sometimes they have. >> i will just take my role on focusing on the internal offices i do not think those are the most important. each element, i would redesign the civil liberties office to increase a higher stature. safeguard its kind of -- >> a senior fellow here. i am pleased to welcome you for our afternoon session. again, more fascinating stuff happening in the world of surveillance than can be covered in full-length panels. we are always glad to have an impressive lineup of folks to

address that range of topics. to begin, i have a senior counsel and director of the freedom technology and security project. it is a time where we hear a lot about the goal of putting america first. surveillance states, this often creates some friction with our allies. our goals may conflict with their desire to protect their own citizens. [cheering and applause] >> thank you. hello, everyone. www..cdt.org.

i want to talk about the global implications of what i call america first surveillance policies. u.s. surveillance policy, particularly on the intelligence side of the equation discriminates against foreigners in a fairly dramatic way when it comes to surveillance that occurs outside the united states inside the united states it is relatively even between americans and foreigners. when they want to survey out a person in the united states and collect their communications content for intelligence purposes, it has to show they are in agent of a foreign power. a foreign terrorist organization or a foreign government. that requirement is a very high

level of proof. the person is in agent of a foreign power. it has to be done in front of a judge in the super secret court. but outside of the united states , international intelligence surveillance directed at foreigners does not have those protections. if conducted under e's aikido border, there is no probable cause requirement. no requirement that the person be an agent of their government or of a foreign terrorist organization. no judge making any determination at all. any activities and intentions of a foreigner are fair game and not targeted collection, is acknowledged. internationally for foreigners who are using u.s. cloud providers, the news is not very

much better. that is conducted under section 702. you heard a lot about that on the last panel. no probable cause. no determination and no judge proving individual targets. judges approve problematic based on the certifications. there is no determination with respect to individual targets. any information relevant to policy where national security is fair game. america first surveillance policies could impact the rights of foreigners. the standards are low in the government's ability ability to access countries. high because so many of the providers are located in the united states.

america first also diminishes the rights of americans. i say that because we americans communicate foreigners who are a broad. domestic to domestic communications can be routed abroad where they might be subject to these more permissive surveillance regimes. by targeting foreigners, u.s. government collects communications of people in the united states intentionally incidentally. that means we intend to collect the communications of americans who are communicating with foreign targets. that is called incidental communication, but it is intended. by applying low standards, u.s. government amasses a database of of communications that include many communications of americans. then it turns around and queries that data for america's

communications without cause, without a determination of an agent of foreign power and without judicial authorization. the result of the america first surveillance policy is the rights of americans. by failing to extend even basic protections to the foreigners, we allow this database of communications to grow and grow quite huge. it includes the communications of americans because we often communicate with foreigners abroad and because some communications are collected in that database even though they are domestic to domestic. america first offers very little protection to foreigners and it also diminishes the protections that would be otherwise available to americans. talking about america first in

the intelligence context. the government is actually investigating a crime, there had not been until last year a distinction between americans and foreigners. everybody got basically the same rights. adopted in 2018, for the first time, extending a version version to criminal surveillance under the agreement that the united states just entered into with the uk, the uk can compel disclosures of stored content. except for people physically present in the united states.

that is the first time that criminal surveillance laws have distinguished between americans and everyone else. america first on the criminal side of the equation can have the same adverse effect on americans than it does on the intelligence side. for example, under the cloud act, the uk can share back to the united states government, communications that have involved americans when others were targeted. sharing back is done without probable cause, without the intervention of a judge. the next big test for whether we will contend america first, which, as i said, not even

protecting americans, the next big test will be a treaty that is currently being negotiated between the united states, the council of europe and other governments. that treaty is a protocol to an existing treaty called the budapest cyber convention. this protocol is designed to permit cross-border demands for communications, traffic data, think of an email log, for example, for example, and for subscriber information. the theory of provision five of this protocol will be the parties who sign it will be required to give effect, that is the language of the current draft, to the orders issued by other signatory countries to this convention for traffic data and for subscriber information. this is not about content.

by endorsing it. i presume would be based on facts that are provided by the foreign government. they could give effect to a foreign order. or your browsing history. i think. based on a demand issued without judicial review from a budapest cyber crime convention protocol signatory like hungary, turkey, russia, albania albania or ukraine. ukraine. it is a signatory to the budapest convention. signing the protocol to the cyber crime convention.

a mile down the road from this conference, there is a big discussion discussion among members of congress about whether to remove from office the president of the united states because he attempted to list ukraine in an effort to investigate his political rival. joe biden to a son hunter biden. a position on the board of directors of a company in ukraine. how would ukraine investigate hunter biden? what would it do? more than half involved electronic evidence. one could presume that what ukraine would do would be to seek email logs from hunter biden. hunter biden presumably using a u.s. provider, his e-mail logs are stored by that provider, and

could become available to the foreign government under the budapest convention. even today, the providers can volunteer this information. u.s. law has a flaw. it permits foreign governments to obtain even your e-mail logs without there being any restriction, except what the foreign government itself applies. the issue with the budapest convention is it will give the foreign government a way to compel under the foreign governments laws. if ukraine wants hunter biden's email logs, and both united the united states and ukraine signed the convention, unless the u.s. makes certain reservations, the ukrainian order could be honored by the u.s. and it could compel the disclosure of the biden

e-mail logs. i think that congress is not going to allow this result. based on a track record so far, congress will, instead want to protect americans and based on the track record so far, throw the foreigners under the bus yet again. this is the same approach, throwing the foreigners under the bus, also thrown americans under the bus with them because the government obtains these communications without having to go through the normal legal processes. if it obtained them directly. the government could choose to give effect to the foreign order by reserving the right to issue its own legal process for the lawyers and the audience.

title 18. it would have to go in front of a judge and show reasonable suspicion. u.s. processes to get the information sought by the foreign order. budapest convention currently does not prohibit discrimination. it does not prohibit the government to apply that process for the americans data and a different process for foreigners data. such as the process of simply honoring the foreign demand. this is a problem that will be facing congress next year or the year after when it is asked to ratify the budapest convention protocol. i think we advocate and people that work at companies and folks interested in surveillance need to be proactive with this. we need to ensure that the budapest convention protocol

requires equal treatment of data demand of foreigners and nationals and that it includes strong due process protections no matter what your nationality is. it currently does not do that. i want to leave you with this thought. it does not protect americans. it doesn't put us first. it diminishes the rights of everyone. thank you. [applause] >> thank you very much, greg. if you have debated issues of privacy in surveillance, you've probably heard someone say something along the lines of i don't know why should be worried about this. i'm not worried that the government is going to investigate me without a good

reason. if you have heard that, the person speaking was probably white. we know from our history, the burdens of an appropriate surveillance do not fall equally on all groups. americans accept them because they fall unequally on certain groups. we will hear a little bit about the way by all extremism. working to servo specific communities. much more under scrutiny. i would like to welcome to the stage illegal fellow. [applause]

>> hello. i am illegal fellow advocate. national of the organization ensuring americans of all faiths today i will talk about one surveillance program that we've been tracking. imagine if where you go, what you say, how you feel is tracked on account of your faith. that the government could monitor you at schools, universities, houses of worship, hospitals, mental health visits, what if the government aggregated all of this data and made a determination about you.

welcome to counter violent extremism. it can identify who will commit violence before it occurs. monitoring people's behaviors. liking you across resources and private spaces. what if you frequent a mosque. discuss foreign policy. express sadness. these are not precursors to violence, this program the

governor and the illinois terrorism task force and link it to other settings. educator, social service providers, faith and community groups. this is not just happening in illinois. similar programs operate across the country. each of these locations. just the past four years, there've been been 57 from the department of homeland security alone. these programs operate at every level of government. for anyone who may argue that

these programs are somehow effective, they aren't. our own government says so. the public record that we have obtained from the u.s. attorney's office that has evaluated these programs, the evaluation has looked at similar programs and what has happened and one instance they looked at a uk program called prevent. schools, prisons, medical providers and local governments were mandated to report suspected radicalization tiered the result, children under 18 were reported for normal behavior. ethical concerns regarding surveillance. there was talk of potential repression of legal, political speech. this august, duke university also flagged the program failure under the obama administration

because a lack of structure and opposition from the muslim american community. these programs do not work. they over criminalize and they pose huge surveillance concerns. so how did we get here? in 2009, the fbi's office of public affairs and community relations developed a specialized community developed a specialized community outreach team. a pilot program meant to contact somali communities in minnesota. its goal was to determine how much access the fbi head to the somali community and to identify targeted content within the community. this gathering program morphed into a community partnership. the program we know today. in order to alter these relationships. following this in 2009, the fbi also designated additional communities of interest including denver, seattle and

washington, d.c. these are all sites of the current program we are discussing today. while the program uses specially used language, the racial and religious targeting are at discriminatory routes. these programs continue to focus on somali communities across the u.s. muslim advocates have been monitoring these programs since their origin as part of a pattern of surveillance based on communities. most of the information about these programs is not public. in 2018 we submitted freedom of information act and public records request to 16 different agencies agencies. what we found was an ever-expanding program with no checks in place. take for instance, boston. record request from the muslim league found one program called the initiative plus run by the

boston police department claiming in their grant language that somali youth were inherently violent and when left alone will commit violence. the somali youth coordinator withdrew from the program due to concerns over discrimination. the program even drafted surveys asked to see if their attitude after the program towards muslim radicalization was negative or positive. very negative or very positive. could you imagine if these questions were drafted for christian or buddhist youth? these programs target people for their faith. for such a flawed program, let's talk about how much funding they received. surveillance is expensive. both in 2014 and 2016, the department of homeland security

provided $10 million in $10 million in grant funding. these types of programs received funding from many other agencies including the department of defense and the department of justice. in addition to local and state funding. what kind of oversight follows these large grants? it is minimal. the documents that we found show that. agencies and organizations had to submit paragraph long quarterly reports. there is also a complete lack of guidance on civil liberty and protections. where these programs being operationalized. we found them in houses of worship. montgomery county maryland on how to implement the program among other places. mosques. they operate in schools. in 201717 the denver police department had a grant

application that stated they would focus on school age children. particularly, refugee children. our investigation revealed a bigger program. the denver police through the original grant language recognizing it does harm to communities. the rhetoric is what gets the funding. law enforcement also gets funding. for the illinois program the state agency worked with multiple agents, monitored the chicago police department gang intelligence unit, provided funding to the illinois police and have plans to collaborate with i.c.e. some draft agreements that they had for something they called a shared responsibility committee. the committee is where the fbi would flag and refer individuals for special monitoring by their own community.

again, no protections for civil liberties or privacy were included in this agreement. this program operates in the context of mental health providers. the university of illinois offered continuing credits for mental health providers on how to implement the program in their context by flagging behaviors and warning signs. i find this particularly egregious as this is a vulnerable site for many individuals. this program operates online. there are attempts to track and filter online content. the program has tried to incorporate information like cross-border travel. injecting this program into every setting is the future. this document that you can see here is from the program's early adoration. it demonstrates the blueprints. the plan was always to link

private spaces and behaviors to government agencies. the program continues. it is routinely repurposed by members of both clinical parties we have seen three different democratic residential candidates compose the program and additional funding for it. william barr released a department of justice memo proposing this program to address math shooters calling it early engagement. and, her plan to address white nationalism, elizabeth warren says this about the program. within the same plant repurposed the program in early intervention to address white nationalism. regardless of who this program is deployed against, another effort to justify pre-crime intervention. in an era where information sharing is easier and faster than ever before, what does it mean to bring together markers and focus them on small groups of people.

