Prepared Remarks of Attorney General Alberto R. Gonzales at the International Association of Privacy Professionals Privacy Summit Washington, D.C.

March 9, 2007
Thank you, Kirk. Good afternoon. Jane Horvath, the Justice Department's Chief Privacy and Civil Liberties Officer, suggested some time ago that I come and speak to you because of our mutual concern for the protection of information privacy. Initially, I intended to give you my perspective on the short history of something very specific: information privacy in the War on Terror. And I'd still like to get into that – but the latest chapter in this evolving history has occurred just this week, so I want to start there, and then backtrack a little. As all of you probably know, the Privacy and Civil Liberties Oversight Board has been conducting in-depth evaluations of certain United States intelligence programs. For the past year, for instance, the Board has been looking at the Terrorist Surveillance Program – an important National Security Agency program that was put in place by the President following the attacks of September 11th, 2001, to monitor the international communications of suspected terrorists. Board members have visited the NSA and have met with everyone from the top people supervising the program to those who are doing the hands-on work. The Privacy Board also has been briefed on the new and related orders of the Foreign Intelligence Surveillance Court authorizing the government to target for collection international communications where there is probable cause to believe that one of the parties is a member or agent of al Qaeda, and on the President's decision not to reauthorize the program in the wake of those orders. In addition, the Board has reviewed the FISA court orders and other submissions explaining how the Courts orders will be implemented. Earlier this week it was reported that the Board has found the Government's efforts

to conduct this surveillance to be, in the words of its chairwoman, "structured and implemented in a way that is properly protective and attentive to civil liberties." That's great to hear because, under the direction of the President, we spent a lot of time trying to get it right, and on building a structure with multiple layers of security and review. In addition, today the Inspector General of the Department of Justice issued two reports. Those reports, unfortunately, were mixed. In one area, the IG's review demonstrates that the FBI is living up to its responsibility of privacy protections; but in another, the IG found significantly more needs to be done. First the good news. One of the IG's reports confirmed that the Department and the FBI have acted responsibly in exercising their authority under Section 215 of the USA PATRIOT Act, which authorizes the government to obtain business records and other materials through the FISA Court. The IG reported only two examples where inadvertent errors, one by a case agent and one by a third party, resulted in the FBI getting more information than it should have. In both cases the data were either sequestered or destroyed, and the appropriate oversight authorities were notified. That is exactly how the process was designed to work, and how it did work. I was pleased that the IG found it unnecessary to offer any recommendation for improvements or modifications to Department or FBI procedures and practices in the use of the Section 215 authority. This is good news, and privacy advocates everywhere should note this solid track record. But in its examination of the FBI's use of National Security Letters, or NSLs, the IG found that the FBI did not have sufficient controls, did not provide adequate training, and failed to follow its own policies and Attorney General Guidelines. For those who may not be familiar, an NSL is a letter request for information held by a third party that is issued by the FBI in connection with an authorized counterterrorism or counterintelligence investigation. We have had this tool for many years, but previously the letters had not been used as frequently. In this post-9/11 era, however, with concerns about terrorists operating inside our borders and the threat of homegrown terror cells, they have become much more valuable. We use NSLs to begin to tie together the various threads of the life of a suspected terrorist—where he lives, who his friends are, what phone numbers he is calling most often. In an era when prevention is critical, and time is of the essence, NSLs are vital to our national security. A fundamental protection in the use of NSLs is that, by law, they may be used only to gather certain kinds of records -- like telephone subscriber information -- from

