ALBUQUERQUE, N.M. - U.S. Senator Martin Heinrich (D-N.M.), a member of the Senate Select Committee on Intelligence, delivered the keynote address at the University of New Mexico National Security Studies Program spring symposium on April 11, 2014. Senator Heinrich's speech focused on balancing civil liberties with national security in a digital age.
Below are Senator Heinrich's remarks as prepared for delivery:
Thank you for inviting me to join you this morning; and thank you Dr. Abdallah for the kind introduction.
The University of New Mexico is a cornerstone of higher learning in our community and this symposium is just one of many ways this institution is preparing the next generation of leaders to succeed.
It's truly an honor to speak with you.
Just a few weeks ago, a former CIA Director named James Schlesinger died. His time leading the CIA was incredibly short - just 17 weeks in 1972 - and highly partisan.
Legend has it that his first words upon taking over at the CIA were, "I'm here to make sure you don't screw Richard Nixon."
However, his impact on Congress's relationship with the Intelligence Community might be his greatest, if unintended, legacy.
Among the unpopular steps he took when he entered the CIA, he demanded information on any illegal activity undertaken by the CIA since 1959. The results were dubbed "The Family Jewels," and uncovered more than 700 violations of the CIA's charter, including spying on Americans.
When investigative reporter Seymour Hirsch broke the story about the "Family Jewels" on December 22, 1974, a shocked Congress was finally moved to conduct its own investigations, which included both the Church Committee in the Senate, and the Pike Committee in the House.
I won't go into the voluminous scandals uncovered by those investigations, but in the end, the Church Committee recommended that the Senate establish a Select Committee to oversee the activities of the Intelligence Community.
It's now one of the Committee's on which I'm proud to serve.
It goes without saying that the safety and security of our nation is the top priority of the Senate Intelligence Committee, but it's not our only priority.
We have a responsibility to make sure that that the Intelligence Community is working within the boundaries of the law, and is operating efficiently, focusing on targets of true national importance. It's a charge we take very seriously.
Prior to serving in the U.S. Senate, I was first elected to Congress to represent central New Mexico in the House of Representatives in 2008 - seven years after our nation was attacked on September 11th.
On 9/11, some of you may have been too young to fully appreciate what happened. But by now, you're likely studying the far-reaching impact those attacks had not only on our country, but on the strategic focus of our intelligence and military apparatus.
9/11 was a wake-up call to many people that our safety and security could not be guaranteed simply by having a strong military to defend us against the actions of nation-states.
We realized we had to shift our resources, and refocus on gathering information that would help us stop a diffuse enemy that we barely understood.
In our rush to realign our national security apparatus, our government took some steps too quickly, and without giving them full consideration.
One of those, with which I'm sure you've become very familiar, is Section 215 of the USA PATRIOT Act, which was signed into law just three days after it was introduced in October 2001, and passed by a Congress still displaced from its offices in the midst of an Anthrax attack.
Following reports in 2005 that the Bush Administration interpreted Section 215 to allow the unwarranted monitoring of the call history of millions of Americans, reforms of government data collection were enacted in 2008, but even these have proved inadequate and resulted in activities that few in Congress fully understood.
Just six months after my first intelligence briefing, a former National Security Agency contractor Edward Snowden leaked documents exposing the NSA's massive collection of Americans' cellphone and Internet data.
Last year's news stories made clear the government still applied broad interpretations to Section 215 of the PATRIOT Act, igniting a necessary public conversation about the tradeoffs made by our government between protecting our nation and respecting our constitutional liberties.
Well-intentioned leaders had, during the previous decade, come down decidedly on the side of national security, sacrificing privacy protections in the process.
What became obvious in the subsequent debate was that, because of our continued lack of knowledge of al-Qa'ida and other terrorist organizations, some within our government believed that we still needed to collect every scrap of information available in order to ensure that - should we ever need it - we could query this information and track down U.S-based threats.
