Hayden, Leahy debate president's proposed NSA reforms; ObamaCare website security getting worse?

Written by Chris Wallace / Published January 19, 2014 / Fox News Sunday

Special Guests: Michael Hayden, Sen. Patrick Leahy, D-Vt., David Kennedy

This is a rush transcript from "Fox News Sunday," January 19, 2014. This copy may not be in its final form and may be updated.

CHRIS WALLACE, HOST: I'm Chris Wallace. President Obama sets new limits on government surveillance but finds it's harder to strike the balance as president than it was as a candidate.

(BEGIN VIDEOTAPE)

PRESIDENT BARACK OBAMA: No more illegal wiretapping of American citizens. No more ignoring the law when it is inconvenient.

We cannot prevent terrorist effects or cyber threats without some capability to penetrate digital communications.

WALLACE: We'll discuss the new reforms with the former head of the NSA and CIA, General Michael Hayden. And the chairman of the Senate Judiciary Committee, Patrick Leahy, who wants still more privacy protection.

Hayden and Leahy, only on "Fox News Sunday."

Then, ObamaCare's troubles continue with heightened concerns about website security.

DAVID KENNEDY, CYBER SECURITY EXPERT: I don't see how we're still discussing whether or not the website is insecure or not -- it is. And there's no question about that.

UNIDENTIFIED MALE: It is insecure.

KENNEDY: It is insecure, absolutely, 100 percent.

WALLACE: We'll ask cyber security expert David Kennedy just how vulnerable the ObamaCare website really is.

And our power player of the week, using 3D printers to save lives.

UNIDENTIFIED MALE: You can think about it just like an ink jet printer, except in these days, it builds up a three dimensional model one layer at a time.

All, right now, on "Fox News Sunday."

(END VIDEOTAPE)

WALLACE: And hello again from Fox News in Washington.

President Obama tried to deal with a growing uproar over government surveillance Friday, looking to strike a new balance between national security and civil liberties.

We've invited two men at the center of the debate to discuss what the president did and didn't do.

General Michael Hayden is former head of the NSA and then the CIA, charged with gathering intelligence to keep the country safe. Democrat Patrick Leahy is chair of the Senate Judiciary Committee and has already introduced legislation to cut back even more on government surveillance.

Gentlemen, welcome back to "Fox News Sunday."

GENERAL MICHAEL HAYDEN, FORMER NSA DIRECTOR: Good morning.

WALLACE: Let's start with the big picture.

General Hayden, what do you think of the president's reforms that he announced Friday? Does he comprise this nation's security?

HAYDEN: Chris, there's a lot to like about the speech. That first third is the most robust defense of why we conduct intelligence and how we conduct intelligence that the president has made since he's been in office. If he had been giving that speech for the last six months, I'm not so sure he would have had to have made the speech at the Department of Justice.

Now, when you get into the substance, what he changed, I think there's a clear pattern with both the domestic and the foreign piece. He's going to cut back on some capacities. He hopes that the margins, cutting into agility a bit, putting administrative burdens on, that could be risky. But it looks like he's willing to accept that risk in order to fundamentally preserve the programs.

WALLACE: All right. We're going to get into the details in a moment. But let me get big picture from you, Senator Leahy.

Does the president go far enough in protecting Americans' privacy?

SEN. PATRICK LEAHY, D-VT.: I think he is trying to protect Americans. You always have that balance between the privacy and protection. The concern that many have had -- and this is united Republicans and Democrats across the political spectrum in the House and Senate, is have we gone too much into American's privacy? And we've also reached a point of if we collect anything, do we have anything as we found in the past? Sometimes we have so much stuff we don't go through it.

He has laid out a framework of the things he might do. There is still going to be legislation on this. For example, Attorney General Holder is coming to -- before the Senate Judiciary Committee on January 29th, the day after the president's State of the Union message. We're going to ask him a lot of questions, because a lot of it was between what he and head of national intelligence have to work out.

There's going to be a lot of questions again from both Republicans and Democrats who are concerned that we're going too much in the privacy of Americans.

WALLACE: OK. Let's get into some details.

I think it's fair to say the biggest debate is over the collection of metadata, the records of billions of Americans' phone calls, not the content, but the fact that my number called your number, how long the call lasted.

Here's what the president said about those on Friday.

(BEGIN VIDEO CLIP)

OBAMA: I believe we need a new approach. I'm therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.

(END VIDEO CLIP)

WALLACE: The president wants the NSA to get court approval before it can search the database. He wants someone other than the government to hold the records and to pursue calls only two steps removed from a suspected number, instead of the current three steps removed.

General Hayden, given the fact that the current NSA director, Keith Alexander, says that this bulk collection of metadata has only prevented one or two plots at the most, can't you live with those restrictions?

HAYDEN: Well, it appears they're going to have to live with those restrictions, Chris. But let's take them one at a time.

Two versus three hops. And look, when you get to the third hop, very often --

WALLACE: And, basically, let me just quickly say, what that means is they identify that there's a bad number. Currently they can say, well, OK, this number called that number, called that number, called that number. Three hops. Now, it will be only two hops.

HAYDEN: Now, look, if the third hop weren't useful from time to time, we wouldn't have been doing it in the first place. By the time you get out there, you really pretty much discover, everybody has a dentist and everybody orders pizza, right? So there is an impact, but it's marginal. I'm a little more concerned about going to the court every time you want to clear the data. As you said, Chris, they've got the data in the big database.