the program is a long brand of flawed and failed counterterrorism campaigns deployed across the u.s. no matter how many times a program is tried, it does not work and it does not get better. the program continues to target muslim and minority communities. that is the the very foundation. the program continues to expand the authority and reach of the intelligence of law-enforcement agencies allowing them to become more entrenched in community settings. the program needs to be dismantled. we continue to investigate these programs and remain opposed to them. communities have the right to know what government programs operate within their spaces. thank you. [applause]

>> thank you so much. coming up next, we have chip givens from defending rights. he will be talking about a new report from his group on the enduring history of the fbi abuse of power and its implications for the first amendment. both the battle days and some worrying trends today. that and various other papers related to this talk. onside with the registration depth. be sure to take a look at those. >> thank you so much to the institute for having me. thank you to everyone in the

audience that is watching and everyone watching on c-span two and the live screen. if you are not in the audience and you heard that announcement any really want a copy, you can go to to fbi -- find and find either the pdf or if you are like me and really like hard copies, you can order a print version of it. the name is called still spying the enduring problem of fbi first amendment abuse. as the name would indicate both by as well as the enduring problem that this is a continuous problem, it's not a new one and it's been with us for a long time. what does it mean that we have this long history of fbi political surveillance. at a certain point we no longer start to create these as exceptional. they become very normalized or they become very sort of almost invisible. if you talk to activists, they will make jokes.

we know the fbi spying on us. on the other hand, therefore not always newsworthy, people that should know better will not even realize it is going on. a few years ago i was accompanying a gentleman from him antiwar group that had been spied on and infiltrated by the fbi to meet with congressional offices. we were asking for congress to investigate that surveillance as was their surveillance against occupy wall street and black lives matter. i will not say what office we were in, but that representative was very concerned about the fourth amendment. the staffers were very up on those issues. we went through the whole presentation and all the facts. i had no idea the fbi did that. on the one hand, this enduring problem means we accepted as

normal or on the other hand people that should know better don't realize it is going on. one of the reasons we wrote the report was to push back on this narrative. a lot of bad narrative in the media about the fbi. one in particular i find troubling, which is what we treat these instances of abuse as isolated incidents. the mainstream media covering fbi use, the fbi visited water protectors or they show the fbi occupy wall street. they never say, hey, today we learned the fbi was knocking on the doors of water protectors. last month we found out they were knocking on the doors of palestine activists and last year we discovered that they were spying on occupy wall street indicating if the problem is widespread, severe, systemic

and part of a 110 year on behalf of our friends in the special bureau of investigation. by putting together all of these different incidents since 2010 and the reason we picked 2010 is not just because it is the end of the decade, but because in 2010, the oig for the department of justice released a report called a review of the fbi monitoring advocacy organization we had to settle for the title of self spying. that is the last time there has been a and official review. that review covers the bush era. after the day released that report, the fbi was raiding the homes of antiwar and palestine solidarity across the midwest.

what is happened since 2010? what should we know about. the first protester ever set foot in the park, the fbi was monitoring occupy wall street. we know that the fbi was monitoring lack lives matter as early as ferguson and extremely disturbingly bad come up with an intelligence assessment about black identity extremism. it is extraordinarily hideous. if african-americans are upset about police violence, police racism and social injustice they may engage in lethal retaliatory violence against police and police should be aware of this terrorist threat. treating an entire program called iron fist. ink about that name for a minute to close the mitigate. what that argument is saying is that not only is it the first

amendment protected political expression. some sort of precursor, but people people being rightfully upset at social injustices that are pervasive in our society that they experience, they indoor, other things we know about is they have visited a bunch of protesters. they have been visiting the homes of palestinian solidarity activists. i also spent five years doing a request against the fbi in relationship to their surveillance appropriate assigned students that you will be hearing about later this month. we know that they were at occupy abolish i.c.e. they visited proponents of cuban normalization at their home and

asked them questions. we know that pretty much every major political movement of the last decade, the fbi has been there watching. monitoring. surveilling. engaging in destructive tactics i will talk about later. although the report is about 2010, i hope it will permit you to go back in time just a few years to 1908 which is when the fbi was founded while congress was on recess. to this day, the fbi has no congressional charter. no legislated charter. something that has been --dash civil libertarians like myself. in 1919, hoover's name was not yet on a building, but he was getting his start and what was originally called the radical division. because they were spying on radicals.

what was later renamed the general intelligence division. i know that seems like ancient history, but there are some really important things from this. first of all, this is not abnormal. sometimes histories of surveillance getting very personalized. different police departments around the country where developing this. the radical position and also intelligence position which brings me to my second part of the equation which is the fbi is not alone and in theory law enforcement is about gathering evidence that can be used to prosecute a crime. we can dispute whether that is really what they do or not. the intelligence which is far more permissive and far more broad. you have this trend of people who think it is valid for police to have intelligence divisions like the red squad to track labor unrest, socialist and

others and that hoover comes out of that and then becomes the director of the fbi. you have the general intelligence division. he is responsible for the palmer raids which, if you are ever nominated for fbi director, which i'm sure one of you will be, has the fbi ever violated any civil liberties? yes. spying on mlk. that is how bad to this day. every candidate for fbi directorship. nothing recently, though. wonder why that is. in 1924, the attorney general says stone is disturbed that the fbi has engaged in political spying so he put limitations on them. he meets with hoover, hoover is secretly spying. that is another issue.

and they come up, can you show us the statute where it's against the law to be a communist? they would limit the fbi to only investigating violations of the federal criminal code tiered hoover finds way to get around that. 1930s and 1940s, franklin roosevelt put forward a series of executive orders that gives the fbi national security, nonlaw enforcement powers which hoover interprets as giving a broad mandate to police. they use this to develop what is called a custodial detention list in 1939 which is literally a list of people you detain an event of an national emergency. a secret list of people to be detained. you have got to get rid of this. hoover change the name. i am technically complying.

we just have the security index. the attorney general -- in this instance, hoover's told to get rid of the list and he just changes the name. we should not just treat the threat of detention instead of a very abstract threat. i know it sounds conspiracy theorist. but we found out that in 1950, 12 days after the korean war, hoover met with truman and asked them to put 12,000 people in military detention camps who he thought were threats to the national security. truman said, no, he would not do this. but, the list continued. 26,174 people on it. that is not the only list. there is a reserve index. the people that are dangerous -- there is clear evidence that the fbi finessed the numbers when

reporting them to the ag. taking people off the security index and putting them on the reserve index. but, the point is, there are a lot of indexes. as historians have pointed out, what he does is he takes these indexes to turn them into a tool for mass political surveillance. by 1960, between all the index these has opened 400 30,000 files on allegedly subversive groups of individuals. whenever we talk about fbi political surveillance, we talk about counterintelligence programs. something that happened in the battle days or a new instance of fbi surveillance. people have been saying the investigations of ronald reagan's foreign-policy opponents. by my count 70.0.

i think it is really important not to deflate with surveillance if the church committee set counterintelligence, this is a domestic action. these are the church committee's findings, not mine. to protect the static quote. somebody in the audience earlier today mentioned to me murder of fred hampton who was killed by the chicago police 50 years ago earlier this week. that was a police raid set up by the operation. in 1956, hoover convince the supreme court too liberal. he cannot prosecute under criminal law. he has to program them to neutralize them and disrupt each that is perfectly legal by the very nature. lawful speech that he deems threatening and wants to get rid of. that is what it is about. it starts with communist. it goes to a socialist workers

party. a tricky bag that i will not talk about. could go on all day about it. the planned informant for the fbi testified during the church committee. he did not want his face on tv so they gave them a disguise. it clashed with the marin suit, too. all around bad choices. we have the church committee reform. often times through this narrative, yes, there was was bad stuff. then 9/11 happened. there is this mythical era of the fbi. one of the biggest fbi spying scandals was was there surveillance of the committee? opposing what ronald reagan was

doing to the point where the senate intelligence committee, they did not have a hearing about it, they did an entire investigation. they had to look at this incident. it was a huge incident. this was in the 80s. the fbi visiting the homes of arab americans asking their views on the war. asking them their views on palestine and so the idea that there was a reformed fbi that was not engaged in surveillance, it is not true. it is not true. 9/11 does come and they get new powers. the name recommendation was to impose this earlier a statutory charter on the fbi. that does not happen until the attorney general issues guidelines which are self-regulating. because of that less protective

of -- by george bush lame duck attorney general weeks before attorney general came into office. the two categories of investigations are literally assessments and predicated investigations. let that sink in there is the pt act. we know that they are up to all of these different scenes.

this only costs a couple hundred dollars in computing processing costs. very easy to access data. shortly after strata publishes the global heat map which is tracking and showing all the users around the world we get this tweet from a 20 -year-old australian student. strava released its global heat map full but not so cool for operations that require secrecy. new york times picked it up, really the story overnight blows up. we have a national security crisis. what was interesting was in looking at this in the near-term's reported the pentagon had actually given some of its soldiers that fits. they wanted to encourage shoulders to exercise. fitbit courage that. strava this platform for supreme athletes allowed bases around

the world, forward operating bases, to be identified overnight in creating immediate risk threats of harm to our armed forces. i am looking at this in my background is electronic surveillance law. i have co-authored since 1995 a really large treatise on electronic surveillance wiretapping and eavesdropping with a professor of a catholic university. it's -- when i was looking at strava and how this happened in the satellite data and where did the data that went into the scoble map, from and how wasn't there shutter control here with the satellite images and putting this together i was struggling and realized i know so little about this information exits. reaching out and working with my colleagues we really try to put this together. we came up with this term,

satellite smart device information nexus. i will spend little time going through that and talking about how do we get here and how does this work and what comes about this. when i was looking into this i realized it's a marked gap in the literature, and privacy lot literature, space literature, space attorneys tend to stay in our lane, privacy law scholars we heard from ethics today, ethics general counsel talking about location tracking and gave us a great primer in that that will save me time later but in looking at this and seeing this i was like how do we regulate satellite data that is done by private companies. we talk about or i will talk about our electronic surveillance scheme in the u.s. but i was realizing smart devices, phones, fit bits and even social media and operate off the backbone of satellite data.