In doing so, the government ended up collecting billions of call data records linked to millions of innocent Americans that it didn't really need.
As this debate increasingly moved to the public sphere, my colleagues Senators Ron Wyden and Mark Udall and I pressed the NSA and the Director of National Intelligence for clear examples in which information collected under Section 215 was uniquely responsible for the capture of a terrorist, or the thwarting of a terrorist plot.
They couldn't provide any. Not one single example.
Nor could they make a case for why the data collected by the government needed to be held for such a long period of time.
Thankfully, a review panel set up by President Obama agreed with us, and in December of last year, recommended that the government end its bulk collection of telephony metadata.
The President made his first proposal to do so in March, and Congress is working on a legislative solution that will finally end the bulk collection of telephone records.
I'll admit, however, that I am disappointed that the President didn't use his authority to unilaterally roll back some of the unnecessary blanket metadata collection.
It appears we've reached a critical mass to finally end the bulk collection of these phone records, and instead, focus more narrowly on the records of terrorists.
But the fight is not over.
The government still collects millions of records of innocent Americans, and apparently believes it has the authority to search these records at will.
Just last week, Director of National Intelligence James Clapper confirmed that the NSA is using "U.S. person identifiers" to query its database of records collected under Section 702 of the FISA Amendments Act of 2008.
Remember, these records of Americans were collected incidentally to an investigation into foreign terrorists. Section 702 is actually explicit in prohibiting the intentional collection of the communications of Americans.
But the Department of Justice believes that it can use these records to build a criminal case against Americans for any reason, regardless of whether it's related to terrorism.
This is a very troubling interpretation of what the government is able to do with records that include not just metadata, but the content of U.S. citizens' communications.
These "back-door searches" represent an egregious overreach and a misuse of records that would otherwise never have been in government possession. They must be stopped.
In fact, the President's own Review Group on Intelligence and Communications Technologies made similar recommendations that I hope he will embrace. Unfortunately, the President has not addressed this issue, and it's unclear if he intends to.
The bottom line is that we need to rein in the dragnet approach to surveillance and focus directly on targeting terrorists. We can and we must balance the government's need to keep our nation safe with its duty to protect our constitutionally guaranteed liberties.
In my view, we need substantial legal and policy reforms to achieve the balance that our nation's founders so effectively outlined in our Constitution.
One way to accomplish this is through increased transparency and accountability, so that we can have necessary public debates over these issues, and avoid secret interpretations of our laws.
General Clapper has made recent public comments that he believes the Intelligence Community should have been more forthcoming about the activities it was undertaking, and I hope these comments are sincere.
In the meantime, those of us who understand the potential for the abuse of these collection efforts must redouble our efforts to shift the Intelligence Community's collection paradigm back to one that is narrowly focused on actual threats, and fully respectful of civil liberties and privacy.
This brings me to another one of those very real threats and in many ways one of the most serious economic and national security challenges we face as a nation in a digital age: cybersecurity.
Over the past two decades, the exponential growth of the Internet has led to incredible economic development and innovation. Whether it's in the public or private sector, inside or outside of the office, this technology has given everyone in the 21st century enormous opportunities to stay connected.
However, our reliance upon the Internet has created new threats and vulnerabilities to our nation's infrastructure and even human life.
Our nation's critical infrastructure, including the electric grid, oil pipelines, air traffic control, and financial institutions, all use the Internet to some extent and can be manipulated, disrupted, and in some cases even destroyed.
As a member of the Senate Intelligence Committee, I have been briefed on worldwide cyber activities, and I am convinced that we, as a nation, must do more to prepare and protect ourselves from malicious cyber actors.
Defense and intelligence experts have described malicious cyber actors as an "existential threat" to our country.
I agree with them.
According to Robert Mueller, former Director of the Federal Bureau of Investigation, cyber threats will equal or surpass the threat of terrorism in the foreseeable future.
