and that's what this program enables. the legal standard of relevance in section 215 is the same standard used another context. it doesn't require a separate showing that individuals in the record database are relevant to the investigation. it satisfied with the use of the database as a whole. it's important to remember that the fourth amendment doesn't require a search warrant or other individualized court order in this context. a government request for business records is not a search with any of the for amendment. government agencies have authority under many federal statutes to issue administrative

subpoenas without court approval for documents relevant to an authorized inquiry. in addition, grand juries have authority to subpoena the records potentially relevant whether a crime has occurred and the grand jury also don't require court approval. in addition to for the amendment doesn't require a warrant when the government seeks purely transactional information or medved ai as the state's content of communications. this information is voluntarily made available to the phone company to compete the call and for billing purposes and for the courts have therefore said a reasonable expectation as private. i would stress however section 215 is more restrictive than the constitution demands because it requires the approval of the federal judge. while the medellin is extraordinary in terms of the amount of data required it's also extraordinarily protective in terms of the strict limitations placed on accessing

the data. for these reasons i think the program is entirely conducted in a manner that appropriately respect the privacy and the civil liberties of americans. thank you. >> thanks for the invitation to participate. since these programs were disclosed much of the public debate has focused on issues of policy and i think that's understandable. no government has ever trained this kind of surveillance power on its own citizens. until quite recently none had the technological capacity to do that. we need to think carefully about how the exploitation of the technologies could affect liberties that generations of americans have fought to protect. what i would like to underscore today is the surveillance programs are not just on why is the but they are unconstitutional as well and i would like to focus principally on the 215 program with the hope we will be able to return to the

seven note to leader on a. under the program the nsa collect the data about every phone call me or received by a resident of the united states. they are collecting the medved data as well making the notes of every e-mail he or she receives. the program is a massive dragnet, one that raises many of the concerns associated with general warrants that is many of the concerns have led to the adoption of the fourth amendment in the first place. you might say that the orders are general warrants for the digital age. the president and the dni emphasized the government is collecting medved data, not content. but the suggestion that the content is beyond the reach of the constitution is wrong. for fourth amendment purposes the crucial question is and whether the government is collecting dennett data or content but whether it is invading the reasonable expectations of privacy. and here it clearly is.

the recent decision is instructive. in that case a unanimous court held that long-term surveillance of an individual location constituted a search under the fourth amendment. the justice has concluded in different reasons at least five justices viewed the surveillance and french and reasonable expectation of privacy. justice ensured trekking in and vegetables movement over a period of time allows them to generate and quote a precise comprehensive record that reflect the wealth of the detail about her political professional religious and sexual associations. they are taking place under the section 215. the records can reveal personal relationships, metal issues, political and religious organizations. the data may be more revealing allowing the government to learn which websites a person visited, precisely which article she read, who she corresponds with and who those people correspond

with. the surveillance constitute a search for the same reason the long-term surveillance of the location was found to constitute in jones. it was found unconstitutional in jones was narrow and shallow than the surveillance taking place under the section 215. it was meant to further a specific criminal investigation into the specific crime and the government collected information about one person's location is a period of less than a month. it's an indiscriminate program that is already set up the communications of millions of people over a period of seven years. some argued section 215 the program under section 215 days lawful which upheld the criminal investigation. but the pen register in smith was very primitive and attract the numbers being dialed but it didn't indicate which calls were completed alone the duration and

the surveillance was directed at someone to the cussing will criminal suspect. the police or not casting a net over the country. another argument offered in defense of the program is that the nsa collected immense amount of information, it examines only a tiny fraction. but the fourth amendment is triggered by the collection of information not simply by the clearing above it. the same is true of the first amendment because the chilling effect of government surveillance stems from the collection of information not nearly the analysis of it read the constitution isn't indifferent to the government's accumulation of the quantities of sensitive information about americans lives. neither should the board be. it's worth remembering in the context of that other countries have inspired a total awareness of their citizens' associations, movements and believes. the experience of those countries serve as a caution, not as a road map. thank you for inviting me to participate. i look forward to the questions.

>> thank you. >> thank you for inviting me and giving me the opportunity to participate today. i want to take this opportunity to raise some overarching concern is i hope the board will address before making specific recommendations about the necessary changes to the section 702 or 215 and begin by quoting the senator who in 1974 as the author of the privacy act noted that the more the government knows about us, the more power it has over us when the government knows all of the secrets we stand naked before official power the bill of rights' then becomes just so many words. i think it is not debatable secrecy increases the danger that the government will over reach. nor is it debatable but the

foreign intelligence activities depend to some degree on the secrecy and that a democracy must continually work to figure out ways to provide for the national defence while respecting civil liberties and preserving the constitutional government. the increase in technological surveillance capabilities, global connectedness and reliance on electronic communications of daily life has made during this more complex and even more important. i want to ask, however, whether or not the expansion of the government surveillance and secret legal authorities especially in the last 12 years requires us to ask whether we are witnessing the serious erosion of our constitutional system of checks and balances and the system of the secret law decreed by the courts, carried out in secret, enabling the creation of massive secret

government databases on americans' personal and political lives. as you know quite well the system of checks and balances relies upon first the existence of the conference which engages in and is influenced by a public debate. it relies upon the existence of courts, which have to slides to the question and know their opinions are subject to appeal and subject to public critique. and the executive branch who will be called to account should they ignore or violate the law. fundamentally all of this depends upon the existence of an informed and engaged press and public. so why does it matter? i think it matters fundamentally for two reasons. first the system is set up in

order to prevent the government from breaking all and to ensure that if it does so that will become known and the executive branch will be held to account for doing so. second, the system is meant to prevent the government from using its surveillance capabilities to target its political opponents, to kill the political dissent and limit the political debate and options in this country. this is not a theoretical concern of course in my lifetime. it has happened many times already in this country. perhaps later on i could detail what i found to be the shocking revelation of the history of the programs beginning in 2001 and resulting in where we are today.

we only learned from unauthorized leaks that there is at least one secret opinion authorizing the massive collection of telephone that the data and we still don't know what the secret list all ages about the collection of the massive amounts of internet mehdi the although we know that presumably this administration stopped that. we have no idea whether or not the law would permit that to resume. i think the question we need to ask is whether or not the system of checks and balances needs to be reaffirmed so that it acts as a safeguard to these harms. there is the history of the date on the issues over the past few

years demonstrate the debate has been incomplete. it's been informed by inaccurate information about the government. it's not deliberately. finally, i just want to know that i've worked on these issues for almost a quarter of a century. and i think that probably of the many civil liberties and voices that have been raised to the programs i am maybe one of the least likely to be labeled an alarmist. >> i know that you had more you want to get to that any of the panelists and in the public can submit written comments to the board so if you like to submit, you are welcome to do that. judge robert some? >> thank you. i should probably first state that i am a member -- i am now and have been a member of the

security committee of the constitution project which wrote a report in september of 2012 expressing some alarm about these programs and i signed the report and stand by it. but it's not primarily what i want to talk about today. i did sit on the court for a few years. i asked to be appointed by the court frankly to see what it was up to. and i came away from it deeply impressed by the careful scrupulous work that the justice department people and the nsa and the fbi agents involved with it did. the fisa court is not a rubber stamp. the number of how many warrants get approved do not tell you how

many were sent back for more work before they were approved. so i know firsthand, and i wish i could assure the american people that the project process has integrity and that the idea of targeting americans with surveillance is anathema to the judges of the court to which they call the fiske. but i have a couple of related points to make to the first, the process is ex party which means it is one-sided. and that is not a good thing. second, it now includes programmatic surveillance, and that i submit and will discuss for a few minutes i do not consider to be a judicial

function. now, judges are learned in all and all that. but anybody who has been a judge will tell you that a judge needs to hear both sides of the case before deciding. it's quite common in fact it is the norm to read one side's argument and think that sounds right until we read the other side. judging is choosing between adversaries. i read the other day that one of my court colleagues resisted the suggestion that the approval process accommodated the executive or maybe the word was cooperated. not so, the judge replied. the judge said the process was at adjudicated. i very respectfully take issue with that use of the word. the ex party process here is only one side. and what the fisa process does is not at adjudication.

it is approval which brings me to my second and closer related point. the approval process works just fine when it deals with individuals applications for surveillance warrants. because approving search warrants and wiretap orders and trap and trace orders and foreign intelligence surveillance one at a time is familiar ground for judges. not only that but at some point a search warrant or wiretap order if it leads on to the prosecution or some other consequence it is usually reviewed by another court. but what happened after the revelations in late 2005 about the nsa circumventing the fisa process was the congress passed the amendment act of 2008 and introduced a new role for the fisk for the surveillance programs.

that change in my view turned the fisa court and something like an administrative agency which makes and approves rules for others to follow. again, that isn't the work of judges. judges don't make policies. ave review policy determinations for compliance with statutory law, but they do so in the context once again of the adversary process. now, the great paradox of the intelligence surveillance process of course is the undeniable need for security. secrecy, especially to protect the national security community calls sources and methods. that is why the supreme court had to refuse to hear amnesty international. the plaintiffs couldn't prove the communications would likely be monitored so they had no

standing. that is a classic catch-22 of the supreme court jurisprudence. but i submit that the process needs an adversary. it's what the aclu or amnesty international perhaps itself could have a role as a kind of institutional adversary to challenge and take the other side of anything that is presented to the court. >> i would like to focus my remarks today on when the authority of section 02. i would like to focus my remarks on the act and section 702 that was described earlier. the recent disclosures regarding the program have raised

questions in some quarters about the appropriateness and the legality of the international with the internet communications traffic. with some expressing surprise the collection of that type and scale is taking place. in the view of the amendment act and as the record reveals however that the internet collection appears to be exactly what was contemplated when the congress passed the statute in 2008. i would like to take a moment to remind ourselves about the act and the reason it came into being in the first place. in 1970 to congress created a process by which electronic surveillance of the foreign powers and agents must first be approved by the court to be in doing so the congress recognized it had to balance the need for the judicial review process for domestic surveillance against the government's need to conduct them overseas for a constitutional protections do not apply. they sought to accomplish this by opposing the statute surveillance directly against persons within the u.s. and

leading the intelligence community free without the undue burden of the court process. with the changing technology over the years since of this past however that foreign domestic distinction started to break down and the government found self expending significant manpower and the applications for the surveillance against persons outside of the united states the category the congress intended to exclude when it imposed the process requirement in 1978. as the problem got worse particularly after the 9/11 attacks, the government assault increasingly unable to cover its surveillance needs. congress to its credit took up this issue in the spring of 2007 and over the next 15 months or so the numerous of officials including steve, rather bury myself and others spent hours testifying meeting with members and staff on the hill. and after a thorough analysis and deliberations the congress provided relief in the form of the amendment act which passed in the summer of 2008.

