[House Hearing, 112 Congress]
[From the U.S. Government Printing Office]






                              GOING DARK:
     LAWFUL ELECTRONIC SURVEILLANCE IN THE FACE OF NEW TECHNOLOGIES

=======================================================================

                                HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON CRIME, TERRORISM,
                         AND HOMELAND SECURITY

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 17, 2011

                               __________

                           Serial No. 112-59

                               __________

         Printed for the use of the Committee on the Judiciary









      Available via the World Wide Web: http://judiciary.house.gov

                                _____

                  U.S. GOVERNMENT PRINTING OFFICE
64-581 PDF                WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001









                       COMMITTEE ON THE JUDICIARY

                      LAMAR SMITH, Texas, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        HOWARD L. BERMAN, California
HOWARD COBLE, North Carolina         JERROLD NADLER, New York
ELTON GALLEGLY, California           ROBERT C. ``BOBBY'' SCOTT, 
BOB GOODLATTE, Virginia                  Virginia
DANIEL E. LUNGREN, California        MELVIN L. WATT, North Carolina
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
MIKE PENCE, Indiana                  MAXINE WATERS, California
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
STEVE KING, Iowa                     HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona                  Georgia
LOUIE GOHMERT, Texas                 PEDRO PIERLUISI, Puerto Rico
JIM JORDAN, Ohio                     MIKE QUIGLEY, Illinois
TED POE, Texas                       JUDY CHU, California
JASON CHAFFETZ, Utah                 TED DEUTCH, Florida
TOM REED, New York                   LINDA T. SANCHEZ, California
TIM GRIFFIN, Arkansas                DEBBIE WASSERMAN SCHULTZ, Florida
TOM MARINO, Pennsylvania
TREY GOWDY, South Carolina
DENNIS ROSS, Florida
SANDY ADAMS, Florida
BEN QUAYLE, Arizona

      Sean McLaughlin, Majority Chief of Staff and General Counsel
       Perry Apelbaum, Minority Staff Director and Chief Counsel
                                 ------                                

        Subcommittee on Crime, Terrorism, and Homeland Security

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman

                  LOUIE GOHMERT, Texas, Vice-Chairman

BOB GOODLATTE, Virginia              ROBERT C. ``BOBBY'' SCOTT, 
DANIEL E. LUNGREN, California        Virginia
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
TED POE, Texas                       HENRY C. ``HANK'' JOHNSON, Jr.,
JASON CHAFFETZ, Utah                   Georgia
TIM GRIFFIN, Arkansas                PEDRO PIERLUISI, Puerto Rico
TOM MARINO, Pennsylvania             JUDY CHU, California
TREY GOWDY, South Carolina           TED DEUTCH, Florida
SANDY ADAMS, Florida                 DEBBIE WASSERMAN SCHULTZ, Florida
BEN QUAYLE, Arizona                  SHEILA JACKSON LEE, Texas
                                     MIKE QUIGLEY, Illinois

                     Caroline Lynch, Chief Counsel

                     Bobby Vassar, Minority Counsel











                            C O N T E N T S

                              ----------                              

                           FEBRUARY 17, 2011

                                                                   Page

                           OPENING STATEMENTS

The Honorable Tim Griffin, a Representative in Congress from the 
  State of Arkansas, and Member, Subcommittee on Crime, 
  Terrorism, and Homeland Security...............................     1
The Honorable Robert C. ``Bobby'' Scott, a Representative in 
  Congress from the State of Virginia, and Ranking Member, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     2
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     3

                               WITNESSES

Valerie Caproni, General Counsel, Federal Bureau of Investigation
  Oral Testimony.................................................     6
  Prepared Statement.............................................     9
Chief Mark Marshall, President, International Association of 
  Chiefs of Police
  Oral Testimony.................................................    16
  Prepared Statement.............................................    19
Susan Landau, Ph.D., Radcliffe Institute for Advanced Study, 
  Harvard University
  Oral Testimony.................................................    23
  Prepared Statement.............................................    25

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Prepared Statement of the Honorable Henry C. ``Hank'' Johnson, 
  Jr., a Representative in Congress from the State of Georgia, 
  and Member, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................     4
Prepared Statement of the American Civil Liberties Union (ACLU) 
  submitted by the Honorable Robert C. ``Bobby'' Scott, a 
  Representative in Congress from the State of Virginia, and 
  Ranking Member, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................    52

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of Joel M. Margolis, Senior Regulatory 
  Counsel, Subsentio, Inc........................................    59
Responses to Post-Hearing Questions from Valerie Caproni, General 
  Counsel, Federal Bureau of Investigation.......................    73
Prepared Statement of the Center for Democracy and Technology 
  (CDT)..........................................................    78

 
     GOING DARK: LAWFUL ELECTRONIC SURVEILLANCE IN THE FACE OF NEW 
                              TECHNOLOGIES

                              ----------                              


                      THURSDAY, FEBRUARY 17, 2011

              House of Representatives,    
              Subcommittee on Crime, Terrorism,    
                             and Homeland Security,
                                Committee on the Judiciary,
                                                    Washington, DC.

