April 3, 2022 The Honorable Mark R. Warner, Chairman The Honorable Marco Rubio, Vice Chairman Select Committee on Intelligence United States Senate 211 Hart Senate Building Washington, DC 20510 Dear Chairman Warner and Vice Chairman Rubio: Thank you for the Committee's letter dated March 30, 2022. As you have requested, I have completed the Committee's Additional Prehearing Questions, which are enclosed. My responses to the Committee's classified prehearing questions are being submitted under separate cover. I look forward to appearing before the Committee on April 6th. Sincerely, ~t:-:r::~ K Enclosure SELECT COMMITTEE ON INTELLIGENCE UNITED STATES SENATE Additional Prehearing Questions for Kate Heinzelman upon her nomination to be General Counsel of the Central Intelligence Agency I Relations with the Congressional Intelligence Committees QUESTION 1: The National Security Act of 1947 provides that the obligation to keep the congressional intelligence committees fully and currently informed of all intelligence activities applies to the heads of all departments, agencies, and other entities of the United States Government involved in intelligence activities. • What is your understanding of the standard for meaningful compliance with the obligation of the Director of the CIA to keep the congressional intelligence committees, including all their Members, fully and currently informed of intelligence activities? Pursuant to Section 502(a)(l) of the National Security Act of 1947, the Director of the Central Intelligence Agency (CIA) has an obligation to keep the congressional intelligence committees fully and currently informed about CIA intelligence activities, including any significant anticipated intelligence activity and any significant intelligence failure , to the extent consistent with due regard for the protection from unauthorized disclosure of certain national security information, as provided in 50 U .S.C. § 3092(a)(l). Section 502(a)(2) further provides that the CIA shall provide specified information, including with respect to the legal basis for such activities, upon request, to the extent consistent with due regard for the protection from unauthorized disclosure of certain national security information, as provided in 50 U.S.C. § 3092(a)(2). (Section 503 addresses covert actions.) To comply with these requirements- which are an integral part of ensuring that Congress can execute its vital responsibilities- the CIA must provide the congressional intelligence committees with timely information about significant intelligence activities and failures . If confirmed, I commit to working with agency leadership and personnel to adhere to these legal obligations, to act in accordance with the principles and values that underlie them, and- more generally- to support the agency in maintaining a strong relationship with Congress. • Section 503(c)(2) of the National Security Act describes the "Gang of Eight" briefings to the Chairman and Vice Chairman in the context of covert action. Are there circumstances in which the "Gang of Eight" briefings can apply to other than time-sensitive tactical matters? If so, please elaborate. 2 The specific provision of law to which this question refers- Section 503 of the National Security Act- provides that a presidential finding or notification about a covert action may be reported to the so-called "Gang of Eight" only if "the President determines that it is essential to limit access to the finding to meet extraordinary circumstances affecting vital interests of the United States." 50 U.S.C. § 3093(c)(2). This provision does not specifically limit itself to "timesensitive tactical matters." There may be circumstances in which it could be appropriate to limit the disclosure of certain information on particularly sensitive matters consistent with Section 502 of the National Security Act. See 50 U .S.C. § 3092(a) (noting that reporting should be done "[t]o the extent consistent with due regard for the protection from unauthorized disclosure" of certain sensitive information) . If confinned, I would want to understand the circumstances in which such concerns may arise to determine how notifications can be achieved consistent with CIA's obligations . In any such instance, I would recommend that the agency discuss such concerns with the Chairman and Vice Chairman of the Committee to have a dialogue with them about how and when the full committee membership should be briefed. • Are there circumstances in which the CIA can limit briefings to the Chairman and Vice Chairman on intelligence activities that are not covert action? If so, what would be the statutory basis for such limited briefings? Sections 502 and 503 of the National Security Act of 1947 provide that the Director of the CIA must inform the congressional intelligence committees about the specified intelligence activities "[t]o the extent consistent with due regard for the protection from unauthorized disclosure" of certain national security information. 50 U .S.C. §§ 3092(a), 3093(b ). Section 503 contains other potential limitations on sharing of infonnation related to covert action in particular. See id. § 3093(c)(l). If confirmed, I would look to precedent about how these provisions have been applied in practice- and feedback CIA has received from the congressional intelligence committees- to determine how to apply appropriate protections to the most highly sensitive infonnation, where warranted, consistent with Congress's need to perfonn its critical constitutional functions. • Are there any circumstances in which briefings limited to the Chairman and Vice Chairman would be intended to or have the effect of concealing from the full Committee significant legal analyses? If so, please elaborate. 3 The CIA is required to furnish the congressional intelligence committees "any information or material concerning intelligence activities (including the legal basis under which the intelligence activity is being or was conducted)" that "is requested by either of the congressional intelligence committees in order to carry out its authorized responsibilities" to "the extent consistent with due regard for the protection from unauthorized disclosure" of certain sensitive information. 50 U.S.C. § 3092(a); see also id. § 3093(b) (relating to covert action). Withholding information from Congress without justification consistent with the law- for mere purposes of concealment, as the question asks- would be impermissible. QUESTION 2: Sections 502 and 503 of the National Security Act obligate the Director of the CIA to furnish the congressional intelligence committees with the legal bases for intelligence activities, as requested by the committees. In addition to adhering to this requirement, do you agree to affirmatively notify the committees of any novel legal analyses underlying CIA programs and activities? In addition to the obligations in the National Security Act of 1947 to keep the congressional intelligence committees fully and currently informed, the CIA General Counsel is responsible for timely notifying the intelligence committees of significant legal interpretations of the U.S. Constitution or federal law affecting intelligence activities conducted by the agency consistent with 50 U.S.C. § 3109. I view this requirement, and helping the agency comply with the relevant provisions of the National Security Act of 1947, as an important part of the CIA General Counsel's obligations. QUESTION 3: According to the CIA Inspector General, in January 2014, CIA personnel improperly accessed Senate Intelligence Committee staff files and records. To the extent CIA manages or operates systems used by the congressional intelligence committees, will you ensure, if you are confirmed, that no such intrusions occur in the future? If confirmed, I will work to ensure that appropriate steps have been taken to prevent any improper access to Committee staff files and records . QUESTION 4: 4 50 U.S.C. § 3349 requires notification of Congress in the event of an authorized disclosure to the press or the public of classified information that has not otherwise been declassified. Based on the law, do you see any exceptions to this notification requirement? Yes. Subsection (d) of 50 U.S.C. § 3349 includes several exceptions to the congressional notification requirement, including for disclosures made pursuant to the Freedom of Information Act or as a result of a declassification review process. I am not certain if other exceptions may apply in light of other law. Priorities of the Director of the Central Intelligence Agency QUESTION 5: Have you discussed with the Director of the CIA his specific expectations of you, if confirmed as General Counsel, and his expectations of the Office of the General Counsel as a whole? If so, please describe those expectations. Director Bums and I have discussed the role of the General Counsel and his priorities for the agency. I have explained my view of the importance of the role, particularly in the current national security environment, and the emphasis I place on providing timely and clear legal analysis . Director Bums has been clear, as he stated at his confirmation hearing, that "good intelligence, delivered with honesty and integrity, is America's first line of defense .... that intelligence professionals have to tell policymakers what they need to hear .... And .. . that politics must stop where intelligence work begins." If confirmed, I would hold the same values for the Office of General Counsel and would work to maintain and help further reinforce these principles throughout the agency. Office of the General Counsel QUESTION 6: What is your understanding of the responsibility of the General Counsel of the Central Intelligence Agency in ensuring that all activities of the Central Intelligence Agency are undertaken in accordance with the U.S. Constitution, U.S. treaty obligations, the laws of the United States, and relevant executive orders and associated guidelines? 5 The General Counsel of the CIA is the chieflegal officer of the agency, as set forth in the Central Intelligence Agency Act of 1949. 50 U.S.C. § 3520(b). Pursuant to the statute, she performs the functions that the Director prescribes. As a general matter, the General Counsel, with the assistance of Office of General Counsel attorneys, provides legal advice to the Director and other CIA personnel on the full range oflegal obligations applicable to CIA's operations. The purpose of such advice is to ensure that all of the agency's activities are undertaken in accord with all applicable law. QUESTION 7: The Office of the General Counsel of the Central Intelligence Agency has a myriad of roles and responsibilities. What are your expectations for the Office? My expectation is that the Office of General Counsel will support the agency's mission by providing accurate, clear, and timely legal advice on the full range of legal issues the agency confronts and thereby help the agency do its critical work in a manner that is fully consistent with applicable law. I also believe it is important that the Office of General Counsel play an integral role in the agency's compliance functions; work closely on matters involving congressional oversight; and distinguish for clients legal permissibility from risk, and legal advice from any non-legal counsel. • Do you have any preliminary observations on the Office's responsibilities, performance, and effectiveness? The Office of General Counsel's primary mission, as noted in my response to question 7, is to provide legal advice designed to ensure that the agency's activities are undertaken in compliance with all applicable law. At this time, I do not have the direct contact with the office necessary to have an informed view on its performance or effectiveness. • If confirmed, will you seek to make changes in the number or qualifications of attorneys in the Office, or in the operations of the Office? As noted in my response above, I do not, at this time, have the exposure to the Office of General Counsel necessary to have an infonned view about whether changes are needed to the numbers or qualification of the attorneys or the office ' s internal operations. 