maybe we need to think about that. was there catalyzing event? >> i think more from a leadership perspective there was a recognition of being in the capital region, knowing that terrorism was a real concern, knowing that violent extremism on a whole lot of different levels was a concern and also, the whole division with the muslim community, we have a very large muslim population and there's a lot of fear. i will tell you, anecdotally i have heard a little bit about it today. one of the things that have really touch my heart more than anything his children now are fearful. children are being bullied. there's all kinds of things that are going on just because of the very fact that there muslim. i think to answer your question ,-comma what was the catalyst,

it was more general. it wasn't a reaction to a single big event, it was more leadership recognition from our county executives, and a lot of this comes from the top down. cbe aside, how aside, how can we build bridges with all of our communities and it has actually funded the position in his cabinet for somebody to actually collaborate with and partner with and call call us with the faith community to have a greater recognition and hear them. he has meetings with them fairly regularly to hear how we can do better. the police are just one of many, many service providers in montgomery county. we have heard very loud and clear that there is a gap. there are lots of needs and we can do better. >> mike,. >> one thing i want to address is this concept of warning signs because it comes up over and over again in this context. unfortunately ,-comma what we

find is there is a spot in hindsight but there are not predictive. there are many alienated people out there, a tiny minority of them ever commit any act of violence. there are plenty of people with ideas i find a blind like the white supremacist, the vast majority of which would never harm a fly so it's trying to put a model of predictability onto something where there isn't one and a perfect example is the fbi, with all of its investigative tools, all of its intelligence capabilities, all of its analytical capabilities, investigated dzhokhar tsarnaev for 90 days. they investigated omar mateen. they investigated david. they didn't predict that these individuals are going to go out and commit violent acts. so if the fbi, with all of its tools and apparently it must have these warning signs can't

predict who is going to be violent, how does this program suppose that some layperson is going to be able to predict who's going to be violent in the first place and in the second place, when you look at the models that have been promoted like the fbi radicalization model which said one indicator of potential dangers is this growing a beard, you can't protect yourself because shaving your beard is also an indicator of danger, which is hilarious, but what laid on top of that is that there were a lot of very common behaviors in the muslim community, wearing muslim garb, these sorts sorts of things were designated as indicators of dangerous things. that is out there on the web. national counterterrorism center week to document that was a

practitioner's guide and it was a four-page checklist in one of the things the teachers are social workers were supposed to evaluate on a five-point scale was whether there was sufficient parent-child bonding. now first of all, i'm not aware of any study that suggests tears don't bond well with their parents or do bond well. i'm not sure whether five is going be good and one is good to be bad. all of these things are out there so if laypeople are going to try to apply these sorts of indicators to people they think are dangerous, they are going to be misidentifying people and misdirecting resources and reporting the wrong people to law enforcement that can cause all kind of harm like the sting operations that are directed at people who are identified by law enforcement as potential extremists. so, it's it's easy to say that in hindsight yes we knew there was a problem there, but it's not easy to say we know this person who's alienated is going to commit a crime.

i really liked the framing that you had about looking at all times. it's suicide, it's any kind of violent action. at any kind of assistant not some person needs from the community. from the beginning when the white house started talking about this, maia and i and a bunch of our colleagues in the civil liberty community went to the white house, went to the agencies and said don't focus this on terrorism. don't focus this on one community. broad net out, look at all problems and they refused to take it out of the department of homeland security. it is a law enforcement program and it is only focused on one very narrow slice of violence that affects our society while ignoring the other. and then i also think it's crucially important that community policing happen and that you have strong relationships with community but

it should be understanding what their problems are, not telling them what the problem is and asking them to respond. one way way of building trust is transparency, and we at the brennan center have benning gauged in a two-year campaign trying to get information from these programs and it is pulling teeth to get information. we would think if somebody had warning signs of terrorism that they would be published broadly, but they hide them because they know they won't withstand public scrutiny. >> when i first started to look at this issue generally, one of the questions that popped into my mind is how does it work with gangs? like any of these other violent gang organizations that we think about how does that contrast with this problem? how does the american law enforcement experience in dealing with a gang problem, is

there anything to draw upon their whether it's lessons learned that should be applied for lessons learned that should not be applied. >> i agree with most of what you just said. it's an evolution and there are a lot of lessons learned, whether the desired change all occurred, i know a lot has occurred because there's been a lot of mistakes made and i think a lot of what you described, many would say is accurate and we need to do things differently dealing with gangs is similar. so education, prevention, building relationships, having the ability to communicate, most people are good people. some, very small number of people in certain communities that are gang members are committing crimes, there violent, they're victimizing people so we should be focused on that small number. not everybody, and we shouldn't

be creating havoc in our communities just because of those communal people. we shouldn't be violating people's rights, et cetera. so good old-fashioned police work, talking to to people, making sure people are reporting when they're victimized, the communities that i described earlier, there's a lot of communities that are afraid to report that they been victimized. even things like violent rapes and homicides and things like that so how do we build that report? a big part of it as having respect for people, treating them with dignity and respect, not violating their rights. being out being out there even when we arrest somebody, being respectful and patient and kind, and maybe those same people are the ones who will tell us about what's going on in the communities, giving us information so we can do better with those investigations and focus on the right people. i don't know if that helps, but it can't be just a shotgun

approach where you throw the spaghetti on the wall and see what sticks. it has to be very strategic. we have to be very sensitive to our community and the people that we partner with and who we serve. we need our community. we have almost 1 million people in montgomery county and we have that under less than 1300 cops. of that, eight or 900 in patrol. we have almost 500 square miles. do the math on that. on any given day we have six districts. there's not a lot of cops out in the community. a lot of them are in court with her on call for service or doing investigation. we don't have some huge number of people to resolve many of these really serious complex challenging issues. we have to rely on the community. we can do about ourselves. we only have so many eyeballs and so much of a presence, and we would be fools. i think we recognize that's not the case.

>> i think we have time for two or three questions. >> thank you. steven keith, retired state department even though kato still shows me as state department and i have had a beard for ages. to a certain extent this is directed to you but anyone else who wants to comment on it. >> i was listening to talking about the children and how they are being traumatized by people, just discriminating against them for being muslim and harassing them, i am sure your heart is in the right place, but i think a lot of what you're talking about goes way beyond, at least what i expect from the police department.

i don't think the police department can really deal with the whole range of issues in our society. when we talk about preventing violence, to what extent do we start moving more in the direction of big brother which is what i think some of the other panels have been talking about. wouldn't really be better to focus your resources more on traditional policing, looking for individuals who we have a reason to believe are going to commit a crime and go after them or people who have already made it a crime rather than going in this haystack way where we are really going after an entire group and even when you're reaching out with the best of intent toward a group, the fact that you're reaching out to that group may make them feel stigmatized so your best efforts, your best intent will have the opposite effect. >> great question. >> i agree with everything you said.

i will tell you, if i am any measure of an outcome, maybe one outcome, i can't tell you how many meals i've shared with my muslim brothers over the past five or six years, how many celebrations i've been a part of, how many people i've been welcomed into their mosque in their inner sanctum's, conversations that would've otherwise occurred. i see that as a huge positive. i'm fairly ignorant to some things, even though i've been in policing most my life. and so, to have empathy, to have an understanding, to be better capable, the one thing that i think that they alluded to is that the police are some overwhelming force that are pushing in a space that were not really qualified for and really shouldn't be in, i don't disagree with that. i don't think were doing that. i think were trying, in montgomery county at least.