we had a lot of questions. how do satellites work? what types are there and who can own them? how do they work with smart devices and who regulate satellite? is this government or private entities? what laws apply and who can access it? what do courts say about satellite data? i've been reading, writing and researching and practicing electronic surveillance law for decades and i was like i'm not really come across what we do with commercial robo sensing data? starting with the basic overview how do satellite work? they work similar to the human eye. direct sensing is when we touch something. we can touch it physically. remote sensing is a different. remote-sensing is and occurs a process of acquiring information about our surroundings without being in contact with those of surroundings and that's what the human eye does and what satellites do. different satellites have different sensors with different

purposes. this is an example of different kinds of satellites for geo- stationing satellites to synchronistic satellites and they all serve different purposes. they give us different altitudes and some stationary satellites helpful because it's a consistent image over time so you see the same space and place on earth consistently and you can look for changes and troop movements and many things but satellites in the presence of satellites is rapidly increasing and so is how satellites work together with smart devices. in trying to figure that out we all have heard about the gps tracking, right? and how gps works. every smart device has a gps chip in it. it is based upon the u.s. gps, global positioning satellite. the u.s. was first in the market there because it's mated gps satellite system probably available before any other country did. when the u.s. did that what it

guaranteed it was a place in the markets for gps chip so if you want a device to use geo gps location services you need that chip consistent works u.s. gps satellites. all of our fit bits and smart devices have these gps chips in them. they are tiny and you know, they are how it works. gps system is right at any time you are a chip is connecting with satellites to identify where the satellites are in using multiple data from satellites to say this is precisely where i am. gps chips work with sensors in our smart devices but the sensors are pretty remarkable. micro electric mechanical systems are tiny and silicone -based and these tiny, tiny sensors give us assisted gps which is incredibly precise. we heard from earlier today

about location tracking and how cellular tracking works through triangulation. assisted gps is using or parsing the power of the cell phone as well as the gp eight gps satellite systems. these smart devices are in all kinds of devices. it's remarkable the kinds of sensors that can be embedded because look how tiny the sensors are. if you look at this diagram here you see where the sensor is in relation to the size of a red blood cell. these devices can be put in anything. they are in sensors all the time and one thing that should be up there we see health and fitness centers, automobile sensors, home, american employment centers, we should have a box up there for toy sensors but more and more toys are built with these sensors in them which gps tracking chips. remember all this is working off of satellites and commercial remote sensing satellites.

even shopping carts have these sensors built into them. this is from a patent application filed by walmart. biometric data sensors and walmart patent application for biometric feedback shopping cart handle. i don't know about you but when i go to walmart i don't want walmart to my heartrate. but what is interesting is that how is this regulate it? what happening? heart rate, temperature on the handlebar, location and all again working with the backbone of satellites, gps and these sensors. in terms of why this happens in the satellite smart device information this strava situation was exactly that. it was data, including movement from device sensors and so when we think about that kind of movement very precise.

gps data from smart device and phone chips and remote sensing imagery from satellites merge together and that is what we get. when we think about what is interesting about the strava situation is it reveals and i think i should be clear. strava was doing nothing wrong. it broke no laws and strava was giving the users what they want. this product. i think what we will realize from this is is how little understanding we all have from a regular trait perspective and national security perspective and from a privacy perspective and a civil liberties perspective about the role of satellites interacting with smart devices and geospatial data and how geospatial data is used. the other piece of strava was a social media data. we are constantly interacting with social media.

people have been tweeting all day, myself included about the cool things were hearing at this conference but when we are tweeting our tweets have a geolocation tag in the metadata. it's public information that anybody can see on twitter. all this is coming together so my question as electronic surveillance background in working with cyber law and privacy law was again, how do we regulate satellites? how do we realize active role of commercial remote control sensing satellites being run by private companies how is that regulated? one thing is outerspace is global commerce. that idea comes from international treaty concept and it is there for everybody. we want the global commons to be peaceful and we don't want claims of sovereignty although recent tweets from our president are changing that. when we looked at this we said

where does this come from and legal regimes about satellites are related to licensing and safety and security and the national security implications. but the domestic electronic surveillance game is not part of it. i talk more about that in a minute but it was byzantine to figure out where do i go to figure out what satellite companies and companies operating commercial or remote-sensing satellites can do it data. how do i figure out what's legal and not legal? that's a tough thing to figure out and tough to figure out what data is being collected and how it is being collected. one of the things i found interesting was who in the u.s. regulates commercial, remote-sensing satellites? fcc, who could it be? well, it is the weather people. that is what i thought of when i thought of noah and many people -- know what regulate

satellites? fascinating. when we presented this paper in a conference in berkeley this year we had this great commenter who was a former department of commerce attorney and he did not know that noah regulated commercial remote sensing. an attorney from the department of commerce did not know that. it's not a well-known thinker here who knew that? who knew. think about noah. we know they make parts and we can understand why it noah clearly is using satellites, integral to weather prediction, climate analysis and that has initial security indications and they give us these charts and sometimes they get marked up by sharpies but you know, i was thinking okay, what about other laws relating commercial remote sensing? there is no federal legislation that directly relates commercial remote sensing. just i was like all right, because we don't have any kind

of location tracking privacy regulation for companies and their activities. i will talk a little bit about the legislation we do have in place but again, no federal legislation that directly regulates privacy industries tracking of an data aggregation from individual data was satellites, smart device. hawaii's passed legislation to regulate this but the governor vetoed that legislation. what do we have? we have the robust electronic vacations privacy act for congress clearly protected privacy of oral, electronic, wire creations of americans and we know we heard again at a great overview from alan butler this morning taking us through laws and how tracking laws work and how information can be accessed but again, satellites and satellite data commercial

remote sensing is done in outer space. what is fascinating is regulatory process. we will talk more about how that is handled and why that can be problematic. when i was looking at this thought we knew there were bills in congress about regulating geolocation data to protect it. it's a big point and part of the problem is just regulating geolocation data is not enough. it's different satellites contain different sensors for different purposes. different sensors equal different information. part of the confusion and how this is addressed from a privacy law standpoint is a court decision and there's a disconnect here in a very not to repeat alan again whenever this was this morning but warrantless use of a gps tracking chip or device is unlawful for it warrantless use of historical sulfite location data unlawful.

warrantless use of the thermal imaging of you inside house is unlawful. aerial surveillance. or use of the helicopters to take photographs of private property. unlawful. we have this disconnect. aerial surveillance is fine and camera surveillance in public spaces fine but yet the disconnect is that satellites can sense heat and satellites can operate in a way and get information that a thermal energy device can not get. we look at satellites that relate to measure. we have this disconnect in our courts and we have a robust domestic electronic surveillance privacy law scheme but it does not apply at all to satellites. so where do we go from there? how are satellites regulated? why is this creating privacy and

civil liberty concerns? noah does regulate satellites. they have an office of commercial remote-sensing affairs. there is a robust marriage between commercial remote sensing and that u.s. government. part of that ice and scene process is part of the problem. the licensing process is not public, we don't talk about why is that a problem so when we think about this warrantless use of satellite, where are we hearing about when a satellite data is used and what do we hear about it? interesting thing is because it falls outside the scope of our domestic laws and regulations for electronic surveillance addressed by that what is occurring is not happening in public mac. >> one thing required by noah and we look at the galatians of satellites we know satellites

are regulated both internationally and nationally and the domestic regime for satellite raise is focused on safety, security and then promoting commercial remote sensing activities. why do we want to promote commercial remote-sensing activities? week it's incredibly information and if we harness the technology and development efforts of private industry in commercial remote sensing a benefit for the u.s. government. the privacy and civil liberties concerns should be pretty inherent. i think we can sunset here. we have these satellite-based information sensors that are merged into this information access. no federal regulations and jurisprudence permits aerial surveillance and it is connected or disconnected and separated from location tracking jurisprudence. what to do with that? how do we address that? we also know it's a persistent

and growing national security concern. i was illustrated by this strava app. it was not alone in this. puller exposed location of spies and personnel and so when we look at what happened identify secret bases and appealing military patrol and in supply and identity of location of individuals and the public extends beyond and are connected with the privacy and civil liberties concern that i talk about. part of how we dismiss or miss the national security strategy is we were focusing on malicious state actors but we were focused on russia and china and what were their developments in satellite-based advances and we've been focusing on cyber threats to our satellite system and physical destruction and collisions and things that could happen accidental and intentional and we talk about this but we have this very disjointed and cumbersome regular trade regime when it comes to satellites.

we do have recordations here and at first it was to increase registry and transparency and the speaks up sick but ensures all satellites globally and all that is required is that satellites showing heights and levels and things like that for safety the entity and government that is operating satellite or the company that operates a satellite and location from which it's being launched and that is related to liability. the country from which the satellite was launched tends to bear the liability or will their liability but this part about making public commercial remote sensing licensing process is remarkable that the light licensing process through noah while it requires many things including the data that will be collected and how the data is

collected and where the data is stored in what the company and who the company is, all those things we don't have any public information provided about that. for under the guise of the national security framework we don't reveal that information. it's workable if you think about these companies that have a commercial remote sensing satellite and there are a few big players in here like digital globe and they are providing information to the military and aggregating this data from our devices and aggregating data from satellite and multiple satellites and performing geospatial analysis. if you want to check out digital globe's website it's fascinating and it's we can extract insights from this geospatial data and perform geospatial analysis and tell you who that your competitors stores and who is

where and when and why and so we are looking at satellite that has technology that they are in fact enabling real-time location tracking. and yet that information and part of the licensing for practical requirements requires that the u.s. government have control over commercial remarked something actors and satellite data. we are spending time hearing about surveillance with lots of focus on surveillance in particular groups and satellites are fundamental part of it and we hear and see in the bill and congress right now efforts to protect privacy for a better balance on a federal level with privacy law but we don't see satellites being addressed as part of this. it's a void that is astonishing and to the cynical in the room, it is intentional because we

have an open strain between companies and data and u.s. government. something really how do we address this? part of it is we make public the commercial remote-sensing process and that would be making public about what data is being collected and how is the data being used and to whom is the data being disseminated and how long is the data being retained and we hear about that for other kinds of data and data aggregation but missing from that piece is this geospatial data that is again collecting and using lots of our information. another piece of this is the international component. we are in truly a space race and

have so many satellites going into space both from commercial actors and government. when i talk about the u.s. gps system is supported to understand europe has its own to go us system and gala leila and russ own system and different countries with china is leading the way with launching satellites right now and so in terms of future international discussions we have these questions about when we are engaged in remote sensing and that's a problem we need to have discussions about but just like we see right now the concept of data that we are having an discussions where having because of the eu enacted its general protection relation and how that is affecting data that is aggregated and collected. one other piece we see in the commercial remote-sensing regulation is missing from these

regulations and including the rewrite of that regulation by commerce which is underway right now. this is to make more robust commercial sensing and is any discussion of the words are busy or civil liberty. the goal is how can we make commercial sensors more capable and make their process less encumbered. we want to unfettered what they can do for us. that has got to be part of our discussion the revelatory process. that leads me to making the satellite smart device information nexus the legislative priority. we are rapidly at a point where laws are being enacted right now or past in states and ending up with disjointed legislation and the efforts to get late satellite data in hawaii were

vetoed by the governor for commercial reasons and complexities and how do we make that a priority? how do we do that? partly that is figuring out how to betake the existing federal domestic electronic surveillance privacy law scheme and the privacy act and related legislation and how do we make sure that government can get data from satellites lawfully within a framework that is consistent with the constitution, constitutional privacy protections with the fourth amendment, first amendment concerns addressed and consistent with our concepts of privacy as expressed through electronic privacy act. how do we make that consistent and how do we do and wait the protect national security because we are in a situation where strava startup fitness app, revealed multiple location

bases, putting u.s. personnel in immediate danger. this is a problem that is acting everyone and it's not something that should be very was a civil liberty advocate but national security advocates should be concerned about it and there is a common ground that should be found. that we would suggest this through legislation so jillian said there's a lot more in the paper and i was trying to give a quick overview and i know in the audience i have lawyers and nonlawyers and everyone at different levels so if you have any questions i will be around. i'm happy to stick around and i'm sorry my co-op will be here as well but they get very much. [applause]

