then steve johnson who wrote wonderland, how how flag made the modern world, and sonja shaw, her book is pandemic, tracking contagions. also the book time travel, a history and we close with kathy o'neill's book weapons of mass destruction, how big data increases inequality and threatens democracy. book tv in prime time on c-span2 starting at 80 strength. >> c-span where history unfolds daily. in 1979, c-span was created as a public service by america's cable television companies. it is brought too today by your cable or satellite provider. >> government surveillance and privacy concerns where the focus of a daylong cato institute conference, lawyers, journalists and former government officials

talk about what to expect from the incoming trump administration. also, russian interference in the presidential election. >> good morning and welcome to the cato institute. welcome virtually all of you were watching at home, to the 2016 cato institute conference, now an an annual tradition and a daylong event where we explore a full array of the diverse legal policy and technological issues surrounding government surveillance for both law enforcement and intelligence purposes. 2016 is a case in point of the possible chinese curse may you live in interesting times.

for better or worse, the obama administration has shown us eight years of perhaps surprising continuity with its predecessor, that is civil libertarians can look back on at least eight years and count some victories in the war to protect privacy, we can look back on the first real contraction of the post- 911 expansion of intelligence surveillance in the form of the freedom act and presidential policy directive and an executive order constraining the ability of the intelligence community to collect mass information about persons abroad, and now, at the same time and entrenchment of the bush era approach to the war on terror so those listening to obama administration, there

would be no more national syria letters to gather information about people not suspected of any wrongdoing or perhaps appointed by neither the expansion of that surveillance continues. we began to see it roll back. now, the only thing we can really be sure of is that we cannot expect continuity. we have a rather extraordinary year where it since essentially impossible to talk about the topic without talking about donald trump. someone who really comes to the highest executive office in the land without a very clear sense of what his platform on a whole range of issues outside his concern looks like but who has already created a great deal of

anxiety both in the intelligence community, by his distrust in that community and at the same time, among civil libertarians he has demonstrated the kind of character that seems to hold grudges and pursue slights, an instinct for enemies less and for using private information to punish political enemies. at the same time, someone with a seemingly very broad idea of the power to the presidency without any kind of clear sign of a regard for the constitutional limitations on the power of that office. and so, as it seems to be inevitable in 2016, we need to begin a discussion of these important policy issues by asking what the next 4 - 8 years look like under a trump

administration. what is the shape of the national security state under donald trump? why have so many national security intelligence officials regarded his ascendance to the white house with something approaching panic. to discuss that, we've assembled a really excellent panel of veterans and to introduce that panel, we have one of the best national security reporters today. harris with the wall street journal who is the author of next line book called the watchers and more recently and also excellent book called at war and the rise of the military complex. i cannot think of a better person or panel to kickoff the 2016 conference with an analysis of the trump administration.

i work welcome our first panel. >> thank you.

>> good morning everyone, thank you to the nice introduction and for cato for hosting us. the title of our panel today is intelligence under the trump administration. as i was getting ready, i thought if if only we had a more interesting topic. [laughter] so i am going to introduce everyone here. matt olson on the left who is director of the national terrorism center, carey is here to my left and was counsel to the assistant attorney general for national security among other things, susan hennessey is the managing editor which if you not reading i hope you will be.

so, clearly the the past five days have seen extraordinary development. if you are here at a cato conference on surveillance, i probably don't need to remind you what happened friday night with the washington post right mama but to recap and set the stage a little bit discussion on intelligence in the incoming trump administration, obviously it was reported that the cia briefed to some senators that there was a little bit of a tweak on an earlier assessment that they had made that russia had indeed directed hacks against the democratic national committee and hillary clinton's campaign. for the purpose of interfering with u.s. elections which was the unanimous conclusion that intelligence agencies came to an october. now the cia says yes and we think it was done in order to boost donald trump's chances of winning and to diminish hillary clinton's campaign. it has come out that there's a little bit of daylight between the cia position in the fbi and

the director of national intelligence which are not necessarily sure that they share that view, but almost immediately after the story came out on friday, donald trump, put out a statement saying that the cia, don't believe them, these are the same people who got it wrong about saddam hussein and the weapons of mass destruction. it didn't take long for intelligence officials to fire back with their own statements and i think what we have now is probably unprecedented, at the very least extraordinary rupture between the president elect in the intelligence community that he is about to be directing. it is there to serve him and his policy interests and the people in his administration. so, that's new and very interesting. i want to get the discussion going with talking about that extraordinary development and i want to turn first to susan and say just a bit of reaction, you been in the intelligence committee community, you you're now out of it and you follow these issues closely. what are you seeing in these

initial going back and forth, and we'll talk about this with everyone, but what what is this like for somebody inside the intelligence community watching this extraordinary drama play out. >> i think the first thing that's important to understand is that the intelligence community is having very marginal disagreements about whether or not there is sufficient evidence to say that there was a particular motive. there is broad unanimous agreement that there was russian interference and that interference did in fact at least assist donald trump even if it didn't change the outcome of the election necessarily. the second thing that's important for context is to understand that we shouldn't want a president to take intelligence as gospel. any intelligence that comes up, that that is the fact that it's actually a positive thing for presidents and presidents elect to have a little bit of skepticism. it is not infallible. that said, his statements are

really incredibly extraordinary and really consequential. one, he is out outright rejecting without providing any evidence or reason for why those unanimous assessments. he is not just saying he doesn't believe it was russia, he sang maybe it's china, maybe at some guy on a bed. bed. he is really sort of refusing to even acknowledge this might be true. second, he's a using the intelligence community of being political or partisan and that is a really consequential statement for president to make. the intelligence community obviously engages in controversial accident actions and sometimes they get it right and sometimes they get it wrong. they are not a political body. they do not do things for political purposes but they do things for the purpose so that senior leadership of the united states can make decisions based on facts. that's the area and which i think it becomes very challenging for someone serving in the intelligence community to

say they are really being accused by their boss and violating of the most important fundamental pieces of intelligence which is your duty to the mission in your country and not too political parties. >> let me turn to you as someone who has avidly briefed senior policymakers, i presume has briefed the president before, what's that first meeting like with the president donald trump are he sits down from the career rank, people who he doesn't know, put people who he has openly questioned the accuracy of their analysis, the intent that susan has laid out, what's that first meeting like and how does that begin to set the tone for relationship? >> i would agree with what susan said, i would take it maybe even further in terms of the intelligence community not being political and how important that is to the community at large. in fact is probably the single most significant norm among intelligence officials that

their efforts and their intelligence is not informed by anything other than their effort to discern the truth. again, not infallible and i think it's right for the president and other policymakers to question the intelligence officials who briefed them and in fact, i've been in that position. i've been the subject of skeptical and probing questions by the president and cabinet, but never and nor could i imagine the situation where the conclusions we've reached the analysis that we are providing is questioned based on the motive of people delivering that message, but they're being political political. >> so to answer your question, it's consequential and it's alarming and it's dangerous. to have that be the view of the president-elect. it's dangerous to our national

security. to your? the first meeting, i would very much expect that the first person who is there is going to treat that briefing like they would every other briefing. the information is going to be delivered just as you would expect and hope that it would be delivered. this is the last thing i will say on this question which is sure, the head of the cia is a political appointee and the head of the fbi has been appointed in senate confirms, but everybody else in the intelligence community, everybody else was out on the frontline collecting information and intelligence and preparing the analysis are not political. they are the ones who are preparing this information to be delivered to high-ranking government officials and the president. it's not a political enterprise and i think it speaks of the lack of experience that that is

his perspective. >> one of the things that has come out in the reporting in the past few days is that daylight that i referred too between the fbi sang were not so sure that was done to help trump in the cia saying no we think it was may revolve around different standards or methods for assessing information in the law-enforcement context versus the intelligence context. in law-enforcement, you are looking for things that you might be able to prove in a court of law. as somebody who works in national security in the justice department, in that first environment that i was scoping out in terms of facts more as evidence a more concrete, i'm curious what you make of these differences that are being reported in the assessment of what russia was up to, and do you think that matters? >> so my sense, having been at the justice department and also

working in the intelligence committee is that this fbi, cia split that's being reported and emphasized in the reports over the last couple of days is perhaps a bit overplayed. an fbi versus cia narrative is sort of convenient and i would argue maybe a little bit lazy that that sort of where the report automatically goes. intelligence assessments are based on the information available in the cia obviously has come to whatever is its assessment. the argument that the fbi, and i have seen this in various reports that the fbi has to hear to a court ready level of evidence is not reflective of what they do on their intelligence side. the fbi is in organization that