i think a lot of the things i've heard today that have occurred around the country at the federal and state levels, i hope are not doing in montgomery county. i can assure you we shouldn't be doing some of these things. it's not a part of our approach or our program and so i would just say that we have to find a balance, that's our challenge and i don't disagree with what you just said. >> my conference organizer tells me we can take one more question >> my i am from x lab. you mention the fbi had investigated folks like one of the son of others but that hadn't resulted in anything predictive. has there been any indication over the years over how they may be changing the way they react to or prepare for these kind of events? it seems like to the public, it

seems like a black box and we discussed these issues, but is there any indication that they are changing things in a more productive way for acknowledging when certain things haven't worked? >> unfortunately no. i was interested on the first panel when a couple of the panelists said they were concerned that the next administration might try to expand the fbi investigative authority. under the 2008 guidelines, the fbi was given the authority to do a type of investigation they call assessments which allows the use of recruiting and tasking informants, it allowed over and covert interviews, it allowed a lot of intrusive surveillance, not electronic surveillance. the standard for that is, this is is a quote on the guidelines, no factual predicate is necessary.

you need no facts to suggest that the person you want to investigate has done anything wrong or anything and betty else has done anything wrong. all you need is the subjective opinion that what you are doing is for the good of god and country. that gives you the authority. after the recent bombing in new york and new jersey, a lot of commentators were coming forward saying the fbi has to expand the length of its investigation. currently, does anyone know what the time limit is for assessment no time limit. i don't know how you get more authority than investigate whoever you want with no time limit. it can't be expanded any further , and i have been arguing even before those guidelines were put in place that reducing the guidelines just increases the flood of information and that's what's happening that these agencies are being so flooded with information, see something say something where

they feel they have to go out and respond to these silly buying a pallet of water, he's middle eastern and he bought a pallet of water so let's go interview him, this nonsense work that's being done, it's like having false alarms going off constantly. we don't allow you to pull the fire alarm in the building without a fire because we know that gets response but when art counterterrorism world were setting false alarm constantly and creating huge workload that is undermining their ability to focus on what is real evidence of crime. unfortunately, i wish it was true that there were warning signs but i wish the fbi, when i joined, gave me a gun and a badge and a crystal ball, but they don't and their ability to predict is no better than anybody else's so what they need to do is focus on facts not these debunked theories like radicalization, and certainly

not chasing every silly thing that somebody has said just because they said it. >> with that, we are concluded for this panel. let's give give it up for our panelists. >> we will have a brief intermission while we do a little bit of rearranging here. then we will get underway with our next group. >> don't take intermission too seriously. it's literally just for our panelists to take their microphones off. as this panel makes fairly clear , electronic surveillance, digital surveillance is not just something that three letter agencies do. it's not just the nsa, the ia, the fbi, but it's also with increasing technical sophistication something that

local police forces are engaged in. and so to cover that in another block of flash talks, we have jake of the constitution project. can i ask folks to take the conversations offstage. >> we have the constitution project talking about body cameras, that that can be a powerful tool for accountability of law enforcement under government authority to communities, but also potentially, an additional form of surveillance and we also have a racial element that will talk about in ways that these police forces are increasingly turning to monitoring social media to detect crime at the local level.

[inaudible conversation]

,.

[inaudible conversation] [inaudible conversation]

[inaudible conversation] >> thank you so much for having me here. i'm excited to be speaking at this event and talking about what i think is a very pressing topic and one that will only continue to be more and more pertinent in the future, and that is police body cameras and specifically how they can be used in conjunction with facial recognition technology. body cameras are a technology that is being rapidly deployed across the country. over the past couple of years we've had a very meaningful debate about whether they are good, bad, whether we want them

in our community, but the fact seems to be that body cameras are coming. a recent survey of the nation's largest police force found as many as 95% of our% of our law enforcement agencies have either already begun to incorporate ati camera technology into their police forces or have committed to doing so in the future. like it or not, body cameras are coming to a police department near you and we need to start to get ready to figure how we want these devices to be used. the purpose of body cameras is to increase accountability, to make sure police are acting properly, to make sure that we know what happened. without proper rules and regulations set forth on how they should and must be used, these devices could also be co-opted for surveillance purposes. in order to try to make sure we are actually using body cameras for the former and not for the latter, we need guidelines and rules for how they have to be used. that is an issue that the constitutional project where i work just took on guidelines for

preserving accountability and body cameras. we set out a set of nearly two dozen recommendations for how law-enforcement agencies should use their body cameras to make sure that they preserve accountability without becoming a surveillance tool. this is from our committee on police reform which is based, which is disposed of civil liberty activism or enforcement. hopefully the report guide departments providing some common sense that departments can take on in the future. i want to talk about one specific area that we look at in the report which is, how should we use body cameras with facial recognition. specifically, we recommend that judicial authorization should be required for the use of facial recognition with body cameras and that police departments should also strongly consider limiting the set of crimes that they apply body cameras and

facial recognition too. you might be asking how big of a risk is that is, do we really need to think about facial recognition with body cameras or is this some sort of risk of a future harm, and i think the answer is body cameras are facial recognition is coming to body cam spirit in some places it's already in place. some places already incorporated in the body cameras their building. when he walks around, is he's wearing a body cameras checking other faces he's walking past and notifying if he's on their watch list. i don't know why the ceo of an australian body company has a personal watchlist, but he is free to advertise his product however he liked. more ominously, this year's ceo announced plans to incorporate body facial recognition into their cameras. they are the number one vendor in america. at the time they have them, you you can count the fact that most american police departments that use body cameras will also have them.

with this type of planning coming, it seems a a little less sci-fi and a little more like a reality. one day there technology will make every top a robocop. what i want to talk about in examining this is how exactly can facial recognition be used without a camera and what different manners. what risks do these pose and what are the appropriate restrictions we should put in place in light of those risks? the first incident instance in the least controversial is the idea of emergency situations. for example, if you you have an amber alert, body cameras could be deployed with a face print of a child or the abductor and used to scan to try to find them. this is something please already do except they don't use a computer, they use you. automating that process of facial recognition doesn't seemed like a huge stretch, and in fact it is also fairly consistent with the rights that we have for privacy.

in the fourth amendment, it's a pretty commonly accepted circumstances he can look into electronic devices or your house without a warrant. having a situation where you can readily feed emergencies faced print into body cameras seems fairly reasonable from a privacy standpoint. :

a fairly proper use for this type of technology and combination but there are some serious risks to even what seems pretty common sense in terms of using facial recognition with body chemist to seek fugitives at large. two in particular want to talk about. facial recognition can be prone to misidentify individuals as we noted at the lunch discussion is a far more likely to occur with minorities. it can happen to a very high extent in terms of miss identified individuals. you don't want police officers at the behest of the body came attacking someone who they think is a dangerous fugitive only find out it's an innocent look like you'r that in this case wed independent verification that we do in fact have a correct match before your programming these. second and more troubling is overuse. using facial recognition to identify violent offenders, dangers felt it seems like a

pretty commonsense solution but what happens when you have outstanding warrants? that can be a police, perhaps too much power. the reason for this is city sometimes have a disproportionate number of arrest warrants for minor crimes. trying example of this the doj reported in ferguson found 16,000 different arrest warrant for individuals in a city with 21,000 people. that's a huge portion of the population and that means if all crimes were included in terms of body cameras scanning with facial recognition, officers could effectively have a rest at what authority. that's something that could be targeted at my notes, protesters are somewhat an officer just has a bad interaction with. in those cases it seems there is a logical space we should limit facial recognition and body cameras to serious violent offenses rather than petty offenses. the next issue i think becomes more troubling for privacy is using body cameras and facial recognition for real-time location identification.

