Several lawmakers pressed for answers on how Snowden, a low-level systems administrator, could have had access to highly classified material such as a court order for phone records.
“We need to seal this crack in the system,” said Rep. C.A. Dutch Ruppersberger (Md.), the ranking Democrat on the intelligence panel.
Alexander said he is working with intelligence officials to come up with a “two-person” rule to ensure that the agency can block unauthorized people from removing information from the system.
But Alexander and the other witnesses focused more heavily on justifying the programs and arguing that they operate under legal guidelines.
“As Americans, we value our privacy and our civil liberties,” Alexander said. “As Americans, we also value our security and our safety. In the 12 years since the attacks on September 11th, we have lived in relative safety and security as a nation. That security is a direct result of the intelligence community’s quiet efforts to better connect the dots and learn from the mistakes that permitted those attacks to occur on 9/11.”
The officials described the privacy protections in detail.
Under Section 702, the NSA must destroy any data collected about U.S. persons — citizens or lawful permanent residents — that have nothing to do with foreign intelligence, a crime or terrorism, officials said. The agency may keep the data for five years and then must purge it.
Phone data are stored in a separate repository at the NSA that can be accessed by only 22 specially trained people, officials said.
A query can be made only if the analyst has “reasonable, articulable suspicion” that the phone number to be searched is associated with a specific terrorist organization, they said.
Both programs are subject to reporting requirements, though the reports are not public.
For instance, if there is a compliance problem — a wrong number is punched in — the error must be reported to the court immediately.
In addition, the Justice Department and the Office of the Director of National Intelligence conduct regular reviews and report to Congress and the courts on compliance.
Some lawmakers have raised doubts about just how critical Section 215 authority has been to foiling plots and asserted that much the same data may be obtained without amassing a government database of Americans’ call records.
Alexander said he was reviewing the feasibility of having the companies retain the records and conduct searches at government request.
The potential drawback, he said, is loss of agility in a crisis.