has dual roles. it also has a national security function and that branch and the national security functions are part of the intelligence community. particularly, after september september 11, the fbi has gone through a significant transformation to enhance its national security and intelligence capabilities. the professionalism of its intelligence related work for us. in other words, the workforce is working on intelligence assessment, looking at bigger picture issues, and not simply gathering evidence for a crime. i view these recent emphasis on the fbi versus cia issue as perhaps a little bit overplayed, but picking up also on what

susan and matt were describing, i think it's worthwhile to step back and look at what is the role of the intelligence community, and the role of the intelligence community is twofold. one is to provide tactical intelligence to war fighters, counterterrorism operators, intelligence analysts who are trying to generate information that supports particular investigations or particular operations. the other function is to provide bigger picture assessment and assessments of various national security issues that are going on around the world to inform policymakers and to inform the president who is their number one policymaking customer, and so the challenge for the intelligence community in this current environment that they are finding themselves in with the president-elect is going to be to figure out how to reach him. how to communicate to him the

value of what they do in a way that will hopefully inform his decision-making process going forward. >> not to be flip about this, but maybe you already see people in his circle trying to figure out how to we convey information to him in what we would see as an unconventional manner. that relationship seems like it's already being established with the people in his own orbit. you wrote on the question that has come up in recent days about whether electors in the electoral college should receive a briefing or readout from the intelligence community about what exactly happened with the russian hacking. they've been prompted by some electors coming forward. talk about that and in that context, perhaps what that might do for the broader public need

to understand what happened here >> sure, my basic position, which i thought about carefully is whether the electors who have asked for a briefing should get one in my conclusion was that they should add some level of classification get a level of briefing because there is a plausible constitutional argument that electors should exercise some independent judgment in making their choice. some people agree with that and some people don't. it seems to me that if there is such a plausible argument than the intelligence community should teach treat them just the way they would treat any other elected official, whether it is a mayor, governor or congress who needs information to inform their decision. one thing we've heard today from susan and carrie and matt is that there might be slight disagreement about the motive that the russians had in engaging in hacking, but there is overwhelming agreement that this hacking did take place for the purpose of interfering in the election and it's quite solid, the information that

attributes this to the russians, but your average member of the electoral college was sitting there watching cable news like everybody else and reading various sources and hearing unnamed officials being quoted in stories, you can see that the president-elect thinks it might be some guy in new jersey. i think they have a right under the constitution to be informed directly about the intelligence view on this matter and then they can make up their own mind about whether it should matter in their vote. i also think that should only happen if a lector request it. i don't think they should be intervening and saying you have to come get this briefing because there may be electors who don't view that is their constitutional role. it's unprecedented, no question, but the situation is unprecedented. we've never had the american intelligence community make an assessment like this between the time when the vote took place and the electoral vote took

place and it seems to me that just as in any other situation in which the intelligence community needs to brief elected officials, this is no different. >> do think this is part of the need to convey more broadly to the public, going further than that october statement? >> yes, if you you go back to that, the intelligence community put out this really extraordinary statement, not only attributing the hacks of the seniormost level of the government, but attributing a motive to interfere with the election. they are usually very reluctant to attribute motive even privately. are you saying it would go one step beyond that and convey and show little leg on what the evidence is. >> i think so it can be done without disrupting sources and methods. there's a lot of public information from cyber security companies about why they think these particular hacks were done by particular hackers, but

basically yes, the public has very serious questions about what happened before the election with the statements by james comey in the fbi and then you tell us this is sort of your average person sitting there saying wait a second, i understand there was the statement before the election, but now after the election they're going further and saying this was to help trump. that's a very explosive conclusion. just like some of the statements made about the investigation of hillary clinton's e-mail server which works most of at the time. i think there's a lot of review that needs to happen, transparency needs to happen and congress needs to look at this and say what in the world is going on with the intelligence community and the election. i think it's a complicated story, i don't think all the people involved are necessarily doing these things for the worst things that people think they

might be, including james comey and others, but they have some explaining to do and they should do that. picking up on tim's idea, is there a way way that the administration could, without compromising sources reach a point that is unacceptable to compromise, craft more of a revealing public statement than has already been put out. >> i think definitely more to be said. i really defer to tim and others from a constitutional perspective on how this could affect the electoral college, but putting that aside, we have a remarkable set of circumstances where we have russian interference of our election and apparently russian effort to pick a candidate in our election and this is just something that demands furthering query and, there is going to be more to do to get to

the bottom of this, and i think what he said is right about the intelligence community being reluctant to make a statement that is as definitive as they made back in october. that was pretty extraordinary to be that definitive at the time. they've apparently gone further now in deciding or reaching a conclusion that they were rooting for trump. i agree with you completely that too much is being made of an fbi , cia risk. that seems to be overblown in a convenient way for them to pick sides in this debate. i suspect there is an opportunity for them as a body as a whole under the dni leadership to put out more information without compromising sources and method about what we know and to continue to be transparent. i think this is a situation where our democracy demands that level of transparency.

>> what you make of this if you are 15 years in the intelligence community employee or recent addition to the them department or other parts of the security community. taking into account many of the things that the president-elect set about national security policy in the campaign, which we will drill into a little bit. i think it's sort of at a broad level and recapping bringing back waterboarding and worse and his views on surveillance and privacy and drones, and a lot of assumptions that people make and we'll talk maybe about whether those assumptions are correct that there is an authoritarian instinct and the national security policy of the trump administration. susan, you wrote very powerfully and passionately about whether you are a person who is anonymous to the rest of the world, not someone who's going to be in the oval office briefing the president but on a daily basis has to carry out and

represent the best of your abilities, and at the same time expand your oath to protect the constitution, what do you do? walk through your thinking about the thought process of that and what you advise people on that position. >> i will say i wrote a little bit on this on the day after the election, speaking to former colleague saying it's your duty to serve and stand guard on these and help our president succeed. donald trump is elected and we should wish for his success and our fortunes are all tied here. :

to our national security natiot just for these four years or eight years, but for 30 years. we have groups of people who are graduating law schools and graduate schools and schools of foreign service that are not going to the government. we had people who are leaving the intelligence community to take much more highly paid positions in the private sector. the people who serve in the intelligence community by and large do so out of a sense of duty and patriotism and wanted the part of something larger than themselves. i don't think anyone on this stage has risk their lives for intelligence, maybe matt, i don't know what that guy did,

but it's not an overstatement to say that people who risk their lives for this information, and to do so because they think it matters. they think it makes a difference. this message coming from literally the president elect of united states thing what you do doesn't matter. i don't believe it. i question your motives. i'm not going to listen to. whenever we look at e group of people sitting in career positions i think a lot of people are thinking why am i doing this? this causes a mass exodus from the intelligence community, or sort of a large group of people who don't join the transeven, we could miss out on a generation of talent. the consequences of that overtime really could be almost immeasurable. >> go ahead, carrie. >> i have a different take on this. appreciating sort of everything and the concerns susan has. the first is i know there's a lot of people particularly perhaps literature in community and people might be here at the

cato surveillance conference who perhaps have a significant concerns that a trump administration is going to abuse surveillance authorities. i know that is a real concern of some people in this space. having worked at the justice department with the intelligence community, there were other reasons that i was not in favor of the trump candidacy throughout the campaign. his potential abuse of surveillance authorities was not one of them. that's because i do have a deeper level of confidence in the institutional systems, and the laws and institutional systems and the checks and balances and the oversight structures that exist in the fact that there are not, the intelligence community is not made up primarily of illegal appointees. there are few, only a few at the senior level so the workforce really is a workforce that is used to and trained in abiding

by the law, abiding by the rules, abiding by policies. it's a very regulated, regulate, particularly made at nsc, a very regulated environment. so those concerns i have a feeling significant degree of confidence in with respect to potential use of surveillance authorities in particular. there are some other areas that need we can talk about later if folks are interested that if i was in the privacy and civil liberties community i would sort of pay more attention to, but the surveillance area is one that a think we can have significant degree of confidence in the workforce. with respect to the workforce about, so i guess i understand there's concerns and certainly perhaps people who are thinking about entering the workforce, there's some concerns, but i would say having spent a lot of time in the national security

community, this is not a community of snowflakes. this is people who can take a little bit of heat, and so i guess i would say that i'm not quite as concerned that people are going to flee the workforce. certainly if they have been there for a while, they've been through a lot of ups and downs, particularly in the last 15 years. they have felt political pressure, and so did seen leaders, and go. and there's a good chunk of the workforce that knows that sort of this too will pass. and so i'm confident that a significant part of the workforce is going to do what they've always done, which is to put their head down and do their job and let the senior leadership level sort of work through this political challenge anspirit for a lot of people its a job. their options in the private sector might not be as obvious as we think they may are.