And then they have what's called a "seed number", that's almost always a foreign number. You get a cell phone from a safe house in Yemen, and you want to ask that data base has that seed number, that bad number you now have, ever been in contact with numbers here in the United States? And the standard is, do you have a reasonable, articulable suspicion that that seed number is Al Qaeda-related?

That's a professional intelligence judgment. I don't know what role the court has in adding value. And you know Judge Banks, former head of the FISA court, in a letter to Congress, specifically said that.

WALLACE: Let me -- Senator, let me pick up with you, because in your legislation, the USA Freedom Act, you are calling for an end to the bulk collection of this metadata. Are you going to fight the president on this?

LEAHY: No, I think we have a way we can do this, but it's not a question of fighting the president. The question is what is Congress going to do on this? And I think there has been too much leeway. As you know, the FISA court, for example, is very critical, in fact, a few years ago the abuses of the procedures we had to collect data, and asked them to clamp down.

I worry because we just see what happened. For example, the Snowden thing, there was so much stuff stolen, we don't know everything that was stolen. And that worries you. They you have your telephone calls, General Hayden's telephone calls, my telephone calls. Where is all this going?

I'd rather have some -- somebody overseeing where you get it.

Now, on the question of emergency, president made very clear the emergency did go in and they would go to the court afterward. I just think that there should be an oversight.

Think back in the history of this country, J. Edgar Hoover, if they had -- if he had the power when he was spying on protesters and those against the Vietnam War and Martin Luther King, he'd have the power that's in here. We Americans believe in our safety. We also believe in our ability to be private.

I mean, I was a prosecutor for eight years. I believe in going after the bad guys. And I realize this is entirely different level than the bad guys I went after. But you still have to have some checks and balances before you have a government that can run amok.

WALLACE: OK. Let me go to another subject, because perhaps the most controversial reform that the president announced Friday is to extend privacy rights for foreigners.

Here's what the president had to say about that.

(BEGIN VIDEO CLIP)

OBAMA: People around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don't threaten our national security. And we take their privacy concerns into account in our policies and procedures.

(END VIDEO CLIP)

WALLACE: Senator Leahy, I can understand that because of the diplomatic uproar with Angela Merkel, the idea that we're not going to wiretap or eavesdrop on our allies, someone like a foreign leader.

Why on earth would we extend our constitutional protections to foreigners, particularly when we know those countries are spying on us?

LEAHY: I don't think that's what the president said. Now, as General Hayden and I both know, without going into classified material, we have as people know, we have relationships with all the intelligence services among our allies. We share great deal of information from them in both directions.

I think a lot of these countries were getting such feedback against the United States saying, why are they spying on us, too?

I think the president had to say something like this to know we're being protected. There is a growing and I think erroneous feeling in other countries that somehow the United States was in tapping all of them. And I think this was probably a way of helping some of our allies say, it's OK for us to cooperate with United States.

WALLACE: Well, let me ask you, General Hayden. Is that what this is? Is this a PR move?

The president said he's going to -- that we will continue to survey foreigners when it comes to --

LEAHY: PR is your word, not mine.

WALLACE: I understand that.

Counterintelligence or cyber security, is that what -- is that what this is basically that he's saying we're not going to do things that we weren't doing already?

HAYDEN: Look, if your definition of a PR move is to restore confidence domestically and abroad, that's exactly what the president is doing.

And what he's done here -- it's very interesting, Chris. And the president's language is very precise. He did not commit to pulling back on collection against foreign targets other than heads of state and heads of government. What he's talking about is the retention of that data and then how it's disseminated, and that part, he does say, we'll use the same standards we used for American persons.

Frankly, that's practiced now. But this is one of the things that concerned me. Remember I mentioned administrative burden before. We do that with great oversight for Americans. And it is administratively burdensome. This is a tenfold increase in the paperwork requirement. We'll see how much the system can stand that.

WALLACE: I want to make it clear though as we wrap this up. I want to move to one other subject, that basically, there's a lot less that the president changes than what he does change. And I want to talk about that.

The government will still be able to issue national security letters of broad subpoena power. They will still be able to build backdoors into hardware and software of private companies to collect information.

Let me get to both briefly to answer this, because the impression I get, maybe I'm wrong, General, isn't the basic surveillance structure that George W. Bush started after 9/11, isn't that still intact?

HAYDEN: Absolutely. And let me add one more item to your list, about going after encryption. His commission said we should pull back on that. He never mentioned encryption once in his talk.

WALLACE: So, in terms of the basic surveillance structure of George W. Bush --

HAYDEN: Exactly. Of course -- no, that's exactly -- the president has embraced it. He's got a political problem. I don't mean to trivialize it, because in a democracy, political problems are very serious. He needs consent of the governed. He's willing to shave points off of flexibility and administrative burdens and oversight. But the objective, Chris, is to keep on doing what he's doing.

WALLACE: Briefly, Senator Leahy, do you agree?

LEAHY: I think that we will -- we are going to maintain our ability to protect the United States. That's extremely important. Talking about encryption, we know that there is a tax on the United States all the time from foreign governments --

WALLACE: Right.

LEAHY: -- as well as others. We saw this attack on Target, which is enormous problem for this country.

So, we will -- we will protect against that. The concern everybody has is allowing our government to have such a reach into your private life, my private life and everybody else's, that we are -- we have a government controlling us instead of us controlling the government. And that's what both Republicans and Democrats are joined together on the Hill to try to change.

