Prepared Remarks of Attorney General

Alberto R. Gonzales at the

International Association of Privacy
Professionals Privacy Summit
Washington, D.C.
March 9, 2007
Thank you, Kirk. Good afternoon.

Jane Horvath, the Justice Department's Chief Privacy and Civil Liberties Officer,
suggested some time ago that I come and speak to you because of our mutual
concern for the protection of information privacy.

Initially, I intended to give you my perspective on the short history of something

very specific: information privacy in the War on Terror. And I'd still like to get into
that – but the latest chapter in this evolving history has occurred just this week, so I
want to start there, and then backtrack a little.

As all of you probably know, the Privacy and Civil Liberties Oversight Board has
been conducting in-depth evaluations of certain United States intelligence programs.
For the past year, for instance, the Board has been looking at the Terrorist
Surveillance Program – an important National Security Agency program that was
put in place by the President following the attacks of September 11th, 2001, to
monitor the international communications of suspected terrorists.

Board members have visited the NSA and have met with everyone from the top
people supervising the program to those who are doing the hands-on work. The
Privacy Board also has been briefed on the new and related orders of the Foreign
Intelligence Surveillance Court authorizing the government to target for collection
international communications where there is probable cause to believe that one of
the parties is a member or agent of al Qaeda, and on the President's decision not to
reauthorize the program in the wake of those orders. In addition, the Board has
reviewed the FISA court orders and other submissions explaining how the Courts
orders will be implemented.

Earlier this week it was reported that the Board has found the Government's efforts
to conduct this surveillance to be, in the words of its chairwoman, "structured and
implemented in a way that is properly protective and attentive to civil liberties."
That's great to hear because, under the direction of the President, we spent a lot of
time trying to get it right, and on building a structure with multiple layers of
security and review.

In addition, today the Inspector General of the Department of Justice issued two
reports. Those reports, unfortunately, were mixed. In one area, the IG's review
demonstrates that the FBI is living up to its responsibility of privacy protections; but
in another, the IG found significantly more needs to be done.

First the good news. One of the IG's reports confirmed that the Department and the
FBI have acted responsibly in exercising their authority under Section 215 of the
USA PATRIOT Act, which authorizes the government to obtain business records
and other materials through the FISA Court. The IG reported only two examples
where inadvertent errors, one by a case agent and one by a third party, resulted in
the FBI getting more information than it should have. In both cases the data were
either sequestered or destroyed, and the appropriate oversight authorities were
notified.

That is exactly how the process was designed to work, and how it did work. I was
pleased that the IG found it unnecessary to offer any recommendation for
improvements or modifications to Department or FBI procedures and practices in
the use of the Section 215 authority. This is good news, and privacy advocates
everywhere should note this solid track record.

But in its examination of the FBI's use of National Security Letters, or NSLs, the
IG found that the FBI did not have sufficient controls, did not provide adequate
training, and failed to follow its own policies and Attorney General Guidelines.

For those who may not be familiar, an NSL is a letter request for information held
by a third party that is issued by the FBI in connection with an authorized
counterterrorism or counterintelligence investigation.

We have had this tool for many years, but previously the letters had not been used
as frequently. In this post-9/11 era, however, with concerns about terrorists
operating inside our borders and the threat of homegrown terror cells, they have
become much more valuable.

We use NSLs to begin to tie together the various threads of the life of a suspected
terrorist—where he lives, who his friends are, what phone numbers he is calling
most often. In an era when prevention is critical, and time is of the essence, NSLs
are vital to our national security.

A fundamental protection in the use of NSLs is that, by law, they may be used only
to gather certain kinds of records -- like telephone subscriber information -- from
specific institutions, including telecom carriers, banks, and credit card companies.
They cannot be used to obtain the content of communications.

Before I get into the serious issues identified in the IG report, I want to note
something important: the Inspector General did not dispute the fact that NSLs are
extremely valuable investigative tools and that they have contributed significantly to
many investigations. I believe that all of us in the intelligence and law enforcement
community believe it is essential that we have the ability to gather information in
this way.

All of that being said, NSLs are a tool that simply must be used correctly.
Investigators must understand and follow the rules.

The laws authorizing NSLs, as well as specific rules set down by the FBI and by
me, established strict policies for how they would be issued and carried out. These
rules recognized the reality that where there are increased national security needs,
we must have the ability to move faster so we can stay one step ahead of the
terrorists. And when we have that authority to move faster, there must be increased
protections. When the FBI was given additional authority to collect information
without judicial oversight, the procedures placed greater obligation on the Bureau to
exercise that oversight itself.

