152  PRIVACY IN A CYBER AGE

                surveillance, particularly that taking authority from executive order,
                “lies entirely outside of FISC review,” and as such “is only subject to
                the NSA’s internal ‘checks and balances.’” 220
              ●   Annual reports by Inspectors General regarding the activities of the
                NSA 221
              ●   Stronger laws protecting whistleblowers; a category that should be
                limited to those who go through established channels rather than
                leak information to the public and the press. 222
              ●   Subjecting the NSA to closer oversight by various Congressional
                         223
                committees.  One should note, however, the danger of overcorrecting
                for the current problems. Famously, the Department of Homeland
                Security is subject to so many committees that its senior staff spends a
                very large portion of their time testifying before Congress and preparing
                for such appearances.
              ●   Reforming how FISA court judges are selected to ensure greater inde-
                pendence from government and creating multiple judge panels that
                might allow for dissents. 224
              ●   Senator Dianne Feinstein has suggested that the government should
                keep records for only two or three years rather than for the present
                five-year retention period. 225  However, there is no apparent evidence
                that such a short period is sufficient. Sleeper cells often stay inactive
                for ten years or longer. A case in point is the Russian spy ring that was
                broken up in 2010. 226
              ●   Implement audit trails to ensure that only the proper authorities have
                access to any given piece of information. 227

              A report on the operation of the Terrorist Finance Tracking Program
           (TFTP) provides a powerful example. A project developed by the U.S.
           Treasury, the TFTP collects large amounts of data from a financial mes-
           saging system (called Swift) that records data on financial transfers. The
           TFTP used this information to uncover terrorist networks and to prevent
           multiple attacks. 228  Importantly, the TFTP was subjected to significant
           oversight—only narrowly focused searches and analysis of the data were
           permitted, and two different groups of independent auditors ensured that
           those restrictions were being strictly adhered to. 229  Moreover, any time a
           government analyst wanted to query the system, they had to submit a
           reason for their query that could then be approved or denied by a Swift
           representative. 230  (It is not obvious that this arrangement is scalable to the
           NSA level. Queries by analysts are already reviewed by managers at NSA.
           Select queries are subject to a “two person” rule.)
              Other suggestions involve Congress; for example, some have suggested
           increasing the number of members of Congress who are being briefed or