WALLACE: All right. I want to talk about one other subject in the time we have left, and that is that the six-month interim deal between the U.S. and Iran goes into effect tomorrow. It would limit the Iran's nuclear program in exchange for some easing of some sanctions that the West has put on Iran.

General Hayden, should Congress leave the deal alone or should they go ahead and pass this legislation which would impose sanctions six months from now if there is not another deal and actually prescribe what has to be in the final deal?

LEAHY: Yes. Chris, in my professional career, I'm creature of the executive branch. You want to give the executive as much running room as possible when it comes to negotiations like this. And so, I think having that congressional action just off stage, just in the wings might actually be a powerful negotiating tool.

Chris, here's the problem -- if this is a nuclear weapon, the Iranians are parked right about here. In the current six months, somewhat freezes on there and gives us a bit of transparency. But they're too close.

What we've got to do is crank them back. They've got to deconstruct stuff.

WALLACE: So you would support the legislation?

HAYDEN: I like -- I like the threat of additional sanctions hanging out there.

WALLACE: Senator Leahy, so far, 16 of your Democratic colleagues say that they are going to support imposing new sanctions against Iran.

LEAHY: I think --

WALLACE: Are they missing -- I mean, are they --

LEAHY: I think it's a mistake, and I'll tell you why. We voted for sanctions, very tough. And I voted for a very tough sanction on Iran.

Right now, we have these -- we have five plus one of the countries working with Iran on this. We have people that joined us on the sanctions. If they look like we're prejudging the negotiations, they're going to say, hey, United States, you're on your own. They're going to start pulling away in this --

WALLACE: Briefly, do you agree with the -- do you agree with the White House that if senators vote for that, they're pushing a march to war?

LEAHY: I think if we do that, we screw up the ability to have real negotiations. If the negotiations fail, if Iran is seen cheating, we will impose more sanctions in a nanosecond, both the House and the Senate. Don't do it prematurely because if you're trying to negotiate something, you don't have a third party in this case the Congress coming in involved in that negotiation.

WALLACE: Senator Leahy, General Hayden, thank you both very much.

Up next, our Sunday panel joins the discussion on the president's NSA reforms. And we're taking your questions on the topic. Just go to Twitter @FoxNewsSunday, or go to Facebook, and we may use what you ask on the air.

(COMMERCIAL BREAK)

(BEGIN VIDEO CLIP)

OBAMAThere are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.

(END VIDEO CLIP)

WALLACE: nbsp; President Obama trying to strike the right balance between security and privacy in the wake of the Edward Snowden leaks.

And it's time now for our Sunday group: Brit Hume, Fox News senior political analyst. We welcome Robert Costa of The Washington Post. Kimberly Strassel from The Wall Street Journal. And Fox News political analyst, Juan Williams.

Well, Brit, the president -- I think it's fair to say -- was trying to find some middle ground between the intelligence community on the one hand and a civil liberties folks on the other hand. What side should be happier with what he ended up deciding?

BRIT HUME, FOX NEWS SENIOR POLITICAL ANALYST: I think the intelligence folks should be happy. He trimmed the program at its edges, as you heard General Hayden describe. He did not dismantle it, nor did he really propose to dismantle it. Now, he does have central idea of moving all this metadata stored by the NSA to some other site, not clear if he can pull that off. Nobody really knows where to put it, the phone companies don't want it.

But, by and large, the program remains intact. And I think the president did -- this shows the president believes in the program. And I think what he did was as little as he thought he could get away with politically, he felt he had to do something because of the objections to this, paranoid some of them in my view, were pretty loud and a lot of people sort of on left and right were expressing that.

WALLACE: Let's make the point there. The president continues metadata collection. He continues the national security letters. He continues the government's ability to try to penetrate private companies -- their software and their hardware, their encryption -- to get information.

Bob, I want to ask you the same question that I asked our two guests in the prior segment. Doesn't the president in effect maintain the basic surveillance structure that was created after 9/11 by George W. Bush?

ROBERT COSTA, THE WASHINGTON POST: He does. There really was a status quo speech in many ways. I think the president really faces some challenges in Congress. But he's not only fighting up against opposition in his own party, from Bernie Sanders, but Rand Paul and others in the Republican Party. They're almost forming a new coalition that's really going to push back I think against the president's recommendations.

WALLACE: You know, that's an interesting question. Do you -- how much trouble do you expect? Because a lot of this the president can't do on his own.

And one of the things, Kim, that he talked about in the speech, Congress is going to have to approve if he's going to move the metadata, not the collection, but the storage from the NSA to either the phone company, which as Brit says, don't want it, or to a private, new created third party and you wonder about that and you wonder about potential security leaks there and privacy concerns.

Is Congress going to go along with him in all of this?

KIMBERLEY STRASSEL, THE WALL STREET JOURNAL: I mean, this is where the drama shifts to. You did have, for instance, John Boehner come out after that speech, very short statement, saying, you know, we in Congress are not going to do anything that is going to degrade their operational ability of the government to continue to protect the country -- which does suggest he's going to get some push back on some of the things that he has suggested.

Of course, what's interesting is that you have had for a real shift in the Republican Party in recent years, too. You've had Rand Paul, Justin Amash, and many of these people who are allied, and very big critics of the NSA. And when you -- we had a vote last summer for instance, in which those critics nearly almost managed to dismantle some of this.

