FC: Peter Swire on "Homeland Security Act": No privacy safeguards

[Declan McCullagh <declan () well com>]

I just spoke to Peter on the phone. He tells me the hearing was cancelled 
in a few minutes ago since the White House (OMB and OPM) was not ready to 
show up. The bill in question:
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.05005:

-Declan

---

Date: Thu, 27 Jun 2002 11:39:33 -0400
From: Peter Swire <pswire () law gwu edu>
To: declan () well com
Subject: Swire testimony on Homeland Security, Privacy, FOIA, etc.

Declan:

Attached is testimony I will present on Friday to a House Judiciary
Subcommittee.  The testimony gives a detailed critique of the Administation's
Homeland Security proposal, especially on issues of privacy, Freedom of
Information, and cybersecurity.

Best,

Peter

Prof. Peter P. Swire, Ohio State University
Visiting, George Washington Law School, 2001-02
Former Chief Counselor for Privacy, U.S. Office
   of Management & Budget
(301) 213-9587, www.osu.edu/units/law/swire.htm

---

Written Statement of Professor Peter P. Swire
Moritz College of Law of the Ohio State University
Submitted to the Subcommittee on Commercial and Administrative Law
of the House Committee on the Judiciary
June 28, 2002
"Administrative Law, Adjudicatory Issues, and Privacy Ramifications of 
Creating the Department of Homeland Security"


Introduction

Chairman Barr, Congressman Watt, and other distinguished members of the 
Committee on the Judiciary, it is an honor and a serious responsibility to 
be asked to testify today on the topic of "Administrative Law, Adjudicatory 
Issues, and Privacy Ramifications of Creating the Department of Homeland 
Security."  I share the views of many Americans that it is vital to take 
new measures to protect against terrorism, including by improving the 
security of our critical infrastructures and other computer 
systems.  Indeed, a major focus of my recent academic research has been in 
the area of improving computer security in networked systems.  In the time 
available to testify today, however, I will focus on my concerns with the 
recent Administration proposal of the Homeland Security Act of 2002, 
introduced as H.R. 5005.  I also look forward to responding to any 
questions you may have where I can be of assistance.

Background of the witness.

I am Professor of Law at the Moritz College of Law of the Ohio State 
University.  I reside in the Washington, D.C. area and head the new summer 
program of the law school.  As a professor, I teach courses on privacy, the 
law of cyberspace, and other subjects, and serve as the editor of the 
Cyberspace Law Abstracts.  My web page is at 
www.osu.edu/units/law/swire.htm, and many of my writings are available 
there.  My e-mail is swire.1 () osu edu, and phone at (240) 994-4142.

Relevant to today's topic, I am currently researching privacy and 
technology issues for the Liberty and Security Initiative of the 
Constitution Project.  This Initiative is a bipartisan effort of prominent 
citizens who are seeking ways to achieve both security and civil liberties 
in the wake of the events of September 11.  I also act as a consultant to 
the law firm of Morrison & Foerster, primarily on issues of medical 
privacy.  In my testimony today I am reflecting solely my personal views, 
and I have not been paid in any way to prepare this testimony.

From March, 1999 until January, 2001 I served as the Clinton 
Administration's Chief Counselor for Privacy, in the U.S. Office of 
Management and Budget.  This position was in OMB's Office of Information 
and Regulatory Affairs ("OIRA"), which has long had important 
responsibilities under the Privacy Act, the various computer security 
statutes, and for federal information policy more generally.  Relevant to 
today's topic, I played a lead role in coordinating federal agency 
practices with respect to privacy and personal information.  I served on 
the White House E-Commerce Working Group, worked extensively on critical 
infrastructure issues including the Federal Intrusion Detection Network 
(FIDNet), and worked more generally at the intersection of computer 
security and privacy issues.  In 2000 I chaired a White House Working Group 
on how to update wiretap and surveillance laws for the Internet age.

General Comments on the Homeland Security Act of 2002.

	I have studied the Homeland Security Act of 2002, H.R. 5005 as proposed by 
the Administration, and offer two metaphors for what I have found.

	First, the truck metaphor.  I believe the proposal is all accelerator when 
it comes to information sharing, but with no brakes.  The bill puts the 
pedal down when it comes to spreading around sensitive personal information 
in hopes of reducing terrorism.  But the bill has essentially no safeguards 
that put on the brakes -- either to prevent harm to individuals or to stop 
a power grab by an unaccountable anti-terror agency.  For a vehicle as big 
as the new Homeland Security Department, nonstop acceleration and no brakes 
may lead to a mighty big crash in the future.