>> macro scale of eyes in the sky to more local monitoring, you know, we were accustomed to talking about big brother and surveillance and trust of privacy from your entities at the national level highly sophisticated agencies like nsa, fbi, cia but as often happens technology trickles down and the cutting edge is used by nsa and one year turns out consumer devices were technology used by a local authorities a few years down the road. since we discussed facial recognition technology as something worth paying attention to at the local level and [inaudible] open the government

and we'll talk about their new guide for cynicism's to investigating the use of facial recognition in your own backya backyard. >> thank you for having us here today. we have an event of us getting the use of facial recognition technology across country and we sent hundreds of requests and primarily what we have been finding is that although police department's to have access to this technology we are finding it a new enterprising places the places we did not expect to be seen. we wanted to address what are those places and where should you be looking? if you are looking in your on backyard where are those things or the couch cushions that you would not think to overturn to find those silver dollars. that is what we will talk about today.

so, thank you for having us here. i am freddie martinez and marquette open the government. it is a nonpartisan coalition that works to strengthen democracy by empowering the public and promoting policies that create a more open, transparent and accountable government. i am a policy analyst they are and before i joined up in the government i spent about five and half years, five years doing freedom of information act requests on issues of surveillance and technology across the country and this is a different conference back in dc. this is an issue i worked on closely for a great number of years. i wanted to start with this. his name is chris [inaudible], senior information technology officer at a county called washington county in oregon.

what he did in his free time with he decided to roll out a facial recognition system on nights and weekends. he wrote computer code, sample code where he integrated his he integrated the counties data with amazon's facial recognition technology and rolled it out on own and did not ask anyone, there were no concerns about civil liberties or requirements to let anyone know this was happening. just rolled it out, wrote a blog post retail to amazon and since then he's become an evangelist for amazon and this is the future and where we are with facial recognition technology we have on elected officials deciding that this is a thing they want to roll out. this is where we wanted to start and that is why we have so many

concerns and it is not just this person here. to that end we created a couple [inaudible] couple -- we wrote a beginner in duct introduction guide. if you never sent a request or not familiar with their state's public records law we wrote a great resource that is seven pages where you not only go through what your rights are as a requester but also some of the specific language you might be using when you send a request on facial recognition and what are the specific vendors you may be interested in and sometimes there's a particular algorithm but the name of the vendor is different than the technology and we have sample language they are that you can use and have guides outside you can take as well for anyone watching the live stream click either of those links and will take you to the respective project page. after introducing the guide or

as part of creating the guide we sent hundreds of request to the police department across the country and we did this in conjunction with the news and they have and crated a project of base where he could take the same language that we have made and if you are interested in a particular policy or vendor you can copy and paste our language and investigate the stuff in your own backyard as well. again you can click at those links or grab the guide and we will have outside as well. >> so, the primary spaces here is that a lot of the ways police departments access facial recognition top quality is indirectly. i would naïvely send out request and i would say hey, let me see your invoices in your policies and data sharing agreements and then the police department would say something a little bit cleverer and say we don't own

this system and we don't intend to purchase it. so, if you took them at your word you would say they are not using this technology. what that practically means though is it's a very carefully phrased expression that they have not purchased it. it doesn't say anything about accessing data or about sharing data and does not talk about other third parties they might gain on this technology through. we wanted to talk about how that look and then it should fill in the blanks about what you might expect as you do this across the country. so, going back to chris again in his presentation at amazon he was talking about integrating their data with other data and so what we found out was that not only was washington county ruling out its facial

recognition data using amazon but they were also building a system by which other counties could look at their data and look at other counties data so we found this collar agency, agency right next to washington county called [inaudible] county and they share a border and after they saw this presentation they said will you come in and teach us how to do this and we will share you our mock shock data and again i can't i don't know if you can see this highlighted but it has no policies in place for controlling access or informing the public but they just did it on a test basis. that is one way we've noticed that these agencies share data is that they create waves for them to read others data without having to physically copy it or

create policies around data access. surprisingly, we are finding facial recognition technology infusion centers so for those that might not know fusion centers we are not supposed to share data and they are not actually five statutes oppose to investigate but that is not what we are finding in the st. louis metro apartment was again have that technology in order they have plans to buy that technology but they do have agreements with the fusion centers and they can access their booking data and run facial technology on people that are in jail and in st. louis and that is surprising. i did not expect that would have that technology proves not just us finding this but two weeks ago buzz feed news created a

report where surveillance cameras police department's are able to access this data and then the police department again does not have access to facial recognition but they were guessing that they could send the data to the fusion center and they could run scans against it and return data back to the police based off this ring data. again, surprising but knowing that the centers are not supposed to investigate crime but that is where we are refining it. secondly we were finding this private vendor data works in secret trying to get other police department to share data with themselves and coordinate regional task force so here is la sheriff, san francisco police

and who else is here? sacramento county is on here and you have this privacy vendor in secret organizing these tax force and this is from 20 years ago and that article just came out and also in august and september of this year san francisco moved to ban the use of facial commission and and creates issues of secrecy where you have a private vendor in secret building out the private or regional task force and in the public space if people who don't want to use the technology so creates problems around secrecy and public right to notice. much like we saw license plate leaders leaders also in facial recognition contracts we are seen contractual data sharing

agreements and similar to how i discussed here but this was a slightly different here and so for those who might not know when license plate reader technology is being rolled out across country there would be these mandatory motorola is one of the largest license plate reader companies and they have 4 billion images now and the way they built those one police department at a time and everyone would collect 50000 images a day and go to motorola and much like license plate reader technology we're seen similar kinds of language emerging in facial recognition contracts and this was baritone i think the contract is out of irvine, california. so, i think a lot of the trajectory people will be talking about and regulating

facial recognition technology is similar to the problems we were seeing with license plate reader. another way we are finding this we found three statewide initiatives where the attorney general of the state was the one who ran the program so we've done this from honolulu and police do not buy the technology and don't plan on buying it but it is through the attorney general of hawaii and that runs the actual scans and we saw a similar system in pennsylvania which there is a criminal justice number called [inaudible] and again every single law was meant agency in pennsylvania or surrey, pennsylvania yeah, has access to this technology but of course none of them own it in ohio is similar as well. again i do not think the attorney general would be the one doing this but apparently

that is the case in at least three states. other findings and training manuals are almost nonexistent and we were able to find one and this was a training manual from texas. they sent police officers on a very vigorous eight hour training session to vigilant solutions which is owned by it motorola now and at the end of those eight hours they get 30 multiple-choice questions and this is one of the only training documents we were able to get so what we are finding across the country is that there seems to be very little training but if there is a training it's done by the vendors and i as it's a multiple-choice question and that is i guess the best way to test proficiency with this analogy. other things we been finding is any request for any kind of regulatory policies or just doesn't seem to exist. we did have in our guide

language about how do you find policies and things like that but we almost universally got those denied and i think we might have gotten cybersex and for the most part any kinds of public research request you sent on spatial recognition they will treat it as did you purchase it, yes or no. that was troubling and any discussion on bias, accuracy assessment there are none. no one is looking into any kind of algorithmic bias or anything like that on this technology at all. again we tried really hard and you know, with policies we have a handful and with bias and accuracy assessment like none. zero. that is troubling for lots of different reasons but if you do plan on doing this in your backyard please look into that

because so far that is a nonstarter and no one has any records on that or cares. just briefly looking into the future use of facial recognition technology we are seen it be deployed by these private i guess rebel cop things that are patrolling laws in california and it's got reader and facial detection software on their for some reason and you know they scan the parking lots of malls and things like that and i have no idea why but that is a future use so it is not obviously limited to law enforcement use and other commercial interests and we are seen real-time facial recognition being sold or been pitched by motorola and the idea being that if you want to prevent school shootings you will create a blacklist of people who should not be allowed into the school and create a geo- fence around the school

annual run real-time facial recognition on everyone coming into and out of the school and stop shooting that way. that is the way they are selling it. they call it real-time facial recognition but call it alert detection and geo- sensing some bizarre name that isn't what it is. you are beginning to see that across country as well and for a long time and finally for a long time police departments only used things like dmv photos and booking photos for their facial recognition databases and knowing there is the public would not like other things like data scraped off the internet and facebook photos and things like that being used for the facial recognition databases and we have stories coming out so that is no longer the case and so that sort of thing that we been worried about that is we are only using it to catch

criminals and things like that that no longer seems to be the case and so you will hear about that a lot more in the next coming months and weeks. i think that is what we have finally i didn't want to mention we do have again outside as well as on website recommendation for what we think needs to happen with this technology. it is generally open to government support a moratorium on its acquisition and we know this technology is complex and inaccessible to members of the public and lawmakers so we support things like additional funding for members of congress so they can investigate these problems and we also support things like appliance to private contractors so that we can learn more about these kinds of technologies so we strongly believe in expanding [inaudible] in general and with that, i

think we have time for a few questions. is that right? five minutes maybe? >> we will be available for questions after. >> yeah, what we have right now. thank you so much, freddie. [applause] we have a 20 minute break now and will give everyone a chance to stretch their legs, hydrate or cap date as necessary but also take this opportunity to chat with the speaker and this is good opportunity to pin them down and ask them about the scary things you see that are -- r2-d2 bot and i look forward to seeing it at my local mall. we start at 3:00 p.m. sharp with

[inaudible] from american university in private and civil liberties board of very important surveillance and intelligence oversight body with board members will be here to talk about their work and how they approach it. please don't miss that. for those watching at home be sure to turn back in at 3:00 p.m. for the conversation. until then, thank you for comi

coming. [inaudible conversations] >> you've been watching daylong coverage of the cato institute government surveillance and privacy conference. attendees are taking a short 20 minute break at this time. we expect them back around 3:00 o'clock. while we wait for the program to presume here's a portion from earlier. >> to begin alan butler who is the general counsel from havoc will look at the question of how often prosecutors use the courts to track people using location

surveillance orders. the answer from this being we are just not sure but they are working to dislodge that information. >> thank you, julian. thank you to cato for hosting me. our organization has been working on surveillance oversight issues for many years and one thing that i have focused on in my time at epic the issue of location surveillance to give a brief background on the issue, generally over many decades law-enforcement has used a variety of methods to track the locations of individuals and we have seen those methods change over time but we've also seen questions arise over the ensuing decades of what legal and technical standards and restrictions are in place and

should be in place for that type of investigate of activity and surveillance. for example, in the 1980s and a pair of cases the supreme court asked the question of what the legal standard would be for law-enforcement action to track individuals using beepers that were the old school type of surveillance you might see in the tv show, dragnet that is literally small radio devices that would be implanted in a physical item that would either place in a car or they knew would be placed in a car and have a separate radio device that reads the signal and can follow a car as it drives from point to point. the sipping court in those cases decided that there was no expectation of privacy in the transiting of public roads. that actually with a car with the beeper and it law-enforcement would not allow at that point to track where

that beeper went. the techniques evolved to become more sophisticated over time and in fact in the 1990s montrose mint began developing a special technologies that track cell phones and other mobile devices and cellular devices originally developed in the military and deployed by law-enforcement and commonly referred to as ins i catchers called stingrays. these devices were deployed without warrants and being deployed without knowledge of most people certainly not those subject to them but even in the courts they were being authorized under the application for pen register which in 1970s was to get logs of the calls to and from a particular phone number but that was being used in the 1990s and on to authorize direct tracking of the phones using special radio hardware that could identify