6 • What do you understand your responsibility to be to manage and oversee the legal work of the attorneys from the Office of the General Counsel who are assigned to the various components of the CIA and how would you carry out this responsibility, if confirmed? The General Counsel of the CIA is the chief legal officer of the agency, as set forth in the Central Intelligence Agency Act of 1949. 50 U .S.C. § 3520(b). As part of that role, the General Counsel is responsible for overseeing and ultimately managing the legal work of the Office of General Counsel, regardless of how the lawyers within the office may be assigned. If confirmed as General Counsel, I would seek opportunities to further enhance collaboration and cohesion within the office, particularly among lawyers who are assigned to different components. Relationships with Other Elements of the U.S. Government QUESTION 8: Describe your understanding of the responsibilities of the Director of National Intelligence and the General Counsel of the Office of the Director of National Intelligence in reviewing and providing legal advice on the programs and activities of the CIA, including covert actions. As Director Bums has explained, the Director of National Intelligence (DNI) is the head of the Intelligence Community and acts as the principal adviser to the President and the National Security Council for intelligence matters related to the national security. The DNI is also responsible for budgeting, oversight, and intelligence coordination across elements of the Intelligence Community. The General Counsel to the DNI is the chief legal officer of the Office of the DNI. I anticipate that I would have a close working relationship with the DNI' s General Counsel on a variety of matters, including those affecting multiple Intelligence Community components or significant matters involving CIA activities that may bear on broader Intelligence Community interests. QUESTION 9: Describe your understanding of the responsibility of the General Counsel of the Central Intelligence Agency to bring issues of legal significance to the attention of the Office of the General Counsel of the Director of National Intelligence. 7 I anticipate that I would have a close working relationship with the DNI 's General Counsel on a variety of potential matters, including those affecting multiple Intelligence Community components or significant matters involving CIA activities that may have bearing on broader Intelligence Community interests. QUESTION 10: Under what circumstances is it appropriate or necessary for the CIA to seek guidance from the Department of Justice Office of Legal Counsel before initiating, continuing, modifying, or ending an intelligence program or activity? It has been my experience that Executive Branch officials often seek advice from the Department of Justice's Office of Legal Counsel (OLC) on particularly complex or novel matters oflaw, or on matters on which agencies have different legal positions. If confirmed, I anticipate taking a similar approach to consulting with OLC on appropriate matters and having a strong working relationship with OLC. Covert Action QUESTION 11: Under what circumstances must covert action involving the use of force comply with treaties to which the United States is a party, including the United Nations Charter and the Geneva Conventions? All covert action must comply with applicable law. The President may direct covert action to the extent authorized by the Constitution and subject to other applicable federal law. Congress has specifically regulated covert action through the National Security Act of 1947, and Section 503(a)(5) of the Act provides that a covert action finding "may not authorize any action that would violate the Constitution or any statute of the United States." 50 U.S.C. § 3093(a)(5). While treaty obligations implemented in U .S. statutes would be binding under this statutory provision, my understanding is that a non-self-executing treaty or customary international law would not. It is also my understanding, however, that the United States complies with international law to the extent possible, as a general matter, including in the execution of covert action activities . QUESTION 12: 8 The National Security Act places limits on the activities that may be conducted as "covert actions." In particular, covert actions do not include "traditional. .. military activities or routine support to such activities." • What is your understanding of the definition of traditional military activities? • What is your understanding of the definition of routine support to traditional military activities? • What factors would you use in testing whether a proposed covert action involves traditional military activities or routine support to such activities? Please provide one or two illustrative examples. Section 503(e) of the National Security Act defines the term "covert action" to mean "an activity or activities of the United States Government to influence political, economic, or military conditions abroad, where it is intended that the role of the United States Government will not be apparent or acknowledged publicly, but does not include ... traditional ... military activities or routine support to such activities ." 50 U.S .C. § 3093(e). I am also aware that Congress has, in other statutory provisions, expressly defined certain activities as "traditional military activities." See 10 U .S.C. §§ 394(c), 394(f)(l) ("clandestine military activity or operation in cyberspace"); IO U.S.C. § 397 note ("clandestine military operation in the information environment"). I have not, however, previously had occasion to study the statutory term. If confirmed, I would look to principles of statutory interpretation and historical practice, including by consulting with CIA, Department of Defense, and other lawyers, to determine the meaning of the term as applied to any given set of facts . QUESTION 13: A Presidential Memorandum of Notification (MoN) authorizes the Director of the CIA, acting through the CIA, to undertake certain activities. Are the CIA' s authorities limited by a MoN's text, or can the CIA 's interpretation of a MoN include authorities that are not explicitly spelled out within a MoN's text? Please explain your understanding. I have not had occasion to consider this question closely or examine past practice on this issue, which is something I would look forward to doing if confirmed. Consistent with Section 503 of the National Security Act of 1947, the President determines the scope of a covert action activity based on a determination that "such an action is necessary to support identifiable foreign policy objectives of the 9 United States and is important to the national security of the United States, which determination" must be set out in a written finding . 50 U.S.C. § 3093 . The CIA must, of course, operate consistent with the finding and any associated Memorandum of Notification (MoN). Whether the agency may interpret a particular MoN to include actions "that are not explicitly spelled out within a MoN ' s text"-as this question asks- would depend on a fact-specific analysis of both the text of the MoN and the proposed actions, as understood using interpretive tools. As an additional check on the process, Section 503 of the National Security Act requires agencies to keep the congressional intelligence committees fully and currently informed of covert actions . Rendition QUESTION 14: The United States recognizes its obligation, under the Convention Against Torture, not to "expel, return ('refouler') or extradite a person to another state where there are substantial grounds for believing that he would be in danger of being subjected to torture." • To what extent does U.S. compliance with this obligation depend on diplomatic assurances provided by countries to which detainees may be extradited or rendered? • Should those assurances be conveyed in writing, so that a record of their provision and receipt is established? • Should such assurances be accepted from countries with established records of committing torture? • What is the role of the Office of General Counsel in ensuring that "diplomatic assurances" that detainees will not be subject to torture are credible? In accordance with section 2242(a) of the Foreign Affairs Reform and Restructuring Act of 1998, it is the stated policy of the United States "not to expel, extradite, or otherwise effect the involuntary return of any person to a country in which there are substantial grounds for believing the person would be in danger of being subjected to torture, regardless of whether the person is physically present in the United States." 8 U.S.C. § 1231 note. As Director Bums has said, diplomatic assurances, and consulting with the Department of State or relevant Chief of Mission in assessing the reliability and 10 credibility of assurances, are important in determining whether the legal standards for return or extradition are met and that detainees will be treated humanely. I am not familiar with the role that the Office of the General Counsel has historically played in such matters, but, if confirmed, I will familiarize myself with that role and work to ensure that the Office of General Counsel supports the U.S . Government in complying with applicable legal obligations. Chief of Mission Authority QUESTION 15: 22 U.S.C. § 3927 states that: "Under the direction of the President, the chief of mission to a foreign country ... shall have full responsibility for the direction, coordination, and supervision of all Government executive branch employees in that country .. .. " Absent direction from the President, is the CIA obligated to cease intelligence activities that do not have the approval of the chief of mission? In accordance with 22 U.S.C. § 3927, CIA personnel fall under the responsibility of the Chief of Mission and are required to keep the Chief of Mission fully and currently informed with respect to all activities and operations within that country. According to the statute, all such personnel "comply fully with all applicable directives of the chief of mission." As Director Bums has noted, the CIA and the State Department play a vital role in advancing our foreign policy and national security interests . .If confirmed, I would work to resolve any issues relating to the Chief of Mission 's authorities with counterparts at the State Department. Foreign Intelligence Surveillance Act QUESTION 16: Section 702 of the Foreign Intelligence Surveillance Act (FISA) authorizes the government to target non-U.S. persons reasonably believed to be located outside the United States, for purposes of acquiring foreign intelligence information. Section 702 cannot be used to target any person located in the United