	Second, the haystack metaphor.  I share the concern, expressed in this 
Committee recently, that the new information sharing proposals are like 
piling more hay on top of an already enormous haystack.  All that new hay 
makes it that much harder to find the needle.  Better analysis of existing 
data is likely the key to success here, and the Congress should probe hard 
to learn whether adding new piles of information and reshuffling the 
bureaucratic boxes will really add to the quality of the analysis.

	Taking the haystack image a bit further, the extra-big piles of hay are 
likely to get old and dried-up sitting in those government storage 
facilities.  When a drought or dry season comes around, as it inevitably 
will, the fires will be far worse than otherwise.  Lots and lots of 
Americans may get burned if there is careless storage or handling of all 
that additional hay.  The unprecedented collection and dissemination of 
personal information about Americans puts us at new risk when there is next 
a drought of self-control or common sense in the Department of Homeland 
Security.

        The Department's Skewed Incentives and Lack of Institutional Safeguards.

	Moving from metaphors to the usual language of Washington policy debates, 
my central point today concerns the skewed incentives of the new Department 
when it comes to information gathering and sharing.  Having served in the 
federal government, I am acutely aware that where one sits often determines 
where one stands.  For instance, the CIA thinks that intelligence 
information is paramount, the FBI stresses effective law enforcement above 
all other values, and the Commerce Department instinctively understands the 
effects of a policy proposal on business.  For employees of the new 
Homeland Security Department, a simple look at the name of their department 
will tell them all they need to know about how their success or failure 
will be measured.  Why would any rational person in the Department fall on 
their sword to protect privacy, civil liberties, commerce, the rights of 
immigrants, or any other value except for anti-terrorism?  All of the 
incentives are to place anti-terrorism efforts at the pinnacle.  And  that 
mandate will continue for many years, until a future Congress one day takes 
up the arduous task of reorganization.

	A related, key point is the lack of institutional safeguards to keep the 
instincts of the new Department in check.  In my specific comments below, I 
suggest a number of ways to create institutional safeguards both within the 
Department and in other parts of the federal government.  At this point in 
the testimony, I highlight two proposals.  First, a senior official should 
be appointed within the Executive Office of the President to coordinate 
policymaking on privacy issues, including as they relate to homeland 
security.  Second, a Chief Privacy Officer should be included among the 
statutory offices in the new Homeland Security Department, alongside the 
Chief Financial Officer and Chief Information Officer.

	Based on my two years as essentially the Chief Privacy Officer for the 
federal government, (perhaps not surprisingly) I believe that having an 
official tasked with privacy protection offers significant benefits.  The 
goal is emphatically not to have privacy trump all other values.  Instead, 
the goal is to help ensure that issues of proper handling of personal 
information are well vetted in the decisionmaking process.  Many of the 
worst surveillance proposals occur when no one in the process has 
rigorously considered the potential negative effects of a proposal that 
also offers some advantages.  If everyone in the process is concerned, for 
instance, with short-term gains to homeland security, then who will air the 
long-term concerns about erosion of civil liberties?  Who will make sure 
that the process considers alternatives that are effective on the security 
side while also respecting privacy and other values?  To take one example, 
there is little or no evidence in H.R. 5005 itself that privacy values were 
even discussed among the drafters.  If privacy had been discussed, then 
there were numerous places where clarifying language, of the sort I propose 
below, might easily have been included.

	With the Office of Management and Budget testifying here today, I hope 
they will not take it amiss if I suggest that OMB, and especially its 
Office of Information and Regulatory Affairs, is likely the single best 
place to house this sort of privacy official.  OMB has long had 
responsibility for overseeing agency compliance with the Privacy Act.  Its 
responsibility for the clearance of agency Congressional testimony and 
other statements gives OMB important leverage in ensuring that 
single-mission agencies, such as Homeland Defense, make policy while 
considering a broader range of concerns.  OMB  also has, in my experience, 
an exceptionally dedicated and capable group of civil servants.  For these 
reasons and others, I believe OMB can play a constructive role going 
forward in checking the runaway tendencies of the Department of Homeland 
Security.  Privacy and other values can be considered better in the OMB 
setting, where there is longstanding experience in balancing competing 
concerns.  OMB's role in the budget process and its oversight of agency 
regulations also mean that agencies will resist some of the temptation to 
advance their pet causes without regard to other concerns.