section 702 created a new process. the new process by which categories of support and surveillance targets can be improved for surveillance. under the process the attorney general and the dni provided and will certifications identifying the target categories and certifying that all statutory requirements for surveillance of the targets have been met. the government intern designs procedures which are the operational steps that it takes to determine whether each individual surveillance target is outside of the united states as well as the procedures david described that limit the handling and dissemination of any information relating to u.s. persons. the government then submits the certification as well as the targeting procedures for review by the court and the court confirms what they're all stitch it really required steps have been taken in compliance with the fourth amendment. this process succeeds bring the operation back into line with its original intent. it supervises the use on many

u.s. person here or abroad or targeting any person believed to be inside of the united states to be conducted pursuant to an individualized court order. however it allows the government to conduct surveillance of the target overseas without the need to secure a individualized court approval. and it does so at the same time giving the court and important role in assuring the authority is used only against those persons who reasonably believe to be located outside of the u.s.. in addition, the faa tasks various levels of conducting significant and meaningful oversight over this authority. the authority procedures and oversight preside have been in place since 2008 and just last year they were real nice. prior to this the communities of both houses agreed on a classified details of the implementation and the same briefing was made available to all members. as the history demonstrates it was a carefully calibrated piece of legislation that addressed in operational need while at the same time maintaining the privacy protections of the

original statutes afford it to the domestic communications. in a recent public disclosures about the prison program we are now seeing the statute in action. not surprisingly we are seeking exactly what was counted when congress considered to pass the faa which is a program that focuses on the surveillance of the foreign national security targets which is where the executive branch has the greatest latitude conducted well within the sound of the fourth amendment that is carried out with the knowledge and engagement of all three branches of government and that is monitored with multiple levels of oversight and that is exactly i appreciate the opportunity to address these to the and i look forward to any questions the board may have. >> thank you. we are now open to enter into the second phase of our program and that this each person on the panel gets two minutes to respond to any of the comments were to make their own comment

about what other panelists have said. we will get that going to give steve? >> thank you. just click, responding to a few points that were made first, he said he thought no other country conduct surveillance like the nsa. i don't think anybody here should leave today assuming that statement is correct. in terms of the 215 telephone that the data collection he described as a dragnet. it has massive amounts of content in the communications not the medved data. he talks about the jones case which is a tracking device put on a particular individual.

they're falling around tracking a particular individual. until the specific numbers and into the database and the targeting of the 702 order is only focused on the non-u.s. persons believed to be outside of the u.s.. it is a case involving a primitive device and focused on individual. and it's been applied by the lower courts more broadly and also the fact of this focused on an individual there is more constitutionally significant than the general collection of the data. i want to talk for just a minute about some of the comments that judge robertson made about secrecy and the rise to the secret law and also the room of the court and programmatic orders etc.. it's important to understand the constitutional background.

the surveillance for the foreign intelligence purposes is conducted by the president without court approval and the courts have consistently said the president has the authority with the court approval where the target is of foreign intelligence threat. but the level that kind of surveillance between all articles records in the review and approval and commerce the oversight greeting the intelligence oversight. >> the individual questions that will come about leader.

>> last year the government repeatedly said it coming and they said this in the lower court as well they said the assertion that it was engaged in large-scale surveillance of the international communications under the section 702 or speculative and even paranoid and now the program has been disclosed and everybody can see they are engaged in exactly that and the intelligence community and i would include mr. wainstein in that category. this is what was contemplated by the statute. at devotee knows this is what was all about. in this moving target a year ago it was paranoid and now there is nothing to see here that was part of a pattern for the

members of the larger the intelligence community have repeatedly misled the public about the scope of the surveillance law and the safeguards that are in place or are not in place to protect an individual's privacy. and on a related topic i think it is very important that under 702 the government can target only foreign national by the united states but nobody should take that to mean that americans communications aren't being collected in the course of collecting the communications of people outside of the united states and the nsa collect americans' communications. that too, that assertion was something characterized by the government and the amnesty that is speculative and provide the minimization procedures that have been disclosed over the last few weeks i think make it clear that that is exactly what is taking place.

>> okay. >> so, i just want to reiterate that i think that ken illustrated the importance of the history and looking at these programs. the description of that history i think the important question here is not under what circumstances can the nsa collect and use communications by foreigners overseas. the important question that we've always tried to focus on is under what circumstances is the nsa going to collect and use in secret information about americans usually gathered in sight of the united states and is including both medved data which is extremely revealing of

their associations and private life and the content of their communications we were especially communications with people located overseas. to repeatedly focused on on or to state the purpose of the surveillance is about the foreigners overseas i think is confusing at best about the issues that face the american people. i think the issue that is underlining here is that it's not only a question of collection of course, but it's a question of how the government uses information. many of the regulations are secret about how the nsa and the fbi is allowed to use them to the extent that there are public regulations that are complex to figure out which set that the

government is in a position to use information about americans against americans. and that's the issue that needs to be addressed. >> perhaps two quick points. it is certainly true that a government request for business records is not a search. but i think we all need to pay attention to what jameel said about the subject and about the jones case because modern technology enables analysis of the data that wasn't possible bill before hitting it reminds me of something that ben bradlee is supposed to have said about woodward and bernstein. he said if you give them enough steel wool they would net a

stove. second pivoted to kenneth wang xin's point that we've got exactly what congress asked for, that's true. but after the snowden leaks -- and this establishes the we need to have a wide open debate about this in our society and thankfully we are beginning to have the debate in this meeting is part of it. >> i would like to start by responding to jameel's suggestion that i or others misled in any way about the collection of u.s. person communications. that is wrong. i spent 14 or 15 months with steve and others on capitol hill explaining the intricacies of the procedure that in that up being adopted in in the

amendment act. we answered every question on the record and in meetings and forearms like this with privacy groups about the implications of the collection, and it was abundantly clear to everybody. we said numerous times that this would be focusing on the foreign targets overseas collecting their communications that they were overseas or also if they happen to come into the united states. what he is getting at is the concept of the incidental collection targeting a foreign person overseas you will get that person if he or she is talking to somebody pitted you will also get that communication if you receive calls of somebody in the united states. that is all priced collection and the collection of the u.s. persons communication is acceptable. that is what happens in any form of off a modest collection if you look at the title iii of the criminal world that allows the criminal wiretaps. the same thing happens if i am a criminal suspect the court authorizes the title free wiretap on me the government is

also going to get the communications between me and the pizza delivery man michael to get people with other criminal colleagues. said that is the reality of any kind of surveillance and there was something the was fully vetted and they cleared up the american people. second point that i would quickly make which is kate talked about the collection and use of the information and secret and the concern about how the information is used. one thing that isn't touched on a sufficiently is the value of oversight. you can take a look at itself prescribes a four or five or six different types of oversight and all these programs are carefully overseen by the court and by congress and importantly within the executive branch itself. that oversight is important and meaningful in terms of preventing abuses. thank you. >> thank you. >> okay. thank you. pat and i will ask some questions of the panel. we sort of agreed in the sidebar here that since we have a bit of time we can be a bit more

flexible with the length of the responses to questions but let's try to keep it not be on three minutes. we don't need to be so strict about it. my first question deals with the relevance standard and section 259 particularly interested in all of your views about that. each of us will have a question open to all of you so you can answer if you want. if you want to pass on a question, that is fine, too. it authorizes an order for tangible things that are relevant to an ongoing investigation and i have several questions to that. one is whether wilentz can attach the government seems to be asserting to the entire set of data or whether the relevance seems to attach to any record that is collected. one of the things the congress seems to be packed in with the

kind of haystack approach or to a particular record. and then related lehane the deal with criminal backgrounds i would be especially interested how that compares to the way the relevance is understood in the criminal context or even in the several litigating context is a definition of the understanding of relevance broad. so steve, if you want to start with that. >> thanks. i began to touch on that i think in my opening remarks. and of course individual members of congress might say i didn't have in mind this specific concept when i voted for something that set of relevance. but i think in adopting the word relevant, the congress embraced a broader context in which that word is used frequently and commonly in other situations come administrative subpoenas and civil investigative demand by the agencies that regulate industries can be extremely

broad. civil litigation a lot of folks involved in the litigation understand that a party in litigation get a broader right for example including a compass of the database of information where particular items of data in that database may be useful in that litigation and the parties work out an arrangement that maintains that database so that it can be searched for potentially useful documents. that is under a concept of relevance. the grand juries have an extremely broad concept of relevance when they can go after any potential materials that are relevant. for the simple after the boston bombing were of their position concern about a follow-on attack or collaborator, a grand jury could subpoena without court approval all the airline and tests of the flights in and out and passengers flying in and out of boston had a particular period of time because one of the people on one of the flights

might have been relevant. communications similarly. so the concept of what is relevant to an investigation is natural we understood to be broad and lots of context and i think it's reasonable that that is what is incorporated in the statute when the congress adopted it. >> i agree with some of that relevance that is a lot of the broad standard. but there are haystacks and there are haystacks. if you think about the example but mr. bradbury provided, for example but grand jury subpoenas a flight manifest in and out of boston for a particular period of time, that is not anywhere near the scope of the program that we are talking about here. and i can say with confidence, and i sure everybody on the panel would agree with me that there is no subpoena case out there which the court has approved on a relevant standard

surveillance on this scale. this takes us across in front year. this is orders of magnitude broader than any surveillance that has ever been approved under nason for a criminal subpoena. spend a quick follow-up to that since the panel was focused on the legality of the alleged current programs. where would you draw the line of the haystack is too broad but it's -- if the argument is not that each individual collected a record as relevant what line to exercise? >> i don't think that it's possible to sit out the line with any more clarity than to refer to the relevance. the surprising thing is in the the court is playing a relevant standard but that it isn't. in the clear language requires it to apply the same standards that apply the court has approved the government to

collect everything and i think it's fair to say relevance doesn't require the kind of specificity probable cause does that everybody agrees it is supposed to be an element and i think it does obvious it isn't doing that work with respect. >> on the question of whether the congress and the american people understand with the use of the board relevance i think it is pretty clear that until the past month the american people had no idea section 215 relevance was being used to collect all of the telephone data on americans phone calls. and i assume that it was also being used to collect all of the internet that the data and i think the fact that not only did

we not know that, but our assumption during the debate on the amendment act is that there was not happening. that had been a part of the warrantless program and had been revealed and stopped. i think a further indication of that is that in the bible, which i commend to you on the statute written by mr. chris and willson, a description of section 215 orders during the relevant time period describing a very limited number of orders and if you were to read the description coming would never suspect the government was using the 215 orders to collect millions or billions of records on americans. finally in response to the question, rachel, about well