States. The law also prohibits the government from "reverse targeting" - that is, targeting a non-U.S. person outside the United States specifically for the purpose of collecting the communications of a person in the United States. The IC uses this FISA Section 702 collection authority to detect, identify, and disrupt terrorist and 11 other national security threats. The current authority expires on December 31, 2023. Please also provide classified answers to the below questions, if necessary. • How would you characterize FISA Section 702 authorities and their importance to current intelligence collection overall? • If FISA Section 702 authorities were to sunset, what would be the impact on national security? • How have FISA Section 702 authorities contributed to our efforts against Russia, China, Iran, and other adversaries? • How have FISA Section 702 authorities contributed to our efforts regarding election security? • What privacy and oversight protocols are in place to ensure these authorities are not misused and do you see the need for additional protections? • Do you support a full reauthorization of all FISA Title VII authorities? Please answer yes or no. If no, please explain. I understand Section 702 of the Foreign Intelligence Surveillance Act (FISA) to be a critical national security tool and a source of significant valuable intelligence. I thus support reauthorization of Title VII of FISA, and as Director Haines said during her confirmation hearing, would, if confirmed, work with elements of the Intelligence Community, the Department of Justice, and the Congress to determine whether any changes can be made that would improve the protection of privacy and civil liberties without compromising national security. Multiple layers of oversight, and privacy protections, apply to Section 702 collection. For example, each agency with collection authority must make an individual targeting decision before tasking a selector for collection and must apply Foreign Intelligence Surveillance Court ("FISC")-approved targeting procedures in so doing. Agencies that receive unminimized Section 702 collection must comply with their FISC-approved minimization and querying procedures. FISA compliance is also subject to oversight by the Department of Justice, the Office of the Director of National Intelligence, the FISC, and both the congressional intelligence and judiciary committees, as well as independent Inspectors General and the Privacy and Civil Liberties Oversight Board. At the CIA, compliance with applicable Section 702 requirements is subject to ongoing internal oversight by CIA ' s FISA Program Office, Office of General Counsel, and the Office of Privacy and Civil Liberties and external auditing by the Department of Justice and the Office of the Director of National Intelligence at regular intervals. 12 QUESTION 17: What is your understanding of the role of the CIA General Counsel in ensuring adherence to minimization procedures associated with Section 702 of FISA and in supporting the oversight functions of the ODNI and the National Security Division of the Department of Justice? Agency minimization procedures are an important part of the Executive Branch' s multi-layered Foreign Intelligence Surveillance Act (FISA) compliance mechanisms . I expect that the Office of General Counsel plays an important role in supporting the CIA' s compliance with FISA, including by interpreting CIA' s minimization procedures, assisting in training, participating in regular FISA compliance reviews, and reporting noncompliance incidents to oversight bodies. I anticipate that, if confirmed, the Office of General Counsel and I would work closely with the National Security Division of the Department of Justice and the Office of the Director of National Intelligence to implement these important requirements. QUESTION 18: Section 702 of FISA prohibits "reverse targeting" of U.S. persons. Given that the CIA can both nominate foreign targets and conduct U.S. person queries intended to return communications of or about U.S. persons, how should the Office of General Counsel guard against any instances of reverse targeting? FISA Section 702 prohibits "reverse targeting" - i.e. , intentionally targeting a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States. 50 U .S.C. § 188la(b)(2). Director Burns has explained that "extensive internal and external oversight mechanisms help ensure that CIA's nomination of Section 702 targets does not violate the prohibition on reverse targeting." CIA's compliance program includes training; ongoing internal oversight by CIA' s FISA Program Office, Office of General Counsel, and Office of Privacy and Civil Liberties; and external auditing by the Department of Justice and the Office of the Director of National Intelligence at regular intervals. FISA compliance is also subject to oversight by the FISC and both the congressional intelligence and judiciary committees. 13 Executive Order 12333 QUESTION 19: What differences, if any, exist with regard to CIA access to, queries of, and use, dissemination and retention of U.S. person communications and metadata collected pursuant to Executive Order 12333 as compared to communications and metadata collected pursuant to Section 702 of FISA? Publicly available Attorney General-approved guidelines govern CIA's collection, handling, retention, and dissemination of U.S. person communications and metadata collected pursuant to Executive Order 12333. These Attorney General Guidelines also incorporate the requirements set forth in Section 309 of the Intelligence Authorization Act for Fiscal Year 2015 regarding the protection of U.S. person communications. For U.S. person communications and metadata collected pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Foreign Intelligence Surveillance Courtapproved minimization and querying procedures apply. QUESTION 20: Please describe the rules, guidelines, or other authorities under which the CIA would approve requests for the unmasking of U.S. person identities in CIA intelligence. The CIA's Executive Order 12333 Attorney General Guidelines restrict CIA's retention, use, and dissemination of information concerning U .S. persons. In addition, CIA has established procedures that implement Intelligence Community Policy Guidance 107 .1, regarding "Requests for Identities of U.S . Persons in Disseminated Intelligence Reports ." These procedures provide guidance about how CIA components process requests from government officials for nonpublic infonnation that identifies any U.S. person by name, or other means, when CIA did not include that infonnation in a dissemination to the requesting entity. These procedures require, among other things, that CIA document all requests it receives, including a fact-based justification about why each U.S. person identity is need to carry out the requesting official's official responsibilities. CIA also limits the authority to approve such requests to specified officials. QUESTION 21: 14 Do you believe the CIA should be authorized to monitor U.S. persons' social media activities? If so, under what authorities and subject to what limitations? While I do not have first-hand experience with the manner in which the CIA may, or may not, presently engage in such monitoring, as a general matter, it is my view that the CIA's role with respect to the collection of U.S. person information is and should be circumscribed in light of its foreign intelligence mission and as a matter of applicable law and policy. As a legal matter, there are several specific limitations on CIA's activities in the United States and with respect to U.S. persons (aside from statutes of general applicability). For instance, the National Security Act of 1947 states that the Director of CIA shall "collect intelligence through human sources and by other appropriate means, except that the Director of the Central Intelligence Agency shall have no police, subpoena, or law enforcement powers or internal security functions. " 50 U.S .C. § 3036(d)(l). Under Executive Order 12333, the Director of CIA is charged with collecting "foreign intelligence and counterintelligence" and conducting counterintelligence "without assuming or performing any internal security functions within the United States." Executive Order 12333 § l. 7(a). Pursuant to CIA ' s Executive Order 12333 Attorney General guidelines, CIA may collect "[i]nformation that is publicly available or collected with the consent of the person concerned" if done in the course of CIA' s duly authorized intelligence activities and in fulfillment of the CIA ' s national security responsibilities . Attorney General Guidelines§ 2.3(a). But- among other limitations relevant to collection of U.S. person information- CIA may not collect or maintain information concerning U.S. persons solely for the purpose of monitoring activities either protected by the First Amendment or the lawful exercise of other rights secured by the Constitution or U.S. law. Attorney General Guidelines § 3.3. The Attorney General Guidelines impose further restrictions on the handling, retention, and dissemination of U.S. person information. QUESTION 22: Section 7 of Central Intelligence Agency Intelligence Activities: Procedures Approved by the Attorney General Pursuant to Executive Order 12333 (AG Guidelines) provides for limitations on the retention of information concerning U.S. persons. However, Section 6 of the guidelines states that the CIA may retain "unevaluated information when it is impracticable, infeasible, or detrimental to the 15 CIA mission to determine promptly whether the information qualifies for retention under the criteria of Section 7." • • How would you define "impracticable, infeasible, or detrimental"? What is the role of the CIA General Counsel in ensuring that unevaluated U.S. person information is retained only under those circumstances? I have not had the opportunity to study the application of the criteria in Section 7 of the Attorney General Guidelines at the CIA. If confirmed, I would look to principles of interpretation and historical practice, including by consulting with subject matter experts, to interpret the phrase and apply it to CIA data. If confirmed, it would be my hope and expectation that, by providing interpretive guidance across the agency, the Office of General Counsel can help enhance consistency in the application of such standards. QUESTION 23: Section 6.2.1 (b) of the AG Guidelines requires exceptional handling requirements for "unevaluated information that is anticipated to contain [U.S. Person Information] that is significant in volume, proportion, or sensitivity." • How would you define "significant in volume, proportion, or sensitivity"? • What is the role of the CIA General Counsel in identifying unevaluated information that is "significant in volume, proportion, or sensitivity" and ensuring adherence to the exceptional handling requirements? I have not had the opportunity to study the application of the criteria in Section 6.2.1 (b) of the Attorney General Guidelines at the CIA. If confinned, I would look to principles of interpretation and historical practice, including by consulting with subject matter experts, to interpret the phrase and apply it to CIA data. If confirn1ed, it would be my hope and expectation that, by providing interpretive guidance across the agency, the Office of General Counsel can help enhance consistency in the application of such standards. QUESTION 24: Section 