    The Subcommittee met, pursuant to notice, at 11:23 a.m., in 
room 2141, Rayburn House Office Building, the Honorable Tim 
Griffin (acting Chairman of the Subcommittee), presiding.
    Present: Representatives Griffin, Forbes, Gowdy, Adams, 
Quayle, Conyers, Scott, Johnson, Chu, and Quigley.
    Staff Present: (Majority) Richard Hertling, Deputy Chief of 
Staff; Caroline Lynch, Subcommittee Chief Counsel; Arthur 
Radford Baker, Counsel; Lindsay Hamilton, Clerk; (Minority) 
Bobby Vassar, Subcommittee Chief Counsel; Joe Graupensberger, 
Counsel; and Veronica Eligan, Professional Staff Member.
    Mr. Griffin. The Subcommittee will come to order.
    Welcome to today's hearing on ``Going Dark: Lawful 
Electronic Surveillance in the Face of New Technologies.'' I 
would especially like to welcome our witnesses and thank you 
for joining us today.
    I am joined today by my colleague from Virginia, 
distinguished Ranking Member of the Subcommittee, Bobby Scott. 
And I don't see the Chairman emeritus Conyers, but he may join 
us.
    Today's hearing examines the issue of the growing gap 
between the legal authority and the technological capability to 
intercept electronic communications. This is known in law 
enforcement circles as ``going dark.''
    Going dark is not about requiring new or expanded legal 
authorities. It is about law enforcement's inability to 
actually collect the information that a judge has authorized. 
Simply stated, the technical capabilities of law enforcement 
agencies have not kept pace with the dazzling array of new 
communication devices and other technologies that are now 
widely available in the marketplace.
    Court-ordered electronic surveillance has long been a 
valuable tool for effective law enforcement. It is a technique 
that is used as a last resort, when other investigative 
techniques have failed or would be likely to fail or would even 
be too dangerous to try.
    The judicial process that must be followed to seek a court 
order to authorize this type of surveillance is neither easily 
nor quickly obtained. There are many layers of review, many 
facts that must be established, and ultimately, a judge decides 
if such a technique is warranted.
    Once authorized, law enforcement must comply with reporting 
requirements to the court that issued the order, and there are 
procedures to protect the privacy rights of innocent parties 
that may use the communication device at issue. The loss of 
this investigative technique would be a huge risk to both our 
public safety and our national security.
    Congress initially addressed the growing gap between what 
law enforcement was legally authorized to intercept and what 
they were technically capable of intercepting by passing the 
Communications Assistance for Law Enforcement Act. By 
clarifying the obligations of the telecommunications industry, 
this act attempted to close the gap and enable law enforcement 
to address the electronic surveillance challenges presented by 
new technologies.
    But that was back in 1994. Since then, extraordinary 
developments in communication technology have yielded new 
communication devices, new services, and new modes of 
communication that did not exist or had not fully reached their 
maximum potential when we first addressed this problem.
    CALEA, as it currently exists, does not address the 
contemporary challenge that law enforcement agencies face when 
attempting to legally intercept electronic communications.
    This issue is not unique to Federal agencies. But many of 
our State and local agencies may be at an even greater risk of 
going dark because many of them do not have the financial 
resources or the expertise to resolve interception problems.
    Interception solutions are not cheap, and one size does not 
necessarily fit all. The competition in the communication 
industry has yielded a shift from standardized to proprietary 
technology. This often requires law enforcement agencies to 
develop individual interception solutions that may or may not 
work in other instances.
    The debate on how best to modernize the law and ensure that 
our law enforcement agencies do not lose this valuable 
investigative tool will not be easily resolved. Balancing 
privacy interests, ensuring continued innovation by the 
communications industry, and securing networks from 
unauthorized interceptions must all be a part of the debate, 
and they will all need to be factored into any solution.
    I am particularly interested in hearing about collaboration 
and information sharing among the various Federal, State, and 
local law enforcement agencies as they attempt to efficiently 
find solutions to the interception challenges.
    I welcome our witnesses and look forward to hearing their 
testimony.
    I now recognize for his opening statement the Ranking 
Member of the Subcommittee, Congressman Bobby Scott of 
Virginia.
    Mr. Scott. Well, thank you very much, and thank you for 
holding this hearing.
    I am glad to have the hearing today because over the past 
few months, there have been news reports that new 
communications technologies are making it more difficult for 
law enforcement to engage in court-authorized wiretaps. The 
same reports indicate that the Administration may be preparing 
legislation to deal with this issue.
    All of this has led to conjecture and speculation about 
whether or not there is, in fact, a problem, what the scope of 
the problem may be, and what Congress may be asked to do about 
it. Today's hearing is constructive because we need information 
to see what is really going on.
    Some communications companies cited in the news reports 
tell us that they have not been given any specific complaints 
about their cooperation with law enforcement, and they say they 
have yet to hear details of any reported problems. So I am 
pleased that we have two distinguished law enforcement 
witnesses here today to discuss these matters.
    We also have a witness to testify with us today who is not 
a law enforcement representative, but an engineer with 
extensive experience in communications technology and who is an 
expert in the relationship between security and surveillance. I 
realize that this is the beginning of a discussion about a 
range of issues, which are likely to include implementation of 
the CALEA statute, as you have indicated, as well as what law 
enforcement is currently experiencing.
    But I believe at the onset of this discussion, eyes need to 
be open to all of the considerations involved. There is no way 
around the fact that any calls for increased surveillance 
capabilities will have significant implications for 
technological and economic development, as well as basic 
privacy concerns. I am glad to hear that we will have a variety 
of perspectives on these issues from our witnesses today.
    I want to make one last comment before concluding my 
statement, and that is that last week I attended a classified 
briefing given by the FBI including one of our witnesses today. 
And I appreciate the opportunity to hear the information that 
was presented.
    But while I think that sometimes it is appropriate for 
Government officials to discuss classified material in closed 
sessions, particularly discussions of specific cases, it is 
critical that we discuss this issue in as public a manner as 
possible. I do not think that congressional consideration of 
these issues should rest on arguments made in secret. It would 
be ironic to tell the American people that their privacy rights 
may be jeopardized because of discussions held in secret.
    So, Mr. Chairman, I look forward to our witnesses today, 
and thank you for Chairing the hearing.
    Mr. Griffin. Thank you.
    I now recognize the most recent Chairman emeritus of the 
Committee, John Conyers of Michigan, for his opening remarks.
    Mr. Conyers. Thank you, Mr. Acting Chairman.
    I am happy to be here today to welcome all of the 
witnesses. And to me, this is a question of building back doors 
into systems hearing, if we had to give it a nickname. And I 
believe that legislatively forcing telecommunications providers 
to build back doors into systems will actually make us less 
safe and less secure.
    I believe further that requiring back doors in all 
communication systems by law runs counter to how the Internet 
works and may make it impossible for some companies to offer 
their services.
    And finally, it is my belief that our communication 
companies must be allowed to innovate without technological 
constraints if they are to continue to develop products and 
services that successfully compete with foreign companies.
    Now that I have given you my views, I would be eager to 
hear yours, and I thank you very much, Mr. Chairman.
    Mr. Griffin. Thank you.
    Without objection, other Members' opening statements will 
be made a part of the record.
    [The prepared statement of Mr. Johnson follows:]
 Prepared Statement of the Honorable Henry C. ``Hank'' Johnson, Jr., a 
   Representative in Congress from the State of Georgia, and Member, 
        Subcommittee on Crime, Terrorism, and Homeland Security
    Good morning. I would like to thank the witnesses for being here. I 
want to begin by applauding the Chairman's efforts in seeking to arm 
law enforcement with the tools they need.
    This hearing will largely focus on the Communications Assistance 
for Law Enforcement Act, CALEA.
    CALEA's purpose is to enhance the ability of law enforcement and 
intelligence agencies to conduct electronic surveillance by requiring 
that telecommunications carriers and manufacturers of 
telecommunications equipment modify and design their equipment to 
ensure that they have built-in surveillance capabilities, allowing 
federal agencies to monitor communications.
    In the wake of new technologies, law enforcement, particularly the 
FBI, has concerns about its inability to conduct court ordered 
surveillance and refers to this inability as ``Going Dark.''
    Law enforcement would like to extend the CALEA requirement to more 
communications like Skype, encrypted BlackBerry devices, and social 
networking sites like Facebook and Twitter.
    While it is important to arm law enforcement with the tools they 
need, we must be mindful of what such an expansion would cost the 
American people?
    Not simply in terms of dollars and cents, but in privacy rights, 
civil liberties, our national security, innovation and global 
competitiveness?
    In addition to sitting on the Judiciary Committee, I sit on the 
Armed Services Committee and am very concerned about how expanding 
CALEA could jeopardize national security, especially cyber security.
    As Susan Landau states in her written testimony, we must be careful 
that the difficulties faced by law enforcement are not solved in a 
manner that puts U.S. communications at serious risk of being hacked by 
criminals, non-state actors, or other nations.
    It is important that we move with caution when it comes to 
expanding CALEA. Legislatively forcing telecommunications providers to 
build back doors into their systems to allow for surveillance by law 
enforcement may also provide opportunities for hackers and foreign 
adversaries to gain access to these systems.
    Legislatively expanding CALEA could create vulnerabilities in our 
communications systems that would allow cyber criminals and terrorists 
to attack us.
    Expanding CALEA could also hurt America's competitiveness. Our 
economic growth depends in large part on the continued expansion of 
ways we use the Internet. Imposing technological constraints on 
communications companies may make it more difficult for American 
companies to develop products and services that successfully compete 
with other countries.
    Expanding CALEA could certainly have some unintended consequences 
that would be detrimental to our country. We must keep this in mind as 
we examine this issue.
    I look forward to hearing from our witnesses about how we can 
balance the rights of law enforcement without compromising our national 
security interests or trampling over the privacy rights of millions of 
Americans.
    Thank you, Mr. Chairman, and I yield back the balance of my time.
                               __________

    Mr. Forbes. Mr. Chairman?
    Mr. Griffin. Yes, sir?
    Mr. Forbes. Mr. Chairman, could I just take 2 minutes for 
the Committee?
    I just want to recognize a good friend of mine who is here 
today. We are proud of Chief Marshall. He is the president of 
the International Association of Chiefs of Police. But near and 
dear to me, he is the chief of police in Smithfield, Virginia, 
in Congressman Scott and my home State.
    And we are proud of all of our witnesses, but particularly 
glad to see him. And I just wanted him to know that I have got 
some amendments on the floor. So I will be slipping in and out, 
but we are so glad to have you here today.
    Thank you, Mr. Chairman. I yield back.
    Mr. Griffin. Did he bring any hams with him? [Laughter.]
    Mr. Forbes. Mr. Chairman, if he did, they would be the best 
hams in the world, I will tell you. [Laughter.]
    Mr. Marshall. If it would help you with your deliberations. 
[Laughter.]
    Mr. Griffin. It might make me go to sleep. Thank you for 
that.
    It is now my pleasure to introduce today's witnesses. 
Valerie Caproni--is that correct?
    Ms. Caproni. That is correct.
    Mr. Griffin. Oh, great. Ms. Caproni has been a general 
counsel in the FBI's Office of the General Counsel since 2003. 
Prior to her work with the FBI, she was regional director of 
the Pacific Regional Office of the Securities and Exchange 
Commission. She then became a counsel at the law firm of 
Simpson, Thacher, and Bartlett, specializing in white-collar 
criminal defense and SEC enforcement actions.
    Ms. Caproni has also previously worked in the U.S. 
Attorney's Office as an assistant U.S. attorney, chief of 
special prosecutions, and chief of the Organized Crime and 
Racketeering Section, and as chief of the Criminal Division.
    Ms. Caproni received her bachelor of arts in psychology 
from Newcomb College of Tulane University--I am a Tulane grad 
as well--in 1976 and her law degree from the University of 
Georgia in 1979.
    Chief Marshall is president of the International 
Association for Chiefs of Police. He has held the position of 
chief of police in Smithfield for over 18 years and has been in 
State and local law enforcement for 25 years. Chief Marshall 
serves as Chairman for the Law Enforcement Date Exchange and 
sits on the Advisory Policy Board for the FBI's CJIS Division.
    Chief Marshall is the past president of the Hampton Roads 
Chiefs Association and is on the executive board of the 
Virginia Association of Chiefs of Police.
    Chief Marshall received his bachelor of arts in criminology 
from St. Leo University and his master's in public 
administration from Old Dominion University. He is a graduate 
of the FBI National Academy and the Police Executive Leadership 
Program through the University of Virginia and the Virginia 
Police Chiefs Foundation.
    Susan Landau, Dr. Landau, studies the interplay between 
privacy, cybersecurity, and public policy for Radcliffe 
Institute at Harvard University. Prior to her work at the 
Radcliffe Institute, Dr. Landau was a distinguished engineer at 
Sun Microsystems for 12 years.
    Before her work at Sun Microsystems, she taught computer 
science at the University of Massachusetts and Wesleyan 
University. Dr. Landau is the co-author with Whitfield Diffie 
of ``Privacy on the Line: The Politics of Wiretapping and 
Encryption.'' And her book ``Surveillance or Security: The 
Risks Posed by New Wiretapping Technologies'' will be published 
this spring.
    Dr. Landau received her bachelor of arts from Princeton 
University, her master's of science from Cornell University, 
and her Ph.D. from MIT.
    Without objection, the witnesses' statements will appear in 
the record, put in their entirety. Each witness will be 
recognized for 5 minutes to summarize their written statement.
    The Chair now recognizes Ms. Caproni.