what should be the standard of course to 15 is about all different kinds of records. some of them are more revealing than others. communications, but television and the internet are among the most revealing kind of record covered by 215. one possibility is to go back to what was until all before 2001 and require a showing that the collection of communications data is collected to a specific suspect in the incident, specific plan. that requirement was deleted. finally on the analogy to the criminal context i strongly object to that and algae and the criminal subpoena context there are two key factors that are not

present. one is that at least after the subpoena is served and sometimes during the service its public and that leads to all kind of restraints on the objection to the use etc. second, there is the possibility of the true adversarial at adjudication in the way that the judge talked about it in a criminal subpoena that does not exist under section 215 and will not exist even if you allow the recipient of the order to go to the court because the recipient of the 215 order is not the party that has the interest in the order, the person whose information is being sought are the persons who need to have the right to show up in court. >> if my question was more on the haft ethnology and what are

the relevant standards the same, do you have a view on that whether it is relevant in to 15. and the criminal context during the civil litigating context is the same. >> you know, i don't know. i don't think it is a relevant question with all respect. >> i think the relevant question is a great question and i would love to know whether the court has ever considered the question when every field of the program. relevance is usually raised. usually comes into question the legal proceeding if there is an objection but there is nobody there to object. >> i would like to make two quick points. something steve mentioned about the statements that we heard from the former members of congress saying i didn't intend

that when i voted for 215 that it would apply in this way. just to make it clear that isn't unique to the situation that former current members of congress might now be voicing some concern that the way the statute as applied isn't exactly they see it before the passage of the statute. use of that with the authorization of the military force back in 2001. i've seen it in my career with statutes like the racketeering organization act which was initially passed and many members thought it was going to be primarily focused on the traditional organized crime and then has now been applied to the broader criminal liked the the what many people saying i didn't think about that when we passed the statute that's the way that it was going to be applied to the use of this is not an anomaly. it is a common phenomenon. the second point i would want to make is she argues the criminal

grand jury subpoena is different and you can have more comfort in the government use of the subpoena and their interpretation of the relevance for purpose of using one. the grand jury process right and center and indictment that goes back to the evidence as tested in court and there is a good chance that the subpoena will be turned over in discovery and then test from the hearing or trial. the best case there are a lot of a grand jury subpoenas over the case that never see the light of day because the sequence doesn't happen. a good break on the analogy between the subpoena and the 215 that steve made. >> i would like to delve into the constitutionality on some of the facets of the constitutional analysis of one or both programs

to give you a chance to elaborate on something you might not have been able to catch up on the earlier segment. we already talked a little bit about u.s. nurses jones and whether the opinions of the supreme court justice. in fact the majority opinion as the d.c. circuit which preceded the supreme court which suggested that in fact when you have an extensive surveillance of location in that case. but a kind of mad of data over a long period of time and reveals enough of a person's personal life so that you may -- it may indeed constitute a search requiring fourth amendment compliance but there are a couple of the arrests of constitutionality that have been brought up. i think this was raised by senator feinstein and that is

whether or not there are less interested alternatives. in other words was brought up with the 215 do you have to cease the data are required to have it would be less intrusive it inquiry the data existing in the hands of the communication provider? and infected the executive order which governs intelligence conduct activities generally speaks of requiring the least collection technique feasible whether or not specifically applies we can debate that pitted with the general

principle why isn't it sufficient that convey in query the communications that have the data rather than requiring that they get all the data. indeed there's possible constitutional questions about, and i think kate may have raised this if the program that is under 215 is okay on the telephone data that are there any inherent limits and to 215? are there other kinds of data, the fact of bank records and various other kind of records? what i've left out but i'm going to save this for my next question is the whole court area and what might possibly follow-up on jim's and ... could

anything be done? is it better that we not have the court getting into the programmatic analysis at all and if not, where are the protection is going to be? but that is a question for another day and in this case i am giving you a lot. >> okay. >> is the last question for another day? i have a lot to say so i hope you do ask that. >> everybody get six minutes. >> on the jones case i already talked about that. but on the question about the database and would it be less intrusive if the telephone companies just maintain the database and what can we get business records and what ever. i don't think it is a question of intrusiveness. i don't think it would be less intrusive. would be far less efficient and

less costly perhaps less effective. he would have to have more data bases that the telephone companies and for business purposes they don't retain this data for as long as the government needs it to be the this is business record data that they maintain for billing purposes. they don't have a separate national said the reason for keeping it to get us we have to create -- they don't have the servers. as of the government has to create the database which evidently under this alternative would be housed with the private company. and of course the government would still have to control the inquiry because you aren't going to tell the telephone company what you're going to do to the database. that's national security investigatory information. they don't need to know that. so it's more efficient. the government already has facilities in place and it can segregate them and ensure that all the protections are honored and that the data isn't being accessed for other reasons, etc.

so it is an efficiency question. >> one follow-up question. are some of those criteria that you talked about in your view more sort of convenient things or are they necessity? because when we are talking about the constitutional analysis are they necessary to the feasibility for which the program is laid out? and the cost and that kind of thing to the senate i do think they are very real practical feasibility requirements. i don't think the constitution would see a difference between the data being housed in the data or elsewhere that the government controlling it and controlling access and ensuring its preserved, etc.. but the 215 s focused on business records. so you have to be talking up the kind of database information that a business is maintaining

for its own business purposes. that may be different with respect to the e-mail people have been alluded to the e-mail mehdi the under to 15. telephone companies maintain these for billing purposes and may be very different in other contexts. i don't think you can just easily say they must be using this for other things, too. these are restless records that have to be in excess cents in a separate business for separate business purpose. should i leave the court question for later? >> let's come back and do fisa. >> to point out the obvious, i think that the least restrictive means question is an important question and a question the board should be asking. but it assumes the government

has some overriding national security interest and access to the information at the same time but it is somehow crucial to protecting the national security. and that is something that i think many people have been pressing the intelligence community to cooperate. but thus far nothing convincing has been said to establish this information is actually crucial. i understand the government pointed to the case and it turns out not to have turned on that kind of information at all. if there is a case to which this information was in fact crucial i don't think the government pointed to it yet. to go back to the question if we assume the information is crucial than it is a question about the least restrictive

means of getting the information. and on that question deutsch have a problem if a centralized database, the creation of the centralized database in the hands and here i will take the opportunity to agree with something that mr. wainstein said earlier which is the authority treated for one purpose isn't uncommon at all to find out that they were used for another purpose. that happens all the time. the same thing is likely to happen with this database even if this true right now that the government inquiries it very rarely and that they are quite narrow and only 300 have been made thus far, even if all of that is true and all of that satisfies you for coming deutsch, with those safeguards are going to look like three years from now or five years from now. if there is another significant terrorist attacks you can imagine the pressure members of congress will come under to

change the parameters for the intelligence community to change the parameters that govern access to the database and that massive database of americans most sensitive information will be forever available to the intelligence community to access under whatever standards prevail at that particular point in time. so that is just to say there are problems that arise from the existence of the centralized data base. >> i think the truth is as you know the supreme court has not answered these questions that if you start from the understanding that in order for the government to cease or obtain information in spite of the united states, it needs to meet the fourth amendment requirements. then you end up in one place to

- of course there are many situations it has been held not to apply to the government seizures information. the ability for the government to obtain information and create massive databases reses serious constitutional issues not yet addressed by the court and not just with amendment issues they're also first amendment issues about the impact that has on people's exercise of the first amendment rights. i took the other constitutionally significant fact is that the seizures are being done in secret and i know some of us that work on the 1994 amendments which allowed secret

searches of americans' homes and offices but in a particular artist way with a particularized warrant objected to that authority because it allowed secret searches of americans' homes and offices which would never be revealed to the people whose homes and offices had been searched. that amendment was enacted before the supreme court held in a criminal context of the notice of research was required and not just required as a matter of criminal law. one of the questions is the applicability of that basic understanding to this kind of search and seizure and i think on the question of less intrusive alternatives that jameel is correct but the last question is less intrusive than what? there is no doubt if the

government is able to create as large as a data base as possible and use a sophisticated analytics as possible that it will be able to generate information that will be useful from time to time in combating terrorism. there is no doubt about that and we have seen that in other countries. i don't think that is the question. i think it is a much more complex question that requires looking at the actual threats the united states opposes including the scope of the threats and looking at different ways to meet those threats and looking at the different alternatives that exist other than creating a data base that is always available. ..

>> i want to express some agreement with me and we can't allow too much agreement so we'll have to put a stop to that. he did -- made the point, you put legislation in place and it adapts to the situation and adapts to the needs of the time.

that's the way legislation is supposed to be and that why you have courts to make sure any adaptations remain true to the enterintent of the -- the intent of the original legislation. what i find concerning is the notion that if you have a small, but lawful and appropriate investigative tool in place now, you should think twice.maintaining us because of some speculative term down the road it could be misused. it's a recipe for dollars. if we -- recipe for disaster. if we take that approach, we're walking into another 9/11. that is a concern you see in some of the opinions out there in the real world. i think instead we need to do exactly what i believe we learned, the value of oversight, and oversight is a government employee -- it drove me crazy. i spent half my life running up

to congress, answering questions, talking to the fisa court, and i would have much preferred to stay in my office and work. many of my former colleagues probably feel the same way. but we learned the importance of oversight and made sure the legislative tools stayed true to the constitution and also helped ensure the confidence of the american people, when they knew the oversight was effective, they had confidence in the tools. so instead of taking the approach of scaling back on the strength of appropriate investigative tools now out of some speculative misuse in the future, just make sure built in the safeguards and oversight that will not per mate that -- permit that kind of bruise. >> i'm going back to the statute again. i apologize if this seems like a quiz. i want to get the benefit of your views. my question is whether section 215 can be interpreted to allow

the government to get ongoing production of not-yet-created business records. the document that purports to be a leaked 215 order would require the company to provide on a daily basis records. at a future date. so they haven't been created. and the language authorizes that production of any tangible things, et cetera. even though this doesn't use the term business record, everyone understands those be a businesses records provision. later in the section, there's a proviso that it can only require the production of a tangible thing if such thing can be obtained with a subpoena, grand jury intend. so i'd like you authorities on that, and relatedly, there's two sections earlier in fisa is a provision which also is based on the relevance standard.