One particular reform to consider is whether proposed Homeland Security 
changes in data flows within the federal government or especially outside 
of the federal government should be subjected to cost/benefit requirements 
along the lines of Executive Order 12, 291 (issued by President Reagan) and 
Executive Order 12,866 (issued by President Clinton).  The current 
Administration has insisted on rigorous cost/benefit analysis of other 
federal agency proposed actions, and we deserve to hear the 
Administration's views on whether this sort of careful analysis should be 
skipped for issues of Homeland Security.  Aspects of such analysis would 
presumably include the direct economic burdens created by new Homeland 
Security initiatives, as well as the burdens placed on privacy, civil 
liberties, and other values of an open society.

        Commission on Privacy and Personal Freedom

	The last comprehensive review of privacy issues at the federal level was 
conducted in the mid-1970s, resulting in passage of the Privacy Act and the 
creation of the Privacy Protection Study Commission, which issued its 
report in 1977.  The President or the Congress should create a new 
Commission on Privacy and Personal Freedom to review privacy issues in the 
context of homeland security and new information technologies and recommend 
changes in law and policy.  I have previously had my doubts about the 
usefulness of proposals to create privacy study commissions, in part due to 
my perception that such commissions could be used as an excuse to delay 
implementation of effective privacy protections.  In light of the events of 
September 11, however, and the pressing issues those events have posed for 
homeland security, surveillance, and privacy, I believe this sort of study 
commission is now appropriate.

        Administrative Law and Rule of Law Concerns

	Before turning to some specific textual concerns with H.R. 5005, permit me 
to comment briefly on some administrative law aspects of the proposal.  I 
am concerned that this major reorganization would reduce the effectiveness 
of the legislation that Congress has enacted over time to specify how the 
various agencies should carry out their functions.  Even if we assume that 
officials in the new Department wish to follow every Congressional 
enactment to the letter, there will inevitably be some play in the joints 
as the officials seek to make old language work in new settings.  The scope 
of agency discretion is likely to increase as a result of the reorganization.

	The reorganization thus poses risks to the effectiveness of existing 
legislation and of judicial review to assure the rule of law within the new 
Department.  For instance, the famous Chevron case requires judges to give 
deference to any agency that adopts any "permissible" interpretation of a 
statute.  Because all current statutes will need to be interpreted in the 
context of the changed circumstances of a new agency, and because H.R. 5005 
treats anti-terrorism to be the "primary" mission of the Department, a 
logical consequence is that judges will find a broader range of 
anti-terrorist action to be "permissible" under the circumstances.  Further 
study may be needed of the savings provision in Section 804(d) to determine 
whether there are textual changes that would reduce the risk to the 
effectiveness of existing statutes and judicial review.

Some Lessons from Current Research into Homeland Security and Privacy.

	Current research for the Liberty and Security Initiative of the 
Constitution Project sheds light on possible pitfalls from the current 
version of the Homeland Security Act of 2002.

	One of my efforts with the Constitution Project has been to study the way 
that wiretap laws operate at the state level.  I have learned, to my 
surprise, that a majority of all domestic wiretaps take place under state 
law, under orders signed by state judges.  A  study released this spring 
also found that the number of state wiretaps has jumped a startling 50 
percent in the past year alone.  A preliminary survey of state wiretap 
laws, along with proposals to amend those laws, is now available at the web 
page of the Constitution Project, www.constitutionproject.org.  A 
substantially more detailed 50-state survey will be available there 
shortly.  This topic of state wiretap laws is important in its own right, 
and it helps us consider how to achieve both security and privacy when 
USA-PATRIOT Act provisions sunset in 2005.

For the topic of homeland security, the study of state wiretap laws 
indicates the crucial importance of institutional checks and balances 
within a surveillance and security process.  The states vary widely in 
whether they have any institutional mechanisms to assure a high quality in 
wiretap orders.  The standards for a judge issuing a wiretap order are the 
same for federal and state wiretaps under the Electronic Communications 
Privacy Act.  At the federal level, we have a history of scrutiny of 
wiretap orders by the Congress, the press, and civil liberties groups and 
we have had institutional protections such as approval by senior Justice 
Department officials and significant training required of the agents and 
prosecutors who seek such wiretaps.  This set of institutional safeguards 
has often been much less developed, however, at the state level.  Proposals 
to amend state wiretap laws should seek effective ways to build 
institutional checks and balances into the surveillance process.  Effective 
institutional checks, beginning but not ending with strong Congressional 
oversight, will be needed as well for the new Department of Homeland Security.

