amendment and statutory requirements. The Executive Order requires, therefore, that certain written procedures be implemented regulating such techniques. The procedures are designed to protect constitutional and other legal rights and limit the use of information collected to lawful governmental purposes. The Executive Order requires that the head of the agency (i.e., for NSA, the Secretary of Defense) and the Attorney General approve the procedures.
NSA has such procedures in place. They have been approved by the Secretary of Defense and the Attorney General. They are classified and are appended to DoD Directive 5240.1-R, the DoD regulation which implements E.O. 12333. Prior to implementing or revising these procedures, NSA provides them to the House and Senate intelligence committees, to the Assistant to the Secretary of Defense for Intelligence Oversight and the Intelligence Oversight Board of the President's Foreign Intelligence Advisory Board. The procedures are incorporated into an NSA Regulation and the substance of the procedures is promulgated throughout the signals intelligence system in a detailed directive, U.S. Signals Intelligence Directive 18, signed by the Director, NSA. This Directive provides a single document in which all the restrictions, whether originating from constitutional, statutory, executive order, or regulatory provisions, may be found.
Executive Order 12333 Restrictions on Electronic Surveillance Outside the U.S.
Under E.O. 12333 and implementing regulations signed by the Secretary of Defense and approved by the Attorney General, NSA must obtain the Attorney General's approval before conducting electronic surveillance directed against a U.S. person abroad. The Attorney General must have probable cause to believe that the person is an agent of a foreign power, either an officer or employee of a foreign power, or a spy, terrorist, saboteur, or someone who aides or abets them. Occasionally, NSA seeks Attorney General authorization to target a "U.S. person" overseas. An example of such a request would be one seeking authorization to target a terrorist overseas who is a U.S. permanent resident alien.
Executive Order 12333 Restrictions Relative to Retention and Dissemination of Unintentionally Acquired U.S. Person Information
NSA's collection of foreign intelligence from foreign individuals and entities is designed to minimize the incidental, or unintentional, collection of communications to, from, or about U.S. persons. When NSA does acquire information about a U.S. person, NSA's reporting does not disclose that person's identity, and NSA will only do so upon a specific request that meets the standard derived from statute5 and imposed by Executive Order regulation -- that is, the information is necessary to understand a particular piece of foreign intelligence or assess its importance. Specifically, no information, to, from, or about a U.S. person may be retained unless the information is necessary to understand a particular piece of foreign intelligence or assess its importance. Similarly, no identities of U.S. persons may be disseminated (that is, transmitted to another Government department or agency) by NSA unless doing so is necessary to understand a particular piece of foreign intelligence or assess its importance. For example, if NSA intercepted a communication indicating that a terrorist was about to harm a U.S. person, the name of the U.S. person would be retained and disseminated to appropriate law enforcement officials.
Oversight of NSA's Electronic Surveillance Activities
Oversight of NSA's activities is conducted by organizations internal to NSA, external to NSA in the Executive Branch, and in the Legislative and Judicial Branches.
As you are fully aware, the intelligence committees conduct routine oversight of NSA activities. The committees regularly call for detailed briefings on NSA's collection activities and the procedures in place designed to protect the privacy rights of U.S. persons. Committee staff routinely visits NSA Headquarters and field sites as part of its oversight activities. The committees also receive semi-annual reports from the Department of Justice concerning NSA's activities under the Foreign Intelligence Surveillance Act. As discussed above, NSA has in place procedures for our FISA and other activities to ensure that the Agency acts in a manner that protects the privacy rights of U.S. persons. These procedures, as well as any subsequent changes, are reported to the intelligence committees prior to implementation. Further, NSA is required to: keep the committees fully and currently informed of all intelligence activities, including any significant anticipated intelligence activity; furnish any information on intelligence activities requested by the committees to carry out their oversight responsibilities; and report to the committees any illegal intelligence activity. Recently, this Committee requested NSA documents on a number of legal topics related to NSA's collection activities. NSA has fully complied with that request and met with Committee staff on several occasions.
Section 309 of the Intelligence Authorization Act for FY2000 (Pub. L. No. 106-120) called for me to submit a report to Congress prepared jointly with the Attorney General and the Director of Central Intelligence providing a detailed analysis of the legal standards employed by elements of the Intelligence Community in conducting signals intelligence activities, including electronic surveillance. The report we submitted in February of this year clearly demonstrates that there are legal standards and procedures in place to protect the privacy rights of U.S. persons when NSA and other Intelligence Community entities conduct electronic surveillance.
The Foreign Intelligence Surveillance Court (FISC) is authorized by the Foreign Intelligence Surveillance Act to issue court orders for electronic surveillance directed against foreign powers or their agents. In reviewing applications for court orders, the FISC judges scrutinize the targets, the methods of surveillance, and the procedures for handling the information collected.
Executive Branch Oversight
Within the Executive Office of the President, the Intelligence Oversight Board (IOB) conducts oversight of intelligence activities. The IOB reports to the President and the Attorney General on any intelligence activities the IOB believes may be unlawful. The IOB also reviews agency Inspector General and General Counsel practices and procedures for discovering and reporting intelligence activities that may be unlawful, as well as conducts any investigations deemed necessary to carry out their functions.
In the Department of Justice, the Office of Intelligence Policy and Review (OIP&R) reviews compliance with the court-ordered minimization procedures designed to protect the privacy rights of U.S. persons. This office also files semi-annual reports with Congress on electronic surveillance conducted under FISA and is intimately involved with NSA's FISA applications. The Office of Legal Counsel at DoJ as well as OIP&R have been involved in setting the legal standards under which NSA's signals intelligence activities are conducted to ensure that these activities strike an appropriate balance between the country's intelligence needs and individual privacy rights.
In the Department of Defense, the Assistant to the Secretary of Defense (Intelligence Oversight) and the Office of General Counsel are engaged in intelligence oversight of NSA. Within NSA, the Operations Directorate's Center for Oversight and Compliance, the Inspector General, the General Counsel, and NSA's Intelligence Oversight Board also conduct oversight of NSA activities. The NSA Office of General Counsel conducts extensive privacy protection and intelligence oversight training for all Agency employees who are involved in collection that implicates Fourth Amendment privacy rights. NSA also enforces a strict set of audit procedures to ensure compliance with the privacy rules.
In performing our mission, NSA constantly deals with information that must remain confidential so that we can continue to collect foreign intelligence information on various subjects that are of vital interest to the nation. Intelligence functions are of necessity conducted in secret, yet the principles of our democracy require an informed populace and public debate on national issues. The American people must be confident that the power they have entrusted to us is not being, and will not be, abused. These opposing principles--secrecy on one hand, and open debate on the other--can be reconciled successfully through rigorous oversight. The current oversight framework reconciles these principles. It serves as a needed check on what otherwise has the potential to be an intrusive system. The regulatory and oversight structure, in place now for nearly a quarter of a century, has ensured that the imperatives of national security are balanced with democratic values.
Mr. Chairman, this is a complex and difficult issue, one that involves an intricate mix of technical and legal nuance. In the end, however, the concerns expressed about NSA's capabilities strike at very basic desires on the part of our citizens to be secure in their homes, in their persons, and in their communications. My appearance here today is as the Director of NSA. But I'm also here as a citizen who believes that the careful and continuing oversight of NSA -- at many levels, internal and external -- represents a commitment to striking a balance between the government's need for information against the privacy rights of U.S. persons that my fellow citizens and their elected representatives can endorse. I can assure you, Mr. Chairman, and all our citizens, that I consider the maintenance of that balance one of my highest priorities, as do the other men and women of NSA.