While I am confident that the FBI is able to aggressively police itself, the Inspector
General found that in this area the FBI did not do that as aggressively as it should
have.

There were two main problems: First, partly due to insufficient guidance and
training there was some confusion in the field about the rules, and that led to
numerous instances of these letters being used in ways contrary to our policies and
procedures. For example: in some cases the paperwork was filled out wrong; in
some cases necessary approvals were not obtained or documented; and, in some
cases the third-party recipient provided the wrong information or information on the
wrong individual. In addition, one FBI unit used a form letter to obtain information
that should have been obtained by an NSL.

And second, the FBI did not have proper internal mechanisms to track the use of
NSLs or to provide adequate oversight. Consequently, the FBI is unable to give an
accurate number of NSLs issued…and thus our reporting to Congress has been
inaccurate.

I was upset when I learned this, as was Director Mueller. To say that I am
concerned about what has been revealed in this report would be an enormous
understatement.

Failure to adequately protect information privacy is a failure to do our jobs. And

although I believe the kinds of errors we saw here were due to questionable
judgment or lack or attention, not intentional wrongdoing, I want to be very clear:
there is no excuse for the mistakes that have been made, and we are going to make
things right as quickly as possible.

I have told the Director that I will not accept the problems identified in the report,
and I will not be satisfied until procedures and policies that should have been
followed are being followed, to the letter.

Here is some of what we have done, and will do, to address this unacceptable
breakdown:

FBI Director Mueller has instructed his inspections unit to determine what
went wrong and who is accountable.
Although there has been no allegation of misconduct by FBI lawyers, I have
asked the Associate Deputy Attorney General and Counsel for Professional
Responsibility to review the Inspector General's report and examine the role
that the FBI lawyers played in the Bureau's use of NSLs and exigent letters.
The FBI has instituted new procedures to improve the handling of NSL
records and increase training on the proper use of these letters.
I have directed the Justice Department's National Security Division, or NSD,
and our Privacy and Civil Liberties Office to work with the FBI in
implementing corrective actions, to consider any further review and reforms
that are needed, and to report to me regularly on the process.
I have directed the NSD to begin oversight and auditing of the FBI's use of
NSLs. Going forward, the NSD, in conjunction with the FBI's inspection
division, will conduct reviews of the use of NSLs in FBI headquarters and
field offices. Any identified violations of law or guidelines will be reported to
appropriate oversight authorities. This is a new level of oversight by
Department of Justice lawyers with years of experience in intelligence and
law enforcement.
I have ordered that briefings on the IG's report be given to the President's
Foreign Intelligence Advisory Board, the Privacy and Civil Liberties
Oversight Board, Congress, and key advocacy groups. Many of these
briefings have already occurred. I want to hear the views of those who have
been and will be briefed, and in particular their thoughts on what else we can
do to ensure the NSL authorities are used responsibly and in strict compliance
with all laws and internal policies.
The Department and the Office of the Director of National Intelligence have
established the NSL Data Retention Working Group, which is looking at how
we retain the information we acquire.
I have directed my legislative staff to go back and revise as necessary the
Department's responses to Congressional inquiries.
And finally, I have asked the Inspector General to report back to me in four
months on the FBI's implementation of the report's recommendations.

During the discussion of the reauthorization of the Patriot Act, I believed that the
FBI was acting responsibly in using National Security Letters. Because of the good
work of the IG, I've come to learn that I was wrong. Undoubtedly, some will argue
that the FBI should forfeit its authority to use this tool. Instead, I would urge
patience -- that we not rush to judgment, and allow these substantial corrective
measures time to work.

Each of the measures we are implementing is designed to help us learn what

happened and to ensure that we are in full compliance with the law and our own
rules, while still making full use of the investigative powers we have been given.

This brings me back to the beginning of what I wanted to share with you today on
the vital issue of protecting privacy and civil liberties. We are in new territory on
this issue for two major reasons. One, technology has made information more
accessible – for better and for worse. And, two, we are faced with a totally new kind
of threat to America.

By any measure these are extraordinary and intense times. Everyone in government
is working very hard to protect our country. I often say that, at the Department of
Justice, every day is September 12th – we approach our jobs with the passion and
the urgency of that day after.