Another ongoing topic for the Constitution Project concerns national ID 
proposals and the history of why the federal government has repeatedly 
decided not to create such an identification system.  My current view is 
that our lack of a national ID card today is due partly to popular 
sentiment (which has opposed such cards) and partly due to a political 
dynamic where the proponents faced a heavy burden in creating such a 
system.  My preliminary view is that creation of a Department of Homeland 
Security would change the political dynamic.  The new Department will be 
under strong internal and external pressure to adopt new biometric and 
other identification systems.  The heavy burden may thus shift to those who 
are skeptical of a new national identification system.  If the large and 
powerful new Department puts its muscle behind such a system, who inside or 
outside of the federal government will be similarly well organized to 
oppose it?

My research to date on the history of national ID proposals thus suggests 
that opposition to such proposals may be a reason to oppose or be more 
cautious in support of the new Department of Homeland Security.  The 
Congress may wish to consider ways to reduce this concern, such as by 
stating that no funds shall be spent to create or advocate for a national 
identification system.

Comments on Specific Sections of the Homeland Security Act of 2002, H.R. 5005.

	Section 101(b)(1), anti-terrorism as the "primary" mission of the 
Department.  The current text says that the Department's "primary" mission 
will be duties connected to preventing, minimizing the damage from, and 
assisting in the recovery from terrorist attacks.  One problem with this 
formulation is that it necessarily makes "secondary" all the other 
functions of the agency components that are transferred into the new 
Department.  As one notable example, administration of the entire enormous 
body of immigration laws is secondary under this statute to the activities 
of the INS with respect to terrorism.  Similarly, the many domestic 
responsibilities of FEMA will now all be subordinated, according to this 
statute, to FEMA's terrorism-related activities.  In the event of floods, 
hurricanes, fires, and the rest, any FEMA activities related to terrorism 
will be stated by statute to be more important than saving Americans' lives 
and property threatened by these other sorts of disasters.  The new 
Department would contain a wide range of important government functions, 
from the Coast Guard to the Customs Service to many others.  The proposed 
reorganization will likely result in less leadership focus, and likely less 
effective implementation, of the non-terrorism goals in these areas.  This 
concern about less effective government is made worse by the 
Administration's claim that no additional spending will be needed to fund 
the Department.  Having watched the budget process from up close during my 
time at OMB, I find this claim disingenuous at best.

	Turning to privacy as another example, the protection of Americans' 
privacy and other civil liberties appears to be made secondary, according 
to this statute, to all anti-terrorism efforts.  This hierarchy of values, 
with terrorism more important than all the other missions of the Department 
and all the other values implicated by the Department's ongoing activities, 
is made a permanent part of the statutory charter of the 
Department.  Future Secretaries of the Department may feel constrained to 
treat these "secondary" activities and values in a "secondary" way 
according to the Congressional intent as reflected in the text of Section 
101(b)(1).

	My recommendation is thus to rewrite Section 101 to make clear that 
anti-terrorist activities are a mission of the Department.  The 
"primary"/"secondary" language, however, should be deleted.  This amendment 
would avoid a threat to the rule of law, where future Secretaries of the 
Department might appeal to the "primary" mission of the Department to trump 
contrary missions as created by other statutes, such as in the areas of 
immigration, emergency preparedness, and privacy.

	Section 103, Other Officers.  The current text specifies the creation by 
statute of various officers, including a Chief Financial Officer and a 
Chief Information Officer.  Due to the special responsibilities of this 
Department, I believe the statute should also require creation of the 
office of Chief Privacy Officer.  This step would not take the place of 
effective inter-agency oversight by OMB or some other part of the Executive 
Office of the President.  Having a Chief Privacy Officer, however, would 
help create a better vetting process within the Department.  Proponents of 
new surveillance plans and data sharing would more consistently have to 
explain both the benefits of their proposals and why their proposals cannot 
be carried out in ways that are more consistent with privacy and similar 
values.  Creation of the Chief Privacy Officer position by statute would 
also increase the likely effectiveness of Congressional oversight of the 
Homeland Security Department on privacy and related issues.  It would be 
more difficult for the Department to bury these concerns many layers deep 
in the bureaucracy, and the Chief Privacy Officer would be available to 
testify before the oversight committees.