 TESTIMONY OF VALERIE CAPRONI, GENERAL COUNSEL, FEDERAL BUREAU 
                        OF INVESTIGATION

    Ms. Caproni. Thank you.
    Good morning, Chairman Griffin, Ranking Member Scott, and 
Members of the Subcommittee. Thank you for the opportunity to 
testify before you today regarding the problem that we refer to 
as ``going dark.''
    Most of us are old enough to remember when the world of 
communications involved a home telephone and an office 
telephone. In that world, when a court authorized law 
enforcement to conduct a wiretap, we knew exactly where and how 
to conduct it.
    We placed a device called a ``loop extender'' on the 
target's telephone line. That device intercepted the target's 
telephone conversations, which were then routed to our 
monitoring plant so we could hear everything said on the 
telephone and learn the telephone numbers of all incoming and 
outgoing calls.
    Then the world of communications got a little more 
complicated. The telephone companies started to shift their 
technology from analog to digital signals, and cell phones 
became ubiquitous. The phone companies were adding services 
like call forwarding, call waiting, and three-way calling.
    All of that had a negative impact on our ability to conduct 
authorized wiretaps, and Congress stepped into the breach. In 
1994, it passed the Communications Assistance for Law 
Enforcement, or CALEA.
    To ensure that advances in technology would not outstrip 
law enforcement's ability to conduct court-approved wiretaps, 
CALEA required telecommunication carriers to develop and deploy 
intercept solutions in their networks so that when the 
Government gets a wiretap order, it can actually conduct the 
authorized surveillance.
    Since then, the number of ways in which we communicate has 
exploded. We still have home office and cell telephones that 
can be forwarded, put on hold, and make three-way calls. But we 
also now have home and office email accounts, Twitter accounts, 
Facebook and MySpace pages, BlackBerrys and Androids, iPhones 
and iPads.
    We can chat, text, and send instant messages. We can video 
chat. We can upload videos with comments, and we can 
communicate using an avatar in Second Life.
    If all of that is not complicated enough, we can access our 
accounts from our home desktop computer via cable connection to 
the Internet or from a laptop that has a wireless connection. 
We can access our accounts from our office computer, from a 
computer in the business center of a hotel, and even from an 
iPad via a Wi-Fi hotspot while drinking no-fat latte at the 
closest Starbucks.
    The advances in our ability to communicate have many 
advantages, but they also have made it exponentially more 
difficult for law enforcement to execute court-authorized 
wiretaps. Over the past several years, the FBI and other law 
enforcement agencies have increasingly found themselves serving 
wiretap orders on providers that are not covered by CALEA and, 
therefore, under no pre-existing legal obligation to design 
into their systems a wiretap capability.
    Such providers may or may not have intercept capabilities 
in place for all of their services. If they have no capability 
or only limited capability, it takes time to engineer a 
solution--sometimes days, sometimes months, and sometimes 
longer.
    Potentially critical evidence in intelligence can be lost 
while the provider designs a solution so that it can isolate to 
the exclusion of all others the communications of the 
particular person whose account we are authorized to wiretap 
and then deliver those communications and only those 
communications to law enforcement with the relevant metadata.
    Our inability to immediately and completely execute court 
wiretap orders is not limited to new and exotic ways of 
communicating. Providers that are covered by CALEA and, 
therefore, required to maintain a solution in their systems are 
sometimes unable to immediately execute wiretaps.
    Sometimes that happens because the company has made changes 
to its network but did not adjust its intercept solution so 
that it would still work. Sometimes the problem is that the 
approved industry standard does not provide the Government all 
the information it is lawfully authorized to collect.
    Whatever the reason, this is a problem that creates 
national security and public safety risks. The challenge facing 
us and our State and local counterparts is exacerbated by the 
fact that there is currently no systematic way to make 
electronic intercept solutions widely available across the law 
enforcement community.
    Federal, State, and local law enforcement agencies have 
varying degrees of technical expertise regarding electronic 
surveillance and lack an effective mechanism for sharing 
information about existing intercept capabilities. This leads 
to the inefficient use of scarce technical resources and missed 
opportunities to leverage existing solutions.
    The absence of institutionalized ways to coordinate and 
share information in this area impedes the deployment of 
timely, cost-effective intercept capabilities that are broadly 
available to the law enforcement community. Today's technical 
advances inure to the great benefit of society, but they create 
significant challenges to the Government's ability to conduct 
lawful wiretaps.
    We see going dark as a problem with many facets, but they 
all boil down to this. The combination of carrots and sticks 
that the Government has are not working to incentivize 
industries to develop and maintain adequate intercept solutions 
for their services.
    As a consequence, when a court issues an order authorizing 
a wiretap, we are not consistently able to execute that order 
and promptly begin to collect evidence and intelligence. If we 
continue to be unable to accomplish that which even the most 
ardent privacy advocates will agree we ought to be able to 
accomplish--namely, to execute a wiretap order when authorized 
to do so by a court--then we will be significantly hobbled in 
achieving our mission of protecting the public safety and 
national security.
    Thank you for the opportunity to address this Subcommittee, 
and I look forward to answering your questions.
    [The prepared statement of Ms. Caproni follows:]
    
    
    
                               __________

    Mr. Gowdy [presiding]. Thank you, Ms. Caproni.
    Chief Marshall?

         TESTIMONY OF CHIEF MARK MARSHALL, PRESIDENT, 
         INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE

    Mr. Marshall. Good morning, Mr. Chairman and Members of the 
Subcommittee.
    My name is Mark Marshall, and I serve as the chief of 
police in Smithfield, Virginia. I also serve as the president 
of the International Association of Chiefs of Police.
    I am here today representing over 20,000 of IACP's members 
who are law enforcement executives in over 100 countries 
throughout the world. The majority of our membership, however, 
is here in the United States.
    As my good friend Congressman Forbes indicated, I am from 
Hampton Roads, Virginia, a smaller jurisdiction there. I have 
the big-city problems without the big-city resources. And I 
have got 2 million people sitting on my doorstep.
    I am pleased to be here to represent and to discuss the 
challenges currently confronting the U.S. law enforcement 
community on electronic surveillance issues.
    In the United States, there are more than 18,000 law 
enforcement agencies and well over 800,000 officers who patrol 
our State highways and the streets of our communities each and 
every day. Very simply, in this day and age with budgets, we 
are tasked to do more with less.
    A great number of those officers also use electronic 
surveillance as they investigate crimes. Each day, local, 
State, tribal, and Federal law enforcement agencies use lawful 
electronic surveillance as a critical tool for enforcing the 
Nation's laws and protecting the citizens we have the honor to 
serve. Moreover, electronic evidence is now a routine issue in 
all crimes and at most crime scenes.
    The IACP believes that the lawful interception of voice and 
data communications is one of the most valuable techniques 
available to law enforcement in identifying and crippling 
criminal and terrorist organizations. Understandably, there is 
an increased volume and complexity of today's communication 
services and technologies. And the evolution and development of 
communication devices has had a significant impact on law 
enforcement's ability to be able to conduct that surveillance, 
as well as to recover valuable evidence from communication 
devices.
    Additionally, legal mandates and authorities have not kept 
pace with the changing technology. CALEA or, the Communications 
Assistance for Law Enforcement Act, for example, does not cover 
many types of services that are, unfortunately, used routinely 
by criminals.
    The advanced features of today's phones can process more 
information about where people have been, who they know, who 
they are calling, what they are texting, pictures they have 
sent and/or are sending, as well as larger amounts of data than 
ever before. Information recovered can also produce connections 
to other media like Facebook and Twitter, contact lists, call 
histories, calendars, waypoints, and email.
    If properly recovered, this sort of stored data on 
communication devices has great investigative and intelligence 
value to assist law enforcement with investigations. The 
proposed center, however, does not attempt to thwart or inhibit 
social discourse, which is a fundamental piece to democratic 
societies, not attempting to water down Title III or judicial 
orders for these electronic intercepts.
    Unfortunately, many of the agencies that need to be able to 
conduct electronic surveillance of real-time communications are 
on the verge of going dark because they are increasingly unable 
to access, intercept, collect, and process wire or electronic 
communications information when they are lawfully authorized to 
do so.
    This serious intercept capability gap often undercuts 
State, local, and tribal law enforcement agencies' efforts to 
investigate criminal activity such as organized crime, drug-
related offenses, child abduction, child exploitation, prison 
escape, and other threats to public safety. This must change.
    Law enforcement must be able to effectively use lawful 
electronic surveillance to combat terrorism and fight crime. 
Law enforcement needs the Federal Government to generate a 
uniform set of standards and guidelines to assist in this 
exploration.
    In order for law enforcement to maintain its ability to 
conduct electronic surveillance, laws must be updated to 
require companies that provide individuals with the ability to 
communicate.
    In September, the Law Enforcement Executive Forum, 
comprised of law enforcement executives, including the IACP, 
released a plan to address the spectrum of issues related to 
electronic surveillance. This plan was the National Domestic 
Communications Assistance Center, otherwise known as NDCAC. In 
the Federal Government, we have to have lots of acronyms.
    The proposal calls for a strategy to be created to address 
issues related to maintaining law enforcement's ability to 
conduct court-authorized electronic surveillance. The proposal 
calls on Congress and the Administration to make funding 
available to establish the center.
    The center would leverage the research and development 
efforts of the law enforcement community with respect to lawful 
electronic surveillance capabilities. The center would also 
facilitate the sharing of technology between law enforcement 
agencies.
    I see that my time is up. So let me just wrap this up.
    State, local, tribal, and Federal law enforcement are doing 
all that we can to protect our communities from increasing 
crime rates and the specter of terrorism, both in our streets 
and in the many communications devices available today. But we 
cannot do it alone. We need the full support, we need the 
assistance of the Federal Government.
    We need clear guidance and regulations on our use of lawful 
interception of voice and data communications to aid us in 
successfully investigating and prosecuting the most dangerous 
of criminals. It is important for the safety of our hometowns, 
and that will equate to the safety of our homeland.
    Thank you.
    [The prepared statement of Mr. Marshall follows:]
    
    
    
                               __________

    Mr. Gowdy. Thank you, Chief.
    Dr. Landau?