>> do you want to go? >> go ahead. >> slots to send this point. you were right to talking about the policies. let me agree with you on i think on essays and point to a certain degree. i think think it will be tested on this under a trump administration whether or not the checks and balances that been put in place are sufficient water think almost highlights the contrast with the rest of counterterrorism policy where there's not those checks and balances, with the potential for abuse is much greater. leading into the second question on the debate about whether -- when the mantra is drain the swamp and you are coming out of graduate school, at the national counterterrorism center with the pick of folkestone, and work. they could have gone to wall street. they could've gone to silicon valley. they wanted to go fight al-qaeda. we had an incredible workforce, if i was was advising somebody in the position whether to choose the intelligence

community or choose one of those other jobs when the president talks about draining the swamp and talks about dismissing without evidence the use, you working night and day day, nighd day to put up, i would be hard-pressed to advice on what to do that. that is extremely dangerous. that's at the working level. these are my friends were deciding to work a higher level, sort of a a different set of questions but i think even more starkly put to somebody who's going to be in a position to actually implement the policies of registering muslims or killing terrorists families or bringing back torture. that i think requires a degree of sort of moral searching about whether you would be willing to put yourself into a position to implement those policies. in some ways of the person coming out of graduate school to join the intelligence community doesn't have to face but i think across the board, i don't want to be hyperbolic buddy think it's a crisis for our country

when you look at where the intelligence community goes from work perspective. >> your advice, a bureaucracy as a disparate and large, tens of thousands of people in the intelligence community views, tones, policies, they are set at the top. >> absolutely. >> i was going to disagree to some degree with intelligence c. i came in the middle of the second bush term and it was a very difficult and wrenching decision for me to make because my former colleagues really looked on this is going to the other side, the expansion of surveillance powers after 9/11 was very dramatic. but i never had that feeling, either on the inside certainly but even before, that the question was always potential for abuse. i think that was the biggest concern would always had was these were broad powers, very broad powers and ways in which

the checks and balances had gotten out of whack before 9/11 were being shoved aside. i think the question now actually a stop potential anymore but real abuse. the reason i said that is two things. one is a lot of the powers and controls that carrie discussed our executive branch powers. talking but executive order 12333, presidential policy directives, other kind of directors which can be changed. it's also easy to change it bureaucratically but the power is still there in the oval office to change those as long as you're talking about the statute. even with the statute we saw with the bush administration creative legal arguments to get run statute here it can be done. i don't have any faith whatsoever in the top justice department or the trump intelligence directors office not to take those powers to the darkest corners of the room even more so than other george w. bush i think. then you put that together with

what you might call the trump factor, the albright, flynn, these people in stress positions of power in the white house saying gosh darn it, i know that there is evidence that the muslim brotherhood is infiltrated these political groups. go get it for me. don't tell me that isn't any evidence. under our system even with these controls i think, you know you n you listen those controls potentially and when you have that kind of pressure there is a lot of discretion down there in the intelligence community come in the fbi, in the nsa. and how you interpret those rules on what you interpret them strictly the way that they are interpreted now or whether you stretch them is very much something that we need to watch out for. i don't think that would happen overnight. it might take a precipitating event like a terrorist attack to make the worst abuses happen, but i do think we have to be careful of assuming that because

when the system of checks and balances that it's going to necessarily withstand this kind of test. i'm writing a book now called beyond snowden. i was told i should mention that at this panel by my editor so writing a book called beyond snowden, and i'm literally writing another chapter to the book because there is another chapter of what's going to happen in the future. i don't necessarily predict we are taking our reality but i do think that it away there's a question mark at the end of this book which was very much so to bring the transparency and checks and balances i thought very hard to help work on windows in the government but i think there's a? a i was hoping get some additional reform in the next two years. and i think to strengthen those checks and balances, and now i'm worried instead of the clasping hoeffel which is kind of what my book was about, that they should always be some position the press the class is a fact half empty.

i'm concerned about those thin things. >> so i think for the reasons that were described, the president-elect its leadership decisions in the nationals could he space, who he puts into leadership positions, are of highly, highly significant consequence. and there are still some positions that we have not seen filled yet, the director of national intelligence being one very important one. and that is an area, and so some things that i would hope the president-elect would look for in terms of selecting the new dni would be for somebody with extraordinarily amount, an extraordinary amount of experience in the intelligence business. this is not a job for a novice come for some of you have a very high learning curve. so someone with experience in the intelligence business, somebody with exceptional enterprise management skills. the intelligence community budget is over $50 billion. 17 different elements.

you need an extraordinary manager and leader, and that also somebody knows how how to bring consensus because there is this web of different elements and players that are involved. so it's really important decision that he still has to make. and i think i position like that, if he selects somebody who has leadership, that will hopefully lower the temperature at little bit on the concerns about some of the atrocious policies that he propose on the campaign trail, like creating a muslim registry or bringing back torture, whatever that means. if somebody who is a professional, it was respected in the community is selected for the piston i think that would give the workforce a significant breath of relief -- position. >> it's important we be sort of both sides right left, really disciplined and candid about what we are talking about

because this is sort of a perilous moment. there is, we talked about the potential for surveillance abuses. there's this question of things that are plainly illegal, they plainly violate the statute so they're playing it unconstitutional. they plainly violate the laws of war. there's some question about code that actually happen? i am personally relatively confident it wouldn't happen. i think people would resign, people would refuse to do it. there's enough bureaucratic safeguards. there's a separate question about sort of the existing policy to win no longer -- there is some space between the way the intelligence community operates right now and what it could do theoretically within the laws that might nevertheless be either abusive or intrude on civil liberties or be a bad idea. whenever we talk about muslim registries, for example. we don't target muslim

populations, partly because it's contrary to our values and sort of abhorrent to the founding vision of this country. we also don't do it because it's a bad idea that doesn't work. these are those policy questions. whenever tim talks about the potential for surveillance abuses, i align far more with trendlines sort of you. i don't think of it as it's not possible to violate the law or the constitution at the nsa, without lots and lots of people being aware of it. so that lots of people and the jejunum branch, in the legislative branch and lots of people in the executive branch. i think we should be focusing not on relate relitigating goink to her ideological pre-commitments, the same fights we were having six months ago or three years ago. but instead of saying okay, what are the pre-political

commitments here, and how can we actually look for reforms that are going to meaningfully respond to this new threat? as someone who has been a strong defender of the intelligence community, even to him specifically a sort of a critic and has a lot of space, all the candid, that, the trump is challenged some of my core assumptions including that we would only elect a mentally fit individual who loves the constitution the way the rest of us do. i'll be candid about the whenever i think about okay, how does this shift me? what am i thinking about now that i wouldn't think about under even if we had jeb bush by john kasich or any republican, democrat i wouldn't have have been concerned. from the i think it is building in transparency mechanisms can't be evaded. but making sure that the general councils offices of the various

agencies have to see those decisions. i have a lot of faith those general counsel offices will do the right thing, will use their inspector generals, will use their committees, ensuring congressional committees of insight. i have faith those congressional committees if they see abuses will enact a statute or bring it to the floor. those are the things, i just think it's critical to release what i think about what is different here. if we end up having the same debate we've been having for the past honestly 15 years, that's what i think it will be distracting and something really bad potentially could happen. >> so i think of that i agree with the idea that things have changed at a different in fact one thing i've thought about is how the national security community in some ways which is on the other side of me of those debates in the bush years may step on on important issues, even if they disagree on specifics when it comes to

things like section 702 on before intelligence surveillance act or other policy disagreements that they're going to continue to have. there may be an alliance on basic values. in fact that's one of the themes of my book "beyond snowden." [laughter] so i agree with that. i agree with that, but i guess my point is that we did i think think about issues of presidential power with a likelihood that would be different presidents of different political parties and political philosophies, but nokia did the the present is kind of going and cheering on what we would say, certainly in the campaign as straight up abuses. we had richard nixon as a president but he didn't promise to engage in abuses openly in the campaign. we had to listen to the white house tapes to find out about what he really thought. now which is followed trump twitter feed and we get the same kind of rhetoric we used to get

listening to those tapes. i think what i'm worried about is not so much much, you know, relitigating those fights but just looking at just and a broader sense the large scope of presidential discretion when it comes to surveillance. and thinking about how that might be abused. we don't know, it hasn't happened yet obviously, but we should be, when susan and carrie both say they will not do something that is illegal or contents -- unconstitutional, i think that's right but what concerns me is the boundaries of what is legal and what is constitutional under just a couple of examples. most of what the nsa does overseas is not regulated by statute or by the fisa court. sharing of that information with the more domestic agencies is primarily a function of