And according to Department of Homeland Security data, cyber attacks against federal agencies increased 782 percent between 2006 and 2012, with 48,562 separate incidents reported in 2012.
It's safe to say we shouldn't expect these attacks to slow down in our lifetime.
In terms of economic losses, a joint report released on July 23, 2013 by the Center for Strategic and International Studies and McAfee estimated annual U.S. losses of $100 billion and as many as 508,000 jobs lost due to cyber attacks, with NSA Director, General Keith Alexander, describing the consequences of cyber espionage as the "greatest transfer of wealth in history."
The private sector, which owns and operates approximately 90 percent of U.S. critical infrastructure, has connected much of its control systems to the Internet for increased efficiency and to decrease personnel costs.
In doing so, malicious actors, once inside an infrastructure operator's network, can potentially change control parameters to disable, misuse, or destroy physical infrastructure.
Recent news reports of cyber attacks on critical infrastructure, government systems, and businesses show the extent of cyber attacks being taken.
In Saudi Arabia, for example, accounts in the media showed that a cyber attack on Saudi Aramco, the world's largest exporter of oil, strategically erased data from 30,000 computers on the company's network
More recently, media reported sustained attacks on U.S. financial services companies, universities, and energy companies designed to take down websites, steal intellectual property, and destroy data or manipulate infrastructure.
And right here in Albuquerque, Sandia National Laboratories reported that hackers have probed the lab up to 30,000 times per hour.
While many attacks are the result of rogue individuals, foreign governments are also playing a substantial role.
In 2011, for the first time, the Office of the National Counterintelligence Executive publicly named China and Russia as the primary sources of cyber espionage against U.S. government and private sector firms.
And last year, a security company, Mandiant, traced the actions of a hacking group to the physical location of China's People's Liberation Army headquarters.
The willingness of other nations to directly sponsor and engage in corporate, political, military, intelligence and infrastructure-related cyber-attacks and espionage demonstrates that the future of warfare is moving further away from the battlefield, and closer to the machines and the networks everyday citizens have become so dependent on.
The ability to defend our nation against these attacks requires a comprehensive approach that involves not only the federal government, but also private sector companies and even individuals. That's right: In this new threat paradigm, we all have a critical role to play in defending our country.
However, determining and executing the right approach is easier said than done.
In the past few years, Congress has struggled to find the appropriate balance on these issues including: how to encourage or require the adoption of proper cybersecurity standards; how to encourage the sharing of information between industry and the government; and how best to maintain the privacy of individuals in the process.
In 2012, the most significant cybersecurity legislation to date, which was bipartisan, failed in the Senate when some rejected the bill due to their concerns that voluntary standards of protection were a backdoor for government regulation.
President Obama responded by issuing an executive order instructing the Commerce Department's National Institute of Standards and Technology to craft voluntary cybersecurity best-practices for critical infrastructure companies.
When I served on the Senate Commerce Committee, I supported legislation to strengthen our cyber defenses by codifying the President's recent executive order into law and boost cybersecurity education, research and development for cyber threats.
I also amended the legislation to ensure our national laboratories are stakeholders in the national cybersecurity research and development plan.
However, more needs to be done, and it needs to be done now. As we learned in the aftermath of the PATRIOT Act, unintended consequences flourish when our government rushes to put into place oversize, comprehensive laws. It is far better to be prepared and have a legal framework in place than to react rashly in the aftermath of a national tragedy.
On the intelligence committee, I am working with my colleagues to find the right balance so that individuals' privacy is protected, private industry can operate efficiently, and our nation's defenses are prepared to protect and respond to cyber attacks.
And I am especially proud that research institutions in New Mexico are already playing a critical role.
Here in Albuquerque, Sandia National Laboratories is a global leader in cybersecurity research. For five decades, Sandia has worked to make nuclear weapons safe and secure in the face of constantly evolving, sophisticated threats. Through sustained experimentation, testing, and validation, Sandia has developed a deep understanding of digital system security and reliability.