   TESTIMONY OF SUSAN LANDAU, Ph.D., RADCLIFFE INSTITUTE FOR 
               ADVANCED STUDY, HARVARD UNIVERSITY

    Dr. Landau. Mr. Griffin and Members of the Committee, thank 
you very much for inviting me to testify.
    I am Susan Landau, a fellow at the Radcliffe Institute for 
Advanced Study at Harvard University. I am here representing my 
own opinions and not that of Harvard or any of the other 
institutions with which I am affiliated.
    I have spent, for the last half dozen years and more, time 
looking at the risks involved when you build wiretapping 
capabilities into communications infrastructures. And while 
there are issues in CALEA about security versus privacy and 
security versus innovation, I am here to talk about security 
risks in building the surveillance technology in.
    A major national security problem facing the United States 
is cyber exploitation. We have nation states and criminals 
penetrating systems, finding the files of interest, and 
downloading them quickly and shipping them out of the country.
    This began happening in the early 2000's and has occurred 
at U.S. military sites, at Government labs, and private 
industry. Google, Lockheed Martin, NASA, Northrop Grumman, Oak 
Ridge National Labs, the list goes on.
    How serious is the threat? According to Deputy Secretary 
William Lynn, it may be the most significant cyber threat that 
the U.S. will face over the long term. In 2003, the FBI 
reported that industrial espionage cost the U.S. $200 billion. 
It is many times higher now.
    Can wiretapping capabilities built into communications 
infrastructures be exploited? The answer is, unfortunately, 
``yes'' because wiretapping is an architected security breach.
    Let me tell you a story about Vodafone Greece. A CALEA-type 
switch was built into Vodafone Greece's network, built in by 
Ericsson. Vodafone Greece didn't want this switch. So it had 
been turned off. Because they didn't pay for that piece of the 
switch, they also didn't have auditing capabilities.
    The result? A hundred senior members of the Greek 
government--including the prime minister, the head of the 
ministry of defense, the ministry of interior--were wiretapped 
for a period of 10 months until a text message went awry and 
they discovered the problem with the system.
    At Telecom Italia over a period of 10 years, presumably 
from an insider attack, people using the system--celebrities, 
politicians, judges, sports figures--were wiretapped for a 
period of 10 years. Six thousand Italians. That is 1 in 10,000 
Italians was wiretapped. Presumably, no large business deal or 
political arrangement was ever really private.
    A Cisco switch made to comply with law enforcement 
wiretapping standards in Europe was discovered to have 
mechanisms in it that were designed in such a way that it was 
easy to spoof the system and evade auditing. When you think 
about a wiretapping system that can evade auditing, I want to 
remind you of people like Robert Hanssen, who evaded the 
auditing systems of the FBI for many years.
    If you think about it, when a Lockheed Martin or a Northrop 
Grumman fails to adequately secure its networks, the cost can 
be thousands of proprietary files stolen. But if a 
communications provider, an applications provider, or a switch 
provider fails to have an adequately secured communications 
system, that cost occurs over the millions of communications 
that utilize that switch or application.
    It is unlikely that surveillance can be built in securely. 
In the U.S., there are hundreds of communications providers, 
many of them very small, with fewer than 100 employees.
    Many startups producing new communications applications are 
similarly small. Putting wiretapping into the mix risks the 
communications of all their customers.
    I want to step back for a moment and talk about 
cryptography, a fight we had in the 1990's in which the NSA and 
the FBI opposed the deployment of cryptography through the 
communications infrastructure. In 1999, the U.S. Government 
changed its policy.
    The NSA has been firmly behind the change of policy, and 
endorsed a full set of unclassified algorithms to be used for 
securing the communications network. The NSA obviously believes 
that in the conflict between communications surveillance and 
communications security, we need to have communications 
security.
    What needs to happen? I agree that law enforcement has a 
problem. Law enforcement needs to be more entrepreneurial. 
Instead of the one-size-fits-all of CALEA, it needs more 
tailored solutions.
    It is already using transactional information. Chief 
Marshall described all of the information currently available 
on the PDAs and so on. That was not information available at 
the time that the wiretap laws were passed.
    Transactional information is what enabled us to capture 
Khalid Sheikh Mohammed, the designer behind September 11th. It 
enabled us to capture the July 21st bomber who fled from London 
to Rome. It is what enables U.S. Marshals Service to have cut 
the time to catch fugitives from an average of 42 days to 2.
    I think we should augment the FBI going dark effort. I know 
that is expensive in a time of financial austerity, but we are 
going to have to pay for this, and we don't want to pay for it 
by increasing security risks or threatening innovation.
    I agree that with new communications technologies there is 
a need for law enforcement access to legally authorized 
surveillance. But let us not do it in a way that makes things 
more dangerous and unsecures the U.S.
    Thanks very much. I would be happy to take questions.
    [The prepared statement of Ms.. Landau follows:]
    
    
    