location tracking has become a fairly common police tactic in general at amendment requires reasonable suspicion and court approval thanks to the work of a lot of great groups we are moving toward system are many states require probable cause warrant for allocation tracking by police the coupling that will continue to increase in the future. body chemist with facial recognition could offer a new and check means of automatic tracking. one without new rules could occur entirely without judicial oversight or suspicion. to explain why this could occur where to look at the skill of the biggest events in the body cameras introduced. cities like chicago and d.c. which both have body cameras have on average over 50 police officers per square mile. let's compare that to the current beta surveillance technologies such as cctv switch are somewhat controversial. d.c. has less than five cctv spend traffic cameras per square mile. even chicago which has a very

controversial bluelight police cctv camera system that's widely deployed throughout the city only has 13 per square mile. when we're talking change into a system where every officer has a body camera, surveillance that is like this, the current blue map of chicago except it will be five times as large in terms of the number of police cameras that are deployed at any given time. these will not be stationary cameras that are known and location. they will be mobile. combine this with facial recognition and you could increase law enforcement severely to tag the location identified and even track specific individual. because this is automated there's virtually no limited to the number of people you could do this. does require you to assign several officers. if you simply put into the algorithm you want to id, you want to track and let body cameras and facial recognition to the rest in terms of monitoring location. given the restriction grip on gps trackers, even as a policy

matter stingrays it seems both consistent with the law and in this is a step for privacy therefore going to allow any type of location tracking for body cameras with facial recognition we should require judicial authorization and probable cause. this type of restriction would still give law enforcement some meaning for attraction but literature doing it, in a manner that is dreck that suspects contracted at investigation that's in response to the cause and that isn't subject to abuse that you might have if police have a free hand for this type of technology to track who ever they want whenever they want. the final area i want to talk about is identified from stored leaders. if you have police officers who on the people the body camera in a facial recognition running with that came of it will think about beyond searching for face prints in real time. facial recognition could be used with body cameras after the footage is recorded from stored and logged by the department.

police could easily take -- take footage and run the face against existing databases to discover a targus identity. at any point based on interaction they see throughout the footage of their shift. or they could simply build a profile metadata even if there is no existing match. you could say take a person going into any building at any event at industry court and say this is person x, they were at a certain location at a certain time and logged that with help of id later or maybe building a larger profile without an id at future events. those can play out in two ways. this could in some cases be beneficial. notably if you have a suspect fleeing the scene of a crime you could use facial recognition from a body camera footage to identify them. you can also use this to moderate individuals engaged in non-illicinon-illicit activitiee protests or religious ceremonies. that's what becomes very, very problematic and worrisome.

to prevent this misuse, judicial authorization, the check of independent oversight and approval with probable cause could be an effective check to allow for these properties but cut off the top of this uses we would worry about. most troubling is of the same type of identification on a mass scale. in recent years police have targeted surveillance at black lives matters protesters and muslim communities. these efforts aided with body kim's could take the scale of cataloging individuals engaged in those activities virtually unprecedented scale. police on the beach outside a religious ceremony, at a protest come once the footage is recorded to be used to catalog every single person at an event. or if the government intended to it could simply sent officers to these type of events with the goal of recording individuals faces and then cataloging a full list. you could have a sort of digital version of a j edgar hoover style enemies list by sending

cops to location such as protesting religious ceremonies. thinking about the type of surveillance we've seen in the past decade that is the most objectionable, surveillance of black class meta-protesters come surveillance of surveillance of mosques and muslim communities. it's not hard to imagine the worst this could plant today. and even if we don't have this type of dystopian future, the mere threat poses a strong chilling threat. imagine if you plan to go to protest into police officer. their goal is to keep the peace to make sure everything works right. they have a body camera. the purpose is to make sure that they are acting probably probaby are accountable for everything they do. if you are the body camera is recording you and can later use to scan your face and then use that information by law enforcement in some way are you potential of the less inclined to go the? are you going to second-guess the type of basic first amendment speech?

so again we think in this context, developing face prints from body cameras it should be something that requires judicial approvalapproval, based on probe cause and should be individualized so that you can have proper usage for this type of technology but at the same time prevent the misuse that would be directed at activities, sometimes focus on vulnerable groups. i really hope you'll give a look into our take on this and many other issue that is they've on life. with a bunch of copies outside. again, facial recognition recognition is the one area that i focus on but we take on a full set of recommendations for how police should be using body cameras. whenever i talk about a somewhat ominous topic like this i like to end on a bit of a cartoon or lighter note. so for the sake of facial recognition, i will do that and say thank you so much for your time, and i hope you enjoy the rest of the conference.

[applause] >> all right. that was terrific. thank you so much to julian, to get over having here. i'm going to be talking today about the use of social media by law enforcement. we are not yet at a place where we have recommendations about what that looks like what we've been doing a fair amount of work on what the landscape is and raising some issues so that's what i want to talk through wih you today. i am seeing this on this in front of me but not appear. what am i doing wrong? is there somebody who can answer that question? anybody? anybody? there we go. thank you for bearing with me. so about three to four weeks ago

i want to say the brennan center released a map which is online on our website at what the map looks lat is now 155 jurisdictions across the country. country. that's cities, counties, police departments that you some kind of social media monitoring technology in some way. this is specific to the one that's been at least $10,000 or more looking from 2010 until now. the way, way we found this information was using a database all procurement orders called smart printer. we have a subscription to and we were able to do searches for about of the companies that we know provide social media monitoring, sort of functionality. which means being able to look at social media postings and whole variety of ways. so we pulled out, if you go online you can see what all those nifty colored pens are. if you search the brennan center in social media maps but basically broke the the deputy d of different spending band to see who is spending less, who is

spending more and he was using, we look at eight different companies. we'll be adding more since comcast and police departments but breaking down what those are. if you click on a locale and then it pops up information about what the company is, what is based on what kinds of uses we might know about in that city and now much they spent on also links to the procurement orders for that particular city. you can kind of died down into that. there are a few figures would follow from that i to highlight. so the first is that among the jurisdiction were looked at from the 155 jurisdictions, since 2010 that collectively spent almost $5 million on social media monitoring. the highest amount spent by a single jurisdiction, the florida department of law enforcement spent almost 200,000 dollars. there's a few below you can see they are mostly large jurisdictions. county of l.a., harris county, texas, where dallas is. i county in michigan and in the

virginia department of emergency management. they've always been a fair amount of money to be able to monitor social media. i should say from the procurement orders we don't know precisely so we can't say we know that they're using this to monitor what people are saying on twitter about x that we know they're buying service that as one of its sort of maine functions provides monitoring to law enforcement. and a lot of them, but a couple different services that they might about media sonar, snap trends, one year period to another they tr tried different once but maybe it's their buying a few went to try them out. at the same time very few of them have publicly available policies about how this information is used. a number of them have policies on how they affirmatively use social media. if you are a police officer want to know how can i put out on twitter or instagram an

invitation to a block party that we are coasting, or pictures from our latest toy drive? if what you want to know is how can i track a particular suspect or person of interest, how can i use an undercover account to connect with somebody, how can i apply this technology to do link analysis to see who is connected with each other? very few of the jurisdictions have publicly available policies. they may have been somewhere but by and large they are not a payable to the public which means there's a little transparency about how the services are being used and how that impacts civilians. so we do know that there are a variety of ways as i said that law enforcement of social media monarchy used by law enforcement. it could be team and the outreach and engagement. there could be countering ethic of messages online. that's often more likely to be on the federal level. there was just a panel on

countering violent extremism and that is a tool to be able to put other messages out there. it could be investigating individuals. so often social media companies won't hand over information directly to law enforcement said this is seen as a way to access that information if it's public or if there undercover account being created. could be investigating groups and there's a couple of slides i'm going to show that he can do that in more detail. maybe monitoring hashtags, monitoring pictures in common, people in common, things like that. and then situational awareness and then link analysis analysisg who is connected to each other. so the international association of chiefs of police does a survey now every year, this is a regular survey, that they send out to hundreds of police department to run the country asking how they use social media monitoring and generally social meeting technologies overall. so the 2015 report which was at