executive order, 12333. what the fbi can do in terms of investigative group, the hypothetical i gave, demanding we need to go after these groups because they are all tainted by muslim extremism, that's very discretionary. there's good reason for that actually. we wanted to have fbi officers have a good deal of discretion in these threat assessments of lower-level investigation. we wanted to loosen up some of that information sharing. those high walls were a problem for counterterrorism. so we have done these things and we put in place civil liberties officers like i was, general councils offices, inspectors general. we've had more transparency, so we counterbalanced some of that with checks and balances. but what i worry about is what i call the trump factor. does that kind of civil liberties protection, which is based on a certain degree of

adhering to basic norms, does that function in a trump administration? i think it functions in a george w. bush administration and a barack obama administration. i don't think it necessarily does. when you got civil liberties officers and general counsel officers and maybe "the wall street journal" writing about this very broad surveillance program, let say in a year that i'm hypothesizing, does trump say we've made some mistakes, let's scale this back and focus it to make it more effective, which is what we would hope, or does the double down and declare war on his own overseers? it seems to me that all the evidence is he would do the second thing. >> we have gone back and forth and argued on opposite sides of a lot of issues and i'm finding myself sort of drawn into his perspective a bit, attribute

your advocacy, this state of my mind mood. because look, i agree with the point that actually surveillance law has developed more from some the other as a submission, national security and characters of law and putting in these checks and balances. there is reason to think somebody would blow the whistle if the trump administration tried to do something that was illegal. i think that and i fought hard for my 20 years in government, police blessed and when i worked on national study for increasing information sharing, breaking down barriers to sharing information, foreign domestic wind in domestic agencies and for the modernization of fisa so that we could have a better approach to surveillance. but i will say a place for my part i did not, as i fought for the changes i did not bargain on president trump. that was beyond my ability to imagine as a leader of the country thinking about how these policies would be implemented by the chief executive.

so this is a type of soul searching for, kind of what you and susan said, that you had to think about net in a different paradigm. then i would suggest the way to think about it is if you really want to put yourself to the test is not sitting here at cato institute on this panel but the after an attack like what we saw in paris earlier this year occurs in washington or new york or chicago or anywhere in the 150 dead americans, that's an attack that has been carried out by people connected to isis, and how the trump administration responds when you have the statements that have been made by the leaders, by president-elect trump about his view of what we should be doing with muslims in this country, whether that's surveillance or torture of terrorists or killing terrorist families or the national security advisor saying

that fear of muslims is rational to and how does our country as represented by our government respond in a crisis to that scenario? that i think is uncharted territory for me. >> just to follow up. i do think it's worthwhile stating i don't know, the other grounding, especially want to talk about 702 specifically. spirit just explain seven at you real quick. >> in the section of the fisa authorizations act that permits not bulk collection but collection targeted at foreign r communications but derived within the united states based on broader selectors and sort of the requirements of the specific wart. allowing the government to search what they want and then those particularized words, the controversy by and large extends to one of the key medications of americans are incidentally collected during that targeting.

fisa seven or two, there's a sunset provision and it either has to be affirmatively reauthorized by the end of 2017 or goe it goes away. there's a forcing function. we have done this debate no matter what. previously there been a broad assumption we were probably heading for clean reauthorization meaning as it coexisted. maybe there was some minor questions about marginal transparency, civil liberties changes. now there is a little bit more of a question about whether we will see either seven or two not being reauthorized or whether we will see really dramatic changes. within the context, i think about does president trump change my view of 702? no. i didn't support seven or two as it currently exists because i i supervised the executive branch and think that ethical information they like to secret i thought because i think that information keeps american say. not just americans can you see people around the world safe for

whatever sort of criticisms there were about 215 and other programs. this is i would argue one of the most important programs the intelligence community has. i think the president needs that information, whether or not he is donald trump or barack obama or george bush. the challenge is going to be how do we preserve that functional core of information that i just think is actually critical, while at the same time building in safeguards to ensure that the rules that exist are being followed and also that we have prudence, wise sort of policy that overlays those basic statutory and constitutional protections. >> go ahead spirit can i put a little finer point on section 702? it a provision that was in the law that enabled the government to target non-u.s. persons who are reasonably believed to be outside the united states for

foreign intelligence purposes. and does so without requiring a probable cause wart but has approval by the fisa court for how the surveillance is conducted and what procedures the government has to follow. and picking up on tim's point where think there are potential areas of common interest among those of us who have historically been supportive of government efforts to conduct, have sort of robust surveillance authorities like seven or two, and those who are concerned about privacy, my perspective on that given where we are currently is that if the privacy community spin spends the next e fighting about 702, my view is that it's a complete waste of their time. and it goes to the point of section 702 is an area that is probably the most oversight laden surveillance authority that we have in the national security space. that's the statutory authority

that has tons of oversight, congressional oversight, department of justice oversight, office of director of national intelligence oversight. that's the most regulated area, so i think that that is the area that folks should really be the least concerned about. if you want to talk about areas that i would find common ground on and where i think there should be kept a watchful eye, it would be if the new attorney general decides to reopen fbi investigative guidelines for domestic operations and lower the standards for investigating americans. that's an area to keep an eye on. on. if you want to talk about an area that should be of concern to civil libertarians, it's the proposal that i've not heard from the president-elect, but i have seen somewhat to qualify that, but i have seen in some reports about maybe things that are of interest to some of his advisers, would be the proposal to eliminate the director of

national intelligence. the director of national intelligence creation was the single most important recommendation of the 9/11 commission to improve the workings of the intelligence community. and in the post-snowdon and five at the dni has been on the forefront of increasing transparency, assisting in the release of fisa court opinions that can be declassified and ensuring that there's a common voice in brief and congress. so those are areas where i think those of us who have perhaps been on different sides of issues would have common ground and that i think are far more consequential than fighting over section 702. >> do you want to make it? >> i agree with a lot of what she said. i think what of the things i've tried to do with my colleagues in a civil liberties and privacy community is remind them that 702 does have a lot of safeguards and that if they want

to look about nsa surveillance and big data and that issue which is an important issue i agree the ag guidelines are equally if not more important, they should be focused on executive order 12333 where there is less oversight. that was part of my point is that 702 was only about did inside the united states. that's why it to go to the fisa court, that's why there's these oversight mechanisms. data outside the united states still basically fair game for the nsa as long as they're not intentionally targeting a specific american citizen and there's a ton of data all over the world these days. it's still a little bit screwy. matt did a lot of jobs to modernize fisa in certain ways but it's still a little screwy how the law treats they that they somehow some of the sensitivity of the data or even whether it's come with the purpose is, but based just on physical location of the data. in a globalized world in sort of

doesn't make any sense. >> susan, you made the point of 702 providing from intelligence communities perspective rich repository of information that is useful that saves lives. also comprises a significant portion of the presidential daily briefing, we've been told. president-elect trump in a lengthy interview on "fox news sunday" talks and break you about a number of national security areas, talked about the fact that he is oversee the daily briefing about three times in case of expedition for the pic he said he doesn't need to be told the same facts over and over, which implies there was some repetitive elements to the briefing that he found not useful for him. praised the people who are giving the briefing was chosen interesting juxtaposition considering he was publicly for fighting the city but also praising the briefers briefers,e important thing to remember from his perspective was the vice president and other people who

are coming in to his cabinet are getting briefed and he has let them develop their something i need to know that you think is important, alert me, i, i am there in the moments notice. it seemed to set up this framework it seems to me where i don't need the brief everyday. you tell me what i need to know if there's something you. he is not the first person to decline getting the briefing every morning. that is not unique to this president. what do you make of that in terms of we are talking about these intelligence programs that not only provide information to the committee but do inform the president on the state of the world. what do you make of the fact is laid out his reaction to getting the briefing? >> i think it sort of goes back to evidence-based policymaking. these are enormously complex decisions. it's really hard to get it right. this is a little like a doctor saying you know what, i don't care care so much about the

x-rays of the test with a blood test. there's a lot of math. that's boring. i think you have, i don't know, and throws out whatever sort of his gut instinct is. i don't know, sometimes sometimes it might be right and sometimes test i want and this isn't an exact science. if you are looking at, if your doctor was doing that you would find that person. you would say that's not have good decisions are made. your decisions are made because you collect the available evidence. sometimes it is tedious, in the weeds, detail oriented. trusteetruste, i was asked to st as anyone -- a lot more paperwork involved than i had anticipated. things that might sound repetitive it to him come to some in first and intelligence actor understands, no, this this is new wide scope is his detail, this is significant. this is going back to his initial statement of that general hostility, the evidence