                               __________
    Mr. Gowdy. Thank you.
    Because I am merely keeping the seat warm for my 
distinguished colleague from the great State of Arkansas, Mr. 
Griffin, I would call on my equally distinguished colleague 
from the great State of Virginia, Mr. Scott.
    Mr. Scott. Thank you.
    Ms. Caproni, are you asking for any surveillance authority 
over and above what you have now--requirement for warrant, 
probable cause, and all of that?
    Ms. Caproni. No, we are not. We believe that the authority 
that we have to conduct court-authorized wiretaps, which 
appears in Title III as well as in FISA, is more than adequate.
    Mr. Scott. And when you have a wiretap and the technology 
doesn't let you listen in, that is the problem we are dealing 
with, right?
    Ms. Caproni. Correct. We are dealing with the problem of we 
have a wiretap order. So a court has authorized us to conduct 
the surveillance. But when we serve it on the provider, the 
provider tells us they don't have the ability to isolate our 
target's communication to the exclusion of all others and 
deliver them to us in a secure manner.
    Mr. Scott. And Chief Marshall, good to see you. As 
indicated, their recommendation that a technological way to get 
into the conversation be required to be part of cell phones or 
whatever else. Is that right, Chief Marshall?
    Mr. Marshall. Yes, sir. I mean, there is so much--there is 
valuable data that is contained in every--most criminals are 
using their cell phone in one way, shape, fashion, or form.
    Mr. Scott. Now, Ms. Landau, if law enforcement can get into 
a conversation, what would prevent anyone else who is a skilled 
hacker, what would be the problem for them getting in?
    Dr. Landau. You want a tailored solution for the problem. 
So the problem with the case in Vodafone Greece is that the 
wiretapping capability was built into the switch, and it was 
easy to go in and turn the switch on instead of off. Not 
completely trivial, but easy.
    And what you want to do, what I am proposing is that it not 
be built in in a way that decreases the security of all 
communications.
    Mr. Scott. Well, how can the law enforcement get into a 
conversation and a skilled hacker not be able to? Can you 
construct it in such a way that only law enforcement can listen 
in and not others?
    Dr. Landau. That is right. It used to be that you had to 
go----
    Mr. Scott. That is right you can, or you can't?
    Dr. Landau. You can. You can. But you can't have it done in 
a method that makes it possible to just automatically turn it 
on remotely, deliver it. You have to make it more specially 
tailored.
    Mr. Scott. Is this hard? I mean, Chief Marshall, as he 
indicated, is from a small city. They don't have a lot of high-
tech people sitting around. Is that something that is easy to 
put together?
    Dr. Landau. No, it is not easy to put together, which is 
why I applaud the FBI effort to do much better information 
sharing with State and local law enforcement. I think that the 
FBI should be the one taking the lead in developing those 
capabilities, and doing that information sharing is absolutely 
crucial.
    Mr. Scott. Now this back door would be required in 
domestically produced cell phones, for example. Could we 
require imported phones to have this same capability?
    Dr. Landau. I don't want to see a back door. I want to see 
specially tailored capability, and those are different 
requirements. We can require what we want about systems sold 
here. The question is how they can operate here and----
    Mr. Scott. Well, can a phone, imported phone be hacked into 
by law enforcement and not hacked into by others?
    Dr. Landau. It depends on how you do the hacking. And that 
is really the question. If you build the system in a way that 
simplifies the hacking and makes it very easy for somebody to 
get in, and that is the problem with applying CALEA to IP-based 
communications. It is simply too easy to do that. Then you run 
into trouble.
    Mr. Scott. Well----
    Dr. Landau. So I am arguing for something that is more 
expensive. But you are measuring the cost of a more expensive 
tailored solution against the national security cost of risking 
communications of everybody going through that switch or that 
application being accessible.
    Mr. Scott. If we could require this technology be placed in 
phones that are imported, we could have no ability to require 
that for phones that are manufactured outside of the United 
States and reportedly sold outside of the United States?
    Dr. Landau. That is right. But the question is where you do 
the tapping. You could do it at the phone. You could do it at 
the switch. You can do it at many places along the pathway.
    In the case of a cell phone, you can do it at a switch. 
That is how we do it now.
    Mr. Scott. So if you had an out of the country phone and 
brought it into the United States, the capability would be in 
the system, not in the phone itself?
    Dr. Landau. That is correct.
    Mr. Scott. And American manufacturers would, therefore, not 
be at a disadvantage?
    Dr. Landau. That is correct.
    Mr. Scott. Mr. Chairman, I yield back.
    Dr. Landau. But there is currently not a problem typically 
with wiretapping cell phones. The problem is with IP-based 
communications.
    Mr. Griffin [presiding]. I recognize Mrs. Adams for 5 
minutes.
    Mrs. Adams. Thank you, Mr. Chair.
    Ms. Caproni, you have listened to Dr. Landau, and are you 
concerned at all about her concerns?
    Ms. Caproni. We share some of the same concerns, and I am 
little concerned that some of the answers to the questions to 
Representative Scott may have left a misunderstanding of how we 
conduct intercepts.
    There is no--the attacking of the device or hacking into a 
device, if we had a court order, is sometimes permitted. That 
is sometimes the best way to do it. It is not the normal way to 
conduct a wiretap.
    We want the wiretap and the device that conducts the 
wiretap to be under the control of the provider. So, to that 
extent, I think Dr. Landau and I may actually agree that we 
don't want the intercept solution to be somewhere where it can 
be gotten to by third-party actors.
    Mrs. Adams. Manipulated.
    Ms. Caproni. Correct. The lawful intercept solution should 
be under the control of the provider, and the provider is 
responsible for security. There is always risk from insiders. 
That is a risk that companies manage all the time, particularly 
big communication providers. So they need to manage that risk.
    And we will look, obviously, very hard at the issue of the 
security associated with anything that we propose to deal with 
this problem. So security is a legitimate concern. I think we 
may disagree that having a lawful intercept solution under the 
control of a provider increases that risk in any kind of a 
material way.
    Mrs. Adams. Chief, you have heard the concerns, and I 
preface this by I will tell you I am a past law enforcement 
officer. And it did send some red flags up to me when I start 
reading the breaches and everything else and on the security 
level of it. I would like to hear your opinion.
    Mr. Marshall. Yes, ma'am. Thank you.
    We certainly don't want to circumvent the stringent legal 
process involved in, one, obtaining those intercepts, whether 
it is voice and/or data. Again, I think we are, particularly at 
the local and State level--you know, I represent all of law 
enforcement. The bulk of our membership is really at the local 
and State level, and it is where law enforcement actually takes 
place on a day-to-day basis in this country.
    We need a place, particularly for the smaller and mid-sized 
agencies that don't have the capabilities to be able to go out, 
to be able to get those tools, to be able to retrieve that 
data. We need that place that we can make that call, that we 
would have that one-stop shop, if you would. That would at 
least, it may not have the information but would at least be 
able to direct us to be able to get that information.
    In terms of, at the same time, I agree with Ms. Caproni's 
statement that it is--that I think that this is the industry or 
the provider would have that, and they would only be providing 
that when you had that lawful intercept order, that judicial 
order. For us, it is about going dark. It is most of the 
criminal element are using and exploiting the ability of the 
communication tools that are out there. They change every day. 
It is amazing to me.
    I waited 2 years to get a Verizon phone. I finally ordered 
one. Came into the D.C. area last night, turned on the TV, and 
I found out that they have got the new generation. Generation 
5G is now going to be out in June. That is the problem. I have 
already done my order. So it is too late.
    But that is the problem, and that is what we are seeing, 
that this is just--this changes so quickly.
    Mrs. Adams. Technology is changing rapidly.
    Ms. Caproni, leaving it at the provider, are you at least 
the least bit concerned that a possibility could arise, and is 
there a way to check the auditing system, if it is at the 
provider, so that we don't have a Greece or an Italy?
    Ms. Caproni. I think the answer to that is yes, and the 
providers who provide lawful intercept to us also have 
responsibilities for the general security of their system. The 
providers are responsible for making sure that their systems 
are not being hacked into overall.
    Mrs. Adams. Correct.
    Ms. Caproni. As well----
    Mrs. Adams. But are you aware if any of the systems 
currently have that switch that they just haven't turned on?
    Ms. Caproni. I am not sure about the specific switch that 
Dr. Landau was talking about. She references two instances 
where that switch has been compromised. I would say that switch 
has been deployed to literally hundreds of thousands of 
telephone companies throughout the world.
    So two out of hundreds of thousands, that is a balance. We 
will obviously be looking, though, at security issues.
    Mrs. Adams. Okay.
    Ms. Caproni. We are concerned--we would not propose 
anything to solve this problem that would appreciably change 
the security situation that exists in our telecommunication or 
the Internet system.
    Mrs. Adams. That is what I wanted to hear. Thank you.
    Mr. Griffin. Chairman emeritus Conyers is recognized for 5 
minutes.
    Mr. Conyers. Thank you, Mr. Chairman.
    To our distinguished chief of police and the president of 
the International Association of Police, you don't have much 
personal contact with these kinds of issues of cryptography 
going on, do you?
    Mr. Marshall. No, sir. We don't have it in terms of the 
cryptography. We do, however, have the issue surrounding cell 
phones and being able to extrapolate that data because, as we 
have found, they are using--anymore it is not even about voice, 
it is also about texting. It is IM messages. It is all of those 
things.
    Mr. Conyers. Yes.
    Mr. Marshall. Those are pieces that we need that would 
help, would significantly help our crime-fighting capabilities. 
The unfortunate----
    Mr. Conyers. Okay. Let me get to the point that I am 
working at. Have you had much contact or experienced problems 
with Federal or State law enforcement officials seeking to 
conduct electronic surveillance and you were stymied because 
you wanted access to encrypted information that was unavailable 
from the communications service that you were using?
    Mr. Marshall. Yes, sir. We have, and it happens every day 
throughout the law enforcement community, an inability for us 
to be able to retrieve that data. In other words, if I seize a 
cell phone, I don't have the capabilities--as you well 
understand, I don't have the capabilities to be able to do it 
except with some off-the-shelf products that are, frankly, 
obsolete.
    I send it to the State lab. They then have to go do the 
search to try to find the newest, the latest and greatest tool 
to be able to get that. Quite often, they come back that they 
are unable to do it. And that, unfortunately, is something that 
is happening with my law enforcement colleagues in agencies 
across this country.
    Mr. Conyers. Dr. Landau, we have all agreed there is a 
problem here, and it is complicated. It is expensive and could 
also be very dangerous to our national security. What would 
your recommendations as first steps be in terms of dealing with 
this?
    Dr. Landau. So I think that Ms. Caproni and I will find 
that we agree more than we disagree. I think it is imperative 
that the FBI, which is in a positive to develop solutions to 
emerging communications technologies, have a very good 
information-sharing system with State and local law enforcement 
because they clearly are overwhelmed and cannot manage that on 
their own.
    I think transactional information, which has become much 
more valuable as emerging technologies come out, should be used 
even to greater extent than it is at present. And I think the 
research arm of the going dark program has to be expanded so 
that the FBI does the same kind of thing that the NSA does, 
finds out the emerging communications technologies and figures 