the last one that's out out, the were 509 law enforcement agencies that responded. of those, that teeny tiny number down at the bottom is the number of agency that do not use social media tools. it is a very small percentage. more than 96% of the law enforcement agencies that responded said yes, we use social media in some way. so that could be public outreach, it could be upright of other things. if you can see the notes at the top, i know this is small, almost 90% use it for criminal investigation. over half use it for listening or monitoring. and three quarters use a for intelligence. so quite a number of these law enforcement agencies are using it not just the kind of put out a public face but also to gather information. they provide some specifics with respect to how it is used in investigations. we know a number of them will develop and undercover identity,

and some of the social media companies provide ways to facilitate that. over 92% could review social media profiles or activities of suspects. what you don't see and one of the areas where i think there is more concerned additional concern is in terms of monitoring of, especially protesters are activist. so this is an e-mail that was obtained by the aclu of northern california, which has done fantastic for your work to dig out some of the context of how these tools are being used. especially how they're being marketed to law enforcement agencies. so this is an e-mail from that i should pause to say that after a lot of these e-mails became public, twitter especially has now cut off access to these three companies that provide social media monitoring. they are no longer allowed access to the data that was allowed them to market

themselves as we can see everything and we can help you track down anything you want. there are a few interesting things that come out of this. one is that marketing itself as being able to track protest, specifically called, we covered ferguson and mike brown nationally with great success. they said it undercover account a linkage and there's a question, how we think account can be loaded? there is no limit. this is an area as well where there's very little visibility about what exactly it means to create those fake accounts. clearly that's functionality that's available to law enforcement, and just to emphasize this, this is another email e-mail again from aclu of northern california saying they are interested in his piece about monitoring for protests and investigations. so thinking about monitoring for protests especially in the civil liberties concerns that would come out of that what does it need to be monitoring

protesters, activists who are often occasion perfectly lawful and first in protected activity. there's one more piece of that. this is a funding request from the denver police department, obtained by the daily dot. the one interesting piece i just wanted to identify your, the second highlight down says this tool allows you to get my potential witnesses to a crime after an event which could assist in the investigation of a terrorist threat or ask for it says this was successfully done after the boston marathon bombing. it's a perfect legitimate point and investigation of actors act. this might be a way to find witnesses. on the other hand, the immediate linkage from a crime to let's think about terrorism, because often kind of the terminology and the frame that is used to rollout more and more of these monitoring tools. so i just want to highlight and we're just about out of time, a couple of different actual use as we've seen of social media monitoring.

the are a few examples, you know, successful and potentially relatively and iqs uses of social media. somebody who had put up a video of himself rapping about murdering somebody including the name of the victim, and he had posted that on social media. after the 2011 right in vancouver using social media to crowd source to figure out who was involved, and when the sims and iqs and a right of ways was someone who was throwing a football at a police squad car but apparently a friend of theirs put up a video publicly. in terms of the uses that we would be more concerned about and that implicate this sort of monitoring of protesters but also concerns about even targeting individuals and what it means to do that through social media. so the oakland, california, and salem, oregon, police department monitored black lives matters protest and a special hashtags including the head of the justice been targeted because he

had used a black life matters hashtag. a teenager in new york who was indicted on gangs conspiracy charges and spent time in rikers am including a solitary, due in part to the fact he had liked things on facebook and the conclusion was that he was part of a gang pic he was friends with people but he was not evidently involved in gang activity but that was used basic as part of the indictment. the drug enforcement agency which use the picture of a suspect and know the case on facebook but used it to create a fake account as a bait, built me settled with her for over $100,000 for that misuse. so that is a very quick overview of issues that we're seeing with social media monitoring. we will beginning of the map and gathering more information on this, and also very much thinking about issues related to good policies, transparency and principles to help guide how some of this is happening. [applause]

>> the cato institute conference on government surveillance concluded with a discussion on international law on surveillance activities. >> i will just going and get started in the interest of encouraging them, everyone to congregate again. thanks to those of you have stuck with us to a long and fascinating day. our last pair of flash talks is going to focus on some of the global aspects of your surveillance. we are big fans of the constitution we tend to focus very much on the fourth amendment and domestic law and how to regulate surveillance of americans citizens and the rights but the scope of american surveillance, both for law enforcement and intelligence purposes, is now really global in scale. as a result it has implications

for the human rights of people around the world but also for our political and diplomatic and economic relationships with other countries, and particularly economic interest of u.s. companies that hope to do business around the globe. so to talk about to aspects of it with alan butler, senior counsel will talk about shrooms case and the ways some your surveillance trading problems in europe and professor je trantwo will talk about trying to argue that some principles for cross data exchange, whose jurisdiction applies to the kind of data law enforcement needs in investigation. we will begin with alan. >> thanks, julie and educator for having me. happy to be a today to speak with you about a new international dimension to this debate over your surveillance authorities.

i'm talking as many of you probably know about the schrems decision of the court of the european union lets you pick this up and did the primary mechanism that was used by businesses to transfer personal data between u.s. and the european union. it also led to a major renegotiation of privacy agreements between the two governments and is opened up new avenues to challenge the surveillance activities. historically, u.s. surveillance reform movement here has focus on statutory and constitutional limitations as julie mentioned that applied domestically, think about the debate over fisa at the patriot act and ecpa. there's been international groups have been engaged in local on these issues but these issues haven't necessarily played a major role in executive branch are congressional policymaking on surveillance. that all changed after 2013 in the snowden revelation. when the u.s. came under increasing scrutiny in other countries especially in the eu

for their surveillance activities in the eu in particular there is a strong history of privacy protection and independent enforcement authority by regulators in each of the member countries. traditionally these data protection authorities have focused a lot of their attention on the actions of private companies. but the prism o program provided for the european court of clearlake between the actions of companies that collect and transfer personal data and the surveillance activities of the u.s. government. it didn't help that section 702 under which prism is authorized specifically ignores the privacy interests of foreign-born citizens and used it but at the time prior to the schrems it was not clear what leverage the eu would have two and a sense push back on the u.s. for this broader surveillance that was being revealed.

then an individual who is an austin law student filed a complaint with the irish potato protection authority alleging that facebook had transferred his data to the u.s. and thus exposed him to these surveillance activities. facebook has a major business operations in ireland for tax and other reasons, so the irish state protection authority had the authority to bring claims against facebook for violating the eu privacy directive and fundamental rights under the eu charter. the eu privacy directive specifically applied to any company that processes personal data in europe and also limits the ability of companies to transfer that data to other countries, in particular when those countries do not provide adequate protection for that data, essentially equivalent protection for that data relative to what provided in the eu.

that transfer of personal data between the eu and the u.s. specifically has historically been authorized under an agreement that the two governments entered into in 2000 called the safe harbor agreement. basically they cleared a safe harbor, set of principles that countries could sign onto and agree to and, therefore, transfer data freely between the two countries without fear of violating the directive or eu law. this was called into question in the schrems case because mr. schrems alleged that despite the safe harbor agreement, facebook was violating the directive and violating his rights under the charter by transferring his data and exposing them to u.s. surveillance. the data protection authority in ireland chose initially, found that it could bring action against facebook because facebook was provided by safe harbor. ultimately through suits brought

by mr. schrems, a question was certified up to the highest court in the eu, the court of justice. that question was whether the safe harbor agreement itself was valid or whether that violated both the fundamental rights in the eu and the eu privacy directive. ultimately the court of justice did find that the safe harbor agreement was invalid. they held that in october 2015 and this was a bombshell that dropped on the useu privacy world last year. and simple to this case was surveillance alleged to mr. schrems said complaint and the hook between u.s. companies and u.s. surveillance activities. ultimately what the court of justice that was about the safe harbor agreement was nothing more simply than an agreement between the u.s. and the eu that didn't so provide for the adequate protection that's required under the directive.