are information. that frankly is scary to me. we have troops deployed around the world. the u.s. intelligence apparatus isn't just consequential to the united states. it's consequential to our allies. these are areas in which we really want someone to take it seriously come to try to be getting it right and have someone say, not just tbd, but intelligence, not intelligence. paired with this general hostility of the intelligence community took you guys got it wrong on wmd, so who cares cares what you think works that to me is the most frankly frightening things that we are hearing. >> does it comfort you that he's delegated, authorized sort of the other doctors on his team to get the x-rays and the blood test and all that kind of thing everyday? >> as long as those doctors are the ones making the decisions. there's not a clarity that

you're some sort of speculation that vice president-elect pence will be sort of the day-to-day president while donald trump focuses on making america great again. so there's a little bit of speculation there, at the same time donald trump appears to make the appointments, making the decisions. and so yeah, you want that person to be informed. he is not going to be interested in putting the work in and really examining the evidence and doing, taking in sort of the facts, you hope you also have the judgment to understand that he shouldn't be making those decisions and then, that would be sort of a clear delegation. >> so two quick points. as o this changes everything ok, cnn reported yesterday that the trump team says he is now receiving intelligence briefing three times a week which from my perspective is a really positive

development and big improvement from what was being done what he had relayed just last weekend. and i think part of that is because based on what he demonstrated throughout the campaign, there's concern in the national security community that he does only have a good knowledge of world events and security challenges. and so that he would really benefit from his national security and his intelligence briefings, and that one would hope you would take advantage of this time before the inauguration to really develop a relationship with the intelligence community and become better informed. and that they can speak for the question of how, desi yet understand that the intelligence community is there to assist him in his decision-making process and can tailor the report to areas that he wants to focus on? that's where we really need to

see some improvement in terms of him fleshing out to senior leadership team is goes going to be given in the briefings. but i think if it's in fact true that is receiving his briefings three times a week versus just a couple since the election, then that's an improvement. >> the problem is, this isn't about, that's good but this isn't about like how many times a week you get the briefing or whether it's the presidential daily brief entries and that gets briefed, he just hears the briefing. presidents do this differently. in history and in my experience. president bush and president obama handled it differently. but it does come back to all the world actually works and how people make important decisions. they don't make decisions with the idea that something important happens, come tell me. that's absurd, and that's not the way somebody in a leadership

position who was responsible for putting american lives at risk all the time should be making decisions. so the information that comes to the president, if you think of this as a pyramid, yet at the base of the pyramid there's the vast amounts of intelligence that are collected by the intelligence community. it works its way up his pyramid to the very top where senior level officials within the intelligence community with the best writers and the best analyst making judgments about whether most important customer needs to know, the president of the united states. that's at the very top whether that's an interesting briefing or pdb. if the president is dismissive of receiving that information and is disdainful of facts in making those decisions as we have seen, then we are in a very perilous moment when the decision, these are not, the decisions the present makes are a cannibal for making now the

vice president, not the national security advisor. we elected the president to make these decisions, are not decisions he makes once a month or even once a week. their decisions that the present is called upon to make multiple times a week on counterterrorism operations in particular. that involve the deployment of u.s. military forces. and putting american lives at risk, so the notion that we can sort of accept a chief executive who is in the position of tell me something important happens is truly alarming. >> just a quick follow-up. i think that's exactly right, and just to put a finer point on it, the deliberate rejection of briefings actually i think should be viewed not as sort of a benign and busy doing other things, but actually as an abdication of responsibility. so when a senior executive in government doesn't want to know what's in the briefings, that i

think can be viewed through a lens of, therefore, should something happen as a result of the information that's in that briefing, they are not accountable. and we have experience, we've seen, unfortunately, some embers, i can think of one in particular, a member of congress who has done this. and when they decline everything and then therefore can speak publicly at will because they don't know, that's not a benign thing. that is a deliberate strategy statement i agree entirely with what carrie said about willful ignorance, and there's a lot, we had a big debate about surveillance and privacy, and i made the point that you can simultaneously believe that there needs to be more controls on surveillance and that because there is a lot of surveillance and data set is being gathered by agencies that know what they're doing, they probably know a lot of stuff, those two things make sense.

i've actually gotten some pushback or criticism saying well, now you guys like the intelligence community. i always liked the intelligence committee, me personally but yes, that's the point. they gather information and they have it available for the president. we can debate 70 702 and whethet has the right balance, but it is incredibly fallible. they provide all this information for the presidential daily brief. if the predicate is not reading it, what's the point? i think her point is well taken that this is not just a sort of lack of competence or wanting to be, you know, do other things that are less boring, it is a deliberate strategy, i agree with that. i think the people who push aside information are doing so because it pushes aside the responsibility. since i didn't know that information, i can do what i like, and that's a very worrying.

>> we have some time now for audience questions. so is this something you would like to ask, please raise your hand. why don't we go over here to the gentleman in the pink tie. wait for the microphone to riches of the online audience and everyone here in the audience can hear you as well. please make it a comment and nt a lecture. thank you. >> a question, not a lecture, thank you. >> i come to this as a great -- woody kaplan, civil liberties list. i come to this as the name implies with a great fear of the imperial presidency, started with lyndon baines johnson. this is not partisan. and i'm taken by a lot of the comments. i love the susan but i think you might be naïve and you know more about it than i do. the u.s. attorneys with whom i've spoken have told me they can get away with virtually

anything by creating probable cause and walking across the hall from the nsa to at&t or something and say we need these records, or we need this information. the whole idea of having the watchers watch themselves out of those employees of the organizations, because they are so full of good will, i'm greatly skeptical of that. and i'm greatly skeptical of almost all of the internal oversight. i hope you guys would comment on that little bit. am i just paranoid or am i particularly paranoid? >> it's a great question. so why should people believe people who are sitting up here saint chaucer, these are rigorous mechanisms of oversight that were put in place and their work. who would like to address that? >> look, one, want to be candid, it's possible to my particular

degree that also boils down to i know those people added to think they would resign. i understand that's not a formal institutional sort of protection. i really do think this goes to what is the strength of our faith and sort of the institutional protections and what those look like? whenever i look back at this from history of the indus included things that occur before i was there, for example, the president surveillance program. the thing that is particularly concerning about the order of events is the general counsel office wasn't told. the general counsel was told candi, atthe very end of events. that's a real problem. the way the agency is currently constructed that could not happen again. i don't believe that could happen again. these programs could exist without multiple -- and members of congress knowing. i'm sure that's true only because the bad thing happen within the was a response. there are probably lots of different pockets of the government in which that potential as a cricket and so

there hasn't been response. the way to address this does not necessarily to attack the substantive, does this invade civil liberties? is there privacy rights? what is the substance of the authorities, but instead think about how to make it multiple branches of government involved in that oversight process? how do we build in technical compliance mechanisms, do as much as possible to make sure with multiple eyes and it's not just watchers watching themselves. >> does anybody else briefing want respond? >> just to say that i largely agree with that but with the caveat that policy discourse can be changed and that was what i was try to make about the powers of the executive branch. you know, the director of nsa works for the second of defense and the general counsel office advises the director. so if trump attorney general says this is my opinion about what the law means what the constitution means and there's

no court decision that that attorney general opinion is wrong, as a structural map it doesn't matter what the general counsel of the nsa thinks about that, whether he disagrees or she disagrees with that. we saw a little bit, that was the rationale for denying access, but there's a broader point. the president has a lot of power and is in charge of the executive branch. all of these mechanisms are important and i believe in them, not just because i know a lot of those people and was one of those people but because i think that they were well-designed in many cases. but they are still nevertheless within an executive branch process, and they rely on types of control, and this is my biggest concern is not so much the calibration of how much or little you do and are close to that line you get.

but the rely on a president of the united states taking that in as a control on his behavior even though they work for him. they rely on a kind of degree of shame being required. and that's true of course if checks and balances for congress and the court. so those, jack olson wrote a wonderful piece called libertarian panic, criticizing people like me saying we are involved in a libertarian panic that nasa much criticizing, actually was praising us in sort of an odd voicing its a good thing you're panicking because that's the reason these abuses will not happen. but there still may be a bit of a panic. part of my response was well, that was the american revolution, was a libertarian panic as you look at that list of grievances in the declaration of independence and they are kind of outfit. they are not a fair description of what the british were doing.