So, it's going to be very interesting to see if John Boehner Republicans now step up for those who are actually worried about what the president's proposals will do to the ability to collect intelligence, if they are going to get a group that can actually push back against them.

WALLACE: Before I bring in Juan, I want to ask you, Kim, one other question. For all our talk about all the things the president maintains, is there anything in his speech that gives you heartburn? Is there anything there that you look at the reforms and you say, gosh, that may have gone a little bit too far?

STRASSEL: A lot, because -- I mean, General Hayden is right, he maintains the structure. But what he has done is made this much harder to do. And, I'll tell you -- I mean, there is great thought put into the way this program actually works. And one of the reasons the president was vague about some of the things he thinks, because they don't know how to do the things that he's proposing.

I'll give you an example. So, according to the president, we're not going to spy on our allies anymore. I mean this sounds nice in theory, but what happens when Angela Merkel gets on the phone with Vladimir Putin? Do you just hang up, because he's not necessarily our ally?

So, how do you make those distinctions? And he was very vague about some of these.

In this issue of where you house this data. One of the reasons that we've had it all in one spot is it's what allows you to make connections. If each of the phone companies keep it themselves, you can't make those connections anymore.

WALLACE: We ask you for questions. We got one on Facebook from a fellow appropriately enough named Stephen Covert. And he said, "Why hasn't the Congress on anything before this, they knew about the improprieties long ago. Why haven't they done anything?"

Juan, how do you answer Stephen?

JUAN WILLIAMS, FOX NEWS POLITICAL ANALYST: Stephen, I think they're scared if not cowardly. I mean, I think they're worried that they will be called soft on terrorism, that they will be said to be unpatriotic if they do anything that goes towards the civil liberties end of the scale.

So, you know, I've seen less oversight on Capitol Hill as a result and what you see in general even as we approach a re- authorization of the Patriot Act, is a sense that, yes, we can take some steps but we don't want to go so far as to open ourselves to President Obama saying, hey, a bomb went off and it was because of the Congress that I couldn't do what I needed to do to protect Americans. And I think that's a real risk for Congress.

Now, I think they're going to have to take some steps. I think your guests, Pat Leahy, Jim Sensenbrenner in the House, who did the Patriot Act before, I think they're going to say, in collection of this data, we have to impose some limits as to government, because you want to make sure that people in power don't abuse it proactively.

So far, the fact is, again, they get back to Stephen's question, nobody's abusing. There is no evidence that somebody is abusing it.

BRIT HUME, FOX NEWS SENIOR POLITICAL ANALYST: And that's the correct answer to the question. The correct answer to the question, in my view, is what improprieties?

This program really threatens no one unless it's abused. And to date, not a single victim has been identified. Not a single abuse of the metadata has been identified that harmed anyone in any way.

So that's, I think, the real reason why Congress hasn't done anything is that the program has so far worked as intended, although it hasn't done as much as they might have thought it could. But there's no one harmed.

WALLACE: But, Brit, you know, you got the e-mails. You're going to get them today.

HUME: I'm sure I'm going to get them today.

WALLACE: I get the e-mails. And there are a lot of very loyal patriotic Americans who are outraged by this, outraged by what they've learned of Edward Snowden. And as far as they're concerned, well, maybe you can't point to the abuse, but the idea can just vacuum up all of this information about law-abiding citizens, they're very offended by it.

HUME: They're offended by the concept of it and that's understandable. What many of them don't understand is these telephone calls are not being listened in on. It is simply a record of the kind that your phone company gets every time you place a call of the number you called, the duration of the call, the time of the call. That's it.

And when you have that -- when you see the number of phone calls made and the volume of this metadata, this is the ultimate haystack. And, you know, if you have special procedures have to be undergone to search this vast amount of information.

My basic thesis, I guess is, everyone is supposedly under surveillance, everyone with every call, then no one is.

WILLIAMS: But you know what? I think a lot of people, Brit, the Tea Party folks and the libertarians. So, that's Rand Paul to Bernie Sanders.

HUME: And the UCLA.

WILLIAMS: Yes. Their fear is unlike you and me. I think you and I agree on this because we both assume they're listening to whatever is going on and they should be.

HUME: I don't think (ph) that they're listening to anything.

WILLIAMS: I think they do. I think they collect everything.

(CROSSTALK)

HUME: So, you think they're listening to your phone calls?

WILLIAMS: I think they have the capacity to --

HUME: That's a different matter.

WILLIAMS: OK. Oh, no, no, but --

COSTA: That anxiety is out there. And I think --

WILLIAMS: Yes.

(CROSSTALK)

COSTA: You could look at Mark Begich from Alaska, he has to face tough race this year, he came out against the president's speech, as we've seen some Democrats -- they get these e-mails. They feel the unease among their constituents. I think that's the group to watch.

WALLACE: All right. But, Bob, let me ask you about that, because on the hand, you've got two competing things here. You're getting deluged with emails by people saying, you've got to put an end to this and you've got to put lot more restrictions on it. But on the other hand, as Juan and Kim suggest, boy, God forbid, if there is another attack, they don't want to be held, you were the guys who, you know, created the security gap.

COSTA: And look what happened last year when a vote on the NSA came to the House floor, John Boehner who rarely votes as speaker, he voted support of the NSA and the national security establishment. So, I think especially in the Republican Party. Boehner and others are grappling how hawkish can you be within your own conference and on the campaign trail? Because there are a lot of questions of it.