they're ongoing and real-time, unlike a business records subpoena. and the limitations of the language in 215, do you think if this weak order is actually correct, the language of 215 permits that? >> yes. i think it does. i don't think the statute distinguishes when the tangible item is created there are lot of production orders under a relevance standard that require ongoing production of relevant materials common in litigation, common in an administrative investigation. the items are created and are records by the time they're turned over, and the order is focused on a known, existing category of records, that is

constantly being refreshed, but they are tangible, they are in existence, they're business records when they're obtained under the order0. so i don't think that's a distinction the statute requires or points to. in terms of pen registers, trap and trace devices, that's a different technology. that's for when communications are occurring, you're picking 'the addressing information, the calling party number, et cetera. those pen registers would be somewhere out in the network or on the switches, et cetera, in real time, collecting all of the calling party number type information when calls are being placed, and this is a business records order because it's actually with the telephone company, much more efficient go to their existing database where they maintain this information you're looking for, for billing purposes. can i say one quebec thing?

jamaal has used the word surveillance. this is not surveillance. surveillance is a defined term under fisa. that includes getting the con at any time of comnications usually when they're being transmitted across a wire, for example. this is not content. this is just metta data. it's not surveillance and it's not accurate to use the word surveillance. >> i think that people can decide whether it's surveillance or not in the same way they can decide for themselves whether it's torture or not. the statutes can define these things but the terms also have ordinary usage. i have a different view of how the statute can be read. i don't think the statute was meant to allow the government to require the production of records on an ongoing basis. if you take grand jury subpoenas as the relevant comparison, i

don't think it's typical of a grand jury subpoena to require ongoing production, and if you look at the legislative history of the stat constitute, -- statute there's no hint that any considered the pocket this statute could be used for the purpose it's now being used for. in fact there was this testimony that then-attorney general john ashcroft gave to wrong, way back in 2004 or -- and he was asked about the outer limits of the section 215, and at one point somebody asked, it could even be used to require the production of dna? and he said, yes, i suppose it could. and that was sort of the outer limits and nobody even asked the question, it could be used to require ongoing production of any of these things you just said it could be used to compel the production of. nobody even contemplated that

possible. so i don't think that the statute can be read that way. i don't think that members of congress who are advocates of this provision thought it would be read that way, and represtive sensenbrenner thought of as the grandfather, father of this provision has spoken out, saying it never occurred to him it would be used this way. so i think there's really very little to support the proposition that the statute is now being used for the purposes it was designed for. >> it seems pretty clear that the government has argued that section 215 can be read this way, and that the fisa judge has agreed with that argument, and i would -- in order to evaluate and respond to that argument, i think it should be disclosed and then we can have a discussion

about whether or not that interpretation by the government and the fisa court is a reasonable or correct one, especially given the existence of overlapping authorities under fisa, for pen trap collection. >> i'll pass. >> i'll second what steve said. >> back to fisa. this is a three-part question. maybe we'll open with jim and then everybody will get a chance, but since he covered this in his opening remarks. my initial question is whether or not judicial -- eeffective judicial review is necessary to the constitutionality of a program or a statute. that's a general overview question. as one of the ingredients, but, jim, you felt that the court

really had no legitimate role in passing on programattic issues as opposed to the individual applications, and so to you, i'm directing the question, what would you put in their place? if you took that particular kind of review away from the fisa court, would you be happy with just leaving it with congressional oversight and internal governmental -- what would you do, and the third question to all of you, including jim, are -- it's been suggested in some of the comments today, maybe you could beef up the fisa court by having some kind of ex parte -- amick cuss, ex parte, somebody

representing the interests of the people involved. they don't know they're part of a proceeding. and the other one would be on appeal -- technically the only people who can appeal a fisa order is either the government if it doesn't get what it wants, or the holder of the records, although many of them complain they feel they are hindered because they don't even have access to the secret targeted -- original targeting record. all they're getting is tasking orders and they don't know -- they don't feel they're equipped to do that, even if it was in their interests to do it. but even more specifically, the question has been raised in congress about -- and kate races -- raise is it again good-is there some way we can find out what the fisa court

does because a majority of its opinions are secret. i think in the last congressional reauthorization in december, there was the request made, and sort of a promise given that they would see -- the government would see whether or not some form of redaction or opinions could be given, but that hasn't happened. the question is whether there's some form of declassification which would give us the benefit of what the legal analysis is, especially when you are dealing with a program of great magnitude, such as the 215 -- alleged 215 program appears to be. okay. take it away. >> well, that's about a quint-part question.

>> i snuck it in. >> let me take the last part first. i was frankly stunned when i read the story about the -- >> microphone. >> i was stun when i read the story about all the common law being developed within the fisa court, because i frankly had no familiarity with that, and everybody knees to understand it was eight years ago i was on the fisa court, but in my experience, there weren't any opinions. you approved the warrant police the warrant application or you didn't. there was one famous opinion that was reviewed and reversed by the court of review back in 1902, but a body of law and a body of precedent growing up

within fisa is not within my experience, and i am not -- i don't know what the answer to that question is, how we get ahold of it. i'm more comfortable dealing with your question about, should there be some sort of an institutional amicus or opponent that deals with fisa issues. and i think -- i would like to say the answer is yes. my problem is, i don't know what it would be or exactly how it would work. i wasn't kidding when i suggested that perhaps some tweaking of the statute establishing the pclob might make the pclob that institution, but you're not going to ask for that, and i i don't know who it would be.

i mean, there is, for example, within the defense department, a group of people who are dedicated to the defense of detainees at guantanamo. they are defense lawyers, defending detainees being prosecuted by the other part of the defense department. so there is some precedence for it. whether there would be some institutional office adverse to the office that brings these applications to fisa or not, i don't know, but it's conceivable. i'm going to pass on your question of the big constitutionality. i don't think the fisa court itself is -- i'm not even sure they have the jurisdiction to

pass on the constitutionality of the statute that they're carrying out, but i'm not aware of any constitutional challenge to the fisa statute that has ever been brought before the fisa court itself. it's going to be handled, i think, by article 3 courts. i don't know if that answers all of your questions. >> goes partway, thank you. the rest of the panel, anybody that wants to take a whack at any part of the questions? >> i'll take a whack. in terms of whether judicial review is required by the constitution, to the extent the fourth amendment in a particular situation requires a warrant, supported by the particularized probable cause, proved by a -- approved by a judge, then, yes, judicial review is necessary and it usually is ex parte. the government comes in with an

make, an affidavit, and the a judge sciences a warrant without an opinion, particularly, and the fisa court is analogous to that model, and there are a few, very small number of opinions, that as judge robertson suggested, most of the time it goes back and forthand then finally approved by the court with the judge's signature. it may be memos internally at the court analyzing issues. i do think that bob, the general counsel of the dni said in congressional hearing, they're scrambling -- i mam they are -- to declassify as many applications and prepare white papers and explain legal analysis to the extent consistent with national security, and i think they're doing that. in terms of replacing the court involvement, i think that, again, we need to understand the constitutional background is that foreign intelligence surveillance 1,978th, occurred without court involvement. it was unilateral action of the

executive branch. that led to lots of abuses and sometimes the authority being used focused on domestic targets. fisa was a big compromise between the branches to bring courts in and to the extent feasible and consistent with national security, to involve a court, like a warrant-type situation, in approving surveillance that used to happen without any court approval, and then to create the intelligence committees on congress for extensive oversight. so congress can be briefed in, in secure facilities, et cetera. and it is a very unusual animal, and i agree with judge reportson it raises significant questions, with problematic approvals. but prior to 702, the fisa court was overwhelmed with individualized orders focused on foreign targets. the court didn't understand why it was spending so much time worrying about nonu.s. persons' privacy outside of the united

states. so the 702 process was intended to make it easier, whether it's just focused on foreign targets to collection the communications in and out of the united states to those targets. so it's workable. i think it is a great story that congress passed this legislation, and when congress did pass it and consider it, all members of congress were given the opportunity to be briefed on all the classified details of these programs, and all he members of the intelligence committees were briefed. finally, on the amicus participation, i'm not sure that's feasible. the amicus would have to in the details of the'm request. the court is witting of lots of classified information supporting the probable cause determination or the reasonable suspicion determination the context of the surveillance. the amicus -- there's not a feasible -- >> a security clearance? for instance, the -- in the

detainee analogy at some somebody raised, the government has a defense lawyer, as it were, and they do have security -- allows them to look at -- >> none, the defense lawyer is only given access to what the government is going to -- what is relevant to that particular prosecution, and the government, of course, always has the choice not to prosecute if the disclosure of some particular information to defense counsel is too worrisome, in this context, we're talking about doing surveillance of the most sensitive threats, based on the most sensitive national security information, and the executive branch is only making available to the court and to the congressional committees, because it's required to, by statute. and it's so sensitive that you need to have an amicus that is a

permanent -- probably have to be an officer of the government, whether of the court or of the executive branch. that would be fully participating in the process and cleared into the same things that the court receives. >> just inject one other idea into your comments. perhaps this has ban alluded to. the federal public defendanter's office is part of the judiciary, essentially. hired to oppose the government and i wondered if something like a model like that would be feasible. >> how about smarter panel members? >> i think in the usual case before the fisa court, it would be good to have somebody with access to information who could play an adversarial role went the process that already takes

place. i'm not convinced that -- with respect to broader legal questions like, is it consistent with the fourth amendment for the government to collect all american telephone metadata. i'm not convinced that kind of question has to be decided behind closed doors. i don't see why the court couldn't articulate that question publicly, notify the public that it was going to consider the legal implications of a proposal to collect all americans' telephone metadata and allow anyone who wanted to to file an amicus brief. i think mr. bradbury starts from a different assumes. his assumption is that everything that is classified is properly classified. that is not my view. my view is that a lot of -- well, some of the programs been disclosed over the last few weeks and few years, should

never have been secret in the first place. they should have been disclosed to the public, at least the general parameters of the program should have been disclosed to the public. both because it's important that the political leaders who put these programs in place be held accountable, but also so that the judicial process can actually function in the way it's supposed to in an adversarial fashion. and then just to expand on something that judge robert sewn said earlier, if we're asking the question whether fisa -- whether the oversight of the fisa court is sufficient. i think it's important to keep in mind that there are structural limitations on what the fisa court can do. even apart from the questions about, is it appropriate that the chief justice of the supreme court appoints all of the fisa board judges? even apart from questions like that, there are structural limitations on what the fisa court can do.

some have to too with the court's jurisdiction. the court doesn't have the just disk to consider first amendment implications of the government's proposed surveillance. it doesn't have the jurisdiction to consider the facial validity of a statute like the face a amendment act and the court said that in one point made public a few years ago. the court doesn't have the authority to consider the constitutionality of the limits on its own jurisdiction. one of the arguments we made in our constitutional challenge to the fisa amendment, was that the role that the court was playing with respect to surveillance under section 702 was different from the role that article 3 courts are permitted to play under the constitution. they weren't considering individualized suspicion allegations. they weren't making determinations of probable cause. the government wasn't appearing before the court identifying proposed surveillance targets or proposed facilities to be targeted.