nearby devices and measure their distance or triangulate their location. through the 1990s into the 2000 law-enforcement began using other forms of targeted including physical gps devices they may attach to vehicles or other items and that was dealt with in the u.s. versus jones case in the supreme court and i was hurt in 2011, 2012. they ultimately decided that the attachment in the use of a gps device to track the movements of the vehicle was a search under the fourth moment distinguishing earlier cases from the 1980s and reinvigorating the law of the fourth a moment standards around location surveillance. but throughout the late '90s and into today the most prevalent form of location surveillance is actually the collection of data from cell phone companies about typically the towers the phone is

connected to. in a city like washington dc there is a huge number of cell phone towers that is necessary to support all the devices that we all use every day and so the density of towers is quite high and that means is knowing what tower a particular phone is connected to in the strongest nearby tower is a very good piece of information to know where that phone user is located at. and so historically what develops in the two thousands was a method or lawn force meant was getting both historical and real-time cell phone location eta using a hybrid of the pen register statute i mentioned before which is ongoing monitoring of phone call data and also what is referred to as 2703 under the privacy act orders that allow the collection of subscriber records from

service providers like cell phone companies. connotation of these authorities the doj inserted was enough to give them both historical and real-time location data related to specific cell phones. there was a push by judges around the country to call into question this assertion by the doj which could not happen at this point and had been screwed night by other courts. magistrates were on the front line because they got the actual application and a number of magistrates including in texas and new york called into question the legal authority ultimately the question was resolved by the sipping court in the carpenter case which is a colonel case where an individual had been tracked by the collection of cell phone data and supreme court ultimately ruled the collection of cell phone location data is a search subject to the warrant requirements. that happened in 2018 and prior to the carpenter case and a lead up to carpenter affleck filed a series of requests with the apartment of justice to try to get a handle on how prevalent

this activity actually was and how many of these orders are out there. we found a request seeking disclosure of the 2703 location data warrants with the deferment of justice and ultimately had to sue because they had not responded and this gets to the issue of generally surveillance oversight which we do fundamentally have public transparent public oversight and location data tracking or broadly in the context of the collection of electronic records e-mails and otherwise. contrast that with the scheme under the wiretap act which is title iii which is reporting an interception for vacation in real time where a robust congress enacted in the 1960s carried out tuesday the administered of office of the u.s. courts compiled this very competence of report and releases it every year and a number of other groups like epic

have historically recessed, viewed and made available at these and it allows us to scrutinize wiretap authority including figuring out what types of crimes are being devastated and how excessive are the wiretaps and how often do they lead to conviction. we simply do not have that type of data becomes to location surveillance. this includes pen registers and gps tracking and cell phone location data and catchers and we do have a lot more information ironically about foreign intelligence surveillance because the statutory authority and requirements there that fit the semi annual reporting on that activity. what do we do when we don't have the transparency reports? epic is trying to find out as much as we can about what is happening so we use the other tools at our disposal, freedom of information act. just a quick note. we mentioned carpenter that

following the carpenter decision the deferment of justice actually does not get that data with section 2703 the order and they do have to get warrants but again we don't know how many warrant location data as they are getting paid we have to file a new request after carpenter involved in our case as well. we have these surveillance applications and orders being sought by the federal and state prosecutors being issued by state courts so we have focused on the federal level and department of justice and we know that because they are seeking these application ultimately obtain surveillance orders they have records of this activity and so we focus on surveillance issues and our new requests in 2018, 2019 and we simply ask the executive office of the u.s. attorney to give us a copy of every order was issued for location surveillance.

we spent more than a year litigating this case and the answer so far has been the department of justice says there's no way to search for these things. we obviously pried beyond the initial answer that we can't search them because the general law-enforcement database we have access to well they never disputed that they have the records and those surveillance photos are obviously used by the prosecutors who are getting their cases and so we pride further and said can we focus on a particular office may be the most sophisticated office in the country like the u.s. in dc or southern district of new york and can we have a method for tracking the surveillance allocation or orders and both came back and basically said no, we don't practice at all and also we can't search our electronic files because we have so many files to search it would break our computers. we can't search department of justice which is what we are currently challenging, the

assertion that there is no way to search electronic records of the prosecutor's office that are subject to -- but we went further and said large sophisticated offices can't search electronic files because there are so many but what about the smaller u.s. attorney's office in the continental u.s. which is in the eastern district of oklahoma and also some said no we can't search that and through the litigation we learned that office has a grand sum total of one terabyte of files. they can't search it. we are currently litigating this case and we hope to get an order that we will force them to go through these records and identify the orders that they do have. we know prosecutors and ladies offices have been beginning to integrate these files into their case management and other database systems and simultaneously been an effort here in dc by jason leopold and

the reporters committee with freedom of the press to unseal old surveillance orders for closed cases and as a result of that case which was brought around the same time as ours there's now an agreement between the district of columbia, federal courts and the u.s. attorney's office and doj here to issue basically unfeeling orders and reports twice year that categorize all the surveillance applications filed so you can find these now on the district of columbia federal courts website under their standing order you can see a list if you look at the report filed last april you can see a list for a six month time period of every surveillance application filed in federal court in dc and that includes information about whether it's registered order or location data or e-mail records or the like. so, again, there is a question these orders exist but we are

just trying to uncover them and add them to public information about surveillance and how prevalent because we don't know enough frankly about how often the authorities are used and in the grand bigger conversation about what legal restrictions should be in place over these surveillance that is critical to have that type of information but as i did note earlier we did learn to the course of our case that the day was issued and the computer crimes division of doj issued guidance to all federal prosecutor's that said you do have to get obtain warrants to get cell phone location data. so, you can find this on our website epic .org and more materials out front if you want to learn more about it. thank you. >> live coverage of the cato

institute's government surveillance privacy conference. they are on a short coffee break during this daylong conference but we do expect them to resume in a few minutes. the first panel after the break will be a conversation with privacy and civil liberties oversight board. you are watching live coverage on c-span2. [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] ... [inaudible conversations] >> welcome back to the auditorium at the cato institute for the 2019 cato surveillance conference. i remain the senior fellow julian sanchez, thank you for joining us. as i mentioned at the start of the conference we focused on issues of surveillance oversight this year's conference.

this morning you heard about an array of institutions and entities and persons who work to oversee the secret use of intelligence collection, ranging from at the fisacourt to the myriad inspectors general and the government accountability office and the spellen committee of the congress, and one of the newer and many ways publicly useful entities overseeing the intelligence community is the privacy and civil liberties oversight board, which is a number of valuable reports that have given us unique insights into some of the program's we hear suggestion, section 702 and 702.15 the authority used for the bulk records, phone records collection from. to introduce the members of the board and what i'm sure is a

fascinating discussion, i'll hand off to our moderator, the washington college of law and american university. >> thank you. thank you all for being here and those who are watching online. it's an honor and a pleasure to be here in part of this conversation with the members. we have three out of the five members here today, two of them had conflicts and were not able to attend unfortunately, but i'm going to briefly introduce -- basically i'm going to do something nontraditional and basically allow hem to introduce themselves. i've seen this done a few times and find it's way more interesting than hearing me speak. so we have adam cline, jamie, and we have -- and i'm going to start with adam. thank you. >> thank you. we are a nontraditional agency, it's good we're taking a

nontraditional approach to introductions, i'm adam cline, chairman thereof he board and the only full-time member of the board, we he a chairman and four part-time members. it was at a think tank and worked on issues comparable to the board's mandate, the intersection of national security, law, and emerging technologies and the things i'm generally interested in. one we should al throw out an interesting fact about why we got into this work, before becoming a lawyer, i work for he members of the 9/11 commission on their post governmental efforts to enact the 41 9/11 recommendations and one recommendation was the board. this is an issue i've been tracking going back to 2004 when i started doing that work, and advocating over the years for the creation of the board and then for the stocking of the board with members, and then to ensure that it had adequate resources and authorities and so eight nice to finally be there to see the board come to

fruition with the previous group of board members who did some great work. we have sharon bradford-franklin for us to see. and to continue and push the work forward now. >> thank you so much for having us today. i'm one over the four part-time members. we're very lucky we have technologist who could not be if us today but an enormously helpful as we start to dive so the mow technical aspects of the program to conduct effective oversight prior to joining the board i was working on a book on the rule of law and spent a decade government, half of it in the executive brad, half in the judicial branch. i worked in the department of legal counsel at the department of justice and my port foal question was national security issues inch terms of my interest necessary that issues it's long standing. my parents fled from behind the

iron curtain and i grew up with their stories of what happen when he breakdown between surveillance and national security and privacy falls away. >> thanks so for hosting us. in my other life i'm a professor at the university of virginia school of law where i teach among other things computer crime. a course that addresses some of the issues we deal with as a board in the surveillance area. my path to the board and the set of issues is moodily before i was in academia i was at the university of virginia, then before that it worked at the get of justice and the same part that jan worked at before i was there. and i was an appellate security in the national security division, and i joined the national security division in march 2013, mere moments before

a set of cliff cheese surety ooccurred that prompted the work of the board and that was my entree really into this area and i was able to work on some cases involving surveillance to argue some cases, and so that spurred an interest. before that i was in the office of legal counsel as well and had some interaction with national security issues, and happy to be here. >> thank you. so, adam, you obviously mentioned already you were part of the -- work on the 9/11 commission report where the intellectual ogeneral of origin of the boar started. tell us the purpose and mission of the board and how it's structured and how it relates to the many other oversight agencies and entities win the executive branch as well. >> sure. at a good lawyer i want to offer

a technical clarification. i did not work on the 9/11 commission staff but immediately after the report i joined ngo that theton commissioners created called the 9/11 public discourse project which no longer exists but a great organization that worked to educate congress and the executive branch and the public about the recommendations. and so segways into your question, the commission had 41 recommendations in its report pursuit to its mandate to investigate the causes of the acing a and make recommendations to ensure that things like that wouldn't occur again. so many of those recommendations sort of generalizing had the effecter or tendency of centralizing power within the intelligence community, within the homeland security apparatus. some of those are create a director of national intelligence, knock cower terrorism center, intelligence sharing, and using biometrics to track entries and exits into the united states and the tendency

is more information, more centralization, more information sharing, and so on the other side of the balance the commission recognized if you're going to create all this new centralized power you need to have an increase, come con tenant increase of powers and they focused on congress and looked at oversight within the executive branch and proposed there be a board within the executive branch to conduct that type of oversight of efforts to protect the nation against terrorism. that's the genesis of the board. initially constitutessed within the white house and then in 2007 the congress established the board as an independent executive branch agency with senate confirmed members. >> how does your work coordinate with the work of the inspector generals and the other entities, privacy officer and other officers in the executive branch do something of the related work day to day. >> inspectors general i would say, just to paint with slightly broadbrush, tend to focus on

individualized reports of waist, fraud or abuse. that's not our mandate. our mandate is more programattic, if there are individualized abuses we learn about, we would of course take appropriate action and inform the appropriate officials and could be informative for our programmatic oversight because it may suggest that improvements are needed but our fog tuesday is a higher level of generality, is the program wise, necessary, there are enough safeguards bill in the right people making decisions given the stakes at play, the future implications of allowing the government to conduct this kind of collection, analysis and soing for. that's our focus. >> how do you decide what programs to work on, where to focus your efforts? obviously there's a ton out there. so how do you make the choices that need to be made what to do where to focus. >> sure. first of all, we're a bipartisan board we vote on the projects we

take on, but in terms of think about what type of projects we want to take on, i think we'll look to, for instance, if there's general, like -- it's something is being reauthorized, we're going to be issuing a report on -- hopefully in the next month or two, and so we think that there will be a benefit to congress and the public having greater transparency and how the program has been operating. we think we can add some value in looking at the time privacy implications of the program, some thoughts on whether or not the program should be modified, reauthorized. we'll look to emerging technology. one thing we talked about in our strategic plan, if there's any programs in space useful for us for the board. so i think a broad array of factors we look to when deciding what projects to take on. >> the reason i duck the

question is because since he was the last one to join and at which time the report that was mentioned, the report but the sunsetting of the u.s.a. freedom act was already in progress. so i'm actually step back to think about how we would select projects. it so happens that before i joined the board had put out a list of projects that we intend to work on, and those all made sense to me, and i think that it's one of those situations where we just should think through what is the value to the congress, american public, the executive branch. we offer different skill sets. one college is a computer scientist, not a lawyer. the three of us are lawyers. whatever we can do that would be useful is what we should focus on. >> on a personal level, what you're doing is an enormous work. how do you balance this with your regular jobs? >> it has been a good amount of work absolutely. and just do the best i can.