The federal government now invests over $150 million dollars annually in Sandia's cybersecurity expertise.
Sandia builds technologies that help verify nuclear treaty compliance in untrusted environments; develops battlefield technologies for the Department of Defense; and works with the Department of Homeland Security to advance counter terrorism technologies. Our national laboratories are rising to the serious threats that we face as a nation.
Los Alamos National Laboratory is currently developing new cyber tools specifically designed to combat insider threats, like Bradley Manning and Edward Snowden.
LANL's new software is designed to scan secure computer networks looking for usage that is out of character for a given user.
Just as cybersecurity is an area of increasing laboratory focus, it is also a quickly growing sector of the Albuquerque economy. Computation Analysis and Network Enterprise Solutions is a small business that calls Albuquerque home.
This business grew out of technology developed at a research division of New Mexico Tech that specializes in information assurance and analysis.
In the period between 2012 and 2014, President Mark Fidel anticipates a full doubling of his revenue and employees in order to address the growing threat of cybercrime that faces both local government and commercial entities.
Another local company working in this sector is Sage Technology Partners, located in the WESST business incubator downtown. SAGE provides a variety of cybersecurity services to private industry and government agencies.
Most recently SAGE responded as the breach mitigation team to a security incident at one of the largest physician-owned health care practices in the state.
Our state is well positioned to be a national leader in this rapidly developing industry. I trust that both UNM's Innovate ABQ and CNM's STEMulus Center will continue to build on the existing local momentum for cybersecurity start-up companies.
Sandia National Laboratories opened the Cyber Engineering Research Laboratory, located in the Sandia Science and Technology Park. At CERL, industry and university researchers can collaborate side-by-side with laboratory experts to address the most difficult cyber challenges through cutting-edge research.
In addition to Sandia and LANL, New Mexico is home to the Air Force Research Laboratory. Each lab makes enormous contributions to our nation's cyber defense in its own areas of excellence. Together with our local businesses, these institutions present a unique opportunity to any student interested in a career in cybersecurity or the intelligence community.
You have a chance to stay close to your families and homes while simultaneously serving our nation in critical, high-paying positions at these institutions. I encourage you to consider this line of work. Our country needs your innovation and dedication.
There is no question that our nation's intelligence professionals are dedicated, patriotic men and women who make real sacrifices to help keep our country safe and free.
I believe that they should be able to do their jobs secure in the knowledge that their agencies have the confidence of the American people.
Congress needs to preserve the agencies' ability to collect information that is necessary to guard against threats to our security. But it also needs to preserve the right of citizens to be free from unwarranted interference in their lives, which the framers understood was vital to American liberties.
This is a unique time in our nation's history.
While incredible technology advances are being made every day, our leaders have not always asked the right questions about how these abilities should be used.
In the noble pursuit of protecting our nation, little thought is being given to whether or not the government should do these things, just whether or not it can.
And what's at stake is grand: the fundamental principles of democracy.
I will continue to push for reforms that the American people want and deserve to keep our country safe and free.
In the midst of these efforts, I'm reminded of the prescient words of Senator Church in August 1975 on NBC's Meet the Press.
After describing the NSA's then-marvelous ability to "monitor the messages that go through the air," Senator Church warned that the same technology could be used against Americans, too.
He cautioned that: "no American would have any privacy left such is the capability to monitor everything-telephone conversations, telegrams, it doesn't matter. There would be no place to hide."
Finally, he said:
"I don't want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision so that we never cross over that abyss. That is the abyss from which there is no return."
Thank you again for this opportunity to speak with you. Albuquerque is enriched because we are home to this premiere university, and I'm confident that your involvement and engagement in the National Security Studies Program will help give you the knowledge, skills and relationships necessary to successfully compete for Intelligence Community and related national security careers.
I look forward to getting to your questions.