Transcript: FBI director on surveillance of 'illegal' Internet activity

When the FBI suggested that it should be able to perform wide-scale Internet monitoring to detect "illegal activity" on Wednesday, the bureau raised more questions than it answered.

To help clear things up, we're providing the transcript of FBI Director Robert Mueller's exchange at a House of Representatives hearing with Rep. Darrell Issa, a California Republican. Issa made his fortune by founding Directed Electronics, a publicly traded company that sells car alarms and home theater loudspeakers.

Issa also is a member of the House Intelligence Committee, which is holding a closed hearing on Thursday devoted to the Bush administration's so-called Cyber Initiative. In January, President Bush signed a pair of secret orders--National Security Presidential Directive 54/Homeland Security Presidential Directive 23--that apparently deal with detecting and preventing Internet disruptions.

Here's the relevant section of the transcript from the House Judiciary hearing on Wednesday:

Rep. Issa: Director, there isn't enough time in five minutes to open and close the subject of the Cyber Initiative, but this committee, in my opinion, is going to be the lead committee on, ah, the actual effectiveness of that initiative. As we both know it's compartmented, highly classified. But I'd like to concentrate just on what laws or changes that you would need from this committee if you were to do the following, and I'll set out a scenario.

If you go into a place and there's a crime actively being committed, let's say there's a bookie joint, and there's tens of thousands of illegal transactions going on every minute. And you know that. And you have proof of that. You don't question your ability to go in and to harvest the fruit of all the activities in there, is that correct?

Mueller: That's correct.

Mueller: With a search warrant, quite honestly.

Rep. Issa: With a search warrant. Today every ISP is being maliciously attacked--this goes beyond the .mils and .govs--but I think that's the important reason that we approach it today. Every ISP is being attacked, maliciously both from in the United States and outside of the United States, by those who want to invade people's privacy.

FBI director Robert Mueller, shown here at Wednesday's hearing, says 'legislation has to be developed' that would 'identify the illegal activity as it comes through and give us the ability to preempt that illegal activity.'

(Credit: Anne Broache/CNET News.com)

But more importantly they want to take control of computers, they want to hack them, they want to steal information. This is also true of the .mils and .govs. Every one of our congressional offices, every day, is under attack.

Every portal leading out of the United States, some of them going in and out of the United States, but talking only about your jurisdiction in the United States. Every portal coming into this country is being attacked by those who would harvest information, both national security secrets and just the common information of private individuals and private individuals.

That crime is going on, every day, on a single entity known as the Internet. What authorities do you need to monitor, looking for those illegal activities, and then act on those, both defensively and, either yourselves or certainly other agencies, offensively in order to shut down a crime in process?

Now, I'm a civil libertarian. I was with Bob Barr arguing some of the elements of the Patriot Act that we still don't agree should have been there. But when I set up the crime scenario, how is it that you're going to get the right to react when today, people would say that if they, if you're addressing an action from an American person, you don't have that right? How are you going to do it, and how can we help you do it appropriately and constitutionally?

Mueller: I think legislation has to be developed that balances on one hand, the privacy rights of the individual who are receiving the information, but on the other hand, given the technology, the necessity of having some omnibus search capability utilizing filters that would identify the illegal activity as it comes through and give us the ability to preempt that illegal activity where it comes through a choke point as opposed to the point where it is diffuse on the Internet.

And it is a question of the legislation catching up to the technology. Understanding that these crimes are being committed every moment. But then identifying our ability to focus on the particular criminal element as it's coming through and preempt that criminal element, whether it be .mil, .gov, .com, whichever network you're talking about.

Rep. Issa: OK, and one follow-up question, or two follow-up questions, because I know we're not going to get it all resolved today. One, can you have someone on your staff designated to work with members of Congress on trying to craft that legislation? I'd appreciate being able to work with that person.

And secondly, and this goes to a legal opinion you may or may not be able to help us with today, but I'd like you to try to work on it. If ISPs or other private entities, a Lockheed Martin on one hand, and my old company, Directed Electronics on the other, if they consented to participation voluntarily in being, in fact, defended in a Cyber Initiative--and that includes ISPs that hypothetically got consent from every single person who signed up to operate under their auspices.

If that consent were granted, do you believe that current laws either can or reasonably easily could be made to protect them? In other words, a voluntary program that would begin allowing federal agencies to counter-attack and to defend on behalf of those who waive current possible restrictions in that sense. And that's probably my most important question to get this committee thinking of.

Mueller: I think that's going to require some thought because an individual company can say "OK, I consent to have somebody protect me." But if the filter is inappropriately placed just protecting that particular company, it may have to be one or two or three institutions or ISPs off, and that's where you would have a problem. whether it would be, i forget what company you mentioned, but Lockheed Martin saying," I'm willing for somebody to protect me," but the protection may be two or three companies off. Lockheed Martin has no mechanism in order to affect the company that's two or three off, if you see what I'm getting at.

Rep. Issa: Thank you, and thank you, Mr. Chairman. Hopefully 163.33.33.0 will be protected if they ask to be, whoever they are. (Editor's note: 163.33.33 seems to be an Internet protocol address near San Jose, Calif.)

Rep. Conyers: As you wish, Mr. Issa.

Rep. Issa: Mr. Chairman, I do hope that when we look at the Cyber Initiative, we view ourselves as the primary committee that has to clear the way for appropriate action on behalf of our government, all branches.

Rep. Conyers: (Nods)