so, we have great staff, and put together great drafts, but i take every effort to read through every single line we put out, and so i think that we just have to strike that balance, and this is a thought that people might have bought what is the benefit of having a board structure effort as it is right now with one full-time member and four part-time members. that's a benefit in the sense that the independence of the board isen handed by having people who -- i have other things to do, and really i'm at liberty to say what i feel is best in the board's reports. so i think that's kind of the balance that congress struck, and it's incumbent on to us make it work. >> i think part of the idea was having the part-time board members was to have geographic diversity on the board.

is is helpful. knowledge have people working in other jobs and bring ago conversations to bear on our work, but to have people surrounded by different sort of geographic conversations that take place, and so that's -- >> that's talk but the work that you have done. obviously also you have already mentioned there's a 215 report that we are all eagerly awaiting. my understanding is that the issue is a classification issue that remains an ongoing challenge0. couple of questions but whether you can provide any information about whether or not you expect this report to be made public before the extension and the 215 program expires, and secondly what kind of at a high level you can talk about with respect to the report. >> sure. i'm happy to go ahead on this one. filling in the brun, if everyone is as deep in the weeds as we

are but one of the things that was revealed by the leaks in 2013 was a large scale or bulk collection of telephone call met da tata, what number called what number and for how long but not what was said on the calls. our board with the previous membership, was sharing their work on this, did a significant landmark report on the program, and then after that report and recommendations from other governmental bodies, come congress decided to trim back that authority substantially so she government can still collect records in fairly large numbers as is disclosed in public transparency reports but not to the same extent as it did before this law passed in 2015. the law you call the u.s.a. freedom act. the government has now had for four years implementing the laugh and it's coming up for sunset or reauthorization as the case may be and we have undertaken a deep dive into how

the government implemented that new authority to collect telephone call records since it was enacted in 2015. and that's been a lot of work by our staff. aisle -- i'm pretty confident in saying dave master the details to a very granular extent and we can't get into the details because as we said there's a classification review process we have to put that work product through, and that's where we are now. i don't want to imply there's any problem with the process. the people in the intelligence community are working very hard to work with us to move that forward. it's a big texas, very complex material, a lot of it and everyone has a lot of things on they're plate but we think we're receiving good cooperation in completely good faith and we are quite hopeful there will be something the public can look at relatively soon in the new year. >> i know you testified about this to some extent. i don't know everybody here has

had the benefit of reading your testimony on this issue. >> it was pretty short. >> but it would be great to hear your perspective about what -- in your testimony you were able to -- well, a lot of this is under classification review, provide some high-level thoughts about the program and its implementation. >> sure. staying at a very high level. i'll take this since i testified on it. a very high level there are some public transparency reports that put hard numbers which i think is a pretty great thing that we as americans have access to that citizens of other countries do not have access to from their intelligence agencies. those reports show the number of records, while perhaps not bulk collection in the same way the previous program was is still quite large, hundreds of millions of records here, over a relatively small anybody of -- small number of years, predicated on a very low number

of orders. i think was 14 orders related to 11 targets, all in the public disclosures that the intelligent community -- i see the people involved in that transparency work here in the audience -- have done a very good job putting out. so, that gives you a sense of what the stakes are in a program like this. then there are questions how the authority was implemented. we looked at the challenges that nsa publicly disclosed it experiences the implementing the authority. what we found was that the challenges were inadvertent, north the result of any abuse of malfeasance. at the same time this is my individual judgment, as a member of the board, i'll have more information about our collective views when the report is relievessed but my judgment the agency made the right decision based on the evidence before it in choosing to suspend the program. don't want to go any further than that. that's the level of depth we can

safely go into until the report is out and then wire confident there will be more classified information that will be the basis to form the judgments. >> i think adam there was a period in time in which the program was suspended because of these questions about how the information was being handled and the question is, as we move forward and talk about reauthorization, are you able to talk about the intelligence? there is an ongoing intelligence need to continue this program or would we be okay if it were suspended indefinitely. >> talk but the counterterrorism need from the metadata analysis. >> again, quite high level, i think there's value to having a two-hop program. one benefit that the program allows for was allowed the intelligence community to reach not just one telephone number away from who you're calling but

another hop from that. this is a change from back in the day, prior to the snow disclosures, when the program was operated back then, allowed for three hops. so is there i think a general intelligence community need to -- and use from a national security perspective to reach out to two hops and i think the question we confronted in this program is, given the limitations of this particular program, was the intelligence value that was being obtained cost effective in this case, was it appropriately balanced with the privacy interests at stake with the compliance issues being confronted, and the like. think in a general -- if you step back and look at a two-hop metadata program there's national security value in that type of program from my personal standpoint. there are limitations in this particular program what type of metadata can be collected and

experts have talked about the ways in which terrorists are shifting modes of communication so the questions of whether or not this program was reaching all the ways that terrorists now daze commune. there's questions of whether new authorities may need to be brought to bear to reach all these new modalities in terms of how terrorists communicate and this were confronted when looking at the value of the program. >> i'll defer further discussion until the report is out if just say i agree with adam in his testimony that the concerns that the nsa had that prompted it to shut down the program war indiana vert tent and weren't a result of abuse of authority, and at the same them the decision to shut down the program, to suspend the program was justified and made sense . and so i think hopefully that's helpful for present purposes and just stepping back, if you can

understand compliance incidents or difficulties with technical issues, it just goes to show how we as a society, as a government, need to bring all of our resources to bear to ensure that what we're getting these programs technically right and hitting the right balance between obtaining the type of information that the government should get in order to secure the country, while at the same time not intruding to much on people's privacy. it's an extremely hard balance to hit, both from the conceptual level, from the level standpoint that we're so familiar with -- from the legal standpoint and the technical studied and that's something i've learned a loud about from working with the report. >> staying on the topic of work you have done before we move into what is next, one of the things i think has been remarkable but all the -- been talked about before is this

incredibly comprehensive report that was made public and the same with the 702 report, which sharon gets an enormous amount of credit for. one of the questions as a member of the public very interested in these issues is question about the 12 triple 3 program which there's a lot less publicly available information. and curious as to whether or not and to what extent any of the internal work that you all have done on the 12 triple 3 program would or could be made publicly available. >> so if i can start with the correction. the 12 triple 3 is an executive order -- and jen is an expert but for the audience that structures into the exercise of authorities by the intelligent communication, assigns responsibilities to different intelligence community elements and mandates certain privacy and civil liberties protections.

what the board undertook, and sharon was there when they undertook it was an enterings of certain counterterrorism related activities conducted pursuant to executive order 12 triple 3. one of the deep dive examinations was completed before the three of us showed up, and we inherited the rest as open projects. and what we said win we came onboard is we were going to look at the work that had been done and bring each project to an appropriate conclusion. we're continuing to do. the file remains open. those are big, big bites to chew frankly and we have a lot of things to chew with a very small staff, but we're taking the work experiencely and are pushing forward towards an appropriate conclusion. our goal is to have things doctor have the maximum transparency possible with every project, and sometimes that means 100% unclassified, sometimes that means checkerboard redactions. we'll always push for the

greatest declassification within each report we can but unavoidably sometimes its means reports remain classified and part of the reason is we are not an original classifier within the government and don't have the authority to designate information top secret. we have to abides by the classification decisions mailed be the intents that classified the information. that it own that information. we'll have back and forth with them, incurrenting them to move in the direction of transparency but our statute requires us to undertake or transparency mission with concern for the protection of classified information and we do that. >> back to some of the work plan you have going forward. one thing that i'd love to talk about is the program on facial recognition, aviation security. obviously a very hot topic, the question of facial recognition and have a range of views, being

expressed publicly from, we should ban all facial recognition, to let's use it and use it a lot to protect our security. so curious has to both the scope of the program and your thoughts about hoe it's being used in the united states and whether it's being used consistently -- effectively and consistent with privacy and civil liberties. >> go ahead. >> okay. i'm happy to take this one. i just spoke about this yesterday so it's fresh any mine weapon launched a project on the use of facial recognition and other biometric technologies to verify identity in the context of aviation security and all of those caveats are important because facial recognition on the street corner is difference than facial recognition used by a commercial actor for its own marketing or other purposes, is different than use by the government in a specific operational context for a specific purpose in a specific physical context and a specific

type of lighting. all things go into how this technology is going to be deployed. the privacy and civil liberties implications its raises and we're drilling in on the very specific operational context for various reasons, one because the government is moving forward pretty fast deploying facial recognition in cooperation with industry partners in the airports. second, because frank live some people are very interested because it touches them in their daily lives. they go to airport see, camera, a dhs notice that their photo may be taken and used for a certain purpose, and that naturally raises questions. you think the department has done good things to explain waffles it's doing. not to say they couldn't do more. they're doing this project to make sure there's full public transparency and all the hard questions are being asked before beer 100 miles down the road deing" the technology.