	Section 201, Under Secretary for Information Analysis and Infrastructure 
Protection.  The current text defines seven responsibilities of the Under 
Secretary for Information Analysis and Infrastructure Protection.  I have 
myself worked extensively on infrastructure protection issues, as a 
government official, as a private citizen, and as an academic researcher on 
encryption, firewall, and other topics.  I agree wholeheartedly that the 
United States government and the private sector must continue to strive 
mightily to improve all aspects of infrastructure protection and computer 
security.

	With that said, the current statutory text addresses only a fraction of 
the crucial issues that the new Under Secretary should consider.  The 
current text essentially focuses on assessing and correcting the 
vulnerabilities of the critical infrastructure and increasing information 
flow among those involved in computer security.  Entirely absent is any 
discussion of the many other values at stake in the construction of the 
information infrastructure.  For instance, there is no concern stated for 
educational or commercial benefits that result from the Internet or other 
information technologies.  There is no mention of the importance of 
protecting individual privacy in the exchange of all this 
information.  There is no mention of the values of government 
accountability, the Freedom of Information Act, or the many other ways that 
well-designed information structures can enhance an open society and the 
preservation of civil liberties.

	In response, supporters of the current text might say "that's not my 
Department." The bill concerns the Department of Homeland Security, and the 
concerns about education, commerce, privacy, government accountability, and 
civil liberties should simply be handled elsewhere in the government.  I 
respond, however, that the Department centrally tasked with "a 
comprehensive national plan" for information infrastructure should clearly 
be tasked to include those other issues and values in the process.

	My recommendation is to rewrite Section 201 to take explicit account of 
these and similar values in defining the mission of the Under Secretary for 
Information Analysis and Infrastructure Protection.  Consideration of the 
values mentioned here should be included explicitly within the definition 
of the Under Secretary's responsibilities.  The Under Secretary might also 
be tasked, for instance, to consult with the other relevant agencies 
(Commerce, Education, Justice, etc.) when making plans for critical 
infrastructure and information sharing.   The new language should not 
reduce the existing responsibilities of other agencies to take action in 
these areas.  As the Committee looks for language that achieves these 
goals, one helpful source would be the National Plan for infrastructure 
protection released in early 2000.  That Plan was prepared under the 
supervision of Dick Clarke, who now leads the Bush Administration's 
cyber-security efforts.  In both the Plan's overview and in its chapter on 
privacy and civil liberties, there is extensive discussion of the ways that 
multiple values should be considered in decisions about how to construct 
the Internet of the future and the nation's critical infrastructures more 
generally.

Section 203, Access to Information.  The current text, in Section 203(3), 
states that "the Secretary shall ensure that any material received pursuant 
to this section is protected from unauthorized disclosure and handled and 
used only for the performance of official duties."  The text also discusses 
the importance of protecting intelligence sources and sensitive law 
enforcement information.

	At first read, it might appear that the language about "unauthorized 
disclosure" and "performance of official duties" might offer protections 
for individual privacy, by limiting the ways that data in the hands of the 
Department might be used.  Upon a closer read, however, protections are 
almost entirely lacking.  First, the limit on "unauthorized disclosure" 
does nothing to limit "authorized disclosure."  Because the bill in general 
places few or no limits on authorized disclosure, the Department in the 
future would be essentially free to authorize almost any information 
sharing.  Second, the requirement that data be used "for the performance of 
official duties" is similarly weak.  Persons working in the Department, 
seeking in some way to fight terrorism, could justify almost any use or 
disclosure of information as part of the performance of official 
duties.  For example, releasing data to a state or local official might in 
some way help detect a terrorist, justifying almost any release of 
data.  Third, the bill provides no apparent remedy or enforcement action if 
releases are made beyond those permitted under Section 203(3).  Fourth, as 
discussed elsewhere in this testimony, the Department is currently proposed 
in a form where essentially all the incentives are in the direction of 
sharing sensitive personal information widely, in hopes that the sharing 
may incrementally help detect or prevent terrorist action.  These 
incentives are likely to push in the direction of greater "authorized" use 
over time.