they are sort of over-the-top. it's the way a countryside on a basis of libertarian panic. but also making the point that a think all the controls jack was describing which come from his wonderful book power in constraint which i largely agree with, you know, work for different political philosophies, different political parties. what do they work for trial? that's a very open question in my mind -- do they work for trump. >> you all seem to agree that, and i want to get back to discretion of the dnc hacking by the russians did you all seem to agree the recent trend that is except that is because his disdain for the facts. what i have two questions and a not a trump supporter but i can see why trump supporters might feel a disconnect from the

people in power. there are two questions about facts. you criticize trump for his treating political motives to the cia but don't address the president of the clinton supporters who attribute political motives to the fbi. could you comment on that? of the question is, you might not want to accept julian assange saying he got his information from russian hackers but from a dnc insider because you don't believe in julian assange, but he was supported by craig murphy said he met with the dnc insider and that's where the information came from, not from russian hackers. when you address that? >> who would like to address either of those points briefly? >> briefly, people who allege that jim comey weighed in for political reasons i think were wrong. i think that was an unfair assessment. you can talk about whether that was the right or wrong decision and whether it was a wise

decision or an unwise one. but it extent people accused that activity of being political, that's plainly true. that's plainly false. some of the leaks that occurred after and in the final the election i did find deeply troubling and you have concerns that there were potential political motivations. but that just sort of trump deserves criticism, people it took shots at the fbi on those grams as a family deserve criticism as well. as to this question whether that we should take the words of julian assange and craig over the unanimous judgment of u.s. intelligencof theintelligence ca nonstarter of the question. we are talking about signals intercept forensic documents, even the weight of public evidence, the notion that there's not a direct connection between the hacking of the dnc, the passage of those documents to wikileaks and the ultimate dissemination. i think even from outside, added

with these very detailed intelligence assessment provided in october, i don't think there's any credibility to those claims at all. >> the questions you raised to give much of either needs to be a bipartisan congressional investigation so that people can have better answers to these questions and have some confidence that an actual investigation was conducted in a bipartisan way. >> very brief. >> isn't this on? i'm not nearly as sanguine as some of you that we can rely, for example, the general counsel to protect us, they teach him a joe accounts are political appointment. referred the name of david addington. that doesn't give me great confidence but also agree with him that he think the greatest risk is not blatantly illegal conduct but conduct within the great discretion that is been allowed by our expanded laws.

it's a bit frustrating for me to hear matt say when we worked on these laws we never thought about the potential of a trump because advocates like myself were making that case as hard as we could come as much as you trust this administration what about the next one? look at our history. the question isn't it but win. i feel like, but anyway. i do have a question. my question is, i have a lot of respect for your perspectives and all of you. you talked about the fact you think the greatest threat to civil liberties abuses is up from the surveillance side of the catechism policies. you mentioned the fbi guidelines. what are some of the other counterterrorism areas we feel like the potential for abuse is greatest and where maybe some of us should be focusing more than the laser focus we've had on surveillance? >> you wil have to give us the

truncated version. >> this could be a long conversation. i think, i do think the focus on, we were engaged in and we talked about 702 and try to forget what exactly to draw the line on searching for euros your personal information with the highlighted that, that controversy, that debate debate had become really focus on very specific and kind of narrow but important issues. i think we have moved way beyond that now in terms of things to be concerned about. so to add to question i do think the greatest area of risk from civil liberties and perspective is domestic law enforcement. and again taking this an area of the day after two weeks after an attack in the united states, the wide discretion which we rightly give to the fbi and particularly to local police department and law enforcement to investigate crimes and to preserve our safety domestically, there is

the potential, when the leadership of her country makes a statement that we talked about making, in terms of the muslim community and now we should be reacting after a terrorist attack, i think the greatest year and i'm not sure you are in a better position to think about how to constrain those activities, but the idea of greater surveillance, it doesn't even rise to the level of going to a judge, of investigative powers for law enforcement, that police officers and begin local police departments are going to have two basically be in a position to i think intrusively be involved in neighborhoods and communities in a way that is not american. >> please join me into thinking this great battle for a really stimulating discussion. [applause] we have a 15 minute break. >> we will reconvene here at 10:45. take 10 minutes, we if need be,

hit the bathroom. also outside on the table because we're trying to truncate our introductions to get by two discussion we have extended panelist biographies in the packets outside. those watching at home can go to cato.org and find full panelist bios there. please join us in a few minutes. thank you. [inaudible conversations] >> the cato institute for uncommon surveillance also look at hacking by u.s. law enforcement agencies and what that means for privacy rights.

>> welcome back to the morning session of the cato institute 2016 surveillance conference. we heard a lot on our first panel about hacking by the russian government, by our governmentgovernment, too, incry finds it necessary in an era when trying to make take place entirely in cyberspace to engage in computer network exploitation, hacking as a mechanism of conducting searches, ideally searches authorized by the fourth amendment. this raises a whole wealth of questions. is searching via hack fundamentally different from conventional physical search warrant or wiretap? is the recent change to rule 41 crime of procedure expanding the governments authority to use the hacking techniques?

or is this something that congress should develop its own framework for? what should the posture of the intelligence community be toward, we recently found a leak of an essay hacking tools that havevent afforded full abilities that were not disclosed leaving routers manufactured by many major companies vulnerable. so to address these and the difficult questions of how to regulate hacking by the government or legitimate law enforcement or intelligence purposes, we had a a fantastic panel that will be introduced by putting one of the best national security forces out there, no doubt if you follow surveillance and intelligence and national security issue at all, relied on excellent work over many years, ellen nakashima of the "washington post." >> thank you very much, julian,

thanks to cato for sponsoring this conference and this panel. i'm going to introduce the panelist now. and to my immediate right is kevin bankston, director of the open technology institute at new america think tank for the digital age. to his right is amie stepanovich, a surveillance and cyber secret expert at axis now, a human rights group. to my left is matt blaze, a cryptographer associate professor computer and information science at the university of pennsylvania. to his left is richard downing, acting deputy assistant ag in charge of cybercrime investigation. so julian gave quite a good and precise introduction to the issues, though i think we will just dive right in, take notes so as we discuss, and because we'll be leaving sometime at the end for your questions. so julian mentioned earlier this month a new role changes took

effect called change to rule 41 which allows a judge in one district to approve a warrant for law enforcement to hack computers outside the district. it allows the government to conduct remote searches, remote access searches, or to deposit malware on computers is a good for two purposes. one, to identify ip addresses of computers whose locations are unknown, and to come to identify the ip addresses of computers that it been enslaved by botnet. richard, let's start with you. why doesn't the government need this rule change? what kinds of investigations? >> thanks, ellen. the rule change was brought about by the advance of technology. this rule was first promulgated back in 1917, so it is almost 100 years old. basically the idea of rule 41 is a set set the rules when the government or how the government obtains a ward for the surge of a location.

this is a rule that governs searches of businesses and homes when there is probable cause and particularly in all the bells and whistles that go along with our constitutional protection to the problem wasn't that in 1917 the rule makers thought, rightly at the time, that the investigators would know what court to go to. and the rule was if you want to search a property in a particular district, you go to the court in that district. the difficulty that has arisen is twofold, and they are both problems that were created as technology has advanced. the first one is that we have a near-perfect anonymity systems that are now built that prevent law enforcement from being able to identify what the location of the computer is. a network such as the tor network which creates an anonymous asian mechanism so that when i send it, someone wo is interested in exchanging images of child sexual

exportation wants to keep wicket with others, he can do so through the network and fairly effectively prevent law enforcement from knowing where his home is in order to get a warrant for it. .. amy, this change, he says it's

very narrow, very restricted and only in these cases where the location of the computer is unknown. what do you say to that and do they raise concerns about the removal of the jurisdictional limits? >> the rule was one of the few practical limitations we had in place to really broad government hacking. one of the problems of government hacking is that congress has never considered this. they have never passed the law explicitly passing it. the reason that's important is because it raises all sorts of increased risks, wiretapping, stored medication searches and things that warrants have been used for. when you look at when the one act was passed, it was considered, wired tapping was considered invasive. hacking can be even more invasive than wire tapping but we have no substantive authority

which means we have no additional protections that we think we need in place for hacking to begin with. >> how can it be more invasive. >> any number of ways and i think matt might know more of the technical pieces of this than i do, but it is very hard to determine when you put malware or the government said this is not malware, if they're using it, but when you put something on a computer computer it's hard to figure out how that is going to interact with that computer, even if you tested, even if you have some sort of understanding. i believe steven who is a colleague of matt has talked about an update to ipad, apple tested the update, they knew exactly what they were looking for, and it ended up bricking any number of devices when the database was pushed through. it has a lot of unpredictable impacts. >> i think the important thing to keep in mind here is that all

of this hacking or at least a large fraction of what we call government hacking and remote search has, at its its core, taken advantage of some kind of flaw or software bug in the system that they are searching. in some cases that might be a relatively simple thing like convincing somebody to click on an e-mail link to something that's not sufficiently authenticated. in other cases it might be a much more subtle, much more technical exploitation of an unintended behavior of a computer platform. what that means is first of all, we can't predict with 100% certainty what the behaviors going to be, and what the scope is going to be. we can't be sure that it won't get out of control.