instead the court was making these, and is making these judgments about the appropriateness of the government's programattic procedures relating to targeting and minimize sayings and that's something that no article 3 court has if done in the past and is quite foreign to the kinds of things that article 3 judges are accustomed toking too. that argument we made before the -- initially before a judge in the southern district of new york, but it wasn't heard because our plaintiffs were found ultimately to lack standing. the point i'm -- the narrow point i'm trying to make, that is a question that the fisa court doesn't even have the jurisdiction to consider. the fact that other courts aren't considering it, i think makes it all even more problematic. >> so i don't know the answer to your question, judge. but i do think it's important to

distinguish, and probably limit, the role of the fisa court. i think that it was created as judge robertson said, to issue warrants in a way that judges have always issued warrants. the fact it's now creating a body of common law is extraordinary. and i'm not sure that is an appropriate function of the court. the fact that that body of common law is being created in secret of course compounds the problem of it being created ex parte. and the fact that the administration, although i take that their promise to try to disclose more information is sincere, i wish that they would work on that before they describe to "the new york times"

and "the wall street journal" legal opinions which are still classified. we could use the legal opinions themselves. but fundamentally we need some kind of system where a traditional article 3 court -- not the fisa court -- is looking at these questions that have to do with, what does the law allow and what is constitution. >> i just, in that connection, want to push back on the notion that somehow this might be legal even without court involvement, because it was done that way before 1978. i disagree with that, but i think more importantly is that we must not forget that in -- during the bush administration, when the fisa statute was exclusive, it explicitly said, you may not conduct this kind of surveillance except pursuant to a fisa court order, and if you

do so, it is a crime. the bush administration, in secret, violated those provisions, and made up a series of flimsy legal arguments for doing so but most of all, forgot to tell the american people it was taking the new view that it was no longer bound by fisa, and we only found that out as a result of leaks to the press, which is not the way the system should work, about -- and similarly, just to -- because mr. wainstein keeps talking about the efficacy of oversight here. we have a situation during the -- this administration where two members of the oversight

commit yeast have repeatedly raised questions about what was happening. they have been repeatedly blocked from bringing those questions to the public. >> now here we are as a result of an unauthorized leak. >> okay. ken, you get the last word. >> thank you very much. judge. i'd like to address the idea there should be some other party that would take the side of the person who is to be surveilled in a particular fisa application. a couple points to keep in mind. one is something that steve mentioned a few moments ago. keep in mind the notion of a judge receiving and assessing an application for a search is not new. as steve said, this is exactly what we do on the criminal side. when i go to judges, like i did with judge robertson, to get a

search warrant as a prosecutor, or to get a title 3 wire tap, warrant against somebody, that was done ex parte. it was -- the prosecutor, maybe the agent, and nobody on the other side, nobody representing the person whose house was would to be searched or the telephone calls to be listened into, and that's the paradigm, and it's important to keep that in mind you. might be able to sense a theme of mine, which is that this construct on the national security side for these investigative activities, all is drawn from parallels and origins on the criminal size. so this ex parte is not out of the ordinary. in fact it's the norm. the fact is we trust the judges to scrutinize the showing and in the case of a warrant, make sures there's probable cause to support that warrant, and i can tell you from experience that the judges on the fisa court, the article 3 judges, and

they're contrary to what some people suggested, not at all in the government's pocket. they are very independent and put us through our paces to make sure that what we give them measures up to their standard and the standard inside in the law. but putting those -- keeping those two points in mind, the idea of some sort of counter-party is an increasing one. think steve i right there are a lot of practical issues with that in term office the sensitivity of the information, that the fisa court judges see. they see the most sensitive information in the intelligence community. but to the extent that would help establish greater public confidence in the process, i think it's something that the board and others should look at. in -- in addition, kate mentioned the concern about transparency. same point there to the extent that the government can be more transparent with its legal theories, or if the fisa court -- i don't know whether it

can, but if the fisa court can disclose should sanitized version of these opinions, it's just -- it's good for public education but good because these programs only work so long as we have the confidence of the american public they're being conducted honestly and reasonably and consistent with the statute. >> thank you. thank you. my clock here says 11:17. we're scheduled to go to 11:30. do other members of the panel have questions? >> i have a question about the 702 program. that program, by definition, the target is nonu.s. persons outside the united states but inevitably some of those conversations are with u.s. persons in the united states. my question is whether that raises a fourth amendment issue by collecting and using that information involving this person, and if so, i are the

minimization procedures in place sufficient to meet the fourth amendment concerns? >> well, i guess i'm going to go back a little bit to history again. there's been some discussion, ken mentioned changing technology. prior 1978 and when fisa was first en, ad, almost all international communications in and out of the united states were carried by satellite. not even covered by fisa. over time that migrated to fiberoptic cables in and out of the u.s. suddenly if you're conducting that surveillance on a wire in the u.s., even though it's international communication, it's suddenly covered by fisa and individualized orders are required, and that was okay and workable. then 9/11 hit. huge problem. we suddenly needed to know about all suspicious communications from thousands of potential terrorist dots outside of the

united states. one of -- whether communicating in or out of the u.s. that led to the president's special authority to conduct the surveillance. verve controversial. the disclosures, debates, congress grappled with it, ultimately resolved on a statutory solution,, 702, which is targeted at nonu.s. persons reasonably believed to be outside the united states but is focused on communications in and out of the united states because just after 9/11 when the president gave the authorization, those are the most important communications you want to know about if you're talking about a foreign terrorist suspect communicating to somebody you don't know inside the united states, potential planning, et cetera. and 702 enables court involvement, review, approval of procedures to ensure the targeting is focused outside the united states. i don't think the fourth amendment and the particularized

warrant requirement of the fourth amendment would apply to those communications if you're targeting a nonu.s. person reasonably believed to be outside of the united states just because some of the communications happen to come in and out of the u.s. if you're not focused on a u.s. person whose privacy interests you're attempting to invade, and whenever you do get into that sphere, fisa specifically requires individualized surveillance orders that are very much like warrants, supported by probable cause. i still wouldn't say they're warrants because it's not probable cause to believe a crime is being committed or has been committed. it's focused on use of a facility and also important to remember that 702 is not limited to terrorism and counterterrorism. what congress authorizes in 70 is any foreign intelligence gathering purpose, so it can be much broader, and it's not -- it's actually much broader than the president's special that, in that regard.

-- special authorization in that regard. >> the government conceded in clapper that surveillance, particularly under 702. imimplicates the fourth amendment and they filed a summary judgment brief explaining their view that the statute was reasonable in part bass of the minimization procedures you referenced. at the time we didn't have the procedures. now we do have the minimization procedures and one thing that it is clear is the use of the word inadvertent and incidental is highly misleading. the collection of americans data is not incidental or inadvertent. those communications the government is most interested in, the minimize sayings procedures allow the government to retain that information.

if it's foreign intelligence information, forever, and if it's not, up to five years. the procedures allow the government to collect and retain and disseminate attorney-client communications. there are some restrictions for communications between attorneys and clients who have been indicted in the united states, but that's a very narrow category compared to the larger category of attorney-client communications. so the statute was designed to -- the procedures reflection that design and the government cop sealedded the fourth amendment is not irsvelte to the request whether the statute is lawful or not. so i think you're asking the right question. my answer is the procedures are insufficient to protect american's private. >> can i say one quick thing? i if said this i misspoke. i did not mean to say the fourth amendment is not relevant or does not apply.

i meant to say the warrant requirement would not apply. it would still have to be rome under the fourth amendment, and that's a special analysis in the foreign intelligence context. >> well, i would agree that the fourth amendment applies, and i think there's a serious question about the applicablity of the warrant requirement when the seizure is taking place in the united states, it's intented to get the communications of americans located in the ute, and and the argument that was made during consideration of 702 is that the reason why you didn't need a warrant was that an american talking in the united states to somebody else doesn't know whether or not their conversation is being

eavesdropped on because that other person could be the subject of a warrant and be wire-tapped. what you due know and what you, i think, have a right to know, is that if you're communicating inside the united states, with someone, the government's not collecting the contents unless it has a warrant on you or a warrant on the person you're talking to. and so that is not the case under 702. then the question becomes, well, what about the practicalities, how do we do is? and i would urge the board to look at proposals that have been talk about by ex-nsa officials, which basically would set up a system whereby the information might be acquired by the computers, but before the government could access the

communications of americans, it would need to go back to the fisa court and make a probable cause showing and get a fisa warrant. >> that indeed is one of the recommendations of the constitutional project report that i mentioned when i made my openings remarks. this concept of minimization. at it one of the great classic euphemisms of our time. nobody knows exactly what it means and i think the board could profitably study that subject in great detail and for weeks. >> just like to clarify one point. kate mentioned, and i might have the phrasing a little wrong but the surveillance under 702 could be intended to collect communications of persons in the u.s. make clear, this is actually a

specific provision in 7 02 that says you cannot do reverse targeting. david, you mentioned that. you cannot -- the nsa cannot target somebody who is overseas for the purpose of collecting a communication within the united states. what 702 does permit, and this is, i think, kate and i are on the same page -- you can target somebody overseas, but also with communications that are inside the united states, which often, as steve mentioned, are the most valuable or concerning communications because they might indicate the existence of a plot. you have to keep in behind if you were would try to impose a warrant requirement of some kind, to protect communications of the u.s. person who might be communicating with someone who is rightly targeted overseas, that same notion would apply to presumably to our collection around the world where we --

fisa was drafted specifically to work around that collection to make sure that didn't get hindered by the fisa warrant requirement and that could be applied to title 3. so it would be major paradigm shift in our collection. >> quick response from kate. >> i just want to -- i think ken and i would agree that the reverse targeting prohibition in 702 prevents the government from using 702 surveillance in order to obtain the communications of a specific known american. but if the intent of the government is to target someone overseas in order to find out, and obtain the communications of people they don't know in the united states, who are talking to somebody overseas, that is the purpose of 702. >> we're almost another of time for the panel. i know beth has one question. if we could -- just make --