this has been it's hard to understand how much of a fundamental shift this has caused in the relations between the u.s. and eu. this has really created an entirely new dimension to the debate over surveillance activities in that now there are all of these companies that engage in these practice -- transfers of data every day with lots of money at stake, and by knocking out safe harbor the court of justice really put a lot of uncertainty and a lot of risk for companies transferring data that are worried, concerned now that there will be major enforcement actions brought against them, suits against them for violating the directive, and the deal that's been negotiated in the time since the schrems decision came down which is called privacy shield, it's not at all clear that it would be upheld by the court of justice

needed because again, the court of justice ultimately focused on both the limited scope of u.s. privacy protections and limited redress for eu citizens for your surveillance activities. .. these are contractual agreements between data processing in the us that are also providing a mechanism under the directive, so here the companies essentially enter into a private agreements that is defined by

the european commission as adequately projecting personal data, but the same fundamental question is at issue, which is if a company in the eu is transferring the private communication to the us, are they therefore exposing those individuals to surveillance activity of the us government without providing protection or providing for adequate redress? really, it puts real money at stake in the debates over the scope of the surveillance stories and protections and i think it raises a lot of fundamental questions about how privacy law will be structured in the us. one issue will come up over the next 12 months is the renewal of 702 authority. another issue that we will see in the next few months and certainly within the next 12 months is whether a new

administration will carry forward some of the privacy provisions that-- so, that's the short version characters

obviously a lot more issues there, but going forward it will continue-- these cases and now are several that will continue to raise fundamental questions about how us structure and privacy protection especially and what it grants protection. thank you. [applause]. >> going to think cato for putting on this conference and to jillian for inviting me to speak. i went to talk about what i see as two sides of the same coin and foreign governments need to access data that happens to be without-- within the boundaries

of the united states and i will give you the punchline. in my view the current set of rules are imposing arbitrary limits on law-enforcement ability to access data based on where the data happens to be held. it's an attempt to kind of blatantly transport other forms of tangible property onto data without recognizing the different pictures of data and perhaps most importantly the fact of third-party control like makers-- microsoft, google and facebook without us as the users have any say. together these make locations increasingly arbitrary and the net sound and limiting lawn parsonage or. here's why these limitations are often described as privacy detectives and actually undercut

privacy as well as security and economic growth and innovation. lets me start with the problem of the us law-enforcement access to data. this was the issue decided this summer by the second circuit. isolated everyone is the layer with the case that started in december, 2013. the us government served a warrant pursuant to the electronic communication privacy act on microsoft seeking data associated with a particular. microsoft turned over the non- content data like name, ip it address, billing information, but refused to turn over the content of the communication same those were stored in ireland, and the united states warrant jurisdiction only extends to the united states and therefore the warrant-- the government thought back and two

lower courts agreed. this was not a traditional search warrant bombing us law-enforcement officials crossing into ireland territory using property. rather, it was directed at microsoft and that microsoft should disclose that you indication. the data was in ireland, but microsoft employees sitting in washington could access the data without leaving the territory of the us. it was a territorial, search akin to a compelled disclosure order issued. the second reverse ultimately siding with microsoft concluding the relevant statute is about privacy, not disclosure and it was a search and that the us search warrant extends only to data physically located within the us. this case and during medication

the ruling has been described as a privacy wing by many. i'm not show sure this is true. remember the government got a warrant based on probable cause. there is no question that it would have been able to access that data had the data they located within the us and there would be no privacy violation assuming everything was fine with the warrant. it doesn't become the privacy violation just because the data is moved outside the territorial borders. this case is arguably bad for privacy unless one distinct any obstacle in the way as the us law-enforcement is a good thing. the end result means the us law-enforcement officials if the data happens be outside our borders it needs to now make a request for that data and then the foreign government, should it choose to respond access that data according to its own laws and in most situation those

standards are lower, less protective and a warrant based on probable cause overseen by an indicated-- independent judge. second, even if this case is about privacy it's not at all obvious that it's a-- an honorable. >> microsoft already has access to this data as a caretaker and moves it around without notice to the new-- user and any additional privacy intrusion takes place not when microsoft was the data, but when the data is turned over to the us government and that happens in the us, not ireland. there are also a number of competitions for the us ability to access data lawfully either when the target is us-based and the government has probable cause to access that data because of where is held in this happens first because of the

slowness of the process. second, the us only has mutual legal assistance treaties with about a third of the world countries and may not have a workable means of accessing the data and third, not all companies are structured like microsoft, which has a relatively driven approach to how it stores and accesses data. companies like google and facebook are constantly moving data around in ways that can make it sometimes hard to even ascertain where a particular debt is located at a moment that the warrant is served. more importantly, a company like google has structured its operation so it's data can only be accessed by law enforcement's located in the us. lets assume the us government serves a warrant on google for a particular. if some or all of the data is outside the us, google cannot lawfully respond, but if the us

government then goes to the foreign jurisdiction in the foreign government says we would love to help you, but we can't. we don't have jurisdiction over the people who can access that data, you do in the practical result is it means there is no way for law-enforcement to access that data even pursuant to a warrant based on probable cause. a big company like google can restructure and at least in the short term this is the situation we are in and i think the result has two concerning side effects. first it encouraged data location as a means of ensuring access to data. this is not so much a problem in the us. rulings like a microsoft ireland case further incentivize foreign jurisdiction to mandate the data held there in part to protect against what is often perceived as the big bad us law-enforcement. the reality is, however, that in

many cases the standards that the foreign governments apply are less protective of the privacy rights than the standards in the us. second, i think the reality is that powerful governments will find a way to access data if there is a need. my fear is that a really like this, if surveillance efforts are less accountable-- than a government mike to access without independent review and oversight by a judge. the government appealing this ruling and i also think there is problems with the government's position as well and that congress should step in and get involved. i encourage everyone to read the concurring opinion in the second circuit and in my view an ideal amendment would permit the us

access to the communication content of its target pursuant to a warrant investigations over serious crime without the regard to the location of data, but also require the government and the reviewing court to take into account factors like the nationality and location of the target, like the nature of the crime, like the laws of other nations that might preclude access and the potential conflict with foreign nations, so help protect against a situation in which the us claims access to data anywhere and everywhere without regard. i will now briefly turn to the foreign governments seeking access to data located within the us borders. the same at issue in the microsoft ireland case also pursuit-- precludes us committees from turning over

data to foreign base providers. think about the same problem that foreign governments that. uk is investigating a london murder and the target, witness and victim are all in london. if the alleged perpetrator were using a uk -based provider they uk law enforcement could go to the provider and get access within days if not sooner. if instead, the perpetrator-- they go to google and they say go through the treaty process and it takes an average of 10 months for a response to be sent back to the uk and it just as us law-enforcement officials are frustrated by the microsoft ireland decision, so to our foreign governments as a result of the inability to access data that happens under the us control. this is also leading to a number of concerning responses and

encouraging data localization mandates. permitting governments to access data according to their own standards and less privacy protected then in the us. these kinds of mandates are also costly and undercuts the growth and efficiency of the internet and potentially set out-- prevent startups from entering the market because they cannot comply with the cost of holding data in multiple jurisdictions. we also see governments increasingly assert jurisdiction without regard for the conflict of laws and this is not just an academic hypothetical problem. january, 2015, there was a microsoft executive arrested in brazil facing similar problems and as i have already said this further incentivize accessing data. as with the microsoft ireland case we need a solution and i

think we have a chance to design a solution that yields a race to the top or at least the raising of baseline procedural protections across the board rather than a race to the bottom where every nation is seeking access to data based on their own rules without regard to things like the nationality and location of the target and many cases based on rules. [inaudible] >> the department of justice made legislation this spring that would lift the provision in certain circumstances, specifically its would allow the executive branch to enter into executive agreements with other governments, allowing those governments to directly access content of communication from us providers so long as they were not accessing data of persons in the us in order to be able to enter into this agreement that