we can't be sure that it won't over collect. under some circumstances, this may be an acceptable risk, but it is one that congress has never explicitly addressed. judges almost certainly don't understand when they are issuing these warrants, and we are really in uncharted territory, both technically and legally. >> i just wanted to add to that, i think there's a broad concern about this ultimately leading to approval by congress of remote access searches which they've never done before and which we've never really had any meaningful policy conversation about and we know very little about it although we know they've been doing it for at least 15 years. i also, on the particular risks, there's also been, in comparison

to wiretaps, there's a difference between me wiretapping you for 30 days or 90 days with extension and me having access to your entire computer and everything on it and the camera and microphone on it and the accounts that might be assessable from it. recognizing that the government does have a problem, how do we identify these people who are using these proxies, i would've been more understanding putting aside that broader question of approval of a tactic we've never talked about, i would've been more comfortable with the rule that said if they're excusing their location you can do a remote access search to obtain their location and nothing else, and then go to the appropriate court if it's even in the united states and get a warrant to seize the computer, but that's not what this did. >> you're saying there aren't sufficient restrictions on the authority. >> could you address that point? >> sure.

i think the important thing to understand, which i alluded too at the beginning is that there are many rules that already apply any time the government wants to use a warrant. we still have to comply with the wire type tap act if indeed that's part of what the execution would be, but more importantly the fourth amendment has many different layers of protection. first of all, all, you have to have a warrant that that shows probable cause and show which computers you would be involved with. that has to go to an independent judge who gets to review it and evaluate the facts presented and decide whether this is a justified search. then on top of that there's the fourth amendment requirement that the execution be reasonable and it can't be overreaching or overbroad. further there are many layers of safeguards after the pack fact. if there is any over collection, that's the kind of thing our system is very good at ferreting out through the process of discovery and criminal prosecution where suppression would be a remedy where fourth

amendment's been violated and the victims get to sue the government if there is a problem or constitutional violation. what i'm saying is there are a lot of rules that are involved here and in our view, those those are the kind of protections that are important in protecting our constitutional right. of course were open to a discussion about additional rules but i think the important question to ask is what is it about the current system of robust safeguards is insufficient to address this kind of collection. >> what sort of safeguards you have in place to account for the technical issue that matt raised , and also the potential for collection. how do you get notification of victim. >> the question is is it possible the governments activity could damage a computer or do something inadvertent or inappropriate in the course of

doing what the thing is intended to do which is to collect evidence of the case. of course, as searches happen in the real world, surgeons in online or remote context also have risks with them. nothing is risk-free. i would say in the majority or heartland of cases where a targeted remote searches done against a particular individual's computer, the risk or the potential harms are quite limited. the computer stops working, okay, that's bad and not anybody anything would want but it's not a broad problem. i think what matt was alluding to is the fact that the second piece of the role is useful in the context where there are many, many computers, perhaps that have been infected by bots. malicious software is already installed, criminals are controlling those machines outside the united states and bad things are happening. the question is, we haven't done

exactly this but if there were an opportunity to do some sort of search of all those computers to mitigate it, that is to liberate those computers from the hands of the people who are criminals and controlling them, in that situation is it possible that you could have inadvertent results. i think the answer is possible. in the past when we've done this sort of thing we been very careful and very thoughtful and we've worked with computer security experts outside the government and inside the government to try to make sure that whatever we are doing will do no harm and too do our best to do that we do tool validation and testing. indeed, so far we have a clean record of being able to do this effectively, but also we want to continue working with the private sector and others to make sure these tools are used appropriately. i think the key question i would have, and i'm interested to see if any of the panel has thoughts on this is, at the same time that there is a potential risk over here, we have a very real risk that is ongoing harm to the people who have those computers.

when you have situations where hospitals are having their computers bricked as a result of rent somewhere until ransoms are paid we have to consider whether the potential risk over here is balanced by the fact that we have a very real damage that's going on and such being prevented. >> and would like to react to that a little bit. first of all let me start by saying i am not speaking a position of being unconditionally opposed to remote searches. in fact, with my colleagues, we wrote a paper on the technical inevitability and profitability of remote searches in certain cases. i think it's really important not to become too confident

about how well these tools work, particularly as we scale up. first of all, for precisely the same reason that you are able to do remote exploitation of computers, software is hard. software is so hard that in general we don't know how to build it correctly and software with security implications is particularly hard, particularly fragile, again particularly when it's being installed on a computer whose configuration you may not actually be fully aware of. and so, i think amy, the confidence that these tools are actually working as intended has to be understood in the context of this is not just a hard problem but it is the fundamental problem of computer

science which is that we don't know how to build in general, reliable software at scale. so you are working in absolutely treacherous territory when you do this. what that means is first of all the only thing that we know that works is relentless scrutiny. in the case of the legal system, a discovery process where the defense gets to apply scrutiny to that would obviously be something that would be not just nice, but probably essential and other kinds of relentless scrutiny to this. the other problem is that when a judge is authorizing this, they are authorizing to earls that they very likely don't fully understand both the scope of and the risks of because this is largely new territory.

when it starts to authorize a search warrant to physically break into a house with a warrant, a a judge pretty well understands what precisely that is and what can go wrong. it's unlikely that they will inadvertently search an entire neighborhood or city. in the case of a remote computer search, both the targeting and the scope of what's collected and the potential for collateral damage are really much more difficult to pin down. it's easy to say what the tool is intended to do, it's harder harder to say what the tools actually do. this is very difficult technical territory. >> kevin do we think we need a legislative framework to regulate these sorts of remote access searches, and how would you account for the technical difficulty in such legislation.

>> that's a big one. absolutely we need a legislative regime to govern this just like we have for taps considering it raises all the same issues as well as other unique ones. i'm not certain how best to address the issue of minimizing the technical risk from the deployment of the tools. certainly i appreciate the internal measures that the doj is engaging in to try to quality assure that, but that is just one branch of our government. we need the courts engaged in a way they haven't been so far because as matt said they often don't understand what they are proving. there are some interesting transcripts from a case where a network investigative technique has come up with a judge was struggling to understand how you send instructions to the computer. are you calling it, what you mean by sending instructions to the computer.

they are not actually saying that we are installing new software on the computer that is going to do these operations and that's a problem, and i take his point about the fourth amendment as the rule, but i like in this too, we have a problem of the surveillance systems both in terms of law enforcement and foreign intelligence being so secretive that it effectively prevents us from making good policy. >> one of the best examples is, in 2005 when we finally learn, thanks to a one buck in the system magistrate to publish an opinion that the government had been doing live cell phone tracking for over a decade without warrant and in fact using a statutory authority that supposed to be used for historic record. we didn't even know, there weren't public discussions about this, there weren't public court

decisions about this, we had no idea what was happening. we see we see the same kind of ratcheting up phenomenon in foreign intelligence. i wrote a similar article applying his idea to law-enforcement called only the doj knows. so to hear the trust the fourth amendment and we in the courts are configured out when, as i've said they've been doing this for a decade and a half and were only now just talking about it rings hollow. i also want to talk a bit about the.net provision. one, i think it's a misnomer. what it says is if we are investigating a computer fraud and abuse act crime in the computers we want to search are in five or more districts, then we can go to any of those districts. one, it's not limited to botnet. it could be used as an alternative to busting in and grabbing the computers of a suspected hacker, let's just do it from her desktop and remotely searches computer before we

announce ourselves by busting and taking his computer, but also in terms, were talking about tens of thousands or millions of people. their computers have been accessed and are now being used in a botnet. it's they might say it's not a big deal of someone's computer doesn't get destroyed but in that sense it's kind of a big deal. >> what you mean by destroy. >> hopefully not explode or anything, but become nonfunctional. >> there is some precedent for exploding. >> it raises the question to see how we handle those people. my refrigerator has been part of a botnet gets accessed and in the process they get sensitive data about my diet.

we can pick a more sensitive item if you'd like. they are never going to be prosecuted and i can't think of any way you would notify that person. >> that was one of my questions actually. so notification, lots of questions for you. >> i guess if i could respond to this question about whether, one very important, i'm very concerned, i have heard richard as well as other people publicly say that this provision will help them go after and shut down and didn't tend to actually disrupt the functioning of the computer in some way and i don't see how rule 41 authorizes that beyond a search or seizure and that really worries me. if we are turning the warrant into a stick that we can actually damage stuff with, that's a new development.