4.4.1 of the AG Guidelines describes "special collection techniques" for use outside the United States, specifically electronic surveillance and physical 16 searches. Section 4.4.2 states that: "Any special collection technique directed at a U.S. person outside the United States (including a U.S. person's property or premises outside the United States) must be forwarded through the General Counsel for concurrence and approved by the D/CIA or designee, the Attorney General (as required by Section 2.5 of Executive Order 12333), and where applicable, the Foreign Intelligence Surveillance Court." Are there any circumstances in which the CIA could employ a special collection technique directed at a U.S. person outside ofFISA? All CIA activities involving special collection must be carried out in accordance with the Constitution, applicable federal statutes, Executive Order 12333, presidential directives, and the CIA's Attorney General Guidelines. To determine what law applies to a given "special collection technique," I would need to know more about the technique and the circumstances of its proposed use. If confirmed, I will take very seriously my role under the Attorney General Guidelines as General Counsel in confirming there is a lawful basis for all special collection techniques directed at U.S. persons. QUESTION 25: In its "Deep Dive II" report on CIA activities pursuant to EO 12333, the Privacy and Civil Liberties Oversight Board made the following recommendations: ( 1) the CIA should draft implementing guidance for the CIA' s Attorney General Guidelines that would specifically apply [to the data that was the subject of the PCLOB review]; (2) CIA analysis should memorialize the Foreign Intelligence (FI) justification [REDACTED] queries involving known or presumed U.S. person information, [REDACTED] in an easily reviewable manner; (3) The Privacy and Civil Liberties Officer should, in consultation with relevant mission personnel, design a framework sufficient to routinely identify, review, and address issues related to USP information; (4) the CIA should determine how best to address the retention and use of legacy data that may include USP information; (5) the CIA should conduct periodic efficacy assessments in coordination with the Counterterrorism Mission Center to analyze whether the use of [REDACTED] provides continuing value; and (6) the CIA should consider the automated tools to assist with the auditing, oversight, and compliance of matters or issues related to . [REDACTED] especially with regard to U.S . Persons." What is your view of each of these recommendations and what is the responsibility of the CIA General Counsel to ensure that they are implemented? 17 I have not had the opportunity to review the classified Deep Dive II report to which this question refers, but look forward to reviewing the report and CIA' s responses to the Privacy and Civil Liberties Oversight Board's (PCLOB ' s) recommendations if I am confirmed. If confirmed, my role as General Counsel will be to help ensure all CIA activities are conducted in full compliance with applicable law, including Executive Order 12333, and that CIA keeps intelligence oversight committees apprised of its intelligence programs. I understand that Director Bums has agreed that the CIA will review its current procedures and ensure that all of its systems are compliant with CIA' s Attorney General Guidelines issued pursuant to Executive Order 12333 . If confinned, I would look forward to assisting in that review. QUESTION 26: On February 10, 2022, in connection with the release of a portion of the PCLOB's "Deep Dive II" report and a separate report on financial data, the CIA issued a press release stating that: "CIA 'score authority to collect intelligence stems from its statutory mandate to do so-found in the National Security Act of 1947-as well as the President's inherent constitutional authority to collect foreign intelligence and counterintelligence ieformation, which is expressed in E.O. 12333. The Foreign Intelligence Surveillance Act (FISA) also governs important but relatively narrow areas of intelligence collection including electronic surveillance, physical search, and certain other activities as defined in that statute. Many of CIA 's core intelligence activities fall outside the scope of the FISA, but are nevertheless governed by E. 0. 12333, implementing Procedures promulgated by the CIA Director and the Attorney General of the United States, and other US law... These entirely unclassified procedures, and an accompanying narrative description, describe a range of restrictions that apply to CIA 's intelligence activities, to include specific procedures applicable to collections of large datasets which, though collected for a valid foreign intelligence purpose, may contain incidental ieformation regarding United States persons. This is why, under CIA 's Attorney General procedures, collectors must take reasonable steps to limit the information collected to only that which is necessary to achieve the purpose of the 18 collection. This winnowing down of collection highlights one example of the privacy protections which are embedded in these foundational procedures. These declassified materials provide specific examples of how some of these safeguards are applied in practice. " • Do you agree with the CIA's statement? Please answer yes or no. If no, please explain. I agree that there are a number of laws and regulations that authorize and govern the CIA's intelligence activities. I have not had the opportunity to review the underlying CIA activities described in the reports of the Privacy and Civil Liberties Oversight Board (PCLOB), but I look forward to reviewing the matter if confirmed. • Are foreign collection authorities legal only if the authorities appear within FISA's four comers? Please answer yes or no. Please explain your answer. No, if I am understanding the question correctly, foreign collection is governed by a number of authorities, including the Foreign Intelligence Surveillance Act (FISA). Surveillance activities that come within FISA's scope are governed by FISA's statutory requirements. • Do you agree that the CIA derives its collection authorities not just from statutory laws (such as FISA), but from Executive Orders (such as E.O. 12333) and the U.S. Constitution? Please answer yes or no. If no, please explain. As Section 104A(d) the National Security Act of 1947 recognizes, Congress has authorized the Director of the CIA, among other things, to collect intelligence through human sources and by other appropriate means, to correlate and evaluate intelligence related to the national security, and to perform such other functions and duties relating to intelligence affecting the national security as the President or the Director of National Intelligence may direct. See 50 U.S.C. § 3036(d)(l), (d)(4). The President has further specified the CIA 's functions, including the responsibility to collect foreign intelligence and counterintelligence, in Executive Order 12333 . Many other legal authorities govern intelligence collection activities as well. • Do you agree that the CIA has legal authority under the unclassified Attorney General Guidelines for E.O. 12333 to undertake foreign 19 collection, which can result in incidentally-collected information on U.S. Persons, and that the Attorney General Guidelines address such incidental collection as legitimate, legal collection? Please answer yes or no. If no, please explain. I am aware that CIA' s Attorney General Guidelines promulgated pursuant to Executive Order 12333 "[a]s part of authorized intelligence activities ... permit collection that involves incidentally acquired information concerning a U.S . person," subject to restrictions regarding handling, retention, and dissemination and as limited by applicable law. As the agency has explained, these guidelines "represent only one aspect of the authorizations and restrictions on the CIA ' s intelligence activities." CIA, The CIA's Updated Executive Order 12333 Attorney General Guidelines, https ://www.cia.gov/ static/ 100ea2eab2f7 3 9cab6 l 7eb40 f98fac85 /Detailed-Overview-CIA-AG-Guidelines.pdf. With regard to any questions about the legal authority for particular collection activities, I would want to review the specific activity in question before addressing the source of authority. QUESTION 27: The Privacy and Civil Liberties Oversight Board's report on Executive Order 12333 stated that: "As technology and the law evolve at an ever-faster pace, the IC's review and revision of elements' Attorney General-approved guidelines should proceed at a similar rate. Up-to-date guidelines will better safeguard U.S. persons' privacy and civil liberties and support intelligence mission needs." Do you agree to review the AG Guidelines to ensure they are up to date with changes in law and technology? Yes, if confinned I would work with the CIA's Privacy and Civil Liberties Officer to ensure there is an appropriate process to review and update the Attorney General Guidelines as needed to respond to changes in law and technology. QUESTION 28: In June 2018, in the case of Carpenter v. US., the U.S. Supreme Court found that that the government's collection of cell-site locational information was a Fourth Amendment search. In your publications ( Carpenter and Everything After: The Supreme Court Nudges the Fourth Amendment into the Information Age, and Carpenter v. United States: A Revolution in Fourth Amendment Jurisprudence?), 20 you described the Supreme Court's holding as a "decidedly 'nanow one"', citing the Court's statement that "our opinion does not consider other collection techniques involving foreign affairs or national security." The Carpenter case also raised questions about the so-called "third party doctrine," whereby information held by third parties is not protected by the Fourth Amendment. • Do these publications represent how you will conduct matters if confirmed as General Counsel of CIA? Please respond with yes or no. If no, please explain. • What is your view of the application of the Carpenter case to the Intelligence Community, specifically with regard to cell-site location and other geolocation information? Please be specific in terms of collection authorities, and please provide a classified response, if necessary. • What is your view of the "third party doctrine," after Carpenter, as it applies to the Intelligence Community? Please be specific in terms of collection authorities, and please provide a classified response, if necessary. In its decision in Carpenter v. United States, 585 U.S. _ (2018), the Supreme Court declined to extend the so-called Fourth Amendment "third-party doctrine," including as articulated in United States v. Miller, 425 U .S. 435 (1976), and Smith v. Maryland, 442 U.S. 735 (1979), to the particular type of information (cell-site location infom1ation, or CSLI) at issue in Carpenter. Distinguishing key thirdparty doctrine cases from the particular circumstances at issue in that case, the Court explained that these cases relied on several factors and applied those considerations to CSLI. The Court stated that it was not "disturb[ing] the application of Smith and Miller," or "call[ing] into question conventional surveillance techniques and tools," and that its decision was a "nanow one." The excerpts from the articles cited largely quote the Supreme Court's opinion in Carpenter v. United States. They are therefore descriptive- which