attorney general and secretary of state would have to certify the country met procedural protections, for privacy and civil liberty and the question would have to meet a number of requirements including the fact that they were limited, that they were reviewed or overseen by a judge and the information was not used to infringe on freedom of speech, subject to compliance by the us and these agreements also have to be versatile call meaning the foreign government would have to commit to allow the us to do the same. we can debate the specifics of these kinds of proposals and i think there are areas where i would suggest changes, but i would suggest that this is the right approach and one that would, if adopted, raise the

privacy protection as compared to the current situation where governments increasingly are sent-- incentivized by mandatory localization of carmen's. this approach also reflects the premise of the us having a legitimate interest with procedural rules that govern access to data for its residents , but does not have a similar in imposing specific rule of a warrant based on probable cause when a foreign government accesses data outside the us so long as certain baselines are in play. notably, the us and uk have a dressed-- drafted agreement that would allow law-enforcement officials to do exactly what i'm talking about. this can't happen without

legislation i know it's a hard time to predict what's going to happen in congress over the next few years. i would say that i think this is and should be an issue that crosses party lines and congress has an important chance to design a rational conference of approach for the question of law enforcement access to data addressing the us government reach and also amending its laws to allow foreign governments increased access to us held data according to privacy protections once certain conditions are met. in my view these rules should focus on things like the location nationality rather than the location of the data and that failure to take these steps will have negative consequences for our security, economy and our privacy. thank you. [applause].

>> thank you so much. i absolutely urge everyone later as your perception to grab a copy of her paper on this topic. i wanted to invite our final panel discussion to the stage. last year we started a new tradition at the cato surveillance conference by having a prominent libertarian and assorted extended debate-- not really debate, but dialogue from people in the intelligence community. it yielded such interesting results we thought why not and see what happens when you get to people who care deeply about privacy and see what they think

are the important issues to talk about and to introduce our discussions and moderate that conversation with another conference tradition of sorts. each of these even cents before was called the surveillance conference with a all-day comfort, national security agency. charlie savage's national security reporting for the "new york times" and understands what's going on in the intelligence world and his book is absolutely invaluable guide, comprehensive and thoughtful analysis of the intelligence security policy under the obama administration and has emerged to be and we will turn it over to charlie. >> can everyone hear me all right?

here we are at the end of this conference and we are also three and a half years now into the post as noted era and we have been living under the usa freedom act, heading into another reauthorization year for the pfizer amendment act and it's a great time to wrap up the day in the year to some extent with an overview of where we are where we would-- three of four different cuts at the surveillance world to help me through that i had two great guests, when is alex jones to my right here, he has been in the throat since 2005 since it was set up and also the chief transparency officer. he began his career in the army

and then a technology attorney in the private sector and after 911 was in the sea has-- cia's office of general counsel. we were talking in the green room before and i asked him to tell me something about him that people in this room did not know and what is it you told me? [inaudible] >> how do you have time? >> pickup really early in the morning. >> how early do you get up? >> 530. couple different locations at. >> why you swim everyday? >> it's good to stay in shape and i found the secret to-- i mean, the swimming is tremendous exercise. >> one-word answer. >> the key is audiobook.

wet-- waterproof ipod. >> i understand also you are the last person standing who has been in that role that entire time. >> i think so. >> my other guest is trying to she teaches internet lot stanford law school. you are also the author of a forthcoming book from cambridge university press called: american spies, modern surveillance and what to do about it. when is that book coming out? >> it will be got in the beginning of january and it's a book about surveillance policy and in effort to have it be understandable and accurate and give people a framework for people-- think about the surveillance policy debate.

>> when i asked you something about yourself you said something called tech and the spy. >> to hand combat videogame and in downtown san francisco there's a video arcade that has only video games imported directly from japan and my daughter really likes it because there's a character that is a kangaroo, so she's always the kangaroo and the kangaroo and ibt each other up. i think it's probably good therapy and good past time. i can tell you that my other daughter was playing her and she got this one character in my daughter said women's are-- women are always skimpily dressed in the minnow like demigods and my daughter was playing the masculine looking guy and my other daughter said you are so good and you beat that kind you are barely even wearing a shirt.

[laughter] >> lets get into it. part of what this audience was to walk away the from this conference with is a deep dive and one of the reasons we are able to do these deep dive the way we work before in 2013 is because we know so much more that the government and what it's capable of doing, what the rules are and so forth. from your vantage point, especially with the transparency officer and i think a world that did not even exist up for a year or two ago, how has the cia and nsa changed in terms of its ability or willingness to or seen the value of talking about what it does? >> i have been in a community

built for secrecy for work we hire people based on our perception of their ability in the confidentiality within the government. we do a lot of training around keeping secrets and that's important our business because as i have said a fully transparent intelligent services fully an effective. our effectiveness depends on the adversary not knowing how it is we are using different techniques and forces to discover them and detected their activities, so when you come from that culture it's difficult to sort of get people thinking about being more open in public and transparent and i have been doing this since 2005 and it never before have i experienced a community as engaging with the public as we are now. we still have a ways to go and i

think one of the lessons that i have learned and a lot of folks have learned the last three years is you can have as much oversights as you can design and put in place. we have all kinds of different oversight structures. i call it a system of many layers with many players. we have lawyers, offices and oversight committees, the intelligence oversight board, all of these entities have clear personnel that can see information in a classified environment, which is critical for democracy with people in and oversight capacity to have clearance to see things we are doing in a classified manner. you can have these rules and oversights and that is necessary, but not sufficient. one of the lessons we have learned in the last three years that you need is transparency and it's not easy for people to do it. it takes a lot of time, and

effort, but i believe it's a value that we have learned. you have to find ways to be more open about what you do. >> let me follow up on that. i has a reporter who was covering these things and asking questions and so forth noticed that nsa and code dni as the controlling entity and how the response played out became more willing to affirmatively say-- [inaudible] >> i appreciated that very much. i'm not sure that moment will endure the way you justice suggested it would. i think other parts of the-- correct me if you disagree that other parts of the intelligence community that were not forcibly exposed like the surveillance world was and never went to the

cultural change and i-- one of the things i've been thinking about lately is that the usa freedom act, one of its provisions was that the intelligence court, the fisa court had to make public when it had-- it's novel and significant interpretation of surveillance that and the provision does not say going forward. it just says government shall make public, so it has raised a question about whether fisa court opinions that were enacted between 1979 and 2015, must also now be made public in a summarized forum. the obama administration-- if there's a new culture of transparency what is the justification rationale for not to say yes? >> i won't get into the legal

discretions regarding that particular cause, but i can't say generally it's our intent to go back and look at all of the opinions and that's something happening. whether or not it's a statutory, it is something that is an issue right now. one of the points i was making any different form is when you look at transparency there are different reasons to provide information to the public. summer-- you mention the freedom act, so we must comply with the usa freedom act and that active prioritization mechanism on what it is we do. another one is the freedom of information act and once that goes into litigation you have to follow the force of that litigation and there will be court deadlines and orders that

you have to comply with. under the executive order for classification for national security information and the us government there are processes that require us to review such as classified information, but the type of your automatic review, there are challenges and mandatory reviews that are filed under that, so all of these-- what i call these hard requirements, legal requirements necessarily drive a lot of the machinery that has to be put in place to provide transparency which can be very painstaking and yet the line by line to determine what can safely be released and if there is a risk to security and what the risk is and bring in the experts etc. part of what we are doing in the transparency world is not only looking at that and responding to the classification and those requirements, but also working

to be more proactive and say what is it we can do to better explain ourselves to the public and in that red-- regard we have engaged with the civil society getting ideas, requests try to figure out what's in the public interest in what we can do to better inform public discussion. i do think that is enduring. that is something no matter what agency you are, we have all experienced the very significant and vibrant discussion and debate about the legitimacy and i think latona-- intelligence agencies have gotten the message that we have to be more proactive and strategic going forward about the information we provide the public. >> return to jennifer. the most a significant event we can see on the horizon for the world of surveillance is the scheduled exploration of the files at the member in the end of 2017. there is no expectation that it