out solutions to the wiretapping before there is a case. So 
that when the case comes, they are ready with the solution.
    And so, I think that we would find we agree quite a bit.
    Mr. Conyers. Well, Ms. Caproni, you are here under I think 
you have come out from under the cloud that the whole Federal 
Bureau of Investigation was under the last time you were here, 
namely, that the IG had found out that you had been abusing the 
national security letters and that you promised to clean it up.
    And my general counsel says that he feels satisfied about 
it. I don't sound like I am too satisfied about it. But you are 
here now telling us that and it is being recommended by our own 
witness that you need more resources to effect this more 
satisfactory communication with Federal and State law 
enforcement officials. Is that correct?
    Ms. Caproni. Congressman, the FBI is always eager to have 
additional resources. Resources will help, but resources to the 
FBI standing alone is not going to solve this problem.
    The reality is that we have ways and we know how certain 
intercepts can be done. Our technicians know how to do that. 
But these systems need to be deployed within the provider's 
system.
    And I think from both the privacy perspective and in kind 
of real life what you want, you don't really want the FBI 
crawling around in providers' systems to install the wiretap 
solution. We want them to develop and deploy the wiretap 
solution. We think----
    Mr. Conyers. I ask unanimous consent for one additional 
minute, Mr. Chairman.
    Mr. Griffin. Go right ahead.
    Mr. Conyers. Thank you very much.
    Well, then that gets us to my back door comments when I 
started off. Do you recall that I was saying the back door way 
won't work?
    Mr. Caproni. Congressman, I actually wrote that down, that 
you were concerned about building back doors into systems. And 
let me make one thing clear. The FBI's view is that this is not 
about back doors into systems.
    In fact, quite the contrary. We don't want a back door. 
What we want is for the provider to isolate the transactions 
and isolate the communications that the court has authorized us 
to get and to hand those communications and no others to us 
through the front door.
    Mr. Conyers. All right. Great.
    Ms. Caproni. We do not want a back door----
    Mr. Conyers. That sounds good.
    Dr. Landau, do you agree or disagree?
    Dr. Landau. I disagree. It is a bit of word play here. Ms. 
Caproni said, look, the Telecom Italia and the Vodafone Greece 
case were only two cases out of thousands of deployed switches.
    If it were the President of the United States or the 
Speaker of the House instead of the prime minister of Greece, 
would we still be saying only two switches out of thousands 
deployed? Surely not.
    When you build wiretapping capability into an application, 
when you build it into a switch, you are creating a serious 
security risk. I would say in light of the cyber exploitations 
we have been seeing nationally the last half dozen years, that 
is not a risk we can afford.
    Mr. Conyers. Thank you very much, Mr. Chairman.
    Mr. Griffin. Thank you.
    The Chair recognizes Mr. Gowdy for 5 minutes.
    Mr. Gowdy. Thank you, Mr. Chairman.
    Ms. Caproni, to those who may misapprehend and fear that 
you are seeking an expansion of the Bureau's legal authority in 
this realm, alleviate those fears for them.
    Ms. Caproni. I will do the best I can. We are not looking 
for any new authority. We believe that the authority that we 
have to conduct wiretaps that appears in Title III on the 
criminal side and in FISA on the national security side are 
adequate to our needs.
    But what we are concerned is that we are losing ground to 
actually be able to gather the information that we are 
authorized to gather. For example, Dr. Landau is focusing on 
and suggests that we should rely more on transactional data. 
Transactional data is valuable. It is useful to us. It is not 
the same as the actual conversation, the content of the 
conversation, which is critically important, again, from both 
the national security and public safety perspective.
    But I would also point out that even gathering 
transactional data, like PIN register data, which is the most 
basic information. Who is the telephone calling? Who are the 
two sides of the communication? Under the J standards that has 
been adopted by industry, under CALEA, we can't get basic PIN 
register data.
    So while we may know that a telephone is texting, we don't 
know what the telephone number of each side of the transaction 
is. Without that very basic information, our investigations are 
stymied. We need that information in order to keep the public 
safe.
    Mr. Gowdy. Cite for me the specific remedies you are 
seeking and Congress's authority to grant them to you.
    Ms. Caproni. Congressman, the Administration is still 
working on what the solution would be, and we hope to have 
something that we can work with Congress on in the near future.
    Mr. Gowdy. I take it by your title, counsel, that you are 
legally trained?
    Ms. Caproni. I am.
    Mr. Gowdy. No doubt better than me. So help me with the 
authority that Congress would have to, as I understand it, 
dictate to telecommunications companies changes that they have 
to make.
    Ms. Caproni. Well, CALEA, which was enacted in 1994, 
already requires telecommunications companies to have a wiretap 
solution built into their system. There are some issues with 
CALEA and some ways that I think with the experience of 16 
years with it, it could be improved, and I think that would be 
part of--conceivably, that would be part of what we would 
recommend is how to make the CALEA process for those companies 
that it covers more productive, and it would better accomplish 
the goal that Congress created in '94.
    As to providers that aren't covered by CALEA, I think that 
is the bigger challenge. And that is where, through the 
interagency process, there is a lot of discussion about what is 
the right way to walk the line, which is an important line, 
between having providers have the ability to execute a wiretap 
order when it is delivered to them and not squashing innovation 
and not hurting the competitiveness of U.S. companies.
    We have a very active discussion in the interagency about 
how to walk that line. I think it is going to be something that 
Congress is going to be incredibly interested in. Is there a 
way to accomplish these two goals?
    I am optimistic that there are ways to incentivize 
companies to have intercept solutions engineered into their 
systems that are safe and secure and not make their system more 
vulnerable to outside attacks while still encouraging the sort 
of innovation that we have seen in the American market.
    Mr. Gowdy. Chief, let me thank you for your service and ask 
you are there specific instances that you can cite within the 
confines of an open hearing where you or members of your 
membership have had investigations thwarted because of 
inadequacies in our information-capturing systems?
    Mr. Marshall. Thank you, Congressman.
    I don't have specific instances. I have talked to a number 
of my colleagues around the country who indicate that this 
happens on almost a daily basis.
    I know that we are just inundated with our case logs. We 
are also--because of the budgets, we have been forced to make 
reductions. And because of some of those case reductions, when 
we are trying to do some of these investigations, particularly 
in terms of retrieval of data that is being stored on phones or 
other electronic devices, they simply can't do it.
    When we send it, for example, in my agency, we send it, we 
send it to the Virginia State lab, who then contacts the 
Federal partners, typically the FBI. The problem is, is they 
also have their own case log. And because of the number of 
small industry agencies or small providers that are continuing 
to pop up with the new electronic, what ends up happening is we 
get the report back that it simply can't be found.
    And that happens every day.
    Mr. Gowdy. Thank you, Chief.
    Thank you, Mr. Chairman.
    Mr. Griffin. Mr. Johnson is recognized for 5 minutes.
    Mr. Johnson. Thank you, Mr. Chairman.
    Law enforcement wants us to extend the CALEA requirement to 
more communications like Skype, encrypted BlackBerry devices, 
and social networking sites like Facebook and Twitter. It is 
important, I believe, that we move with caution when it comes 
to expanding CALEA, which may also provide opportunities for 
hackers and foreign adversaries to gain access to these 
systems.
    I have a couple of questions. Number one, how big is the 
problem, Ms. Caproni, that you are trying to solve? In rough 
numbers, how many times in the last year did Federal and State 
law enforcement officials seek to conduct electronic 
surveillance and were stymied because the communications it 
wanted to access were encrypted or were unavailable from the 
communications service that carried them?
    And secondly, as you know, governments around the world 
have recently shown a strong interest in accessing the 
communications of BlackBerry business users whose emails are 
currently encrypted with a key not known to BlackBerry's parent 
company or the wireless carrier or anyone other than the 
company employing the individual user.
    Several countries have threatened to ban the use and sale 
of BlackBerry devices unless BlackBerry's parent company 
provides them with intercept capabilities. The ability of 
American business people to communicate securely, particularly 
when they travel abroad, is obviously of great importance to 
our own economic well-being.
    If the emails of a U.S. businessman or woman can be 
monitored by the Saudi, Indian, or Indonesian governments when 
they travel abroad, we risk losing the intellectual property 
advantage that is at the very core of our economy. However, if 
we force BlackBerry's parent company to give U.S. law 
enforcement agencies intercept capabilities over these business 
users, it will likely be quite difficult for the company to 
keep saying no to those other governments.
    Is providing U.S. law enforcement agencies with this access 
worth it if it means that foreign governments will then be able 
to get the same intercept capabilities in their own countries?
    Ms. Caproni. So there are several questions in that 
question. Let me try to take them one at a time.
    First, let me start with law enforcement or at least FBI 
has not suggested that CALEA should be expanded to cover all of 
the Internet. In fact, the subject of how you would achieve the 
goal that we are talking about is very actively being discussed 
in the interagency. That might be a solution. That might not be 
a solution. So we are not really suggesting that.
    But let us turn directly to encryption. Encryption is a 
problem, and it is a problem that we see for certain providers. 
It is not the only problem. And if I don't communicate anything 
else today, I want to make sure that everyone understands that 
this is a multifaceted problem. And encryption is one element 
of it, but it is not the entire element.
    There are services that are not encrypted that do not have 
an intercept solution. So it is not a problem of it being 
encrypted. It is a problem of the provider being able to 
isolate the communications and deliver them to us in a 
reasonable way so that they are usable in response to a court 
order.
    Mr. Johnson. Well, that is not to minimize, however, the 
encryption problem.
    Ms. Caproni. Absolutely not. But what I do want to say is, 
as we said in the written statement, that we are not looking, 
and we think this problem--there are individual encryption 
problems that have to be dealt with on an individual basis.
    The solution to encryption that is part of CALEA, which 
says if the provider isn't encrypting the communications, and 
so they have the ability to decrypt and give them in the clear, 
then they are obligated to do that. That basic premise that 
provider-imposed encryption, that the provider can give us 
communications in the clear, they should do that.
    We think that is the right model. No one is suggesting that 
Congress should reenter the encryption battles that were fought 
in the late '90's and talk about sequestered keys or escrowed 
keys or the like. That is not what this is all about.
    For individuals who put encryption on their traffic, we 
understand that there would need to be some individualized 
solutions if we get a wiretap order for such persons.
    The other thing I would note, and I thought at one point 
you were referencing the public reports that we do relative to 
how often encryption is encountered in Title III collection. 
What we find is that our agents know, for instance, that 
BlackBerrys are encrypted. So if their target is using a 
BlackBerry, they are not going to get a Title III order for 
that.
    Title III orders, for those of you who were never AUSAs, 
Title IIIs are a lot of work to obtain. It requires an awful 
lot of work from the agent's part, a lot of work on the AUSA's 
part. They are not going to do that to get a Title III order on 
a BlackBerry that they know has encrypted traffic, and 