was the primary purpose of both publications- and, as such, would not necessarily resolve Fourth Amendment questions that may be presented to me if I am confirmed as CIA General Counsel. I am not familiar with the manner in which Carpenter v. United States may have affected cunent Intelligence Community operations- in particular, with the manner in which the CIA may collect or use CSLI or other geolocation data, or with the manner in which the CIA may rely on the "third party doctrine" with respect to other collection. If confirmed, I look forward to better understanding 21 any impact Carpenter, or courts ' recent Fourth Amendment case law, may have had on the Intelligence Community. QUESTION 29: Can the CIA ask a foreign entity or any other third party to undertake an activity that the CIA is not authorized to undertake itself? The CIA may not request any person (including a foreign entity or any third party) to undertake activities that the CIA is prohibited by law from undertaking. Presidential Policy Directive-28 QUESTION 30: The Policy and Procedures for CIA Signals Intelligence Activities state: "Agency components shall consult with the Privacy and Civil Liberties Officer (PCLO) and the Executive Director of the Central intelligence Agency (EXDIR) or their designees on novel or unique SIGINT collection activities, and any significant changes to existing SIGINT collection activities, to ensure that there are appropriate safeguards to protect personal information." Do you commit to informing the full Committee with regard to any novel or unique SIGINT collection activities and the potential implications for U.S. person privacy interests? If confirmed, I would support the agency, and coordinate with other relevant Intelligence Community agencies, to ensure full compliance with the obligation to keep the intelligence committees fully and currently informed with regard to SIGINT collection activities. Privacy Shield QUESTION 31: In your publication Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA), you note the potential impacts on the U.S.-E.U. Privacy Shield. • Given the interim events that occurred after this publication, including those the White House announced publicly on March 25, 2022, what is your 22 current view of the steps that the U.S. needs to take regarding our national security laws in order to maintain the free and open transfer of data with the E.U.? • How will you approach these matters if confirmed as General Counsel of the CIA? Please be specific, and please provide a classified response, if necessary. In 2020, the Court of Justice of the European Union invalidated the European Commission's adequacy decision regarding the U.S.-E.U. Privacy Shield framework in its Schrems II decision, finding that U .S. law does not adequately protect personal data transferred to the United States from the European Union. The court focused, in particular, on its view about the need for additional safeguards to ensure that U.S. government access to personal data remains necessary and proportionate, as well as a new redress mechanism. According to the recent joint statement by the United States and the European Commission, a new Trans-Atlantic Privacy Framework will respond to these concerns by putting in place new safeguards to ensure that signals surveillance activities are necessary and proportionate in the pursuit of defined national security objectives, establishing a two-level independent redress mechanism, and enhancing rigorous and layered oversight of signals intelligence activities. If confim1ed, I will assist the Intelligence Community in implementing the new framework and assessing any related legal issues. Classification and Transparency QUESTION 32: What is the role of the Office of the General Counsel in ensuring that CIA classification decisions are consistent with Executive Order 13526? The Office of General Counsel advises CIA personnel on the proper interpretation of executive orders, including Executive Order 13526. QUESTION 33: Executive Order 13526 provides that: "In no case shall information be classified, continue to be classified, continue to be maintained as classified, or fail to be declassified in order to: (1) conceal violations of law, inefficiency, or 23 administrative error; (2) prevent embarrassment to a person, organization, or agency; (3) restrain competition; or (4) prevent or delay the release of information that does not require protection in the interest of national security." • Do you agree with these prohibitions? Yes. • What is the role of the General Counsel in ensuring adherence to these rules? I view it as the role of the General Counsel to help ensure compliance with these legal requirements . QUESTION 34: In a January 5, 2022, letter, DNI Haines wrote that "deficiencies in the current classification system undermine our national security, as well as critical democratic objectives, by impeding our ability to share information in a timely manner, be that sharing with our intelligence partners, our oversight bodies, or, when appropriate, with the general public." Her letter further noted that "current prioritization given to remediating these issues and the resources dedicated to making tangible progress are simply not sufficient." Do you share these views and, if so, would you make declassification reform, including investments in modernization technologies, a priority? Since I do not currently work in the Intelligence Community, I cannot speak to the current prioritization and resources dedicated to remediating these important issues, but I share Director Haines' views that it is critical for the Intelligence Community to be able to share information in a timely manner with intelligence partners, oversight bodies, and, when appropriate, the general public, consistent with the need to protect sensitive national security information. If confirmed, I would work to support Intelligence Community efforts to improve the declassification process and modernize the policies that govern classified information as needed. QUESTION 35: In its 2020 Report to the President, the Intelligence Security Oversight Office (ISOO) urged that: "The White House must begin a comprehensive interagency process, led by the NSC's Records Access and Information Security directorate ... 24 to review and update critical national security policies and authorities that govern the [Classified National Security Information] system," including EO 13526, which was last updated in 2009. At the request of the National Security Council, the Public Interest Declassification Board (PIDB) has begun formulating recommendation for a new executive order to amend or replace EO 13526. What is your view of the need to update EO 13526 and will you ensure that the CIA cooperates fully with the interagency process led by the NSC? As a general matter, I support efforts to review and update policies governing sensitive national security infonnation as needed. If confirmed, I will work to ensure that the CIA is an active participant in any interagency process led by the National Security Council to update Executive Order 13526. QUESTION 36: The CIA currently publicly posts Central Intelligence Agency Activities: Procedures Approved by the Attorney General Pursuant to Executive Order 12333, and Policy and Procedures for CIA Signals Intelligence Activities. Will you ensure that the CIA continues to post these procedures as well as any modifications or superseding policies and procedures? The CIA has made both its 2017 Procedures Approved by the Attorney General Pursuant to Executive Order 12333 and its PPD-28 Section 4 policies and procedures publicly available. Director Bums agreed to continue this practice and to make publicly available any unclassified modifications to these procedures. If confirmed, I will help support the execution of these efforts. QUESTION 37: The ODNI releases to the public its Annual Statistical Transparency Report Regarding the Intelligence Community's Use ofNational Security Surveillance Authorities. That report includes quantitative data on the impact of FISA collection and National Security Letters on U.S. persons. Do you agree that the American public also has an interest in quantitative data related to U.S. person information collected pursuant to EO 12333, including the amount of information collected; U.S. person queries; disseminations, maskings and unmaskings; and use in criminal proceedings? I believe Americans have interests that are implicated when U.S. person information is collected by government entities, regardless of the particular means 25 of collection. I am not, however, familiar with the extent to which such data related to U.S. person information is compiled or what impediments may exist with respect to making such quantitative information publicly available. As a general matter, informing the public about the Intelligence Community's activities, consistent with the need to protect sensitive sources and methods, is important to maintaining accountability and trust, which I believe should be a priority. If confirmed, I would work to support such efforts and would be an advocate for them. Whistleblowers and the Inspector General QUESTION 38: On October 22, 2019, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) sent a letter, signed by the inspectors general of sixty-eight government departments and agencies, to the Assistant Attorney General, disagreeing with the Office of Legal Counsel's opinion permitting the DNI to withhold from Congress a whistleblower complaint determined by the IC Inspector General to be an "urgent concern." The CIGIE letter, whose signatories included inspectors general from across the IC, noted that the Intelligence Community Whistleblower Protection Act does not grant the DNI discretion, but rather states that the DNI "shall" transmit such complaints to Congress. The Consolidated Omnibus Appropriations Act, 2022, signed into law on March 15, 2022, includes the Fiscal Year 2022 Intelligence Authorization Act, a provision of which reaffirms that the inspectors general shall have "sole authority" to determine whether a complaint or information is a matter of urgent concern. (Division X, Section 502) Does the language in the omnibus appropriations bill supersede the OLC opinion? I have not studied the Office of Legal Counsel (OLC) opinion in question, but I believe the independence of federal inspectors general is critical to encouraging the prompt and appropriate resolution of allegations of governmental waste, fraud, abuse, mismanagement, and to protecting whistleblowers. As relevant to the CIA, the Fiscal Year 2022 Intelligence Authorization Act modifies Section l 7(d)(5)(G) of the Central Intelligence Agency Act of 1949, 50 U.S.C. § 3517(d)(5)(G), to give the Inspector General "sole authority to determine whether any complaint or infonnation reported to the Inspector General is a matter or urgent concern" within the meaning of the statute. If confirmed, I will assist the CIA, as appropriate and consistent with my role and that of the CIA Inspector General, in implementing this provision of the law. 26 QUESTION 39: Do you believe that CIA whistleblowers have all the protections they need to interact directly with the congressional intelligence committees? If confirmed, I look forward to reviewing this question in light of current CIA practices and past experience at the agency, and to working with the Inspector General and this Committee on any reforms needed to protect CIA whistleblowers appropriately. QUESTION 40: 50 U.S.C. § 3517(d)(5) states that a CIA whistleblower may contact the congressional intelligence committees directly only if the employee "obtains and follows from the Director, through the Inspector General, direction on how to contact the intelligence committees in accordance with appropriate security practices." Do you agree that this provision does not permit the Director to deny whistleblowers direct access to Congress altogether? My initial impression is that Section 3517( d)(5)(D)(ii)(II) speaks to the secure method of contact with the intelligence committees. I have not, however, previously had the opportunity to consider this provision of the law, and would want to have the opportunity to review the statute more closely and consult with the CIA Office of General Counsel and Inspector General Ashton to better understand how the agency has historically interpreted and applied it before providing a definitive view on its scope. If confirmed, I would look forward to doing so. QUESTION 41: Please describe your understanding of the role of the CIA Inspector General, and the role of the CIA General Counsel in protecting the independence of the Inspector General. The CIA Inspector General's duties and responsibilities are set forth in Section 17 of the CIA Act of 1949 and include, among other things, the duty and responsibility to provide policy direction for, and to plan, conduct, supervise, and coordinate independently, the inspections, investigations, and audits of Agency programs and operations to ensure they are conducted efficiently and in accordance with applicable law and regulations. 