>> i'm not sure i can answer all of the points made, but i do want to make a couple of points. first of all, on the question of secrecy and whether this could be done in the shadows and then we never know about it, that's one of the strengths of having this be part of rule 41 is that it's going to make sure that these things are brought to judges and approved and there will be clarity when these things come to court because there will be litigation around it and suppression. in fact, the the court system is pretty good at sorting out the issues and trying to figure out the answers to these questions. indeed, right now as a result of the investigation of a hidden service on the tour network, that involves the exchange of images of child exploitation by about a hundred thousand users, this investigation resulted in a remote search, and what i can say is that there are at present hundreds of these cases that

will be brought across the country. i think we are going to see courts looking at these questions, i think this is exactly what we would want as far as transparency. on the question of whether the exact details of the exploit should be disclosed, i think that's an interesting question that we are beginning to see in litigation. how much does the defendant need to know, and of course the defendant cases have constitutional rights to defend themselves and are entitled to material that would help them in their dissent. of course bounced against that on the other side, if you you disclose this vulnerability or this methods of entry into the computer, then it will no longer be useful. it will be outed and systems will be no longer useful for the purpose of the law-enforcement activity. it's an interesting question because in many cases, the method by which the search happens is not terribly relevant to the dissent. that is, it doesn't go to the

person's guilt or innocence, it's not creating evidence so in many ways it's kind of like asking what is the brand of the sledgehammer that has been used to knockdown its front door. the important question was, was a a sledgehammer used? yes, was it knocking down his front door? yes, but does it matter the intimate detail of how the entry was made. i think that will be one of the interesting questions that the court will wrestle with. does this help the defense in some way or is the government need to have, under established doctrines secrecy about particular tools and techniques. is that going to be outweigh the defendant's demand for disclosure? there were more here, but maybe i'll stop there and we can come back to some of the others as well. >> i think that brings up an interesting point because we are talking about disclosing to the defense the vulnerability used,

but if you pull out a little bit, one of the major issues is that you are disclosing to the provider, the person in control of the software the vulnerability that's been used. because the sledgehammer on the front door example, they have a sledgehammer that cannot down the front door and 50 million people have that same front door and use it every single day, should you tell the front door manufacturer if there's a key that can open the front door, i guess is a better example. that same key can open all of them and if somebody else finds all of them they can open all of them as well. should should all the other innocent people using the front door not know that they have a vulnerability in their front door that needs to be fixed or should the person who makes the front door be able to fix that. there is a processing government for this, it was reinvigorated is the term that was used after the hartley bug was discovered because there was a lot of speculation that the nsa may

have known about the bug and not disclosed it because they were taking advantage of it for intelligence matters. so the white house started this process again. it's called the vulnerabilities equity process. it is unclear to the extent that it is being used for all of the bugs that are out there. they say it's being used, but we know for example that the bug used in the apple case bernardino was not put through this process because they never took possession of it. it's supposed to cover every time the government discovers or comes into possession of a vulnerability, but this one was kind of like a black box and they never had it to put through the process. it's also not quantified so the first panel was talking about a lot of the uncertainty of the policies that are in place as opposed to the laws and whether or not they will continue into the next administration. in addition to the fact that it's unclear how often its use, we also don't know the state of the come january if that process

will continue to operate. >> i just want to point out, we've we've sort of inflated two issues when we talked about disclosure. the first is disclosure, when we use the sledgehammer analogy, that might be a nice simplifying analogy, but unfortunately it glosses over one of the important parts which is that we don't know that it's actually only a sledgehammer. we know that it's being used with the intention of using it as a specific kind of tool, but we don't know what else it does and the only way we have any chance of being sure of what its behavior is is sort of relentless scrutiny and examination. the first problem is, were not actually sure it's only a sledgehammer. >> but the interests in knowing

whether or not it's just a sledgehammer is for greater security for the public,. >> that part might be relevant both to the public in the defendant so it's relevant to the defendant because the question of does this expose more data, doesn't actually only limit the search to what was specified in the warrant, you can really only know that by looking at the tool itself. we can also only no if there might have been other damage done to the computer that perhaps didn't result in going to the government, but might have exposed information or damage the computer in any other way. the only way we can know that is if we examine the tool in the context that it was used, preferably by an adversarial process that's given sufficient resources to look. even though that's important. imperfect. the second reason is these tools

generally involve exploiting vulnerabilities that could be used, not just by the government for lawful warrants and lawful searches, but also by criminals and by pouring hostile nationstates and so on. >> are we talking about zero days here? >> probably, those are the most important, there there vulnerabilities that nobody knows about until there discovered for the first time, but there might be vulnerabilities that are known and being applied because they haven't been patched yet. the lifetime of vulnerabilities tends to have a fairly longtail before they are patched, even after they've been disclosed. if there is a tool that the government is using, based on a

flaw that isn't known to the vendor or wasn't known to the vendor to be exploitable, remotely, there is a risk risk that someone else will discover the same flaw and use it for very bad purposes, potentially against the government itself. we don't really know very much about how often that happens because these tools are shrouded in so much secrecy. >> that's one area where greater transparency is essential. >> that's right. and this is an example of something that requires very subtle technical and very subtle policy judgment that really can only be achieved by more transparency. >> should that be a policy change or legislative change?

>> speaking generally, we want congress to regulate this activity including enforcing a level of transparency, at least similar to what we have in the wiretapping statute which also would include for that matter actual data about how often this is done and how many people it impacts, which right now we have no clue. >> would you be opposed to such requirements. >> so we are obviously in a transitional period in the government so i can begin to predict what the administration would do. what i can say is that i would encourage you to take a look at the blog post for michael daniels who's the white house security advisor from a couple years ago, and what he says is that basically he lays out a pretty solid argument that everyone across the country, including the government relies on computer networks, disclosing vulnerabilities is usually going

to make sense because that is going to provide protection and security for everyone, however there are legitimate trade-offs so they are going to be certain circumstances where there is a need for this tool, this undisclosed vulnerability in order to solve some crucial intelligence problem, and you can imagine all of the kinds of things that come into this category. trade secrets were child sexual assault, and so building a stockpile of vulnerabilities is going to harm our general security is not a good policy decision, but that's not the same thing a thing we should never do it. therefore, that's why we have the vulnerability equities process and it doesn't create any hard or fast you rules, but it does lay out the kind of criteria that will be considered and frankly consider that those are the kinds of considerations so how significant is the risk, does it affect our critical

infrastructure. is it patentable. is it likely to be's discovered by someone else. what is the loss that's going to occur if we release it and it becomes patched and unavailable. those are the kinds of questions that they would ask, and i think that's a pretty good set of questions that you would want the executive branch to be making these decisions and trying to weigh and doing it in an appropriate and robust way. >> do you at doj or fbi submit all the vulnerabilities that you use in your exploit to this process? >> have now exhausted the scope of how far i can go. i'm clear about what's made public, but beyond that, i am not, at this point, entitled to entitled to talk further about what's going on in the behind-the-scenes scenes. >> no one will mail. >> this process itself that you

mentioned is newly invigorated, it came out with the post snowden transparency reform. is this something that ought to be quantified, put in statute? >> how would you strengthen it? >> i think that's exactly the kind of conversation we want to have including hearings which we haven't had that i don't want to jump in front and say this is how you would draft the statue because we still don't have a great deal of information about it. we appreciate the transparency that the obama administration has engaged in to tell us about it and give us some idea of the criteria they are using, but we don't really know who sits at the table, how often they meet, the, the number of bones that have gone through the process, they've thrown around a number of 90 plus%, ultimately get disclosed, but out of how many? how long will the gent were

those held onto before they were the disclosed, were they exploited before they were disclosed, we really we really don't have any kind of that information and so i think the first step here in deciding how to quantify the process, i think some kind of version of this should be in law to protect us, i think the first step would be actually having hearings about it and having an engaged congress working on it and looking at it. >> i would also point out that this is an example where the devil is entirely in the details we can all agree on very high-level principles that no one would disagree with, there there will be these cases on one end of the spectrum, and that's almost none of the cases. there's this large middleground in making sensible judgment about that middleground is going to require a