specific institutions, including telecom carriers, banks, and credit card companies. They cannot be used to obtain the content of communications. Before I get into the serious issues identified in the IG report, I want to note something important: the Inspector General did not dispute the fact that NSLs are extremely valuable investigative tools and that they have contributed significantly to many investigations. I believe that all of us in the intelligence and law enforcement community believe it is essential that we have the ability to gather information in this way. All of that being said, NSLs are a tool that simply must be used correctly. Investigators must understand and follow the rules. The laws authorizing NSLs, as well as specific rules set down by the FBI and by me, established strict policies for how they would be issued and carried out. These rules recognized the reality that where there are increased national security needs, we must have the ability to move faster so we can stay one step ahead of the terrorists. And when we have that authority to move faster, there must be increased protections. When the FBI was given additional authority to collect information without judicial oversight, the procedures placed greater obligation on the Bureau to exercise that oversight itself. While I am confident that the FBI is able to aggressively police itself, the Inspector General found that in this area the FBI did not do that as aggressively as it should have. There were two main problems: First, partly due to insufficient guidance and training there was some confusion in the field about the rules, and that led to numerous instances of these letters being used in ways contrary to our policies and procedures. For example: in some cases the paperwork was filled out wrong; in some cases necessary approvals were not obtained or documented; and, in some cases the third-party recipient provided the wrong information or information on the wrong individual. In addition, one FBI unit used a form letter to obtain information that should have been obtained by an NSL. And second, the FBI did not have proper internal mechanisms to track the use of NSLs or to provide adequate oversight. Consequently, the FBI is unable to give an accurate number of NSLs issued…and thus our reporting to Congress has been inaccurate. I was upset when I learned this, as was Director Mueller. To say that I am concerned about what has been revealed in this report would be an enormous understatement. Failure to adequately protect information privacy is a failure to do our jobs. And although I believe the kinds of errors we saw here were due to questionable

judgment or lack or attention, not intentional wrongdoing, I want to be very clear: there is no excuse for the mistakes that have been made, and we are going to make things right as quickly as possible. I have told the Director that I will not accept the problems identified in the report, and I will not be satisfied until procedures and policies that should have been followed are being followed, to the letter. Here is some of what we have done, and will do, to address this unacceptable breakdown: FBI Director Mueller has instructed his inspections unit to determine what went wrong and who is accountable. Although there has been no allegation of misconduct by FBI lawyers, I have asked the Associate Deputy Attorney General and Counsel for Professional Responsibility to review the Inspector General's report and examine the role that the FBI lawyers played in the Bureau's use of NSLs and exigent letters. The FBI has instituted new procedures to improve the handling of NSL records and increase training on the proper use of these letters. I have directed the Justice Department's National Security Division, or NSD, and our Privacy and Civil Liberties Office to work with the FBI in implementing corrective actions, to consider any further review and reforms that are needed, and to report to me regularly on the process. I have directed the NSD to begin oversight and auditing of the FBI's use of NSLs. Going forward, the NSD, in conjunction with the FBI's inspection division, will conduct reviews of the use of NSLs in FBI headquarters and field offices. Any identified violations of law or guidelines will be reported to appropriate oversight authorities. This is a new level of oversight by Department of Justice lawyers with years of experience in intelligence and law enforcement. I have ordered that briefings on the IG's report be given to the President's Foreign Intelligence Advisory Board, the Privacy and Civil Liberties Oversight Board, Congress, and key advocacy groups. Many of these briefings have already occurred. I want to hear the views of those who have been and will be briefed, and in particular their thoughts on what else we can do to ensure the NSL authorities are used responsibly and in strict compliance with all laws and internal policies. The Department and the Office of the Director of National Intelligence have established the NSL Data Retention Working Group, which is looking at how we retain the information we acquire. I have directed my legislative staff to go back and revise as necessary the Department's responses to Congressional inquiries. And finally, I have asked the Inspector General to report back to me in four months on the FBI's implementation of the report's recommendations. During the discussion of the reauthorization of the Patriot Act, I believed that the

