JEFFREY BROWN: The controversy surrounding the government's alleged data-collection program followed CIA nominee General Michael Hayden around Capitol Hill today. Hayden met with several senators to seek support for his nomination. But, between the camera clicks and handshaking, questions came about the program's legality.
GEN. MICHAEL HAYDEN, Deputy Director of National Intelligence: I'm not going to comment on the article that appeared in USA Today yesterday. Let me say once again, though, everything that the agency has done has been lawful, it's been briefed to the appropriate members of Congress, that the only purpose of the agency's activities is to preserve the security and the liberty of the American people. And I think we've done that.
JEFFREY BROWN: USA Today reported yesterday that the National Security Agency, under Hayden's leadership, has secretly collected tens of millions of phone call records since 9/11 from the nation's three largest telephone companies, Verizon, AT&T and BellSouth.
The data does not include names of customers or content of the calls. Of the major phone companies, only Qwest refused to cooperate.
At two public appearances today, President Bush avoided addressing the issue. But yesterday, he rearranged his schedule to talk to reporters.
GEORGE W. BUSH, President of the United States: The privacy of ordinary Americans is fiercely protected in all our activities. We're not mining or trolling through the personal lives of millions of innocent Americans.
JEFFREY BROWN: On Capitol Hill today, some senators, including Republican Susan Collins of Maine, said they needed more assurances the program was within the law and the parameters of the Foreign Intelligence Surveillance Act, or FISA.
SEN. SUSAN COLLINS (R), Maine: I want to make sure that these programs are conducted within the confines of the laws. I want to make sure that there are checks and balances, including congressional oversight and judicial review. And I think that that is very important.
JEFFREY BROWN: General Hayden can expect more questions about the phone data program at his confirmation before the Senate Intelligence Committee starting next Thursday.
And we explore the legal issues now with Bryan Cunningham, a former lawyer for the National Security Council in the Bush administration and with the CIA during the Clinton years. He's now in private practice as an information, security and privacy lawyer.
And Kate Martin, director of the Center for National Security Studies, a nongovernmental organization that researches and advocates for civil liberties on national security issues.
And welcome to both of you.
BRYAN CUNNINGHAM, Former Adviser to Condoleezza Rice: Thanks for having me.
JEFFREY BROWN: Mr. Cunningham, starting with you, from what you know so far, is this program legal?
BRYAN CUNNINGHAM: Yes, thank you for having me. First, I should say that I had no knowledge of this program -- if, in fact, the reporting is correct -- when I was in the government, so I have no secret or classified information on it.
From the news reports, though, I would say it's almost certainly absolutely legal and constitutional, unless there are facts, obviously, that we don't know about.
First of all, the United States Supreme Court said in 1979 that Americans do not have any expectation of privacy in telephone toll records and, therefore, the Fourth Amendment warrant requirement doesn't apply, and that's probably why polls are showing most Americans are not too exercised about this, because the Supreme Court got it right, in terms of what they expect of these records.
Secondly, apparently, the records were turned over voluntarily by the telephone companies to the government, so the government would not have even had to go to court and get any sort of legal process to do this.
And, thirdly, if the government did need to or did decide, for the benefit of the companies, to go to court, there are a number of mechanisms in existing law that would allow them to get the right kind of legal authorities without ever implicating the Foreign Intelligence Surveillance Act, because these are not content of communications. So I think it's very clearly legal.
JEFFREY BROWN: And, Kate Martin, what's your reading of the law?
KATE MARTIN, Center for National Security Studies: Well, I couldn't disagree more.
The Congress explicitly protected the privacy of such telephone records. And after the Supreme Court held that the Fourth Amendment didn't apply to seizures of these kinds of telephone records, Congress passed a whole series of laws. One of them is called the Stored Communications Act, Pen Register laws.
What they say is that the telephone companies may not voluntarily disclose the information to a government entity; they can only disclose the information to a government entity, like the NSA, if they are served with a court order or a subpoena.
And it's my assumption that the NSA had no court order; it could not get a subpoena. And I don't think it would be entitled to a court order under the laws.
JEFFREY BROWN: Mr. Cunningham made a distinction, as I've heard elsewhere, between collecting phone records and gathering names or content. You don't see that distinction?
KATE MARTIN: I do see that distinction. Listening to the contents of telephone calls or e-mails requires a warrant, and that's a separate set of laws, not the Stored Communications laws and not the Pen Register laws.
But what the Congress has done is set up a whole framework, because it disagreed with the Supreme Court, about whether or not people have a reasonable expectation of privacy and that the government will not know everyone you've called; everyone who's called you; how long; how many times those phone numbers came in and out of your phone. And if the government did want to find that out, it would get a court order.
Now, the FBI can get a court order. It's not at all clear that the NSA would ever be entitled to a court order. And without an order, it was clearly illegal.
JEFFREY BROWN: Mr. Cunningham, help us define our terms a little here. The president used the word "mining." What exactly is data-mining? How is it used? And is this NSC program, as you understand it, an example of it?
BRYAN CUNNINGHAM: Yes, let me just mention a few corrections to what Kate said, though, first. First of all, as far as any of the reporting has indicated, these are not live transmissions of your telephone-calling data -- who's calling you and who you're calling -- to the government. So the Pen Register FISA statutes that Kate mentioned would not apply at all.