that questions a raise. if you look how the thought but this wishes focus on the point of clerks but as you brought up, the issue is to some extent the point of collection but also what happens with the data once its collected, how long is it retained and how is used and who is it shared with. so curious as to all of your thoughts about the ways in which technology is reshaping our conception of privacy and what -- where the gaps are in terms of our legal understanding and the policies. >> the strategy thoughts and then -- i think that's absolutely right. you have seen in the last few years from legal study from. the four amendment standpoint, increasing concern now to the point of collection, did you get a warrant to get this and also more -- what are the holiest rick protections in place that tend to show reasonableness or not reasonableness and a lot of

times look at back-end protections how long the data being sort, who is itself being shared with, how is it being used. you see it in the legal area and also the policy area. it's a rising not completely but in large part because of the national security requirements demand large points of data being collected, not necessarily in bulk but enormous, millions and millions of record so when you're talking about those type of records, the point of collection is important, what type of suspicion, level of suspicion is the law requiring and then at the back en, there's a lot of understandable public concern appropriately so of what is happening with the data at that point, how long is the government retain it for. again, who is it being shared with, how is it being used, and some of that i think goes to often a level of perhaps comfort with what the program's scope is

currently or trust in the government at a particular moment in time, but then some concern, okay, if the data is not being deleted, what happens in ten years, 15 years, 20 years down the line. so i actually think you're right and i think we're seeing, again, both the law as the courts are evolving and statutes evolving and also on the policy side as well. >> so, i think this is one of the big issues we all have to confront in the fourth amendment and the policy context going forward, and trending technology. obviously we're experiencing both trend and capabilities, by both private parties and governments to collect information and that's simply something we ought to grapple with. that and vote sow sital expectations and people are more aware of the type of information they share and exactly how to measure societal expectations. people are in fact sharing information with all these electronic provider and at the

same time that it want their privacy to be protected. so understanding the societal expectations and how they should influence policy is important. the technical suspect of your question about point of collection versus later on in the lifestyle of the data is an interesting one, and just to speak for our audience, i think when you think about the fourth amendment, which is written in a way suggesting that its protections are triggered when a search or seizure has occurred, thereby suggesting if a search-0 seizure not occurred the fourth amendment does not protect any of that collection of information. as a result of the way it's written it's natural to read that provision to apply only to the point of complexion, and -- collection and we actually now have in the last two decades a body of case law regulating through the fourth amendment, aspects of government interaction with a dat thats not

just the point of collection, you direct something and this i apparent in the 215 program, perhaps something that the audience will be familiar with, which is that the fisa court when it authorized the program, authorized the collection of this information, then through the reasonable unless requirement of the fourth amendment, imposed certain restrictions on the usage of that information, and so exactly how the fourth amend will apply outside of the point of collection is still to be termed, and it's actually a way in which i feel that the law -- one way to think about it is we shouldn't let the fourth amendment to the stint applies to the point of collection necessarily enter when we think but policy because the fourth amendment hypothetically may only apply at the point of collection, may want to think about it that way. that's not the way we should think boat with respect to policy because we have other policy considerations that might be beyond the scoop of the fourth amendment. that and i think a second way in

which this question intersects with the work we do is that it's understandable for courts to approach the fourth amendment or legal questions at the point of collection, it's what they're familiar with and it allows them to address fourth amendment questions on a case-by-case basis, and courts are case-by-case adjudicators and when you have practiceatic questions whether the collection of this type of dat on a larger scale is a good or bad idea, i feel that's where our board fits in and where we can add value, and while we see announced that nature self-and declassified fisa court opinions, at least to me, speaking just for myself, doesn't feel natural for a court to be conducting that analogies. feels more natural for some other agencies that has the authority to probe behind questions or assertions in briefs to have that kind of

ability to speak of those issues. >> i strongly agree with the implied premise that the fourth amendment does not necessarily need to be refacted into an instrument to answer every privacy question. the fourth amendment does what it does and says what is says and i'm coming for a special tool here. we have congress and state legislators and other regulatory organs and so those entities are not bound by the specific parameters of the fourth amendment. congress can exceed the suspensional floor in terms of requirements for the government to access data held by private actors or third parties, for example, and i would be delighted to see the energies of people concerned but these things focused on developing statutory schemes they reflect real world conditions rather than necessarily trying to cram everything into fourth amendment

doctrine and might be an awkward fit. in terms of the question, i completely agree with between it tike be the implied premise which is we at lawyers look at the point of collection but that may not be the only important place to look anymore and that's particular live true as the volume of data create by our digitized lifestyles expands so massively. you no longer need go into someone's house or papers or effects or other constitutionally protected year and learn a ton of stuff but the person. the point of collection hey not be good enough as a safeguard, when do our work, looking at collection programs like call records, the facial recognition in the airports, there's a series of questions in my mind and i think all of our mind wed. and how long are you keeping this dat, why do you need to keep it? what other estimated are you going to plug this into? who has access of the dat and how do you control the access rump check topping make sure the

access was only for authorized mission purposes, et cetera, et cetera. this is all what you might call the back end set of question cozy those questions are increasingly important also the volume of data and the sensitivity of data you can get without potentially doing a fourth amendment search expand. >> the last -- your last two responses raised another question meant to, and obviously a big piece of what we sigh publicly are the reports that come out but a chunk of your work is also doing policy advising behind the scenes and i'm wondering both what percentage of your work approximately is that, and how receptive do you find your audiences in terms, are you at the point of time where you actually can make a difference in the crafting of policies and programs along the way? >> i'm probably the three of us, i'd be interesting in marrying -- hearing my colleagues out and answering the

question. i've been a member, i guess, four four months now, and it's hard to put percentage on it, but when i joined we had the u.s.a. freedom act report, and full flow, and i feel i have spent a whole lot of my time on that issue. and so it's just hard for me to put percentages on it and i haven't seen enough of the life cycle of policy advising to give you a sense of whether and how that really works. >> a little hard to put percentages on it as well just because, again the last few months have been very focused but doesn't mean because our work has been focused, that we also have a number of advice projects happening. in terms of when we come in the life cycle, and advise projects, unlike oversight the agency comes to us and asks us. we forever come in as early as possible because it is always easier to change course at an earlier stage and that is our

preference, we do talk to the agencies about, but i would say it's been generally when they're coming to us, they're seeking our advice and has been generally collaborative. >> going back to the set of policy fourth amendment related questions, one of the -- in addition to thinking about what happens to data of the fact, even in the questions and the responses we talk but the points of collection, talked about programs. one interesting question is how various databases intersection and how much can be bleached from the intersection of different databases and i wonder to what extent that's an issue you have thought about and are taking on and thinking through. >> some we think about. if i can throw out a somewhat off the cuff judgment here, it's that i think agencies don't

always know when they start what the destination is in terms of what they're going to connect to what other systems, what data they below integrate with other data sets and as i have become more conscious over the fact that agencies are not always fully aware of their own future intentions, we perhaps are becoming even more vigilant about the -- the limbs of our ability to know now what will be done in the future and asking the questions now no light of the future uncertainty because we know that what you might do in the fruiter with this data, as jamie said earlier, potentially raises future implications that would squall tate differently change the intrusion of a program. facial recognition is another example of this. getting all the photos. what'ing go to do with them? department of dhs has come out and said we're deleting u.s. person photographs and they're taken on the jetway in the airport, for example, at the 18

airports where they're doing this, they biometric pilot and reducing the number of hours they're retaping. that's just one example. once you have the dat set and the system is built there are other things to potentially plug into is, transforming a simple identity verificationtransaction and shades more towards a surveillance transaction and we're conscious of that. >> also you have done this work, what do you see is a examples of other governments are doing well that we might learn from as we're moving forward in this space and thinking through the ways in which technology and the quantity of information about all of us shapes the surveillance policy and privacy expectations as well.squash. >> general live we are u.s.

focused and don't have a lot of expertise or insight into the details of other governments. i will say that as is i think adam alluded to earlier this he u.s.ty forefront of quite expansive oversight and has transparency measures in place uleak in to other countries. think that looking to what other countries are doing and having those discussion if withother countries is instructive and value and we always of course should be open to learning from other countries at the same time we have our own values that we need 0 adhere to in this country, a set of stuffingsal law. looking at other countries can only go so far. >> but i don't know if my colleagues have anything to add to that. . >> comparative angle is a particular interest of mine. just to keep abring of what other countries -- abreast of

other countries and how we stack up and whether there irlessons learned we can take and bring back, but i will say that i agree with jamie i think the u.s. is in the forefront in terms of oversight and transparency. obviously this is not the end of the adventure, still at the beginning of the adventure as technology begins to expand the capabilities of agencies. but we should give credit where it's due and at least acknowledge that some things have the gone right in recent years. just to list a few examples we now have mandate for declassification of fisa court opinions and there were some pretty important opinions released recently about how the fbis using data and searching dat collect under the authority known as section 702 which is important electronic surveillance tomorrow. that's significant transparency man date debt that did not exist before. if you go on the dni website you can see exactly how many orders were issued under title 1 of

identifies very is electronic surveillingens of agents of a foreign power in the use. exactly how many targets under section 702. you can see exactly how many call records were collected under the u.s.a. freedom act. i'm not aware inform hi country that statistical transparency and we're looking for opportunity to push i forward but we have gone pretty far compared to anyone else and to give credit to the people who are working in the stein uses every day -- in the institutions every day, advocating and persuading colleagues and then putting in the hours to delve technical methods and analytical approaches to develop the metrics. >> i think i don't have too much more to add. might be a summation of what my colleagues have said, but i feel we live in a country with a unique set of capabilities on the national security context as well as unique set of values and i like both sides of the coin

and think that's the challenge that us, other members win the executive branch, wind congress, should and try to seek to preserve. >> this my last question. so i'll open it up to the audience. what do you see as the big kind of -- the big trend moving forward, the things that keep you up at night when you think but the future and what is coming next, where does your head go? >> i think there's so many. we have touched upon some of them. part of it is the technical expects of the ability of government, the private entities to collect information. so one example would be facial recognition. that's one example. but there's so many at the at ts point the technical changes occurring, societal changes occurring in terms of what

people expect, what people want from their government and from the private entities with which they enter act and then -- intercatholic then finally with haven't talked so much but the fourth amendment juris prudence, where it's going in the future, and hough it's going to interact with the set of programs that we as a board deal with, and i think that's really interesting and will re challenging in the years to come. >> the only thing i would add, fourth amendment is a matter of great interest to me. the supreme court points, continue die very generals of views and -- die very generals of views views and the justicesg to ask questions if the fourth amendment juris prudence appearing it is constructed, is that consistent with the understanding of fourth amendment, is that the right place to be now and that's an interesting space to develop and the other thing is i think that with the new technologies coming, there's often times a lot of talk of the privacy

implications that will come from that, so facial recognition and i think we have to think but the flip side which is how can new technologies help' protect privacy, so we're certainly seeing that in the programs that we're looking into now where the technology is helping control access, use and other things of that sort. there's extort of two sides to the coin and new technology in that space and something we all think about. >> technology. and then i think something we haven't mentioned yet but what are other country that don't share or values doing this with this tech nothing. not that we have oversight of the chinese government but the a fact of the fifth of the world's population is been subjected suo an unprecedented experiment in comprehensive surveillance and frankly thought control is pretty scary. watching that evolve is a dystopia experiment that should

be brace can for all of us -- bracing for all of us. >> questions. sharon. >> hi. sharon bradford, franklin, thank you for panel and the shoutouts. i feel like i have to ask a question. i want to pick up on the reference to the continued examination under executive order 12 triple 3. thank you for in the summer and put out publicly the list of current oversight projects and i hope you'll keep that updated. i wanted to ask, with regard to that, the prior iteration of the board had undertaken to do the 3 deep dives and also to do a public report that would at a high level or maybe dig deeper, explain to the public in an unclassified report what 12 triple 3 is, hough it operates in different agencies, what the of these privacy protected or

rules were, or not. to what extent is that an ongoing project as well in addition to continuing forward the two deep dives, and i used to get asked when that would be coming out but to the extent that is something that you're undertaking, if you have any kind of projection at all where that falls in a timeline. >> can i answer this one with an extended metaphor? when we came on the board had been without a quorum for a year plus, year and a half. without a chairman for two years. so, it was sort of like inherit can a house from your beloved aunt whose house was stocked with wonderful books and mementos and that's great and you pick up these great things you ick talk give a new life to but it also takes you a lot of time to go through the library and see what you have and clean out the closets and everything else. so we inherited a lot of great