September 11th took the dual responsibilities of protecting the American people
from harm while protecting privacy and civil liberties to a whole new level of
urgency and scrutiny. The watershed events of that day put a renewed emphasis on
the issue as we asked ourselves: "What else could we have done? What should we
have known?"

We realized, and the 9/11 Commission agreed, that to conduct the War on Terror,
the federal government needed additional powers and needed to enhance the use of
its existing powers. But we also knew that this potential shift of authority to the
government would require an enhanced system of checks and balances to protect
the precious liberties that are vital to our way of life. One of these cannot be
allowed to grow without the other.

We are committed, but we are imperfect. The IG's report has delivered a valuable
reminder: We must do better. And I insist we do better.

As you know, following the 9/11 Commission's recommendation, the Privacy and
Civil Liberties Oversight Board was created to advise the President on these
matters; and Privacy Officers were established in each of the major Executive
Branch agencies.>And when the President issued an executive order creating the
Information Sharing Environment, or ISE – taking down the "walls" that had existed
in government – he also mandated that new guidelines be created by the Director of
National Intelligence and me specifically to protect privacy.

These guidelines were issued last year, and they establish uniform procedures that
federal agencies must use to implement privacy protections…to ensure that the ISE
makes us safer at no cost to our liberties.

At the Department, our Chief Privacy Officer is responsible for privacy issues
relating to any program we are launching or considering. I've made sure that Jane
has direct access to me whenever she needs it. If a problem comes up involving
privacy or civil liberties, I have told Jane to be involved in addressing it.

We have required that every component of the Department must have a senior
official in charge of privacy issues. Many already had someone like that in place,
but now they all do.

Beyond these individuals, every division of DOJ, and every one of our components,
has been instructed to develop procedures and plans for dealing with information
security. Our priority is not just to avoid unauthorized collection of data, but also to
treat properly all of the data we do collect.

Because information does not respect borders, I think it is important for us to get
together with our international colleagues to discuss the global impact of these
issues. And we in government must continue to talk with groups like yours, to
ensure that we are moving forward.

This is not a static field -- the threat changes constantly, and the standards and
expectations are always on the rise. That's why when the Patriot Act was
reauthorized last year, significant additional safeguards on privacy and civil liberties
were incorporated. We listened to groups like yours, and we responded with new
checks and balances.

One of those checks was a requirement that the IG conduct the investigations
resulting in today's reports – to ensure that these tools were both effective and being
properly used. I believe that the IG report on NSLs and the corrective actions we
have taken and will be taking are evidence that the oversight system is working.

We have known all along, and are re-visiting today, the fact that a major part of
striking the right balance must be leadership and accountability. The American
people place a great deal of trust in their leaders, and if we are to prove worthy of
that trust we must be held accountable for any failure to meet the high standards we
have set. And if that failure occurs, we must act quickly and decisively to restore the
public's confidence.

We are keenly aware that to make progress in our war against terrorism – or in any
conflict – at the cost of eroding privacy and civil liberties would not really be a
victory. We cannot change the core identity of our Nation and still claim success.
And our identity has never been in doubt – we are a free people, dedicated to liberty
for the popular and the unpopular, committed to the ideal that the people govern
themselves, and determined to have a government that cannot extinguish or
suppress the rights that make us Americans.

In our War on Terror, we are faced with a new kind of enemy, and a new kind of
battlefield. They don't wear uniforms and they don't occupy territory, and we have
had to adjust our intelligence-gathering systems to fight them. We have gotten it
right a lot of the time, but as you have been told today we will get it wrong on rare
occasions. When we get it wrong, we will address the problem openly and quickly.

I believe that, while today's report offers an example where we fell short of our
ultimate goal, we have taken steps to strengthen a structure that balances our
liberties with our security. It is not a choice of one or the other.

Our shared challenge of protecting privacy and civil liberties while doing our jobs
will likely get harder before it gets easier. So we must remain dedicated to getting it
right, and to looking to one another for ideas on how to do so.

I hope you will see the Department's IG reports, and our response, not as the sum
total of our efforts, but as an indication of how seriously we take this issue. I have
confidence in Director Mueller's ability to implement this strong response plan. And
I will be looking over his shoulder to make sure that he does.

I look forward to working with Congress and with this group on achieving our goals
of protecting the privacy of all Americans. This is not an academic exercise -- our
shared work on this is vital to our Nation and its future.

Thank you for your service. God bless you, and God bless America.

###