50 U.S.C. § 351 71. 27 I believe the CIA General Counsel should have a strong working relationship with the CIA Inspector General, consistent with maintaining the appropriate independence of that office. If confirmed, I look forward to working with Inspector General Ashton. QUESTION 42: How would you resolve differences in the interpretation of law between the Office of General Counsel and the Inspector General? If confirmed, I look forward to developing a close working relationship with Inspector General Ashton. The Inspector General's duties and responsibilities include the duty and responsibility to provide policy direction for, and to plan, conduct, supervise, and coordinate independently, the inspections, investigations, and audits of agency programs and operations to ensure they are conducted efficiently and in accordance with applicable law and regulations. 50 U.S.C. §3517(c). Although the CIA Inspector General has a counsel, Congress has recognized the CIA General Counsel as the agency's chieflegal officer pursuant to 50 U .S.C. § 3520. See Pub . L. No. 111 -259, § 425(£). If there were to be differences of opinion on matters of legal interpretation between the two offices, I would expect the Inspector General to raise those concerns with the General Counsel so that they can be resolved. General Oversight QUESTION 43: Will you commit to ensuring that the Privacy and Civil Liberties Oversight Board is provided full access to all appropriate information it requests? Yes . I share the views expressed by Director Haines and DNI General Counsel Fonzone during their confirmation hearings regarding the importance of the Privacy and Civil Liberties Oversight Board. If confirmed, I will work with the Director of the CIA and CIA's Privacy and Civil Liberties Officer to provide the Board the access to CIA information needed to allow it to perform its role. QUESTION 44: 28 What is the role of the CIA General Counsel in ensuring that compliance issues are submitted to the Intelligence Oversight Board? Section 1.6(c) of Executive Order 12333 states that the Director of the CIA must report to the Intelligence Oversight Board any intelligence activity that the Director has "reason to believe may be unlawful or contrary to executive order or presidential directive." I understand that the Director of the CIA has assigned to the CIA' s General Counsel and Inspector General the responsibility to report to the Intelligence Oversight Board intelligence activities that they have reason to believe may be unlawful or contrary to executive order or presidential directive. Analysis QUESTION 45: The CIA's website states that the Agency's mission is "to preempt threats and further U.S. national security objectives by .. . producing objective all-source . ... " ana1ys1s • Is it appropriate for the CIA to produce subjective intelligence analysis advocating for policy positions in interagency and presidential decision processes? • How would you, if confirmed, ensure that CIA remains objective and apolitical in its analysis and production? Director Haines has described analytic objectivity as a core ethic for Intelligence Community analysis, and I agree. The role of CIA's intelligence analysts is to present accurate, rigorous intelligence analysis to policymakers. If confirmed, I would help support the agency 's implementation and reinforcement of that core ethic in any manner that is appropriate to my role as General Counsel. General QUESTION 46: Section 104A(d)(4) of the National Security Act includes, among the duties of the Director of the CIA: "perform such other functions and duties related to intelligence affecting the national security as the President or the Director of National Intelligence may direct." The Director's duties related to the CIA's 29 collection and analytical missions are described in Sections 104A(d)(l)104A(d)(3). All covert action is governed by Section 503 of the Act. Please describe any "other functions and duties" that could be authorized under Section 104A(d)(4). I am not familiar with the historical uses of the particular provision of the National Security Act referenced, if any, and would want to better understand the range of potential functions that it might encompass before advising on its scope. If confirmed, I look forward to learning more. QUESTION 47: As defined in Title 50, "the term 'intelligence' includes 'foreign intelligence' and 'counterintelligence."' (50 U.S.C. § 3003(1)) Title 50 also defines "national intelligence" as referring "to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States that - (A) pertains, as determined consistent with any guidance issued by the President, to more than one United States Government agency; and (B) that involves (i) threats to the United States, its people, property, or interests; (ii) the development, proliferation, or use of weapons of mass destruction; or (iii) any other matter bearing on United States national or homeland security." (50 U.S.C. § 3003(5)) • Do you interpret the term "intelligence" to include anything beyond "foreign intelligence" or "counterintelligence?" If so, what other kinds of intelligence do you believe fall under the term "intelligence?" • What are the differences between "intelligence" and "national intelligence?" Please provide examples of something you would consider to be "intelligence" that is not "national intelligence," and something that is "national intelligence" but not "intelligence." Your examples can be included in a classified annex. The National Security Act makes clear that the term "intelligence" in the statute includes both foreign intelligence and counterintelligence. 50 U .S.C. § 3003(1). As I understand the definitions in 50 U.S.C. § 3003(5), "national intelligence" refers to information that meets the criteria specified in Section 3003(5)(A)-(B). Intelligence that does not meet these criteria would not qualify. That determination is a fact-specific one. All "national intelligence," on the other hand, would seem to fall within colloquial definitions of "intelligence" in the sense of "information." 30 Past Work Experience QUESTION 48: In your response to the Committee Questionnaire, you wrote that your portfolio at the White House Counsel's Office from 2013 to 2015 "involved working closely with the National Security Council staff on legal policy issues, including matters of national security and intelligence policy." Please provide a description of matters that you worked on that are relevant to the Intelligence Community or are otherwise relevant to the position to which you have been nominated. Please respond through classified channels to the extent necessary. During my time as a Special Assistant to the President and as an Associate Counsel in the White House Counsel's Office, I worked on a range of national security matters. For instance, in conjunction with other attorneys from the National Security Council staff and White House Counsel ' s Office, I worked on: advising White House clients on litigation developments; legal issues associated with the development of privacy-related policies; national security, intelligence, and law enforcement legal authorities ; legal issues associated with big data; cybersecurity legislative developments; legal questions arising from proposed or enacted national security legislation; legal matters associated with Administration positions relating to intelligence, counterterrorism, and foreign relations; and a range of matters presented to deputies and principals through the National Security Council process. QUESTION 49: In your response to the Committee Questionnaire, you wrote that, as Counsel to the Assistant Attorney General for National Security, you "provided legal advice to the Department and interagency partners on national security matters affecting the law enforcement and intelligence communities." Please provide a description of matters that you worked on that are relevant to the Intelligence Community or are otherwise relevant to the position to which you have been nominated. Please respond through classified channels to the extent necessary. As Counsel to the Assistant Attorney General for National Security, I assisted the Assistant Attorney General in her daily duties and worked on a range of matters within the purview of the Department's National Security Division. For instance, in conjunction with other attorneys in the National Security Division' s front office and throughout the Division, I worked on: prosecution-related legal issues; the establishment of the National Security Cyber Specialists' Network and the 31 application of cybersecurity-related authorities; interagency discussions about national security roles and responsibilities; the application of the Foreign Intelligence Surveillance Act; Attorney General guidelines issued pursuant to Executive Order 12333; and the Division's management of matters before the Committee on Foreign Investment in the United States. More generally, I assisted in the Assistant Attorney General's management of matters assigned to the Division and in communicating about those issues to the Department's leadership offices. I also assisted the Assistant Attorney General and other Department officials in their work on a range of matters arising through the National Security Council process. QUESTION 50: Please describe private sector legal work related to clients' connections to the Intelligence Community or work that is otherwise directly relevant to the position to which you have been nominated. I do not recall working for any private sector clients on litigation, arbitrations, or investigations to which elements of the Intelligence Community (IC) were a party; particular contracts private sector clients held with IC elements; or meetings private sector clients held with IC elements. It is, of