WALLACE: All right. We have to take a break here, but we'll have you back later to discuss a tough new report in the Benghazi terrorist attack.

Up next, just how secure is the ObamaCare website? One expert warns Congress -- hackers are a few clicks away from getting your information. He joins us next.

And be sure to tell us what you think. Go to Facebook and share your favorite moments from today's show with other FNS fans.

(COMMERCIAL BREAK)

WALLACE: This week there was alarming new testimony about the security of the ObamaCare website. Cyber experts told Congress the site is vulnerable and personal information of ObamaCare consumers may be at risk. One of those experts is David Kennedy, founder of security firm Trusted Sec. Before that he worked for the NSA and the Marines.

Mr. Kennedy, you testified before Congress in November and you said that the website was very vulnerable to potential hackers. Now after it is supposedly new and improved, you testified once again this past week before Congress and you said the situation is even worse. Explain.

DAVID KENNEDY, CEO, TRUSTEDSEC: Well, when we testified in front of Congress in November, Chris, what we learned was that, you know, they had rushed through what we call the software development life cycle where they actually build the application. So when you do that, security doesn't really get integrated into it. And what happened with the rocky launch in October, is they slapped a bunch of servers in trying to fix the website just to keep it up and running so that people could actually go and use it. But the problem is they still didn't embed any security into it. So when you have another, you know, few hundred developers actually running code to try to keep the site up and running, you know, and you increase the line count of code, it increases more and more exposures. And that's what we saw here over the period of time. And that's what we testified on. It's much worse than what we saw back in November.

WALLACE: Well, I'm going to ask you about that and how you know that. Because you say you did not hack the site and, yet, you say you could access 70,000 records of various people who have signed up for health care under -- at the website within four minutes. How do you know that if you haven't hacked the site?

KENNEDY: That's a great question. There is a technique called -- what we call passer reconnaissance, which allows us to queering look at how the website operates and performs. And these type of attacks that, you know, I'm mentioning here in the 70,000 that you're referencing is very easy to do. It's a rudimentary type attack that doesn't actually attack the website itself, it extracts information from it without actually having to go into the system. Think of it this way. Think of something where you have a car and the car doors are open and the windows are open, you can see inside of it. That's basically what they allow you to do. And there is no real sophistication level here. It is just really wide open. So, there is no hacking actually involved. And 70,000 was just one of the numbers that I was able to go up to. And I stopped after that. You know, and I'm sure it's hundreds of thousands, if not more and it was done within about a four-minute time frame. So, it's just wide open. You can literally just open up your browser, go to this and extract all this information. Not actually having to hack the website itself.

WALLACE: Let's talk about the information you say that you could access if you were to actually hack the site. Names, addresses, Social Security numbers, birth dates. And you also say that because healthcare.gov is linked to the IRS and to the Department of Homeland Security, you could also get in and see what they had to say about the individual person who was signed up. How do you know that? Again, how do you know that you can get this and even get into IRS and get into DHS, and if, in fact, that is the case, what could a hacker do with what seems like an awful lot of private information?

KENNEDY: And that's a great question. You know, what you look at for when you assess a website, and I've been doing website, you know, security for a number of years. We basically break into websites all the time. And this is my area of expertise. And what we do is we look at, you know, problematic areas around the website. And if you're seeing these type of exposures just on the website, just by looking at it, there is a much more larger problem on the inside. And it's 100 percent certainty because of how the website was designed and how it was architected and how it was sped along. There are problematic areas. I used the example in Congress, if a car is driving by and I've been a mechanical for 14 years instead of security, and the engine is making clanking sounds, there's blue smoke puffing everywhere and there's, you know, oil leaking, you probably have a good understanding that the engine itself is bad. And that's what's happening here in the healthcare.gov infrastructure. And you have all these different companies. It's not just TGI, and it's not just, you know, HHS and CMS, it's a number of different companies. It all came together to kind of match this thing up to make it what it is today. And you're seeing that, you know, happening right now.

So underneath. And now, the problem is if you look at the integration between the IRS, DHS, third party credit verification processes, you have all of these different organizations that feed into this data hub for the healthcare.gov infrastructure to provide all that information, validate everything. And so when attacker gets access to that, they basically have full access into your entire online identity, everything that you do from taxes to, you know, what you pay, what you make, what DHS has on you from a tracking perspective as well as obviously, you know, what we call personal identify information which attacker would use to take a line of credit out from your account. It's really damaging. And I think it's one of the largest websites in history that we have that has this type of level of access into our personal lives.

WALLACE: Now, Mr. Kennedy, the Obama administration is not happy with your testimony and, in fact, they're pushing back very hard on it. The chief security officer for the website who herself was the very concerned about vulnerabilities back in October when the website was launched. Now says that it's been fully tested and that it is secure. This is what she said when testifying before Congress.

(BEGIN VIDEO CLIP)

TERESA FRYER, CMS INFORMATION SECURITY OFFICER: This security control assessment met all industry standards, was an end to end tested and was conducted in a stable environment and allowed for testing to be completed in the allotted time.

(END VIDEO CLIP)

WALLACE: Miss Fryer now calls for full certification of the site. She says it's secure, sir.