>> a quick response. >> way -- at the risk of assigning homework, going to ask that y'all consider my question and if you are so moved to provide information afterwards to keep us on track. this is following up on some of what we've been talking about. we came close to what i was thinking about. but looking at what happened in 2006, with multipoint or roving surveillance, when there was some uncertainty as to how an authorization that was granted by the court would be implemented in a given case, a return requirement was imposed. my question is whether or not, when you're dealing with these bulk authorizations white be appropriate to impose a return requirement through statutory provision, so whether it's for 702, or whether it would be for this sort of more programattic

collection, so i would appreciate your thoughts and i would also be part of panel 3 so come back for panel 3, and hopefully we'll have something in that. >> just to add to beth's point, 702 provide ford judicial review of directives, and the question is can the jumps -- judges review the targeting requests or just the broad program and if not, should hey be able to under 702? >> thank you very much to all the witnesses. i have an observation and homework as well. my observation is, up until the very end, we really only heard one concrete recommendation for what might be changed, which was judge reportson's suggestion about creating, at least for some activities of the fisa

court, some adversarial-ness to the process. 'll just say i think at it incumbent upon the civil liberties community, of which i consider myself part, i guess, but the really incumbent upon the civil liberties community to develop some concrete recommendations for moving forward here. it might be that your bottom line is the 215 program is inappropriate and should be ended. completely. but i think that whether it's 702 or 215, you really have to get more granular, and more specific in terms of some concrete suggestions. now, at the tail end we started to get to another one here, which was this idea that is apparently reflected the the constitution project report, about acquisition versus a second search, the search for

particularized search. that is another concrete change. i'll say one thing to steve and ken. i think it's very important for people like you to engage in that process as well, and, again, ken started to at the end, in terms of engaging with the idea about theded adversaril process. the way it was set up, we had two critics of the program and two defenders of the programs. i really think that there's a role for form ever government officials to play. it can't be that everythinges perfect. it can't be that no changes can be made, that no additional improvements or checks and balances or controls, et cetera, can be made. i know you're put in this position of somebody says it's terrible and you have to say,

it's great. i really think both the civil liberties community has to be more specific in its criticisms and its forward-looking suggestions, and i think former government officials, including those who helped design these programs, have, i think, a role to play in offering concrete suggestions for how to improve them. and then my sort of followup, my homework assignment, i guess, to take beth's term, i would like to see more specific engagement on the question of minimization. judge robertson is 100% correct in terms of the misunderstanding, at least, or the use of that term in a way that it becomes a mantra and no one really has dug in on that. there is a document online, whether it's valid or not, whether it's still right or not, i think there's a document

online that, assuming that minimization procedures looked like what is in that document, what is the reaction to them? how do they play out here? is it good, bad, indifferent? secondly i think there's followup to be done on legislative history. everybody talks about relevant relevance. relevance didn't come into the statuten in 2005 in 2001 the statute said the documents are sought for an authorized investigation. relevance came in 2005, and it's wore thinking about what was the possible seven congress in shifting from sought for an investigation, to specific and articulable facts give you reason to believe they are relevant to an investigation. did that have any impact? should it be viewed as having an

impact? and then on the case i would like to see some -- whatever there is on the public record in terms of -- jameel mentioned, i'd like to see somebody anything and spell that out for us. thank you all. we're out of time. as i mentioned before, anyone on the panel or in the audience is welcome to submit written comments, thank you. >> thanks. we're going to take an hour break for lunch and resume at 12:30. >> good afternoon. we're going to begin the second

session of our program today. this is the session that will focus on technology issues. jim dempsey and i well be co-moderating this, and i'll put it to jim to make introductions and kick things off. >> good afternoon again everybody, and thanks to our afternoon panels as well for giving their time us on this important set of issues. our panelist for the afternoon are four of the leading experts and one of the questions and challenges facing the pcl bo which is bridging the gap between -- and policy. we have steve kellerman, -- steve steve bellovin.

secondly is mark rottenberg, longtime president and head of the electronic privacy information center, and again, a nationally and internationally recognized expert on privacy issues. ashkan soltani is an independent researcher on privacy, and security issues. among other things was consultant to the "wall street journal" on its extensive series of articles on internet privacy issues. and finally, danny weitzner, currently at the computer science and artificial

intelligence lab at m.i.t., former white house science and technology policy adviser, cofounder of the center for democracy and technology, and, again, a long-time participant in these debates. so, again, we will adhere to the rules we established this morning. five-minute opening remarks from each of the panelists, followed by a two-minute response by the panelists to the comments made by their fellow panelist, and then questions by chairman david meddine and myself, and the record of this proceeding will remain open until august 1. several of the speakers on the second panel have already

submitted either final or draft comments, which we're grateful for, but they will have, like everybody else, until august 1 to, as they say on capitol hill, revise and extend. so, steve, please. >> thank yous, jim. let me add a brief disclaimer. i wear many hats in this town. today the only one i'm wearing is the private citizen. what we're saying is based on my draft written remarks. you have copies of them. and on my web page, find it easily with your favorite search engines. these are draft comments. i just have to make sure i have the facts right. this is still a draft. so i'm a computer scientist, not the lawyer, which means when i look at a system i look at it from a technical perfect and when i see a system, the first

two questions i ask are, why was it built that way and what else can do with it? that's why i became a computer scientist because that's in my personality. gee, pretty. what can i make it do? as a privacy scholar and technologist, i also know that one of the things that is the biggest problem in privacy is not the primary uses of data collected for a legitimate reason but the secondary uses that are often found later on for some particular database. and that is another part of the -- when i looked at this large database of phone records and presumably internet metadata as well, my first question is, why did somebody need to build such a large database of phone company records when the phone

company has these records. i can come up with three possible answers. one is, retention. perhaps the phone companies do not retain the data for as long as is necessary. the e.u. has a data retention law for two years, covering a wide variety of communications of metadata, but that in itself is controversial. the u.s., one reason why it will be controversial is we don't have workshops and hearings as much on what private companies are allowed to do with their data, unlike in europe. having a large telephone company retain data for a long might be worse for privacy. i don't know. but it certainly is an issue. a data retention law is not an automatic answer to a privacy question. a second possible answer that occurred to me is the efficiency of search, particularly the indices. if you have a large amount of

data it's often organized to make it efficient answer the kind candidates of queriries you need for your business purpose. arguably the phone company does not have the right indies -- indices for the types of inquiries needed to be done and that's rome for the phone company not to -- they don't have the same questions. it's also harder to say what should be done bat that other than a copy, asking a phone company, can you build this index for me, is reviewing of the kinds of questions an intelligence agent analyst might want to ask and could very applause by be seen as a serious security issue. the third answer, and the one to me that i think poses the most difficult legal and policy questions, is the machine learning, data mind, call it what you will. just think of the phrase, you

have all seen in the press, heard on radio, npr stories on big data. this is big data. what can you do with it? what can you learn from it? it's a powerful technique but also one very susceptible to abuse. machine learning finds another by correlation and not causality. and can find out very surprising things. best example, read last year's "new york times" article on target. and the kind of analysises they were able to do on their customer base. one -- the thing that makes its most relevant -- that's an interesting word here, isn't it? machine learning often requires a very large collection of data that defines normal prosizely so you can say, this is abnormal because it's different than normal. this means that by extension, everything is relevant, which makes for an interesting reading

of the law. it's not necessarily wrong from a technical perspective. i don't know what it means to do a fourth amendment search, which requires particularity when it's data that is already there we need have a legal understanding what i relevant and particularity means in the context of date a mine -- data minding. i'm running're short or time. metadata -- i look at from a technical and legal perspective, third party documenting something i'm giving to somebody else, can i look at this and say this piece of the technical data is going to somebody else? turns out it's a very detailed technical analysis to understand that cannot be done easily. there's a lot of invisible things that can change the answer, as ridiculous as the expe

but looking at the technical organizational roles of the system administrator is a very important thing that the board needs to look at to understand the real security of the system and the privacy against insider misuse. >> thank you. marc? >> thank you very much. i want to begin by saying, following steve0s comments i am not now a computer scientist. i was and decided to go to law school to help address the

lawyer shortage in washington, dc, and i have corrected -- contributed that time to solving the problem. in me statement smidt i outline -- submitted i outline the steps taken and made some recommends to the oversight board. i do want to say that over the years i've had the opportunity to work with many great computer scientists and technical experts, and the one thing they have taught me is a healthy skepticism of technical solutions to what are ultimately social or policy problems, which is a point i'll come back to. in brief, let me first describe the steps we have taken. this may be of interest to the oversight board. as many of you know we filed a mandamus petition with the supreme court challenging the legal authority under which the verizon order was issued by the foreign intelligence surveillance court. this or the was based on section

215 of the patriot act and require this telecommunications firm to provide on an ongoing basis all of the call detail records -- the phrase in the order -- also described as telephone metadata -- for all verizon custom issues on an ongoing basis. we looked very closely at the statute. we concluded the court did not have the legal authority to issue that order. we believe that the supreme court was the only court we could bring this claim to, and that is a very important part of the analysis, i think, even as we talk about changes in the law, we have to answer the question, under current law, is this surveillance activity lawful? the second thing that has been done toes begin the formal. petition process to the nsa director, general alexander. the nsa is subject to the administrative procedures act,

and when it engages in a substantial change in agency practice it actually has an obligation to notify the public of it determination. now, of course, there's certain rules. almost unique rules that apply to the nsa, and we understand that. but that doesn't get the agency out from under its fundamental responsibility to be accountable to the public and as we did with the department of homeland security, when they made the decision to deploy the airport body scanners for primary screening, and that challenge was ultimately successful in the d.c. circuit, we think on a similar basis the national security agency should give the public the opportunity to comment on this domestic surveillance program. we have also asked the federal communications commission to determine whether verizon may have violated section 222 of the communications act when it turned over the customer records to the national security agency.

the fcc plays a critical role in saveguarding the american telephone consumers and we pursued a series of freedom of information act requests for some of the key legal documents that have been thus far kept secret. if you how -- if you have suggestions what else we should do, we're very interested. let me summarize the key points of my written statement. the first point i'd like to make, we think the legal authority was exceeded in a section 215 activity. it's set out in the petition in considerable detail. summaried in our statement. the second point as to metta data, is that this information is far more detailed and for more revealing of personal activity than typically the underlying content and the communication. and in this sense, current lay,

u.s. law in particular, is almost upside-down with respect to privacy interests. as many of crowd know our laws have evolved following a paradigm which distinguishes between the content of a message, what is in envelope, and the header information on the exterior you're of the envelope, and we cared that forward with the content of a telephones communication as opposed to the call detail information. but that analysis which might have worked 40 years ago when smith versus maryland was decided, was almost unrelated to current circumstance. because in a digital world, as opposed to an analog world, it's the digital data, it's the transactional data, that enables the linking, the chaining, the profiling, the matching, the assessing, the ranking, the rating, all the an -- analytical

techniques employed to assess personal information are most useful as against transactional data. underlying communication requires interpretation and assessment and it's a slower process. so, the second point that the metadata, which has been said as something of less privacy interest than the content, in fact the opposite is true. and i think that is the view widely held in the scientific community. the third point to make is that this type of data, unlike underlying content, generates additional uses. i've said in the past that data chases applications. which is to say that once you have information collected and stored in the database, you will not surprisingly find new uses for it. in fact it would be surprising if you didn't find new uses. now you can through law attempt to restrict and legislate the way in which the data that you have collected may be used.