will not be reviewed, but what are the sort of three big issues that people should watch for? >> when big issue is transparency, but i would put it more broadly which is accountability and i think while the intelligence community has come a long way from where it once was it has not come nearly far enough in terms of revealing information to the public. there are interpretations of key terms in intelligence law that the public does not really know what they mean or how they are interpreted and it hinders their to understand what kinds of surveillance are being conducted and whether we support that kind of conduct and whether the safeguards are adequate. >> you see the opportunity in

the size of amendment act to do what then to solve that problem? >> everything is up for negotiation was the bill is going to expire, so releasing court opinion, particularly i think people warily want to know what the definition is, what is it mean to target was the interpretation, what kinds of material does the government's treat as protected by reasonable expectation of privacy because all of the electronic surveillance definition depends upon collecting information to which there is a reasonable expectation of privacy. we have this ongoing debate about sensitive, personal, private information or the public doesn't really know exactly how the government treats it and if they treated as having a next rotation of privacy are not. either another statute has to protect it is not subject to pfizer act because it falls out

of the definition. just examples, e-mails, we still don't really know 100% for sure that is protected by the fourth amendment or what about documents stored in the cloud? , so we want to know that. >> you are talking about better communication about how the government understands the powers. with a substantive change to the rule that consumers want specifically that could be part of the bill? >> there are two big things under discussion. scope, section 702 of the pfizer act allows targeting of a foreigner overseas for any foreign intelligence information >> without a warrant? >> without a warrant, any foreign intelligence. foreign intelligence is a broad category.

anything we might be interested in as a country and so that means number one, when americans talk to foreigners who are of interest in the categories, our communications are wiretapped as well and it's means that foreigners who may be targets get picked up for the very broad category also. that has caused an immense amount of international issues when people realize our law is collecting on them as targets in this broadway will beyond what our national laws would allow or human rights laws necessary as a proportionate test. >> to be clear for people, we are only talking about correction outside the united states with the us government goes to gmail or att wants to look out into the world.

>> without regulation, but this is where to go to collect companies or internet background and saying give us information about your users and there's economic problem, which is that people don't want to use companies that have to give over their information without a warrant, but the problem for americans is brought as well because we have learned there's a vast amount of americans private information that adds up in these databases. >> you would like a allowable scope of surveillance to what? >> national security counterterrorism. >> you see that is politically possible? >> i don't know. i don't live in dc. i live in san francisco and it's like a whole different world out there and i think that people tell me that there is less of a

chance in some ways for surveillance or for now with the republicans in control, but i find that in some ways hard to believe. i think now is a time where people paying attention i think the league-- think in the opposite that this is a time to restrain government discretion and make sure robust rules and checks and balances are in place more than ever before. >> the other thing you mentioned his usage at the people hear a lot about the backdoor. what is that how does intersect? >> once information is collected under section 702 from the company, so under this section from the company. >> without a warrant? >> without a warrant. that collection goes into a database and the fbi has access to the raw data in that database and what they are allowed to do is to search, they call a query

and to search the database for information including looking for information about americans for criminal purposes. this is called the backdoor search loophole in order to get access to that information you would ordinarily have to go to a court with probable cause, get a warrant, execute the warrant through regular procedures, but what's happening is by creating this database then you have this database that the fbi's allowed to go to. at the usage restriction would be either don't allow it at all. we collected this information in the name of counterterrorism and national security. use it in that name and go to an end run around it or you have to go to court and get a warrant and show your probable cause to look for this information as opposed to the weight is now, which the fbi can access it for assessment, which is basically tax-free.

>> let's turn back to alex. is a government representative, can you articulate a rebuttal, why has the government believed this idea at least in the criminal investigative world if an fbi agent was to look at this database for ordinary criminal suspect in private data has been collected and the fbi agent ought to get a warrant for trying to pull that message up? >> i have to take a step back and address this more broadly. first of all, i agree with some of the points you are making about the legal rulings. that's a priority of ours to be more transparent about that and in terms of the scope. of the scope is foreign intelligence defined and the actual conduct of targeting of foreign intelligence for

intelligent purposes is subject to a rigorous process. we have the national intelligence priority framework. >> let's assume i was indicating with a legitimate-- following all the procedures, not a terrorist, but-- not to targeting. >> i understand. >> why shouldn't the fbi have to get a warrant to pour my private message if i'm the one he's interested in? >> i am trying to lay the foundation. >> true, but we are trying to move through many topics here see that the original crack-- collection is targeted at a legitimate foreign-policy partner. we are not getting all of your e-mails, only e-mail communication of you in this carefully focused for intelligent target and if there is a fast breaking situation where we need to find out whether or not on an american

involved potentially in a terrorist incident inside the us is in communication with someone we have already collected on, that's-- you need to move quickly and identify whether they currently hold the communication that could prevent something from happening. >> that sounds like you are searching in the name of the terrorists, not the name of the american. >> it could be an american who is involved in some terrorist incident and we went to see if he's getting instruction from abroad's elect 30 think the government lived with a-- [inaudible] >> why should we constrain our powers? there's never been in the vision on using that a lawfully gathered. >> it's essentially because you don't know when you might need to get the data quickly and we don't want to constrain the intelligence from being able to do that.

for civil liberties and privacy perspective i understand that we try to put in place policies regarding oversight, documents and queries, the reason for the query, providing oversight for the department of justice on the query and reporting. so, i understand the concerns. we feel like the current structure-- >> let's move on. >> can i say something? >> sure see that can tell we know how many of these backdoor sources the fbi conducts and have a volume of information they pull out there is really no way-- the public and lawmakers need to know that answers to say like we either like this or we don't. they won't tell us in the intelligence community won't tell us they won't pounce and congress has asked how much american information is in here and how me backdoor searches have you conducted and we don't

know. the information is kept-- the information they get from the companies is kept for five years and there is no documented-- there is no fact showed to a judge in order to get it, so it's really kind of like taking advantage. [inaudible] >> the usa freedom act did not require the fbi-- their systems are not set up for that we understand there's been a request from the hill as well as civil organization and the fbi is tried to figure out how to do that. >> my understand about the why the fbi cannot do it is that when you're in an agent thing i'm interested in you do a database-- database search, it's a search that all the databases have collected and brings back the results as they are, but

what is that mean, i mean, every single search by an fbi agent at all times says a backdoor search even if 99.9 of them never bring back anything. >> and only certain fbi agents are allowed. >> without getting permission. >> correct. >> do you know if agents have asked permission and then refused? >> if you look at the opinion on the november 2015, court opinion , it address the issue. it was argued that the process was inconsistent with the constitution. the court held it was consistent with the statute of the constitution, but decided to order the fbi to count the number of times that returns a

resulted in a non- query situation, so the fbi has been implementing that order and that's one of the things we're working on. >> do you think that's eminent i prefer this administration leaves mac i hope so. >> and that will be all the backdoor searches for mac just the one the court ordered. >> i mean, i don't know the internal architecture, but database experts have said it's not a big computer science hurdle to say there were this many queries where daddy came out of this database and the data has be treated in a certain way. >> when it comes out will people find it connect i want to speculate. >> let's move on to the world of executive order. executive order 12 triple three is the internal executive rules for surveillance that's not regulated.

pfizer regulates only collection from a wire where we know the comedic a she and is domestic, so nothing from satellite transmissions or intercepting stuff from people abroad or foreign to foreign communication intercepted. huge swath of what the nsa does is not covered by pfizer and the reason for that architecture is that it's designed in the 70s for phone systems, which what happened here state here and what happened there stayed there now with the internet explaining in the last session that something that happens here is found there all the time and vice versa. one of the reasons the pfizer act allows collections. we will stay with alex for a

minute. one of the wrinkles arising out of our greater understanding of 12 triple three end pfizer and an awareness that agencies have increasingly since 911 been engaged in sharing raw data with each other, minimize data, that at that has not had privacy protections put on it yet to screen out the names and irrelevant personal details of americans, so it used to be the nsa would only have this or that fbi would only have this with insulated information somewhere else in the government and would have to process it. after 911, there was a desire to tear down these barriers and maybe someone at the cia-- [inaudible] >> there was in the world the pfizer a great effort here with raw data collected under pfizer.