	Taking these factors together, Section 203(3) becomes a recipe for 
essentially unrestricted sharing of sensitive personal information, with no 
apparent incentives to limit such sharing and no remedies if the sharing 
goes too far.  My recommendation is that language be added to the text that 
says that the Secretary "shall ensure that any material received pursuant 
to this section be used or disclosed in order to minimize the risk to harm 
to individuals from inappropriate use or disclosure of personally 
identified information."

	Because this sort of language will not in itself create remedies or change 
the incentive structure facing the Department, additional steps are likely 
warranted to assure careful handling of sensitive personal 
information.  One approach to create accountability is given by H.R. 4561, 
the "Federal Agency Protection of Privacy Act," which has been introduced 
by Chairman Barr and supported by the Ranking Member Representative Watt, 
as well as by a considerable number of other Members of Congress. I support 
the use of privacy impact assessments, which are the central provision of 
H.R. 4561, and hope that they will become standard practice within a 
Department of Homeland Security and in other settings where there is 
significant use or disclosure of personally identifiable information.

	Other parts of this testimony discuss ways to create accountability for 
the handling of personally identifiable information through actions by the 
Office of Management and Budget.  This role for OMB might be spelled out in 
Section 203 or elsewhere in the bill.

	Section 204, Information Voluntarily Provided.  Section 204 of the bill 
states that "information provided voluntarily by non-Federal entities or 
individuals that relates to infrastructure vulnerabilities or other 
vulnerabilities to terrorism and is or has been in the possession of the 
Department shall not be subject to section 552 of title 5, United States 
Code."  This provision would create an enormous and unjustified exception 
to the Freedom of Information Act (FOIA), and should be deleted from the bill.

	The question of how, if at all, to craft a FOIA exception for critical 
infrastructure protection information has been the subject of heated debate 
for the past several years.  I worked on this issue while serving in OMB, 
and have followed the debate in the time since.  The text of Section 204 
reads like the fantasy of one fringe of the debate  the fringe most 
dedicated to limiting disclosure of information to the public.  For 
instance, information that would clearly be open to the public through FOIA 
requests to other Federal agencies would be hidden away if the Department 
happened to receive it.  The secrecy would be permanent.  There are no 
procedural limits or review procedures for whether the benefits of 
releasing the data outweigh the risks.  The text uses the "relates to" 
language that is familiar from other statutes as the broadest possible 
legislative language; for instance, the same "relates to" language in ERISA 
is the reason that Congress has been considering the Patients Bill of 
Rights as a way to stop a large exemption from judicial review and due 
process.  And so on.

	The text of Section 204 is troubling not only because its substance is so 
extreme compared to the extensive debate that has already occurred on this 
topic, in both Houses of Congress.  It is troubling as well because of the 
apparently slipshod manner in which such an important topic was inserted 
into the Homeland Security bill.  Inclusion of this extreme text, without 
any of the nuance that many federal offices have gained during previous 
rounds of discussions on the issues, suggests one of two 
possibilities:  Either the text was inserted without the benefit of 
learning from the experts in the Executive Branch on the subject, or else 
those with expertise were simply overruled by the drafters.  It would be 
useful to learn, for instance, what role the OMB Office of Information and 
Regulatory Affairs, the Commerce Department Critical Infrastructure 
Assurance Office, and the FOIA office in the Department of Justice played 
in the vetting of this most amazing legislative language.

        My recommendation is that Section 204 be deleted in its entirety.

Conclusion.

	In conclusion, I thank the Committee for the opportunity to testify and 
present my views on these issues.  Today, less than a year after the 
horrific events at the World Trade Center and the Pentagon, there is likely 
no issue on the national agenda more important than deciding how we will 
change practices within our borders to assure both security and the other 
important values that define our Nation.  As an academic who has studied 
the history of government institutions, I wonder whether the War on 
Terrorism will be as defining a mission ten, twenty, or thirty years from 
now, when the Department of Homeland Security will quite possibly still be 
governed by the charter that Congress enacts this year.  You are writing 
the charter for an agency with unprecedented powers to keep watch on every 
American, powers that will endure long after this election cycle is 
forgotten.  I commend this Committee for its careful attention to the 
issues in the hearing today, and I welcome any questions you may have.






-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------