course, possible that some of the matters on which I worked may have had other connections to elements of the IC. For instance, it is possible that the private sector clients for which I did work (for instance, health care companies) had IC element customers, or that matters on which clients had interaction with the government came to the attention of members of elements of the IC (for instance, during cybersecurity breaches reported to the Federal Bureau of Investigation). More generally, I would consider some of my private sector experience, such as advising clients on privacy and cybersecurity matters, to be part of the set of relevant experience that I would bring to the position if confirmed. QUESTION 51: What were your duties as Vetting Director for the PT Fund, Inc.? I led the team that vetted potential nominees and appointees for the incoming administration. QUESTION 52: 32 You listed dozens of other companies and individuals as clients, including two clients whose client relationships with Sidley are confidential. Have you ever knowingly provided representation to any client that works on behalf of a foreign government or has direct links to the governments of any of our adversaries, including China, Russia, and Iran? To the best of my knowledge, I have not represented any client knowing that the person/entity was controlled by a foreign government, including the foreign governments of any of our adversaries. My response to Question 35 on the Committee's standard questionnaire includes all of the foreign clients I represented while at Sidley Austin. On March 25, 2022, I provided for the Committee under separate cover the identities of the two confidential clients mentioned in my response to Question 35, both of which are U.S.-based. QUESTION 53: Please describe your pro bona work. At Sidley Austin I did pro bono litigation and regulatory compliance work- for instance, advising non-profits on cybersecurity and health-information privacy. Air America QUESTION 54: Chairman Warner and Vice Chairman Rubio introduced the Air America Act of 2022 (S. 407) on February 24, 2021. On February 2, 2022, the Committee on Homeland Security and Governmental Affairs (HSGAC) ordered the bill to be reported favorably with an amendment in the nature of a substitute. • Do you support the bill, as reported out? Please answer yes or no. If no, please explain. I am not familiar with the underlying facts regarding Air America and therefore do not have an informed position on the bill as drafted. If confirmed, I look forward to learning more about this issue. • Do you agree that the CIA owned and operated Air America? Please answer yes or no. If no, please explain. 33 I do not have sufficient inforn1ation to make a judgment at this time but look forward to learning more about the issue, if confirmed. • If confirmed, and if the bill is enacted, will you support its execution in your capacity as CIA's General Counsel? Please answer yes or no. If no, please explain. Yes, I will support the execution of all applicable laws consistent with my obligation to support and defend the Constitution. QUESTIONS FROM SENATOR RUBIO Past Work Experience QUESTION 55: In your current position as Chief Counselor in the Office of the Attorney General, you have advised on a "number of national security matters- work that often involves other interagency partners." Please respond to the below questions and provide an explanation if answered "yes." • Have you advised on immigration or border security matters? • Did you advise on the termination of the Department of Justice's China Initiative? • Did you advise on any aspect of the Administration's Afghanistan withdrawal? • Have you advised on matters related to Russia's invasion of Ukraine and the U.S. response? • Did you advise on the decision to remove the FARC from the Foreign Terrorist Organization list? • Did you advise on the Administration's recent engagement with the Maduro regime in Venezuela? • Are you advising on the Administration's engagement on a nuclear deal with Iran? In my role as Chief Counselor in the Office of the Attorney General, I help manage the office and advise the Attorney General, with a particular focus on national security matters. 34 With respect to matters that come to the attention of the office, I may have awareness of the matter, attend related meetings or events, oversee the work of a Counsel to the Attorney General on the matter, or advise on associated Attorney General statements or actions-to take a few examples. With respect to national security matters involving Administration policies that come before the Attorney General, for instance as part of a National Security Council process, my role might be to ensure that the Attorney General has appropriate preparation from subjectmatter experts. QUESTION 56: You noted in responses to the standard Committee questionnaire that at the White House Counsel's Office, where you served from 2013 to 2015, your portfolio "involved working closely with the National Security Council staff on legal policy issues, including matters of national security and intelligence policy." • In which capacity did you work on legal issues of national security policy from the White House Counsel's Office? • Did such work fall within the purview of the Counsel's Office as opposed to the Legal Advisor to the NSC? • Did you work on matters related to the Obama Administration's policy toward Cuba? If so, please explain your involvement. • You were a senior White House attorney during the 2015 negotiations on the Joint Comprehensive Plan of Action regarding concessions to the Islamic Republic of Iran, a state-sponsor of terror, in exchange for purported restrictions to Iran's nuclear program. o To what extent did you advise on that matter and related matters? o Given your close work with NSC staff during that period, did you supervise or advise attorneys otherwise involved on the Iran deal? What about those on the NSC staff coalescing policy decisions for the President? I was first an Associate Counsel in the White House Counsel's Office and was then promoted to the Special Assistant to the President-level in the office. I worked 35 closely with the National Security Council (NSC) legal staff, but was not part of the NSC staff. I did not supervise other attorneys in this position. For a description of types of national security matters on which I worked, please refer to my response to question 48. QUESTION 57: In response to question 35 on the questionnaire, you listed a China-based company called WuXi App Tee Co., LTD as a client. It is the parent company of Wu Xi Biologics, which the Chinese state media have called the "Huawei" of China's pharma sector, and it has deep connections to China's Communist Party-State. This company raises several concerns: First, the Chinese Government, in its zero-sum competition with the United States, considers the biotech sector as one of the key industries to develop through illegal tech transfer, subsidies, and economic espionage. In 2016, WuXi App Tee Co., LTD and Huawei signed a strategic collaboration agreement to jointly advance the collection and use of medical data, and launched the China Precision Medicine Cloud, which they said would support the Chinese government's $9.2 billion Precision Medicine Initiative. Second, WuXi App Tee Co., LTD talent recruitment has drawn on state, military, and private sector networks involving China's Thousand Talents Program, the Academy of Military Medical Sciences, which is on the Entity List, and the Western Returned Scholars Association, which is supervised by the CCP's United Front Work Department. WuXi App Tee Co., LTD's 7,000-plus employees include more than 1,000 Party members. Third, Beijing has amassed the world's largest collection ofbiodata, in part thanks to WuXi App Tee Co., LTD investments in the United States and Europe. • What was the nature of your work for WuXi App Tee Co., LTD? I advised the company about compliance with U.S. privacy laws. • When did the work occur? Between the end of September 2018 and February 2019. • How many hours did you bill the client? Under ten hours. 36 • Do you believe WuXi App Tee Co., LTD is controlled by a foreign government? If you believe it is not, please explain. If you believe it is, please explain why this representation was not included in your response to question 17 A on the standard questionnaire. I was not aware during the course of the representation or when I was filling out the standard questionnaire of any suggestion that WuXi App Tee Co., Ltd. is controlled by a foreign government. QUESTION 58: In response to Question 13 on the standard questionnaire related to published writings, speeches, and other published materials, you listed nine articles that you have published coauthored with current ODNI General Counsel Christopher Fonzone. • Were you and Mr. F onzone law partners at the time you coauthored each of these publications? Mr. Fonzone and I both worked at the law firm Sidley Austin when we wrote the pieces on which we are listed as co-authors in Question 13 of the Questionnaire, but I was a Counsel at the firm until 2020, when I became a Partner. • Did you contribute to Mr. Fonzone's representation of the PRC? Consistent with my recollection, firm billing records confirm that I did not bill any time to any matter for the People's Republic of China (PRC). I do not recall Mr. Fonzone's representation of the PRC from my time at the firm . • Did you contribute to his representation of Huawei? Consistent with my recollection, firm billing records confirm that I did not bill any time to any matter for Huawei. In an abundance of caution, I note that I believe I was included in internal firm discussion about a new or potential engagement for the company. China QUESTION 59: 37 Do you agree that China, under control of the Chinese Communist Party, is engaging in a zero-sum game of economic and technological competition against the United States? I share your concern. As Director Bums said during his confirmation hearing, "out competing China" is "key to our national security in the decades ahead." And the Intelligence Community assessed in its 2022 Annual Threat Assessment that "Beijing sees increasingly competitive U.S.