therefore, they would not be able to get any usable proceeds 
from that Title III.
    So you see very low numbers in terms of the report of the 
number of times that we encounter encryption. But I think it is 
because agents, and I think Chief Marshall sort of referenced 
this, they will see a problem. And agents, rather than just 
sort of--and police officers, rather than throwing up their 
hands and saying, ``Well, I can't do it,'' they will figure out 
another way to get to where they need to go.
    And it may not be a Title III. It may be that they will 
then approach the problem from a different direction because 
they know that a Title III is simply not going to be productive 
use of their time.
    Mr. Johnson. Thank you.
    Mr. Griffin. Thank you.
    Mr. Quayle is recognized for 5 minutes.
    Mr. Quayle. Thank you, Mr. Chairman.
    Ms. Caproni, I want to go back to the back door issue that 
we were talking about earlier so that we can just clear up any 
misconceptions. But as you know, a lot of the public reports 
say that solving the problem that we have would create the back 
door to the Internet, where law enforcement would have the key 
to all communication systems in the U.S.
    Is that accurate? Would the Government have direct access 
to these communication systems?
    Ms. Caproni. No, that is not accurate. In fact, the way 
that we execute wiretaps is we go to the provider who is 
providing the communication service. We serve the order on 
them. We ask them to isolate the communications and deliver 
them to us.
    To some extent, actually, what Dr. Landau I think is 
proposing, although it is not entirely clear, that is for the 
FBI to individually have solutions, that we then deploy the 
intercept solution throughout the Internet. That is actually a 
much less privacy protective way of doing an inception.
    It is also not as accurate. With packet-switched 
communications, you have to collect all of the packets or you 
can't put the message back together. So there would always be 
the question of where would you deploy the device if we were 
simply deploying it in the Internet?
    It is for that reason that we want to do the collection 
with the provider. We want to be able to serve our order on the 
provider, which then puts a third party in the mix. We serve 
our order on the provider. The provider figures out what 
account it is, isolates that account and delivers those 
communications to us and only those communications to us.
    So there is no wiretapping of the Internet. It is really 
just our ability to serve a targeted order on a targeted 
account on a particular provider.
    Mr. Quayle. Okay. And with those communications that the 
Government would be seeking, has a court reviewed and 
authorized you to obtain those communications? And also could 
you briefly go through that process so everybody knows how that 
is done?
    Ms. Caproni. Absolutely. So looking at a Title III, because 
that is the authority in a criminal case, the agent and the 
AUSA have to put together an affidavit that establishes 
probable cause to believe that the target is engaged in 
particular criminal activity. They are committing felonies. 
They are using the targeted facility to commit the felony, that 
evidence will be--of the felony will be obtained if we 
intercept their communications.
    They also have to show that other investigative techniques 
have been tried and failed or are too dangerous to use or would 
likely fail. So this is really a last-resort type of technique.
    The court considers that. They issue an order. It lasts 
only for 30 days. During the period of that 30 days, law 
enforcement has to report back to the judge to tell the judge 
how the wiretap is going, what sort of evidence is being 
collected.
    The wiretap itself has to be minimized. So they will do 
real-time review of the traffic that is coming in. If it is not 
evidence of a crime so that they are not authorized to keep it, 
it gets minimized. So they don't keep that information. So they 
only keep the information that is actually relevant to their 
investigation, and it is evidence of criminality.
    Mr. Quayle. Okay. And just so we are brief, so there is no 
warrantless wiretap?
    Ms. Caproni. Absolutely not.
    Mr. Quayle. Okay. And a final question for Chief Marshall. 
What role does State and local law enforcement play in the 
research and development of interception solutions? Do you feel 
that State and locals have had adequate voice in this process 
to address this issue?
    Mr. Marshall. Thank you for the question.
    Yes, we are putting together and we actually met about a 
year and a half ago with the FBI and other Federal justice 
agencies and a significant portion represented at the State and 
local level to discuss this problem. Because at the State and 
local level, we don't have the same level of resources, 
particularly the smaller and mid-sized agencies don't have the 
same resources to be able to do these.
    So we rely on our Federal partners to be able to do it. At 
the same time, we also know that we are increasingly seeing the 
difficulty in being able to achieve that. That was why a year 
and a half ago, when we started meeting, we ended up meeting, 
looking at the problems, particularly at the State and local 
level, and coming up with this proposal for the NDCAC.
    And the NDCAC actually, its proposed governance--and we are 
still continuing to work some of that out--but it would have a 
significant proportion would be relegated at the State and 
local so that we have that representation, that we have that 
voice, that we have that ability to be able to share some of 
the solutions that have been developed by some of--and for the 
most part, they are usually some of the major metropolitan 
areas.
    But we have that place that we can all put in that we would 
be able to share those best practices and strategies and also 
be able to have a voice in this problem. This is a problem for 
all of law enforcement, not just for the FBI. It is not just 
for the DEA. This is a problem whether it is a 5-member 
department or 5,000.
    Mr. Quayle. All right. Thank you.
    Mr. Griffin. Chairman emeritus Conyers is recognized for 
another question.
    Mr. Conyers. Thank you very much, Mr. Chairman.
    Dr. Landau, I would like to feel a little bit more 
comfortable with you commenting on the question of our 
colleague Mr. Quayle in terms of the back door question that he 
initially asked. Do you remember what that was?
    Dr. Landau. If he could restate it, that would be great.
    Mr. Griffin. We are playing musical chairs.
    Mr. Quayle. Oh, great. What was that?
    Dr. Landau. Restate your back door question.
    Mr. Quayle. Okay. Basically, would the solutions to the 
problem that we are talking about actually provide a back door 
to the Internet where law enforcement could have a key to all 
communications systems in the U.S.?
    Dr. Landau. So Ms. Caproni said that I talked about 
building the wiretapping into the fabric of the Internet, and 
certainly not. Earlier, I said that I couldn't speak for 
Harvard, and that is absolutely true. Let me point out that I 
also can't speak for the NSA.
    The NSA has been pushing hard for communications security 
within the United States. It pushed out in 2005 a set of 
recommendations on how to secure a communications network using 
publicly available cryptography developed through the National 
Institute for Standards and Technology.
    It is pushing that land mobile radio be available. Secure, 
interoperable land mobile radio can be purchased over the 
counter in a place like Radio Shack, and we know that it is not 
just local law enforcement and first responders who will be 
using those systems.
    So if the NSA can function in that environment, I would 
certainly hope that the FBI can learn to function in that 
environment. I am saying that building wiretapping into a 
communications infrastructure, whether a switch or an 
application, building interception into that communications 
infrastructure is a dangerous model, whether you are Vodafone 
Greece, Telecom Italia, or the United States.
    Thank you.
    Mr. Conyers. Could I give, Mr. Chairman, the representative 
from the FBI the last word on this in this discussion?
    Ms. Caproni. I am sorry. On the discussion of whether it is 
a back door?
    Mr. Conyers. Yes. Just what Dr. Landau just commented on.
    Ms. Caproni. I think what she is suggesting is that there 
should be security for information, and we agree with that. I 
mean, that is not--we are not suggesting that communications 
should be insecure. We are suggesting that if the provider has 
the communications in the clear and we have a wiretap order, 
that the provider should give us those communications in the 
clear.
    But, for example, Google, for the last 9 months, has been 
encrypting all gmail. So as it travels on the Internet, it is 
encrypted. We think that is great. But we also know that Google 
has those communications in the clear, and in response to a 
wiretap order, they should give them to us in the clear.
    Dr. Landau. No problem there.
    Mr. Conyers. Thank you very much, Mr. Chairman.
    Mr. Quayle [presiding]. Thank you.
    The gentle lady from California, Ms. Chu, is recognized for 
5 minutes.
    Ms. Chu. Thank you, Mr. Chair.
    For Ms. Caproni and Mr. Marshall, today you have described 
difficulties in gaining assistance from companies in complying 
with lawful wiretap orders under 18 U.S.C. 2518. Title III 
orders include a requirement that all providers furnish the 
applicant forthwith all information, facilities, and technical 
assistance necessary to accomplish this interception.
    Have you pursued contempt motions against any providers who 
have failed to comply with these lawful orders?
    Ms. Caproni. Our approach with industry is one of 
cooperation. So we try to work with the companies to get them 
to develop a solution that will work.
    Our sense has been that it is very difficult on the one 
hand to be cooperative and to work with a company who tells you 
we are trying, we are trying to figure out how to do this so 
that it will work and not interfere with our solution--with our 
general system, to at the same time be hauling those people 
into court. It seems to interfere with the cooperative 
relationship.
    So, no, we have not hauled any of these providers into 
court on an order to show cause why they should not be held in 
contempt.
    Ms. Chu. Mr. Marshall?
    Mr. Marshall. Yes, ma'am. My answer is a little bit more 
basic. No, we have not pursued that because we typically do not 
have any direct involvement. We don't have the involvement 
directly with industry.
    In other words, we are working through our lab or we are 
working, if it would be a Title III, it would be worked through 
our Federal partners, whether it is a task force application or 
something of that nature.
    I will say, and I certainly I would stress this, I think 
that this has to be a partnership with industry. Industry, we 
want industry to be involved in a collaborative effort to come 
up with a solution. We understand that certainly there are 
costs involved, but a piece of this is it also has to be about 
what is good for public safety and being able to have that 
ability to be able to keep our crime-fighting capabilities at 
least up to the level that we have.
    Ms. Chu. Ms. Landau, how do you respond to that?
    Dr. Landau. So I am mystified in some sense by the 
discussion because while I certainly understand the going dark 
issue, and I hear the FBI and local law enforcement saying we 
are having problems, what I am not hearing are specific types 
of solutions. Ideas were floated last fall about getting rid of 
peer-to-peer and Skype, getting rid of encryption or making 
keys required to be stored.
    And as we saw in Ms. Caproni's testimony, the written 
testimony, the FBI is no longer asking for any re-architecting 
the Internet, no longer asking at least for certain changes on 
encryption. So I am a little confused.
    I understand that there are serious problems, and I agree 
that the new technologies sometimes do cause those problems. 
But there aren't concrete suggestions on the table. The only 
one being better research at the FBI, and I think that is 
important.
    I want to tell a little story, which is a couple of weeks 
ago when the situation was developing in Egypt and all the 
communications were cut off with the rest of the world, all the 
Internet communications, Google sat down with Twitter over a 
weekend and developed Speak to Tweet.
    That was a handful of engineers. You could speak into a 
call. It could be translated into a Tweet message, and that was 
a way for the Egyptians to communicate with one another. That 
is terrific.
    I was delighted to see that innovation was happening here. 
It was happening with a handful of engineers. And that is the 
way many systems are developed in the U.S., whether you are 
talking about Google, which started with two engineers at 
Stanford, or Facebook, with a handful of people at Harvard.
    So I don't quite understand what the FBI is pushing for, 