These are telephone toll records, and there are provisions that do limit the telephone companies in what they can provide. But one of those laws, the Communications Act, specifically exempts records in which there's no, quote, "individually identifiable information in it."
It's quite clear from the stories that the telephone company stripped out that identifying information before they gave any access to the government, which leads directly to the answer to your question.
In my judgment, there's a good way to go about reviewing these records and there's a dangerous way to go about reviewing these records. And I think Americans and civil libertarians ought to take some heart here, because the government -- I think much to the surprise of many people on the left -- has actually put into place two of the major protections.
First, as I've said, they've anonymized these records. No one is going to find out who Bryan Cunningham or Kate Martin called from these records, because our names and addresses are stripped from them.
Secondly, these are machines. These are computers, as far as I understand it, that are looking at these records. There is not folks sitting at the NSA pouring over these records.
So that what the computers do is they -- for example, if you have a telephone number of a captured terrorist mastermind in Afghanistan, had you had that before 9/11, you could have run that database against that information, against this data, and only the people whose records match would have been spit back out to the government, and you might have found at least two of the hijackers that were in the United States at the time. And that might have helped us to prevent 9/11.
So this is not a dragnet. This is not a wholesale turning over of records. As I understand the program, this is the government using computers, not humans, to look for specific information based on leads they get from terrorism suspects and members overseas.
JEFFREY BROWN: So what's wrong with that, Kate Martin, as a tool that, as he says, or as he argues, is anonymous in that sense?
KATE MARTIN: Well, the Congress specifically anticipated this and basically said: If you want the telephone numbers that are being called by a specific telephone line -- even when they're stored, not in real-time -- you need a court order or a subpoena.
And we read the law differently. I don't read any exception in it the way Mr. Cunningham does.
But what's wrong with it is that all of that information is evidently now stored in the NSA computerized database and available for any kind of data-mining that the government wishes to do.
To say that it's been stripped of any identifying information is misleading, because, of course, what they obtained to begin with was the phone numbers. The phone numbers can be easily and almost instantaneously matched with a person by the NSA computers. And Mr. Cunningham would agree that there's no law prohibiting the NSA from doing that.
Once it has that database, the NSA will be free to use that database in whatever way it wishes, including sharing it with other agencies, including trolling it for anything, and matching it up, the other information and the other databases, about Americans.
You know, and what's basically wrong with it is that, if they want to catch al-Qaida, which we hope that they do, they need to focus on telephone calls being made by al-Qaida. It's very hard to imagine why they need the phone numbers and the telephone call records of tens of millions of Americans.
You know, they know the names of thousands of al-Qaida suspects. And, once again, there's this kind of, "We're doing it to keep you safer," but if you look at it and analyze it carefully, it makes no sense. How does it make us safer for them to have tens of millions of phone calls?
JEFFREY BROWN: Well, Mr. Cunningham, respond to that. You know, in light of what we all see around us, new technology allowing much more access to information, I'm assuming that these kinds of concerns are going to only grow. So how do people -- how should people understand the balance of security versus the information that is out there and the availability of that information once it is out there, who might see it?
BRYAN CUNNINGHAM: Well, of course. I think, you know, in general, leaks of classified programs are dangerous and damage to our national security.
But in this case, I think it's actually good that we're able to have this public debate, because I believe -- and I've said this for quite some time, as an information privacy lawyer -- the most important issue in the next four or five years in our country, in terms of privacy, is going to be: How much privacy are we concerned about, when you have machines, electronic computers, that are triaging anonymized data and only giving back to the government, or only giving back to your health-care provider, or only giving back to big insurance companies, or whatever it may be, the actual records that match a legitimate request?
In this case, again, I'm assuming that what the government is doing with access to these records is, when they get a terrorist phone number, an al-Qaida phone number overseas, they are checking that number against those databases.
And thereby, not only -- somebody asked what the benefit of this is. I spent two years as a federal prosecutor on drug cases, and I can tell you that, in taking out the drug cartels, the most important tools you have are toll records, because you can not only immediately identify the network of cells inside the United States, you can also begin to understand the tradecraft of the terrorists, the way they do their business.
Are they calling in the middle of the night? Are their calls less than 30 seconds? Are they asking their cell numbers in the United States to call them back from pay phones? All of that data can be gathered and understood without knowing the identify of a single person on the other end of that telephone.
And when you do need to know the identity of the other person on that telephone, you use the appropriate legal process. You get the appropriate legal authority, and you can uncover cells in the United States. And if we'd this before 9/11, we may well have had the capability to find at least two of the hijackers, because we know they were communicating overseas.
The Bush and the Clinton administrations were both excoriated in the Congress and in bipartisan commissions for not using this kind of capability.
JEFFREY BROWN: All right.
And, Kate Martin, the last word, do you see the growing legal challenge here, a clash between security and technology?
KATE MARTIN: I think that privacy is a great risk. You know, they can get the toll records of al-Qaida, and they should get the toll records of al-Qaida and of people who talk to al-Qaida. Why did they get the toll records of tens of millions of people?
And this business about, well, before 9/11, the fact of the matter is that the government had the information before 9/11. It didn't know how to recognize what was important in the mounds of information that it had. It's making the same mistake: It will drown in information and miss the important information.
JEFFREY BROWN: All right, Kate Martin and Bryan Cunningham, thank you both very much.
KATE MARTIN: Thank you.
BRYAN CUNNINGHAM: Thank you.