KENNEDY: I have to completely disagree with her. And it's not just myself that is just saying this website is insecure, it is also seven other independent security researchers that also looked at all of the research that I've done and came to the exact same conclusion. And these are folks that work really well in the industry. And they're highly respected, have an extensive experience of working for the government. And, you know, if you read the testimony and you read what she had actually said, she said that it's done end to end security testing. They don't say what type of testing that is. It could have been an audit that just looks at paperwork. It could have been, you know, really rudimentary testing that looks for just basic things. But what is pretty evident right now is that the site itself is not secure.

WALLACE: All right.

KENNEDY: It's much worse off.

WALLACE: All right. Well, let me talk about another complaint. Because another government official from HHS says that for all your claims of vulnerabilities, there have been no successful hacks of the website so far. Here he is.

(BEGIN VIDEO CLIP)

GARY COHEN, OVERSEES FED ONLINE MARKETPLACE: No, there have been no successful attempts of what anyone has been able to attack the system and penetrate it.

(END VIDEO CLIP)

WALLACE: Question, if there are so many gaps and if the site has been up since October First, why hasn't anybody exploited this?

KENNEDY: And that's great. This is one of my favorite ones out of the whole testimony. And so they (inaudible) that there has been no successful hacks that they've been able to detect. If you look at -- there's November testimony by Congress that basically said that a third party company was contracted to build out what we call the security operations center, which is what would actually detect these types of attacks. As of November, it hadn't even been started yet. So, if you look at how long these security operations centers take to put into play, it takes several months, if not years to actually implement and fully build the attacks out there. So, as of November we have no modern detection. And that, from my understanding, it's still not happening to this date. So they're accurate in their statement. They haven't detected any attacks on the website, because they don't have the capability to detect them. And just to throw it in comparison, they said that they only experienced 32 actual attacks on the website. They don't say what those cause for alarms are. But just a pure statistic, if you have a website that faces the Internet, just purely, you know, not popular, especially not as popular as healthcare.gov, you're going to exhibit over 200 attacks per week on that website just based on sheer volume alone. So, the 32 marks just shows another capability they don't have, unfortunately, on the healthcare.gov website.

WALLACE: All right. You talked about the fact that a lot of independent cyber security experts side with you about how vulnerable the site is. While the administration talks about an independent cyber security expert who says unless you have personally hacked the site yourself and you say you haven't, you can't possibly know basically what you claim. Here he is.

(BEGIN VIDEO CLIP)

WAYLON KRUSH, CEO AND CO-FOUNDER, LUNARLINE INC.: If none of us here built healthcare.gov, if we're not actively doing not a passive vulnerability assessment, but an active vulnerability assessment and doing penetrations on running that exploitable code on healthcare.gov, we can only speculate whether or not those attacks will work.

(END VIDEO CLIP)

WALLACE: Mr. Kennedy, the administration says that your testimony is based on assumptions, not facts.

KENNEDY: And I have to disagree. And the other seven security researchers would also disagree as well. Unfortunately, Mr. Krush is not a web application security person. He focuses more on higher level security audits than anything else. And it's not to, you know, throw into question Mr. Krush's experience. He does some great stuff with veterans, for security training and things like that. But he doesn't focus on application security. And that is absolutely false. You can definitely tell how secure a website is without actually penetrating into it and hacking the website. And I wasn't the only one that agreed on the panel. There are three other gentlemen as well on the panel that (inaudible) my assessment as well.

WALLACE: I want to ask you, and I need a ten second answer here. Since you have testified, has the government gotten in touch with you and said here, come on in and show us how weak our website is?

KENNEDY: Absolutely not. They haven't. And it's been offered. And we would do it for free to help out. Unfortunately, there's been no contact from them.

WALLACE: Mr. Kennedy, thank you. Thanks so much for joining us today.

KENNEDY: Thank you.

WALLACE: And we'll keep an eye on how the health care website is doing. Thank you, sir.

KENNEDY: Thank you, sir.

WALLACE: Coming up, the Senate Intelligence Committee knocks down claims the attack in Benghazi was the work of local militias with no ties to Al Qaeda. Our panel weighs in next.

(COMMERCIAL BREAK)

(BEGIN VIDEO CLIP)

SEN. SAXBY CHAMBLISS, R-GA., SENATE INTELLIGENCE COMMITTEE: I can say with complete confidence that Al Qaeda was involved in it and that certainly the State Department knew that Al Qaeda had a major presence in Benghazi prior to the attack.

MARIE HARF, STATE DEPT DEPUTY SPOKESPERSON: We have no indication that they directed or planned this attack. And I just reiterate a point that, you know, every bad guy with the gun isn't Al Qaeda. That may be a useful shorthand for politicians to use, but it's not borne out by the facts on the ground.

(END VIDEO CLIP)

WALLACE: Saxby Chambliss, top Republican on the Senate Intelligence Committee and State Department Spokesperson Marie Harf sharply disagreeing over the role Al Qaeda played in the 2012 attack on the U.S. consulate in Benghazi. And we are back now with the panel. Well, Senate Intelligence Committee finally came out with its report on the Benghazi terror attack this week and here was its conclusion. "The committee found the attacks were preventable, bases on extensive -- based on extensive intelligence reporting on the terrorist activity in Libya to include prior threats and attacks against Western targets. And given the known security shortfalls at the U.S. mission."

Brit, this is a bipartisan report. Are you surprised how tough it is?