FBI was acting responsibly in using National Security Letters. Because of the good work of the IG, I've come to learn that I was wrong. Undoubtedly, some will argue that the FBI should forfeit its authority to use this tool. Instead, I would urge patience -- that we not rush to judgment, and allow these substantial corrective measures time to work. Each of the measures we are implementing is designed to help us learn what happened and to ensure that we are in full compliance with the law and our own rules, while still making full use of the investigative powers we have been given. This brings me back to the beginning of what I wanted to share with you today on the vital issue of protecting privacy and civil liberties. We are in new territory on this issue for two major reasons. One, technology has made information more accessible – for better and for worse. And, two, we are faced with a totally new kind of threat to America. By any measure these are extraordinary and intense times. Everyone in government is working very hard to protect our country. I often say that, at the Department of Justice, every day is September 12th – we approach our jobs with the passion and the urgency of that day after. September 11th took the dual responsibilities of protecting the American people from harm while protecting privacy and civil liberties to a whole new level of urgency and scrutiny. The watershed events of that day put a renewed emphasis on the issue as we asked ourselves: "What else could we have done? What should we have known?" We realized, and the 9/11 Commission agreed, that to conduct the War on Terror, the federal government needed additional powers and needed to enhance the use of its existing powers. But we also knew that this potential shift of authority to the government would require an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life. One of these cannot be allowed to grow without the other. We are committed, but we are imperfect. The IG's report has delivered a valuable reminder: We must do better. And I insist we do better. As you know, following the 9/11 Commission's recommendation, the Privacy and Civil Liberties Oversight Board was created to advise the President on these matters; and Privacy Officers were established in each of the major Executive Branch agencies.>And when the President issued an executive order creating the Information Sharing Environment, or ISE – taking down the "walls" that had existed in government – he also mandated that new guidelines be created by the Director of National Intelligence and me specifically to protect privacy. These guidelines were issued last year, and they establish uniform procedures that

federal agencies must use to implement privacy protections…to ensure that the ISE makes us safer at no cost to our liberties. At the Department, our Chief Privacy Officer is responsible for privacy issues relating to any program we are launching or considering. I've made sure that Jane has direct access to me whenever she needs it. If a problem comes up involving privacy or civil liberties, I have told Jane to be involved in addressing it. We have required that every component of the Department must have a senior official in charge of privacy issues. Many already had someone like that in place, but now they all do. Beyond these individuals, every division of DOJ, and every one of our components, has been instructed to develop procedures and plans for dealing with information security. Our priority is not just to avoid unauthorized collection of data, but also to treat properly all of the data we do collect. Because information does not respect borders, I think it is important for us to get together with our international colleagues to discuss the global impact of these issues. And we in government must continue to talk with groups like yours, to ensure that we are moving forward. This is not a static field -- the threat changes constantly, and the standards and expectations are always on the rise. That's why when the Patriot Act was reauthorized last year, significant additional safeguards on privacy and civil liberties were incorporated. We listened to groups like yours, and we responded with new checks and balances. One of those checks was a requirement that the IG conduct the investigations resulting in today's reports – to ensure that these tools were both effective and being properly used. I believe that the IG report on NSLs and the corrective actions we have taken and will be taking are evidence that the oversight system is working. We have known all along, and are re-visiting today, the fact that a major part of striking the right balance must be leadership and accountability. The American people place a great deal of trust in their leaders, and if we are to prove worthy of that trust we must be held accountable for any failure to meet the high standards we have set. And if that failure occurs, we must act quickly and decisively to restore the public's confidence. We are keenly aware that to make progress in our war against terrorism – or in any conflict – at the cost of eroding privacy and civil liberties would not really be a victory. We cannot change the core identity of our Nation and still claim success. And our identity has never been in doubt – we are a free people, dedicated to liberty for the popular and the unpopular, committed to the ideal that the people govern themselves, and determined to have a government that cannot extinguish or

suppress the rights that make us Americans. In our War on Terror, we are faced with a new kind of enemy, and a new kind of battlefield. They don't wear uniforms and they don't occupy territory, and we have had to adjust our intelligence-gathering systems to fight them. We have gotten it right a lot of the time, but as you have been told today we will get it wrong on rare occasions. When we get it wrong, we will address the problem openly and quickly. I believe that, while today's report offers an example where we fell short of our ultimate goal, we have taken steps to strengthen a structure that balances our liberties with our security. It is not a choice of one or the other. Our shared challenge of protecting privacy and civil liberties while doing our jobs will likely get harder before it gets easier. So we must remain dedicated to getting it right, and to looking to one another for ideas on how to do so. I hope you will see the Department's IG reports, and our response, not as the sum total of our efforts, but as an indication of how seriously we take this issue. I have confidence in Director Mueller's ability to implement this strong response plan. And I will be looking over his shoulder to make sure that he does. I look forward to working with Congress and with this group on achieving our goals of protecting the privacy of all Americans. This is not an academic exercise -- our shared work on this is vital to our Nation and its future. Thank you for your service. God bless you, and God bless America. ###