but over time, almost certainly boundary points will be pushed further and further as applications for the data are found, and i think the conclusion to draw from this point is that a threshold is crossed once the data is gathered, because it is at that moment you created the opportunity for future applications. whether you choose at that moment the time to permit those applications, is a saveguard you can put in place, but there's no guarantee that safeguard will remain over time. the final point i'll make, it's very tempting to imagine there are technological solutions to privacy problems and we have been on the front line to promote technologies and protect privacy. we started over freedom to use

encryption, we supported deidentification, all of these methods are very important but there's no question that at the end of the day, the most effective safe garretts are the legal safe garretts and i want to share with you a quote from former president of m.i.t., the first signs advisor to president kennedy, was asked to testify before the u.s. congress on the hearings on the privacy act and he was asked: there are technological solutions to the problem of privacy? and he said there are those who hope new technologies can redress these invasions of privacy that information technology now makes possible. but i don't share this hope '. to be sure it's possible and desirable to provide technical safeguard.

it is even conceivable computers could be parade to have their memories fade over time. and hsu saveguardshe legislative and legal systems of this country. we must face the need to provide adequate guarantees for individual privacy. thank you. >> i wanted to echo marcs points. i agree that the metadata is actually more sensitive sometimes than the content, and the retention of this information exposes, even with policy safe guards, the existence of this information collected where it normally wouldn't be collected, and hanging a pay an know -- piano over may head may be legal but

exposed me to being crushed by the pea an now. want -- the piano. i want to talk about four points and i wouldn't even comment -- draft comments on me blog which you can submit them by the first. i'm expecting there is probably more revelations being made and i'd like to incorporate those before i submit. so, the point i want to make is one that traditional ideas about geography and borders don't translate on the internet, and that most of our modern activities take place in part through some kind of digital medium. create data trails about our activities. in fact the nsa -- in 2002 they remarked that only 1% of the 2089 gigabytes of internet traffic at the time was out of their reach. that's in 2002. and to the point that the computer systems don't inherently understand law.

they don't understand borders. they don't have the same limitations we do or understanding we do. and that they work under guidance of their operators, and these operators are empowered under a legal authority which i feel like might be confused or lack underou technical capables. one is the metta data -- big data has more capables than we lonelily infer, but just other understandings of how the technology operates and so i'd like to expand on that a bit. one other point of clarification from this morning's discussion was that there's been a couple different and very clever pushbacks and a culp different revelations but the metadata collection was not just the nsa going to at&t and saying show us your call records you collected

there was a multiple times, the equipment the nsa implantedded a key internet exchanges and key junctions at service providers in order to themselves create this metadata and collect it, and we want to be mindful of that hook. it's a very different issue than just going to verizon and saying, give us call records. this is generating call report, generating ip metadata and the process is problematic. computers don't understand law and don't understand the difference, we say, -- they do understand the difference but very small distinction between an ip header and the e-mail content itself. the same equipment is often very easily able to capture that same data, and we have some understanding they were actually collecting e-mail content from the wire. so i'm going to start -- expand on the first point. on a quote that former nsa director hayden himself made

where he said let's keep in mine that global structures -- geography doesn't mean what it used to be. things in a place may not be of a place. the internet actually lacks geography and this is his statement from the -- kind of telling. the person who spearheaded these projects himself doesn't believe there's an inherent geography to the internet, and we kind of need to push on this a bit, because in fact we want to understand that nsa is collecting information about kind of any geography and then are taking technical measures to limit the amount of information they use on americans. and to do this it's kind of inreliable. a describe a couple ways where this breaks down in my comments around things like users using vpns, switching e-mail addresses, for example, the nsa maintains a database of identifiers on u.s. citizens, which in itself is information about americans.

not anonymous information but, for example, phone numbers, mac addresses, internet ip address identify who is an american and often times these things -- they're problematic and to a degree they're wrong, ininadvertently collecting information. the other thing is that the systems in place using these identifiers, these selectors can be implemented improperly. we know that targets of interest could be anything anybody that has affiliation or interaction with someone else of interest. if could potentially be a target of interest by my communication with someone of interest. but you find that most of the modern internet systems we use, skype, or spot -- these they

connect with anyone on the internet for the purpose of providing the service. but -- so if i and a member of al qaeda like the same brittany spear song, does that actually put me as a target? under this contact chaining? and so the system would say yes because i had some sort of communication with that target, some sort of data sharing with the target. we want to be mindful the systems are limited in the way they understand geography. and i want to make a point i make in my comments as well, i feel like -- we might look to congress and look at the policymakers, like why -- they have had repeated opportunities to shut down and push back on these programs and haven't. and we might infer that to mean they think these programs of justified or think that they are effective or worth the tradeoff. one other explanation i want to propose is that, again, people

don't understand the implications and the raw elements that go into these systems, so the policymakers don't understand the tech nick:capabilities of these infrastructure and what data they ingest, and because of that lack of understanding, it seems generally okay. the geeks have a key to the castle. where they'll give you an explanation, of course the system won't collect information, but if you look under the hood you would realize there is quite a bit of domestic surveillance going on, a lot of inadvertent data collected. a lot of misuse from books. and i think that lack of understanding might explain why there hasn't been kind of tighter controls. ...

>> family of research going around the computer science world. ic to functional goals to think about how accommodation of technology can shape the system we talk about. you have asked us to

concentrate on the to do 15 and 702 programs but it is important to see these in a larger context to dry in data from a much larger system and i think the ability to draw boundaries of those systems is not nearly as easy as she g section numbers in a statute. we need to look at it a broader context but two goals we should pay special attention to be should be thinking about to enable under the rule of law the process of finding a needle in the haystack without privacy risk. a and number two, given that intensive information to create an environment where

there's genuine public confidence based on an oversight that is effective and a meaningful sense of transparency. i think if we look over the last month it is the lack of transparency and continued revelations of more data that has caused people to feel more and more uneasy that causes allies to be more and more uneasy and citizens and companies so having a real sense of transparency is important. it is important to think of transparency in two dimensions. the first panel spent a lot of time talking about reasonable transparency for the process associate with the programs.

but this panel can address perhaps an a more focused way is transparency of the actual data usage how do we know what is going on in the systems? talk about the technical challenge of having that kind of transparency. within certain bounds it is safe to assume the government will have more and more data. the constitutional process of legislative process will determine how much more but it will be more and that is just the trend in the world that we lived in. so the challenge with the statement he is very up front and public statement

that the intelligence community collects all the data to find a needle in a haystack to have to have the haystack. we wonder if you have to have all the haystack all the time we can see the development of government programs as an example to move to having all data in one place. that the oversight challenge for organizations for the courts and congress and ultimately the public, is to have a sense of confidence that all that data is held onto klay only a tiny bit is used that the rules are it here to. but these are rules governing the usage of information, not the access to our collection of. in the larger privacy policy debate, we can see more and more recognition that many

of the privacy challenges will have to be addressed by usage limitations not just a collection the petitions because all the data of interest has been collected. very briefly, i would say if you look at the computational techniques to address these challenges in computer science we were quite good at controlling who has access to what data. and steve is one of the experts on those techniques but what we are not good at is the ability to examine the system and how that is used and whether the use is in accordance with whatever the appropriate rules are. several years ago, my

research group at m.i.t. took on the challenge whether there is a way to actually characterized information in a formal constitutional sense if you can apply those rules or see if they could be adhered to with any information system for the we have developed research prototypes that enable us to detect those violation of rules law enforcement information sharing rules and on privacy rules such as copyright. it is in the written remarks a description of this research that is no and active community around the world at work on systems like this. like to stress one thing, i think we know a fair amount

of the systems but much less how to deploy them a large scale. i don't think we will in tel we do that. that won't happen until the entities that hold the affirmation are told they have to be accountable. >> let's hold the right there. i was generous on the five minutes on the first round now let me simply ask does anybody feel compelled to save something at this moment before we get to questions? >> thank you. i just want to follow-up on some of the points that he just made because a very troubled by his description and his proposal. he seems to be arguing there

is really no need or purpose or likelihood of success for limitation rules. so let me stipulate that. if that is true, what is the legal authority and for which u.s. agencies are currently allowed to collect all the data? what is the basis? i used to think a search having some legal standard you think there is such a legal standard and secondly secondly, if you don't think there are any legal standards that prevent collection are there any boundaries? if the nsa would go and say we want all credit card information all live search everything you possibly have in common than we will sort out usage conditions you

have a problem with that? >> let me make sure no one misunderstand i am not suggesting we should eliminate all collections but i am suggesting our current legal standards will have the collection of large amounts of information and i said i think it is for the legislative process to sort out how broad that is. but my belief is agencies have reasons i also think it is challenging based on the comments to understand where the limits will be. we need those but what i would suggest that i would

submit have been practical that it is hard to store data and i believe we need to replace them with very clear usage rules. it is not either orbit it is equally distinct to assume you can solve this problem with collections. >> just a quick comment. i am not a fan of usage or audit but technical transparency mechanism for the agency whose bread and butter with analysis should analyze the usage. that is a no-brainer. they can tell us what percentage of the information was relevant.

however i want to push back on the use of technology as a placebo or panacea of policy limitations. of it does is make it more expensive but it rarely does it make it impossible. we found with enough resources and efforts almost every securities advancement there has been some vulnerability. >> we can talk about the abuse scenario but honestly i would rather focus on the non abusive. >> absolutely. but look at the database that ising corrected but the subject of a suspected terrorist's it is the only lead.

but it contains millions of records of innocent individuals, americans. but in a scenario we have technical limitations but he think we would not overcome those? >> that is a good question. for my first question geography. a couple of you mentioned the internet that wax geography. we have a law, the 702 based on the geography of the people and let's assume for now an individual, so in

individual the existing one place at a time. we have a system based upon assessing where that individual is and if they are outside the united states and can be subject to a collection under 702. my question is what is the best and what is the worst indicators of whether a person is outside the united states? >> there are several technologies that are commonly used. most common is the database saying we have different it addresses those used by a gambling sites to see if you are in the blackout area.