-China relations as part of an epochal geopolitical shift." QUESTION 60: Do you agree that one of the primary goals of the Chinese Communist Party is to displace the United States and rewrite the international-rules based system? Yes, U.S. intelligence agencies have assessed that the People's Republic of China government (PRC), ruled by the Chinese Communist Party (CCP), is working to change global norms, as reflected in the Intelligence Community's 2022 Annual Threat Assessment. QUESTION 61: What threat does the Chinese Communist Party pose to the national security of the United States? My understanding is that the PRC poses threats to the United States and U.S. interests along multiple vectors, including through its efforts to steal U.S. trade secrets, conduct espionage, utilize malicious illegal cyber activity, and engage in malign influence and transnational repression. QUESTION 62: What is your assessment of the Chinese Communist Party's tactics to achieve global dominance, particularly as it relates to its efforts within the United States? Please refer to my response to question 61 above. QUESTION 63: 38 Is the threat from the People's Republic of China and the Chinese Communist Party different than those from other nation-state actors? Please explain. Yes. Although I am not a China subject-matter expert, it is my understanding that the PRC's tactics and effort across a range of activities, likely among other things, distinguish it from other nation-state actors. QUESTIONS FROM SENATOR WYDEN Office of the General Counsel QUESTION 64: In February 2014, the then-Acting CIA General Counsel filed a crimes referral with the Department of Justice against Senate Intelligence Committee staff. According to the CIA Inspector General, the referral was based solely on information provided by two Office of General Counsel attorneys and that the information was "inaccurate" and had "no factual basis." • • What accountability should there be for drafting and filing of a false crimes report against congressional staff? How would you respond should a request or proposal for a crimes referral against Members of Congress or congressional staff come to you? If I were to be asked to file such a crimes referral, I would take such request seriously and would give it my personal attention, including with respect to the accuracy of any of the information upon which it relies. Those responsible for such reports should make every effort to ensure that such reports are accurate and comply with all applicable procedures. Human Rights QUESTION 65: In an August 16, 2015, letter, then-Director of the CIA John Brennan wrote that: "While we neither condone nor participate in activities that violate human rights standards, we do maintain cooperative liaison relationships with a variety of intelligence and security services around the world, some of whose constituent entities have engaged in human rights abuses." 39 • Please describe your understanding of the legal issues associated with CIA liaison relationships with services whose constituent entities have engaged in human rights abuses. Are there circumstances in which those human rights abuses legally obligate the CIA to discontinue the liaison relationship? • If a liaison serve were to use CIA-provided resources to engage in human rights abuses, would the CIA bear any legal responsibility? • Would the CIA have a legal responsibility to end or modify its relationship with a liaison service in such a scenario? If confirmed, I would treat such matters with utmost concern. If presented with such a question, I would consider the totality of the issue, not simply whether CIA, or individual officers, could bear legal responsibility but also whether continuing, modifying, or tenninating the relationship is consistent with the agency's legal obligations and broader responsibilities; what notifications should be made; and the basis for CIA ' s understanding about the abuses, or potential abuses. Detention and Interrogation QUESTION 66: Section 1045 of the National Defense Authorization Act (NDAA) for Fiscal Year 2016 prohibits the use of any interrogation technique or approach or treatment related to interrogation not authorized by the Army Field Manual (AFM) or any modifications to the AFM, and states that the AFM may not authorize techniques that "involve the use or threat of force." • Is this provision of law binding on the CIA? Yes. • Do you agree that the CIA's former "enhanced interrogation techniques" would violate the AFM and any modification thereof? The Army Field Manual (AFM) constitutes the totality of legally permissible interrogation techniques. Anything not permitted by the AFM- which includes all forms of torture or cruel, inhuman, or degrading treatment or punishment- is prohibited. 40 • To the extent the CIA participates in any updates of the AFM, do you agree to oppose any techniques that involve the use or threat of force? Section 1045 of the National Defense Authorization Act for Fiscal Year 2016 (NDAA for FY 2016) prohibits updating the AFM to include any techniques that "involve the use or threat of force ." I would therefore not only oppose updates that include any techniques that involve the use or threat of force but advise my clients that such techniques are not legally pennissible consistent with the NDAA for FY 2016. QUESTION 67: The statutory prohibition on interrogations not consistent with the AFM apply to any individual "in the custody or under the effective control of an officer, employee, or other agent of the United States Government; or detained within a facility owned, operated, or controlled by a department or agency of the United States, in any armed conflict." • Please describe the factors that would indicate whether a detainee was in the "effective control" of any officer, employee, or other agent of the United States Government. • Please describe how you would define whether a detainee is "detained within a facility owned, operated, or controlled by a department or agency of the United States." If confirmed, I would want to look at this fact-specific question closely, after studying the law and text of the statute, and consulting with experts and attorneys from other departments and agencies, particularly since the CIA is prohibited from operating detention facilities pursuant to Executive Order 13491 . QUESTION 68: Do you believe that any of the CIA's former "enhanced interrogation techniques" are consistent with the Detainee Treatment Act, the U.S. statutory prohibition on torture, the War Crimes Act, or U.S. obligations under the Convention against Torture or Common Article 3 of the Geneva Convention? During his confirmation process, Director Burns stated that he believed the CIA's former enhanced interrogation techniques included torture, and I believe such techniques are clearly prohibited by U.S. law. 41 QUESTION 69: Executive Order 13491 prohibits the CIA from operating any detention facilities other than "facilities used only to hold people on a short-term transitory basis." Do you support this prohibition? Yes. QUESTION 70: Do you agree that CIA officers should not participate in interrogations of detainees in liaison custody when those officers witness, know of, or otherwise suspect the torture or mistreatment of detainees? In addition to complying with all applicable legal prohibitions, I agree with Director Bums' position that CIA officers should not participate in detainee debriefings in liaison custody if the CIA has received credible information that detainees in liaison custody have been tortured or mistreated. Executive Order 12333 QUESTION 71: The Privacy and Civil Liberties Oversight Board's report on Executive Order 12333 report stated: "As agencies implement their new or revised Attorney General-approved guidelines, such lower-level policies likewise must be updated to reflect new privacy and civil liberties safeguards. For instance, some agencies' new or revised Attorney General-approved guidelines for the first time address 'bulk collection.' As a result, activity-specific policies that relate to such activities must be updated to address the safeguard now afforded by the revised procedures, as well as PPD-28 and other intervening developments in the law. These also may include, for example, new or revised training requirements and updated database user manuals." Do you agree to prioritize the development of updated privacy and civil liberties safeguards, as well as policies, training, manuals and other guidance to ensure that EO 12333 activities are conducted consistent with the AG Guidelines and the public's understanding of the legal and policy framework for such collection? 42 Yes, I would support the development of these materials in coordination with the CIA's Privacy and Civil Liberties Officer. QUESTION 72: The Privacy and Civil Liberties Oversight Board's report stated that IC elements should review their legal and constitutional analysis regularly and revise them as necessary to reflect changes in the law and technology. For example, technological changes can affect the scope and nature of U.S. person information collected or how the IC queries and retains U.S. person information. How will you ensure that the CIA regularly reviews its legal and constitutional analysis? If confirmed, I will consult with the lawyers in the Office of General Counsel and CIA's Privacy and Civil Liberties Officer on existing practices for reviewing legal analyses to ensure that they adequately account for the need to reflect legal and technological changes. QUESTION 73: Would you agree to make public the CIA's interpretation of the U.S. Supreme Court's Carpenter case, to the extent such interpretation provides a legal framework for CIA activities? I look forward, if confirmed, to reviewing any existing CIA guidance on the Carpenter case and to working with colleagues to seek to provide information about significant legal frameworks to the public to the extent consistent with the need to protect sensitive national security information. QUESTION 74: Do you believe that the privacy interests of Americans should depend on whether their information is purchased or obtained voluntarily by the government, as opposed to compelled through legal process? I believe that the privacy interests of Americans must be carefully protected. If confirmed, I will have an opportunity to better understand current methods of obtaining information and will be able to determine whether changes are advisable. QUESTION 75: 43 During their confirmation processes, DNI Haines, CIA Director Burns and ODNI General Counsel Fonzone committed to making public a framework to help the public understand the circumstances under which the IC purchases commercially available information and the legal basis for doing so. Do you agree to support efforts to maximize public transparency on this topic? Yes . Lethal authorities QUESTION 76: Please describe your view of the legal implications of targeting or otherwise knowingly killing a U.S. person in a U.S. government lethal operation. What additional transparency do you believe would be warranted in that situation? Decisions to engage in such a U.S. government operation are some of the most serious the government can confront. It is essential that any such operation comply with the law, and I believe that continued transparency on these matters is important. Transparency QUESTION 77: What is your view on "secret law," meaning classified legal interpretations that are inconsistent with the public's reading of the law as informed by the plain meaning of statutes, jurisprudence, executive orders and associated guidelines, and public testimony? • • If confirmed, how would you approach any such inconsistences? Would you support the declassification and public release of any legal interpretation that provides a basis for intelligence activities but is inconsistent with the public's understanding of the law? If confirmed, I will support efforts to enhance the public's understanding of significant Intelligence Community legal frameworks, consistent with the need to protect sensitive national security information. I believe this is an important part of the Intelligence Community's accountability to the American people. 44 Past Work Experience QUESTION 78: During your service at the White House Counsel's office, did you participate in any discussions related to the CIA' s improper accessing of Senate Intelligence Committee staff files and records or the CIA' s crimes report against Committee staff? If so, please elaborate on your role. For a description of types of national security matters on which I worked at the White House Counsel's Office, please refer to my response to question 48. 45