HUME: Yes, I was surprised. I didn't think it would -- I think what we would probably have is a relatively mild set of conclusions from the committee as a whole because the Democrats have the majority and then a stronger set of views from the minority. Well, we did have a stronger set of views from the minority. But the majority's view of this was pretty tough and as you heard Saxby Chambliss noted, did say that the Al Qaeda was involved. What is fun to watch here is the State Department's incredible shrinking definition of Al Qaeda. Which gets down to what they call core Al Qaeda. Which is getting to be so small that it is very hard to detect anywhere. I mean Al Qaeda has been ...

WALLACE: You have to have a t-shirt that says I'm with those guys. 

(LAUGHTER)

HUME: (INAUDIBLE) "I'm an Usama bin Laden man all the way and I knew him and he personally trained me." But that's kind of where we are in this story. And you add to that what came out of the House side this week, the testimony of General Ham who happened to be in town at the time when this attack happened on September 11th, and he and the other senior people at the Pentagon including the secretary were of the view that this was a terrorist attack from the get go and they went and Panetta went to the White House and told the president that. So the president who waffled about what this was for weeks on end had been told by senior military leaders right on the day it happened that it was a terrorist attack. Those two things have moved the ball forward.

WALLACE: Yeah, let's talk about that. Because -- and we'll get to Ham in a moment. But the report, Bob, that report from Senate Intelligence basically -- one, Al Qaeda affiliates were involved and, two, it says that on September 18th, just one week after the attack the CIA and FBI reviewed the videos of the attack and it was clear that it was terrorists. It was clear that this was not some protest. Somebody said a really hostile (inaudible) move he reviewed of that is anti-Islam video. That certainly contradicts what the president and his team were saying in the weeks after the attack.

ROBERT COSTA, THE WASHINGTON POST: No, it's fascinating when you page through the documents. You really see the unsparing critique of Foggy Bottom, of administrative leadership within the president's administration. But at the same time, the legs of this story, I think, are really questionable. Because this is a bipartisan report, will there be questions about state leadership in the coming days? Sure. But will Hillary Clinton who is only mentioned once in the document continue to be the focus of Republican scrutiny? Maybe not.

WALLACE: Let's get the general -- and we're going to get to Clinton in a second. But let's get right to General Carter Ham. And to explain again who he is. He was the head of Africom, or the U.S. Command in Africa at this time, which had military control over U.S. forces in that region. And he testified back this summer before Congress and that testimony was released this week. He testified that within minutes of the attack, "To me, it started to become clear pretty quickly that this was certainly a terrorist attack and not just something sporadic." Again, Kim, that is directly contradicting the narrative that came out of the White House in the days right after the attack, the narrative that I heard and she was sitting right where you are here from Susan Rice, then U.N. Ambassador, that Sunday after, September 16th. I mean you have got the general in charge of Africom saying it was terror.

STRASSEL: Right. And that's why this report doesn't end anything. It actually opens up a whole new vista on this question and guarantees the story will keep going. Because what we found out in this report, I mean it was a searing condemnation of sort of state and how they handled -- this was a security and intelligence failure, which has resulted in the deaths of four Americans. But the fact that ...   WALLACE: Just to make the point, they talk about repeated intelligence warnings about the growing terrorism extremist presence in eastern Libya and particularly of Al Qaeda.

STRASSEL: This intelligence -- these were flooding the zone with reports about deteriorating security. They talked about how trip wires, which were meant to actually bolster security were ignored. They happened to talk about the fact that the CIA was paying attention to these things. They bolstered their own security at the annex down the road. The State Department completely dropped the ball here. But I think as a result, that news, I mean that information, that settlement, also combined with the fact that General Ham's comments about them knowing immediately, it does put this all again in a different light. And says, OK, did the White House understand just how bad this was? And did that, in fact, inspire them to come out with the story? In an election year that simply was not the case of what had actually happened.

WALLACE: Which brings us to the curious case of Secretary of State Hillary Clinton, who is not in the main report issued by this bipartisan Senate Intelligence Committee, is not mentioned one time. But the Republican members of the committee had their own appendix, in which they said that she should be held accountable for Benghazi. Here's what they said specifically. "She was responsible for ensuring the safety of all Americans serving in our diplomatic facilities. Her failure to do so clearly made a difference in the lives of the four murdered Americans and their families." Juan, is that fair?

WILLIAMS: I don't think it's fair at all. I mean I think that what you have here is a situation where as the report said, this was preventable. They could have prevented this because they should have been able to shore up security at the consulate. But the problem is that the intelligence wasn't very good. That is what the real finding of this Senate committee was.

WALLACE: I don't (INAUDIBLE) with that. They said the intelligence was good and in fact that the CIA reacted to it, but state didn't.

WILLIAMS: Well, they had some intelligence -- by the way, Carter Ham also said that there was no evidence of an imminent threat there, attack there. No, but I think that they said the intelligence, especially the intelligence assessment that was given to the president was given to Secretary Rice was consistent with what Secretary Rice said here. So I think there's a big effort. I think that's what we see in the appendix group where by Republicans to try to pull Hillary Clinton in because guess what -- Hillary Clinton is the leading candidate for -- among the Democrats for president 2016. And they want to damage her politically with this -- somehow. But I don't see that this report advances the ball at all.

STRASSEL: There are two different kinds of intelligence. That the intelligence warnings that were out there that inspired the CIA to bolster their own security.

WILLIAMS: Right. And remember.

STRASSEL: Right.

(CROSSTALK)

WILLIAMS: And remember, Ambassador Stevens says twice, no, I don't want any additional security.