>> don't forget technological. the imperfect technology is 85 percent accurate more accurate with the country level than the city level. the nsa has a technique that uses the round-trip time from geographical points, the speed of light i don't know if they're using it but a patent they were granted on this. but the david doesn't respect national boundaries as it moves to the cloud and if you are operating with large data warehouses, you want to disperse geographically with the blackout one of the migrations nobody is

controlling where this goes. the geography is very poor. >> we have a lot that ignores the geography of the data. >> but they're not perfect especially business travelers with virtual private networks that make it appear in the u.s. are not in the u.s. it is not a particularly useful paradigm there is a lot of stuff out there that is easily attributable to a particular person because of the twitter handle and the database has privacy risk. >> i want to echo at steve's comment new zealand it

address becomes borderless it can appear to come from the u.k. or u.s. or have access to bbc or hulu.com. and they render it based location. able to you the source of the equipment but not the individual. e-mail addresses don't have the same property. it is inherently have a nationality they you can infer from the e-mail address. maybe a country code or a nationality of the name but with most e-mail between copywriters to go to g mail even though you see the locker icon mingy mail delivers that it is transmitted through the servers in the cloud.

anyone with equipment or a large internet exchange could get that the data or content. so how do they determine whether it is a u.s. citizen or not? >> there is some indication they do have a database also that there is other data in furred and you are looking at the data that you have looked and process the data which when you decide it might be american but that it is after the fact ended rigo under section five that if you encounter any illegal activity, you can then handed over to other law-enforcement agencies.

see you can render the problem of the real identity >> let me see if i can give you a more precise answer shaking my computer science background cobwebs. but a typical sulfone can be located 93 techniques the second is the gps and the third is the wife i access. but you talk about the individual using the device and that is a problem you need a big table of all u.s. citizens then you need a unique link to the user in time coz by the way a person who holds john smith device may not be john smith's you

have too often to keep the user to the device but then it allows them to be a u.s. citizen. but i suspect the nsa has given considerable thought because they need to address that challenge to satisfy the 702 requirement. also i participated several years ago at a workshop something called of e.d. and day but it would be possible to uniquely link every activity on the internet coming every keystroke to the identifiable user who did what when. is perfect. like total information and awareness. but here's the problem. it is why i think we have gone too far down this road

to distinguish between u.s. citizens and on u.s. citizens for the fourth amendment doesn't draw that distinction. almost all privacy laws regulate the conduct of the police in undertaking law enforcement activity. but it is the police conduct we're regulating. what pfizer introduced is in the collection of foreign intelligence we needed to safeguard the privacy interest of u.s. citizens. and in that introduction attempt to build a barrier against the overreach. >> if i could come back to the question of geography geography, the law focuses on persons reasonably believed to be outside the united states that is the first filter. when i am asking is in terms

of how that assessment is made, you don't care about the identity of the person but the location recently believed outside the united states can someone give us a list of the most reliable factor answering just that question and the least reliable factors? i will go to dna that i will yield to david because we have to move on but to me personally it would be helpful to have some way to go back to nsa had to make this determination will be looking at what is technologically more reliably and reliable so

when you get to the second question it turns out it is a person in the united states it is a citizen. how you first make this judgment of geography? >> i want to suggest that perhaps the more reliable and less reliable may not be the best paid to do but the more contact you have the more reliable the determination should become and in these uncertain cases let's take the 85 percent accuracy the no reliability levels for different it we can give you that the nsa obviously knows it but does in the agency as they develop more information, do they act on it?

if that they are u.s. persons who we should treat them the way? can reestablish the epidemic threshold? the in the service learns overtimes it is reasonable to expect and be accountable to the hard cases will be the one that changeover time and when is that recognized? >> is the point i made that there isn't a reliable method that the internet is without geography and you need additional information to prove that sometimes requires a looking at the contest with the targeting

guidelines the standard is guilty until proven innocent unless you're a u.s. citizen you can hold it and analyze it for later analysis. the two things together is about geography and in tel you can prove it is not u.s. >> week ago on this forever. >> i want to go back one of the board's responsibility is to oversee programs we heard the issues with regard to a collection and use, access and disclosure of information.

so where in technology addresses those concerns? or how this technology and lot interact together to address those concerns is a free work going forward. >> technology at best to implement a policy. i have to know whether the things i am trying to do? depending on the problem i can come closer or not so close from a technical perspective. on the flip side how do you verify people stay within the rules? electronic medical records if anybody has looked at these you cannot acquire strunc of the dictation

civil walking into the emergency room in case of emergency brake the glass and looked at the data there will be an audit process after the fact was this reasonable for this doctor or nurse to have done at that time? and then it will catch were punished those but the policy comes first after that technology will have to function. >> i did not mean to suggest that technical solutions are not appropriate obviously they are necessary but i don't seeing that it is an ultimate solution into the legal safeguards but i listen to the panel this morning i was struck by the

comments from daniel weitzner how the fire is a process was similar to the traditional wiretap process he said rialto are targets of retry to give information over the course of the investigation said he is right with that respect but what also struck me having studied the oversight mechanism is how many of the things are in place for the traditional title three wiretap? it is true. what do you do? the courts have to report on an annual basis a number of wiretaps authorized and how long they took place the outcome and that cost and what percentage of non incriminating information was gathered and all of that data is made available to the public.

not investigations pacific but the enormous amount is made available to the public about the scope and use and effectiveness of those traditional wiretaps. but we have almost none of that information we have a letter that says roughly in 2012 there is 1784 applications submitted one was withdrawn and then modified or approved were subject to modification because ultimately they are all approved so the key point with the legal safeguard it is necessary inappropriate no one is disputing that but there are many more ways to establish meaningful oversight within the fis said that we have not even scratch the surface >> with the law versus

technology you would essentially need an intelligence agency to monitor the intelligence agency still technically capable actors or bill dane audit mechanisms to measure exactly what the agency is doing so this is the number of e-mail addresses and it addresses what ever is collected how this information relates to the investigation actually having someone from the outside but to provide in tel if they're doing their job this could be technical.

things like what they have described as is giving their own audit logs. evade not classified as individual who probably want the independent team. >> is also an argument with the analysis before will on a larger scale normally technology has something as opposed to waiting after the fact. >> absolutely that goes back to prove the programs that gives the fis and orders do you know, the numbers how much was over collected there is no mechanism to the fisk or congress that how

will you trust the nsa that this is working dray and the algorithms are on their adult figure heavily to say and called out bs on that. >> i think we have 21st century intelligence and 20th-century accountability and enforcement methods. we have to get the privacy of force and the kids of today and of the ticket requires creating another intelligence agency but i do think requires a much more intensive approach to auditing with the way of looking at the results of those audits to have transparency and access for independent entities but there would have to be more than five.

i think we should raise our expectations to detect the anomalies the way the agencies operate i am very to blend together the question of intelligence effectiveness and privacy rules. so yes if the agency will spend a lot of money on day that it analytics they should not waste of money but just because the system is effective it doesn't mean it passes the privacy test we should keep those two questions on separate tracks but there is a lot that can be done to have better accountability but it comes back to the original point that the rule has to be clear and not dependent on a

technical accidents as if it is g relocatable or not. >> you have anything to offer? >>. >> i started but. >> you said we have barely scratched the surface on the fisa project either off the top of your head curry you pick off a couple of items or submit them for the record please or anything off the top of your head? >> we could improve public reporting through the availability of more statistical information that does not compromise any program or activity but it gives the public a better picture of how the programs are used overtime but we found with respect to the wiretapping it is useful to

see the trend and why a narcotics investigations today are the primaries so in the regions of the country and it leads to a more informed public debate because people who think these are necessary tools have the lead to a debt to support the point. we don't argue in the dark. >> anything for the you could submit along those lines would be great. content versus non content i am not personally convinced yet that the non content is as repealing or more revealing the and the non content. often with the government collects the content is the

not associated is well but i get it i called the cancer testing clinics been 10 minutes later i called the oncology department then 10 minutes later i called the insurance company then i called the drug store in the oncology clinic every week for three months. said you infer that i have cancer? and they have called in said my mother is 90 years old and she has cancer what can we do about it? much of the sixers old and she has cancer i will bring period every day. it would be far more revealing it seems to me to have that content in the and reliable in france and there is a privacy law that this

is no distinction because i thank you fall into the argument that content is so powerful he make the argument as to why they need it one is that metadata could be highly misleading. >> can i speak? i would just amended slightly that metadata at scale is at least as revealing as content even a single set of metadata can be misinterpreted two years ago to students of mine did as a final class project they looked at the m.i.t. network and facebook included for relatively accurately few of the 25,000

person who was gay or straight. based on the strength of the friendship relationship of a link analysis and was an affirmation that was available for the vast majority publicly or privately you could not getting it without a warrant but you could infer it with a better data. >> my degree that the micro level to be wrong that the macro level the amount of useful information you glean from the metadata is far more valuable than the interline content the simple way to understand is the paradigm shift of the analog world to the digital. it does not lend itself to analysis to analyze analog information you need to

transform it into a representation it is now digitized and transform to be analyzed as a digital representation but once in digital format, you have the opportunity to examine or compare our record analyze and coming from a computer science background it is absolutely fascinating we concerned you did not even think you look for at the outset. i would be surprised if people are not uncovering things they did not anticipate they would find. but the critical point is the hard policy problem the value of the data that drives the programs it is also the risk to privacy that has raised the need to update privacy laws to reflect the interests of

digital data and one final point barely dylan to lose this one, we think a lot about the communications rolm in linking of identities through investigations which is appropriate but these large data centers are user profile individuals including american travelers entering the united states to aside a threat to index posing a risk to the country. said taking that data you can assign a score and allocate resources in that is another way it is used. >> is a that a good thing? >> that is the converse of your argument that the goal here is to find a terrorist the data is good at that does that support the government's argument we

need to amass the data? >> but we have the answers of consumer privacy laws like the fair credit reporting act better good at managing the analysis of data that it tends to be fair like you're not allowed into the country people have the right to respond there are obviously there has been some progress but i don't aim to have gone far enough and there are adverse consequences people should have the right to respond and correct the record not hide from what history but to make sure that the inferences are accurate. >> it is not digital data but it is structured data.

anybody knows how bad computers can be but structured data is extremely valuable you can process it a efficiently and gas -- to have much more data and retrospect fully prepare wanted to keep call detailed records. the intelligence community has known more it has got worse content is great but it is harder to get. >> data on think we should necessarily make assumptions

in the unclassified of environment of the capabilities to analyze large volumes of voice data. i don't know but i don't think we should necessarily assume their limitations because there have been a lot of the variances in voice recognition and processing very large streams of digital data of this sort. >> i would propose a different perspective rather than saying content is cold and metadata is less but come up with a thousand pieces come up but this and this information so to see the impression is accurate oftentimes but they will be a reliable. bias or code words.

is not a gold standard of the trees. the information revealed but then to have some level of confidence. way you could infer that a stone my pack to v are promising as jim said fed are in the environmental of large data you've proved their algorithms and make the princess. in some cases it can be effective. you have calling patterns that reveal just based of

those who make the inbound calls but does the information revealed to some degree is it does? . .