is known to go to for agencies, fbi, cia, national counterterrorism center and the nsa and bob litt, general counsel where you work has talked publicly about how there is also been an effort that lasted eight years now to develop seizures that will allow data collected under 12 triple three rule to be shared with the cia and fbi. we don't know what the rules are yet, but this has been in the works for eight years and bob said in february, it was eminent. where those procedures? >> eminent. >> was the problem? do you think will happen before this administration leaves? >> i think we are on the road to getting something finalized and released. >> the government takes time, but there has been issues, so let's held it up? >> primarily the government takes time. under section 2.3 of executive order 12 triple three

collecting, retaining and disseminating information and chairs that information with each other because everyone has guidelines to protect us person information. >> changes were put in 2008? >> they added the changes in 2008. from 1981, said intelligence information cannot be shared in the nsa would retain it until they had decided to disseminated in a reporter something. into the essay, the decision was made that for that kind of intelligence it could be shared pursuant to procedures and approved by the attorney general that's what we have been talking about for a large number of years. it's not like right when we sign -- yes, it's been going as i like to say if the government.

so, the basic structure will be that intelligence information can be shared pursuant to a process where they has to be a determination from everquest and agency that has a need for the information and puts in place structures and processes that essentially will get the protection of the information that the nsa provides under their rule. >> the big difference, the big difference in the surveillance is that trent-- pfizer server test we targeted. someone committee-- communicating with that person. 12 triple three is both collection. is supposed before for an intelligence purposes, but ezra

talking about the backdoor search loophole in terms of pfizer, it's not like if they were looking at me they would get all of my e-mails, just the e-mails to that legitimate target, so that is kind of reassuring and would not exist if people's information was vacuumed up in this 12 triple three surveillance. can you tell us or preview the big question which will be, will these procedures let the fbi query, us person for criminal purposes once they get access to 12 triple three? >> just to clarify what you are saying, so if we are to do surveillance targeting any american no matter where in the world under the foreign-policy act we are required to get it individualized court order. the collection is not targeted. this is why when to step taught -- back and talk about targeting.

targeting is something that is specifically described for section 702, but also happens for 12 triple three. there is a process in which the agencies go through to identify individual targets and to the extent that targeting can happen on that basis, that's what happens, so if we can get the information targeting a communication overseas that is what happens. under presidential policy director 28 we put in place the process for limiting of the use of information of collecting and bulk and basically we are saying we have to tailor our selection. if it's not feasible rate tight tailor-- we can do things in bulk. nsa still operates under their implementation of the detail requirement for 12 triple three. under that they are supposed to

also narrow as much as they can when they think there will be a significant amount of us persons information involved, so there is a narrowing. nsa, if they are going to do a query of a us person, needs attorney general approval based on probable cause. i won't, it specifically on one agency or another, but broadly speaking what we are doing is trying to get other agency protection. >> under the presidential policy directive, the handles bulk collection it's only permitted to be used for one of the six purposes and one of those purposes may be criminal, but not like this guy-- let me turn back. wait a minute. let me turn back to jennifer.

>> one of the things that's a concern here is what we already know about targets gives us great pause because targets can be-- i think a lot of people think about targeting as a particular bad guy. targets can be the french government or targets can be-- and we have seen documents that some dark-- targets are doctor-- doctors without borders. with seen organizations that operate internationally can be targeted just for foreign intelligence purposes and lots of people-- [inaudible] >> i think what it ends up doing is collecting a lot of american information because americans and other innocent people who are not really foreign intelligence interest end up being a part of that tape and the rules we have don't adequately protect people when

the targets are of the nature because the collections end up being so broad and so i think even under title i were you need to show probable cause if someone is an agent of a foreign power and had a prominent groups , title i targets for supposedly which there is probable cause of there's a lot of concern about targeting out. one of the things to be extra concerned about is that we are about to have a change in administration and these rules are executive branch formulated rules, so executive orders can be changed and don't require you to go to congress and executive orders can be secret. targeting provisions means we did not know what they were until edward snowden lead to them. the targeting provision 4702

that has to go to the pfizer court. [inaudible] >> let's stick with the theme of part of your critique is that a lot of americans get sucked in as well. like we care if our stuff is collected, but some people don't lets a drop that frame for a moment and think about it from a more global human rights perspective. non-americans abroad. can you-- we mentioned earlier presidential policy director 28 and for people who are not familiar can you layout the groundwork of what that was and what it means not from an american perspective, but from a global perspective? >> after the edward snowden revelation there was this

international outcry from people who are not americans who are beginning to get a sense of the scope of the us surveillance directed at them. one of the post edward snowden reforms and many people feel like this is a major positive result of the disclosures was presidential policy directive and it does a couple things. it limits the uses to which you can put selected signal intelligence with the six major categories. counterterrorism, weapons proliferation, so the big stuff and it still remains a question of what is amenable. if your target is yemen and you collect everything you can that comes inside of yemen is that bulk or targeted and that target is yemen? there are so questions about how it's interpreted, but we don't know what that really means.

if the stuff is opportunistically collected-- >> what was unprecedented about this? >> before that as the information collected in bulk could be used for whatever. >> no sense that the us government use non-americans private interest that needs to be protected by rule. >> not just privacy interests, but the right together politically, religion, all of these other interests that statutorily you may have been protected or policy wise may have been protected for americans and there was nothing for foreigners. this is an effort to say to foreigners, if we use your stuff then it will be for a good reason. >> let me turn to alex. you live in this world and we have been under pete bp 28 promos two years. do you detect disgruntlement

like in the environment of drones another agency and military under the presidential policy guidance it limits their ability to fire and there is a lot of sort of wanting to get out from under that. i don't know the answer. >> do you know the answer to the other questions you have been asking? >> does the surveillance community or the six categories, are they broad enough? >> i want to make fair it's more than just a bowl collection. there's other critical sections. their safeguarding personal information. information that is basic without getting into details the basic directive of the agency to apply comparable protection when they retain and disseminate information as they would for us persons.

we have policies and procedures. we have published those policies and procedures and there's another one required for policymakers to be involved in the intelligence making process to make sure we take into account the risks involved with relations with foreign government and other similar kind of risks that previously were not part of this formal structured view. >> if you're going to to target angela merkel's cell phone, don't just do it on a low level. >> is part of that review process we would expect for the human rights organization to come up and that would be something we would weigh in on. then we talked to human rights organizations about what our general views are on that. >> any intelligence service

around the world, the natural way to constrain a intelligence service if your democracy is the main concert is for the intelligence agency not to focus inward and that's why we've always been focused on what are we doing with these powerful tools and authorities regarding our own a citizenry and our own democratic process and are we interfering somehow without function of our democracy and one of the lessons learned since the 1970s was it's important to stay turned outward. the culture the intelligence community has been be careful of what you are doing in the us and the careful with what you're doing with any us persons unless you fit one of these narrow categories or constraints. i do think it was to some degree a change in thinking to say now while you are turning outward

these protections we put in place for us persons for the reasons i just said, we also now have to start thinking about applying that to everyone regardless of nationality and i think that has been the change and at the same time it has been -- if you read how it's written in how we try to design it so it fits within the course of business for intelligent services, so it's nothing they would view as extraordinary-- extraordinary labor to. >> codification of best practices. >> to some degree. >> one last question on this topic. one of the great dilemmas reflects what jen was talking about witches internet data is is everywhere, but laws regulating data happens on specific chunks of the planet which may have different regimes that conflict th