STRASSEL: That's also part of -- that's the question of Hillary Clinton credibility and the fact that State Department ignored this strip wires and this intelligence in assessments. That's the different question from what intelligence, the White House got about what happened on the day.

HUME: What I don't understand, Juan, is how her department that she was head of can be responsible for multiple failures in this thing and she is blameless.

WILLIAMS: She's not in charge of security. Do you think she is on the line for security?

HUME: Juan, is she ultimately in charge? Is she ultimately responsible for what happens under her leadership in the department?

WILLIAMS: Certainly. But who have -- people who are in charge for security ...

HUME: That's how it works.

WILLIAMS: And you have an ambassador on the ground.

HUME: So, she's blameless.

(CROSSTALK)

HUME: So, she is blameless?

WILLIAMS: No, I didn't say she is blameless.

HUME: You did it.

WILLIAMS: But the idea that she has some personal culpability and that was a political liability ...

STRASSEL: Here's the question, though. I mean and this is just now a mean about this administration. No one is ever held accountable for anything. I mean if not Hillary Clinton, then who in the State Department is meant to be held accountable. And this White House, there is no one accountable for IRS, there is no one accountable for this. There is no one accountable for healthcare.

WILLIAMS: That's a political argument.

(LAUGHTER)

WALLACE: That's not a surprise. Thank you, panel. See you next week. Up next, our "Power Player" of the week. Saving lives with 3-d printers.

(COMMERCIAL BREAK)

WALLACE: Just so you know, we're still talking about Benghazi. 3d printers are becoming part of our daily lives, helping build boats, cars, even guns. But here in Washington, one of the nation's top hospitals is using the technology to help save lives. Here is our "Power Player" of the week.

(BEGIN VIDEO CLIP)

DR. KEVIN CLEARY, CHILDREN'S NATIONAL MEDICAL CENTER: We can make the model of the same texture, essentially as the actual heart. And a surgeon can practice suturing, can practice cutting on the model before doing the actual surgery.

WALLACE: Dr. Kevin Cleary is talking about the latest in medical technology. Using 3d printers to create models of hearts and other organs to help surgeons treat their patients. Cleary is lead bioengineer at the Sheikh Zayed Institute at Children's Medical Center. He says this is a marriage of technology and medicine.

CLEARY: A complex case would be a child who was born with, perhaps, multiple heart defects, or perhaps unusual anatomy where the 3d model would be very useful to the surgeon in planning the surgery ...

UNIDENTIFIED MALE: And rotate this in all dimensions.

WALLACE: It starts with sophisticated imaging of the heart.

CLEARY: Preparing this for 3d printing, we can remove extra tissue, such as small blood vessels.

WALLACE: Which is then fed into the printer.

CLEARY: You can think about it just like an ink jet printer except in this case it builds up a three dimensional model one layer at a time. Each layer can be as thin as a human hair. And a typical model can take 300 or 400 layers to produce the desired model.

DR. PETER KIM, CHILDREN'S NATIONAL MEDICAL CENTER: It's like having a Skype on one hand and actually touching or meeting and feeling somebody, and this is exactly like that.

WALLACE: Dr. Peter Kim, vice president of the institute, says they've used three dimensional models in seven cases so far.

(on camera): Imaging is so sophisticated now, what does this give you that imaging doesn't?

KIM: We deal with our hands. And it's essentially eye-hand coordination. So even if you have a mental image of what you're planting (ph), having a physical model to actually see it and touch it and even physically calculating which your moves and steps could be makes a huge difference.  

WALLACE (voice over): Dr. Kim showed us on a model of a patient's heart.

KIM: This is the stent. And then this side that it is actually sticking out like that. So knowing this sort of a narrowing and relative position of it I think this would help.

WALLACE: But the uses don't stop there. Doctors at Children's are inventing medical devices that they need for tough cases.

CLEARY: The beauty of the 3d printer is you can almost print anything you can imagine. So, if the surgeon has a clinical need and an idea, we can prototype it on the 3d printer, and then we can validate it through various studies where eventually it could be used clinically.

WALLACE: And they're even working on some day being able to print artificial organs.

CLEARY: I think this technology is still some ways off from reality. I don't think it's science fiction anymore. What they do, is enable people everywhere to kind of take their ideas and make them reality. So, I think the 3d printer has almost unlimited potential in terms of developing new devices and technology.

WALLACE: Very cool. Doctors say the planning they do with 3d models make surgeries quicker, cuts blood loss and is a clear benefit for their patients. And that's it for today. Have a great week and we'll see you next "Fox News Sunday."

Content and Programming Copyright 2014 Fox News Network, LLC. ALL RIGHTS RESERVED. Copyright 2014 CQ-Roll Call, Inc. All materials herein are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published or broadcast without the prior written permission of CQ-Roll Call. You may not alter or remove any trademark, copyright or other notice from copies of the content.

ADVERTISEMENT

On the Show

Sunday April 20, 2014

Secretary of State John Kerry helped negotiate a tentative agreement between Russia and Ukraine, hoping to ease tensions between the two countries. But pro-Russian militiamen in eastern Ukraine have shown no signs of relinquishing their control of government buildings. We’ll discuss the way forward for Ukraine exclusively with Amb. Sergey Kislyak, Russia’s Ambassador to the U.S.

The celebration of the resurrection of Jesus Christ on Easter Sunday represents the holiest day on the Christian calendar. Cardinal Donald Wuerl, archbishop of Washington, joins Fox News Sunday exclusively with his Easter message.