other than saying we are having a problem. We would like to 
augment our research arm, which I think is good. We would like 
industry to deliver things when they have it in the clear.
    Industry, when they are capable of delivering it in the 
clear, should be delivering it in the clear. So, thank you.
    Ms. Chu. Okay. Last question. If we do grant the FBI the 
authority it seeks, will this stop sophisticated criminals and 
terrorists from encrypting their communication, or will they 
simply start using communication tools provided by companies or 
programmers outside the U.S.?
    And what do we do when criminals start using secure 
communication tools provided by developers associated with the 
WikiLeaks organization, who will ignore requests by U.S. law 
enforcement agencies?
    Ms. Caproni. Thank you for that question.
    There will always be criminals, terrorists, and spies who 
use very sophisticated means of communications that are going 
to create very specific problems for law enforcement. We 
understand that there are times when you need to design an 
individual solution for an individual target, and that is what 
those targets present.
    We are looking for a better solution for most of our 
targets, and the reality is, I think, sometimes we want to 
think that criminals are a lot smarter than they really are. 
Criminals tend to be somewhat lazy, and a lot of times, they 
will resort to what is easy.
    And so, long as we have a solution that will get us the 
bulk of our targets, the bulk of criminals, the bulk of 
terrorists, the bulk of spies, we will be ahead of the game. We 
can't have individual--have to design individualized solutions 
as though they were a very sophisticated target who was self-
encrypting and putting a very difficult encryption algorithm on 
for every target we confront because not every target is using 
such sophisticated communications.
    Ms. Chu. And Dr. Landau, any response?
    Dr. Landau. Thank you.
    So I am glad to hear, actually, the specific issue now of 
individualized solutions versus better solutions for bulk. And 
certainly, in some cases, and the one that Ms. Caproni 
mentioned about getting the unencrypted gmail that gmail 
obviously has at the other end or you couldn't read your gmail 
when you logged on, in that case, in that particular 
architecture, I suspect it is very easy for Google to deliver 
that mail, and I suspect it does it forthwith.
    But we are arguing about the issue of developing 
individualized solutions for wiretapping versus creating bulk 
solutions, what the FBI calls better solutions for bulk when we 
have a national security threat of downloading and exploiting 
U.S. industry, U.S. military, U.S. national labs, U.S. civilian 
agencies.
    And I don't think we can possibly build into the various 
communications infrastructures wiretapping solutions that will 
allow that type of bulk when it is so easy to subvert software 
and so easy to subvert IP-based solutions.
    Thank you.
    Mr. Quayle. The Chair recognizes the gentleman from 
Virginia, Mr. Scott, for one additional question.
    Mr. Scott. Thank you.
    I am a little confused. Ms. Caproni, you indicated that you 
don't want the access through the phone itself, but through the 
system, which would require--are you looking for real-time 
access or a copy of conversations?
    Ms. Caproni. We are looking for--I am sorry. Primarily, 
what we are talking about here today is real-time interception. 
Part of what Chief Marshall has talked about is actually 
information that would not be collected in real time, 
information that is stored on your cell phone or your smart 
device, whatever.
    But the bulk of what I have been talking about today is 
electronic surveillance. So capturing the communications in 
real time.
    Mr. Scott. And having somebody in the industry go around 
trying to find this would take obviously someone on company 
payroll and expense. Who is paying for this expense, and how 
much is it?
    Ms. Caproni. So we are responsible, and we are typically 
billed for the cost of electronic surveillance. So we will 
reimburse. But they have to have a solution.
    So they have to have the ability to find----
    Mr. Scott. But law enforcement will pay the costs of the 
finding and making access to the communication?
    Ms. Caproni. Let me just double check, but I am pretty sure 
that is right.
    Yes.
    Mr. Scott. And so, that would come out of Chief Marshall's 
budget?
    Ms. Caproni. Yes, I am sorry, Chief.
    Mr. Scott. And does Chief Marshall have to have somebody on 
staff technologically sophisticated to figure out what to ask 
for and how to do all this?
    Ms. Caproni. Well, that actually is an issue is different 
providers want orders to be worded slightly differently, and 
that actually is one of the things that we think the NDCAC, or 
I can't remember what, the DCAC, this center that we are 
talking about would provide. It would provide the ability to be 
a single point of contact.
    So law enforcement, if they are doing a wiretap, let us 
say, of an RCN account that they have never done before, we 
would probably have a relationship with RCN. We would know how 
the order should be worded. We would know who in the company it 
should be served on.
    So we would provide that intermediary so that every law 
enforcement agency in the country doesn't have to have that 
level of expertise. So it could be much more tailored, and they 
would have one-stop shopping, and we would serve as an 
intermediary or the center would serve as a useful intermediary 
between industry and law enforcement.
    Mr. Quayle. The Chair recognizes the gentleman from 
Georgia, Mr. Johnson, for one additional question.
    Mr. Johnson. Thank you, Mr. Chairman.
    CALEA's purpose is to require that telecommunications 
carriers and manufacturers of telecommunications equipment 
modify and design their equipment to ensure that they have 
built-in surveillance capabilities, thus allowing Federal 
agencies to surveille in real time electronically.
    And that calls for individualized solutions to 
communications like Skype or encrypted BlackBerry devices and 
social networking sites. Am I correct about that? Am I on 
track?
    Ms. Caproni. CALEA doesn't cover social networking sites.
    Mr. Johnson. Okay. All right. But as far as Skype and 
BlackBerry devices, it is applicable to?
    Ms. Caproni. So Skype is not a U.S. company. So it is not 
covered by CALEA, or it may not be covered by CALEA because it 
is not a U.S. company. The same with REM.
    Mr. Johnson. Okay. So non-U.S. companies would not be 
subject to any extension of CALEA. You are seeking--what are 
you seeking here today? That is really, I think, Ms. Landau's 
point, and that is my point also. What is it exactly that you 
would want Congress to do, or are you asking Congress for 
anything?
    Ms. Caproni. Not yet.
    Mr. Johnson. Or did we just simply invite you here to tell 
us about this?
    Ms. Caproni. You invited me, and we came. But we don't have 
a specific request yet. We are still--the Administration is 
considering--I am really here today to talk about the problem. 
And I think if everyone understands that we have a problem, 
that is the first step, and then figuring out how we fix it is 
the second step.
    The Administration does not yet have a proposal. It is 
something that is actively being discussed within the 
Administration, and I am optimistic that we will have a 
proposal in the near future.
    Mr. Johnson. So you mean I have been worried for the last 
24 hours about some legislation or some issue that I could have 
worried about later, I guess? I am still worried about it.
    Ms. Caproni. I am sorry to have put you through a sleepless 
night. I am sure we will have many others once we get a 
proposal on the table to consider.
    Mr. Johnson. Well, I will tell you, life becomes so 
complicated that it is almost impossible to keep from worrying.
    Thank you.
    Ms. Caproni. I agree.
    Mr. Quayle. I am going to recognize myself for one 
additional question.
    Ms. Caproni, I was just curious. Do you know if the number 
of court-ordered electronic surveillance have actually gone 
down or up than the previous years? You don't have to be 
specific. But do you know if they have gone down or up?
    Ms. Caproni. I think they are going up a little bit, and 
the raw numbers may not be as revealing as the sort of services 
that are being asked for now. So we are seeing more 
sophisticated and difficult services, like VOIP is coming up 
more and more in wiretaps.
    I think the absolute number of wiretaps may be about the 
same or going up slightly.
    Dr. Landau. I actually know the answer, which is that I 
believe, according to the wiretap report, it has been steadily 
increasing with perhaps a little bump down in 2009. But a quite 
steady increase.
    What is also increasing quite substantially is the number 
of PIN register requirements, PIN registers being asked for.
    Mr. Quayle. Thank you.
    Well, I would like to thank our witnesses.
    Mr. Conyers. Mr. Chairman?
    Mr. Quayle. Yes?
    Mr. Conyers. Before we----
    Mr. Quayle. Another one?
    Mr. Conyers. Yes, one final question. Is the ACLU correct 
in worrying about once we start trying to get into this 
question it is going to spin out of control, and all the things 
that may have kept Hank Johnson up last night is going to keep 
all of us up?
    I ask Dr. Landau that because there are some up here that 
say, well, let us help the FBI out, and we will give them the 
legislation that we think they need. And there are others that 
say, well, if you do that, you are going to get something much 
worse back. And there we get into this legislative turmoil.
    Dr. Landau. Thank you very much for the question.
    So I really said I was going to talk about security, but I 
will take that privacy question. When you make it easy to 
wiretap, when all you have to do is flip a switch, it becomes 
much easier for privacy to be violated. So what we saw, and I 
know this is not the issue being discussed now. But what we saw 
during 2001 was a single opinion by a single relatively low 
member of the Department of Justice about warrantless 
wiretapping.
    It was not reviewed by other members of the Department of 
Justice, and it instituted the warrantless wiretapping. So the 
point is that when you make it simple to wiretap, when you make 
it technologically simple to wiretap, it can be abused.
    Mr. Conyers. Thank you, Mr. Chairman, for your generosity.
    Ms. Caproni. I am sorry. May I respond to that question?
    Mr. Quayle. Yes. Ms. Caproni, could you please respond to 
that?
    Ms. Caproni. Representative Conyers, there are a lot of 
things that keep me up at night. One thing is the privacy of 
people who are communicating on the Internet. One is the 
security of the Internet. FBI is responsible for cyber attacks. 
We investigate them all the time. The security of the Internet 
is extremely important to the FBI.
    But I also get kept up by worrying that we have got 
criminals running around that we can't arrest and can't 
prosecute because we can't actually execute a wiretap order. 
And that criminal may be a massive drug dealer. They may be an 
arms trafficker. They may be a child pornographer or a child 
molester.
    Those are things, real-life things that keep us up at night 
because we need the authority--I am sorry. We have the 
authority, but we need the actual ability to conduct the 
wiretap so that we can keep the streets safe.
    I worry about things like a Mumbai-style attack where, God 
forbid, the attackers are using communications modalities that 
we don't have an intercept solution for.
    Mr. Conyers. So what is a little privacy invasion compared 
to all those big things that you could or are worrying about, 
right?
    Ms. Caproni. Remember, what we are talking about is court-
authorized wiretaps. So the privacy of people that are being 
invaded is only being invaded if an Article III judge has said 
that probable cause has been established and that the 
Government has the right to intercept these communications.
    Mr. Quayle. Well, I would like to thank all of our 
witnesses--since we are kind of diverging off topic. I want to 
thank all of the witnesses for their testimony today.
    And without objection, all Members will have 5 legislative 
days to submit to the Chair additional written questions for 
the witnesses, which we will forward and ask the witnesses to 
respond as promptly as they can so that their answers may be 
made part of the record.
    Without objection, all Members will have 5 legislative days 
to submit any additional materials for inclusion in the record.
    Mr. Scott. Mr. Chairman? Mr. Chairman? I would ask 
unanimous consent that a statement from the ACLU, the Center 
for Democracy and Technology, and other industry and privacy 
advocates be included in the record.
    Mr. Quayle. Without objection.
    [The information referred to follows:]
    
    
    
                               __________

    Mr. Quayle. This hearing is adjourned.
    [Whereupon, at 12:50 p.m., the Subcommittee was adjourned.]





                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record