projects from the prior board. we're moving them forward, going bring them to an appropriate conclusion. as determined by the current board members but as thin point we can't give anymore information than that about when that is going to happen. but we're taking it seriously and it's an important project. >> thank you. thanks to all of you for coming out. i'm pat, one of the research floats here at cato. want to go back quickly to follow up on something that sharon talked about, the whole issue of 12 triple . i want to start with a more basic question, and i have two questions. do you consider your work product something that you own? in other words, your observations, your conclusions, and your recommendations. do you consider yourselves to be in full ownership of that? >> so, i think what you're

alluding to is whether other agencies have a say over whether board work product can be declassified. >> from a statutory study standpoint what i'm looking for is the language that says, as i was told on hi-fia, you can't desegregate anything here or more to the point, based on the response from the agency, in a sense, and let me tell you the deep concern i have with that. right now i'm in litigation with the department of defense and the national security agency over their attempts essentially to suppress a department of difference inspector general report on an nsa program called trail blazer. the largest programattic failure in american ohio and a major contributor to the 9/11 intelligence disaster. what the judge rejected this efforts of do and nsa to try to

excise anything that would be embarrassing or otherwise problematic for nsa. not going to bore you with the details but the k i have is if you let an agency, whether it's my former employer, the central gentlemen generals agency or other 17 agency, dick tate no you what -- dictate to you what you can say with respect to your observations and conclusions. i have to say it visualates the board's ability to function probably. i'll echo what i think is sharon's plea here which is that you go back to that agency in question and say, we are going to say something publicly at least to the effect that either there's nothing to be concerned about here, or that there may be some things to be concern but here and we have notified the committees jurisdiction to that effect. can we get a pledge on that from you today. >> i can say more than that when we complete classified oversight

reports. those reports go to the hill. because there are people there who have the clearances and the facilities to receive them and read them. so they would receive the entire report in that case. zooming out a little bit, obviously we're an administrative agency. we're a creature of the statute that creates us and have. the authorities in our statute. what our statute says is we should make our reports public to the extent consistent with the protection of classified information and both parts are important so we always push to get the maples transparency possible and relieved the inventory of our active oversight project which is is think is the first time the agency has done put a to present the greatest transparency as possible. but the other half is important, too. the protection of classified information. and also i said before, we are not an original classification authority. i head to learn the lingo in the executive branch. this means the agencies that produce and 6:00 the information

determine and droll classification of that stuff. we ingame in a back and forth with though try to get more spoofed into the declassify and release category but ultimately we have to go through the process it's our statutory obligation to protect that information and that means when there are foia requests, even if we would loaf to make things transparent, it's our statutory obligation to refer things out to the agency which original live created and own that informs. >> but dion the -- [inaudible] >> and so all work product has to go through a declassification process and things are connected and we always push to get the most of any document we can declassified and that's a back and forth with the agency it's part of our statutory mission but a balance that had two halfs. >> yes.

>> hi. jake, project government oversight. very excited to be -- hear you guys will have a report on 215 in the next several weeks and raise that as soon as it's out. i do want to -- since we have a little more time now in the wake of the extension that congress just granted, but the original deadline nor program and presumably action in congress would have had to be taken, um until that short-term extension was nine days from now. can you talk about before the short-term extension, what ifs were being made to ensure that the information and recommendations you include in the report would be released in a timely mandatory be part of the public debate in the event that a reauthorization was going to be passed this month. >> i don't know how interesting are you supposed to get too deeply into our internal

mechanics of our small agency but wore cognizant of legislative dead lan and we work to assure what we do will be important to stakeholders. i was able to testify in the atjudiciary committee and that testimony is public and available both a prepared statement and then the back and forth with the senators if snip is interested people cognizant of the always evolving legislative calendar and do everything we took make sure our work will be available and useful. >> thank you for the work you're doing. the work to declassify information that been very valuable. on facial recognition, a bill was recently introduced to require a warrant for three or more days of ongoing surveillance of a person in public places using facial

recognition. and we are having a debate in the privacy community about where those circumstances ever pertain right now under current fact? is there a use scenario that you have seen through your work that would involve the ongoing surveillance of a person over three or more days involving facial recognition? is that actually happening? here's the language of the bill out liz indication solve facial recognition at the nothing toughen gaining in a sustained he effort to track physical movements 0 an identified individual through public places, over a period of time of greater than 72 hours, whether in real-time or through applicationses of such technology to stored information. that happening? >> our project is pretty tightly

focused on identity verification in airports, and it doesn't seem like that would be the place where sustained surveillance would be taking place, given that people pass through airports in a relatively short period of time. if i can respond to the idea there, to me without comment can on whether i think that's the right legislation or not, it's exciting to me that those kind of conversations are happening because that is the type of line drawing exercise that lookures are uniquely suited to undertake. think it's really constructive that legislators and people coming up with proposed legislation are thinking exactly where the balance should be drawn because when you're not dealing with the strictures of constitutional doctrine you have the freedom to do what feels right. that's all to the good. >> i don't have much to add and can't answer the question directly, so i think that the -- my answer would be the same, which is that this is an important conversation for

society to have and it's really interesting and useful for congress and members of the public to think but what the appropriate balance is to strike both the collection and also about the usage once it's been collected and hough it should be used. >> back there. >> thank you. i'm leon, retirement member on the foreign service. want to ask you about the use of facial recognition in airports. if you get a hit, i'd like to ask, what their addictions you use to get -- database do you use to get a hit and if you get a hit, would you simply monitor the person's movement, which flight is he or she on, what someone be authorized to interact with this person, to talk to him and ask him, to entertain that that person --

detain that person. what would happen when you have a hit? >> i think -- so, i can speak just in generalities about, interested to hear what others have to same depends on the type of program. so, for example, we might have certain times of a facial recognition programs in which it's essentially what the computer is doing there is it's recognizing your face, which your places before a camera and recognizing your driver's license and ensuring the driver's license and the face match up, which is exactly what an agent might do when you reach an airport and the idea behind this program is that it's a one-to-one match over the seven person and their driver's license and it's faster, mow efficient than having a person make the match, perhaps even better and more accurate.

with might have other programs where we might have what we think of as a one-to-one match, one-to-enmatch-the computer is matching a face to a number of other faces that have been stored in the commuter and we can think of other ropes and this what your question was allude to -- why you might want to have a system another that nature which is that you would then be either verifying that this person is in fact not simply somebody who has that driver's los angeles -- driver's license but fliss fact the person the person is present thing. s to be or if year using it to vaccine out and do some sort of security type screen through the compute are program. there are different ways in which the facial recognition programs can work and we're style at the beginning stages of figure out white might be deployed anywhere. on any platform, whether it's at airports or elsewhere within the economy.

>> can i just follow on that? with a little bit of civic factual background. about what customs and border protection is doing in the airways right now. so, congress after 9/11 -- another 9/11 commission representation... and so facial recognition is what they have struck on as a practical way to do this so what cbp is doing now,

customs and border protection at the airport where there piloting this and it's in the stages of 18 or something like that, increasing the number as the months go by his as the outgoing international flight there using facialrecognition to take a picture and compare it to a gallery of the passport photos of other people on the flight . so it is a 1, two 150 with 300 match and that confirms that person just just has left the united states and it's on the pilot space but it's wild at this point. in atlanta a partner with the transportation security administration and delta ella airlines to build that out through the full phase of the traveler experience starting at the check-in point , then through the tsa checkpoint and on the outbound flight but it's important to note at this point it is just identity verification that you are the right person who is scheduled to be on that flight that day.

they're matching your face to your passport photo. the one thing we are conscious of obviously is once you've built this platform conceivably you could plug under systems into it but at this point it's an identity verification system they're using to facilitate biometric exit requirements confirming people leave the united states piggybacking on that to facilitate other stages of the travel process is not the type of surveillance type matching or checking that you hypothesize! of course we are cognizant that technology once created can have an uncertain future with that i like you to think me and join me join me in thanking the panel for being here today. >> thanks so much members of the board. a minor schedule adjustment, there was a speaker who was supposed to be interstitial he delivering a short talk between our final panel, he's

on able to speak today, he's fine but wasn't able to make it so what we're going to do is hang out for one second while we quickly switch microphones. we're going to transition directly into our final panel . i think we have someone who is able to get our next speakers microphone . thanks. this will just take a moment. in the meantime i can set up -- [inaudible]

>> the title will be return of the crypto wars. if you're following privacy issues for a while you will be familiar with what's sometimes called the going dark problem, a concern that the pervasive growth of strong encryption presents an obstacle to law enforcement and intelligence agencies, especially as it has gone from a technology that is primarily the province of people with very technical knowledge and understanding, the ability to use very difficult commandline tools to something that is baked into their user-friendly technology in a way that doesn't require much sophistication at all. you probably use encryption

more or less daily without even recognizing it just buy ins of using a smart phone or a standard web browser . and as increasingly, this encryption is not just between end-users and centralized entities . that law enforcement can approach. with a warrant, but ends meeting encrypted to users without access by intermediary like google and facebook. that is causing a certain amount of nerves by both intelligence and law enforcement agencies. in the past it's often been framed in terms of the threat of terrorism, the memorable just a couple years back involving an iphone used by the san bernardino shooter. more recently, the announcement that facebook is increasingly sending to deploy and encrypt on its editing services, there are

concerns as well and the automated scanning of messages for child exploitation imagery. and other kinds of bile and so cut off one significant point of access or law enforcement prosecutors to go after, child predators . so we've got i think an excellent panel . arranged here, again unfortunately leads us down with the flu and unable to join us but we still have an absolutelyphenomenal panel . in my former life before i was a policy nerd i was a journalist nerd. and one of my previous pasts was washington editor of ars technica which is a great take the new site. i was happy to work there because it was one of the handful of places where you could expect really sort of

the dives into some technical questions and in my case sometimes legal questions written to these to be acceptable to generally educated audience without leaving out like the nuance and details that might be interesting to someone with a little bit more knowledge base. so i wasvery pleased that we were able to do sean gallagher who is the ip and national security editor . to act asmoderator for this panel . but as soon as everyone is wired up, i know sean will introduce the rest of our excellentpanelists .

>> good afternoon. going to get a weight check here. all right, we have a people and i hope everybody home is awake. my name is sean gallagher, it national security editor at ars technica and i'm here today with, pardon me. robbie greene who is with facebook and a privacy organization, with jim baker of our street and with, again i just met him. brad whitman. brad is department of justice and the topic at hand is encryption. so this was going back to decades.

encryption was something that had been fought over and have mostly been settled.there was the clipper chip, the ship was supposed to be implanted in devices that were going having cryptic communications over them, the federal government has presented it as a standard and it was fought against and it was eventually ignored by industry and proven to be vulnerable by our absence guest mattblaze amongst others . and pretty much it was decided that the old whole idea of having a backdoor into encryption was a bad idea but now we hear now and for some time over the past decade going back several administrations, the fbi's leadership as press the case for some sort of a on encryption and as former fbi director comb he put it, we wanted a golden key or lawful oriented access to communications because communications become much

more common than they were in the 1990s . to prevent criminals from going dark. evading all forms of surveillance. and the latest version of this argument, attorney general barr has used the ever increasing incidence of online child sexual exploitation as a reason to raise the demand again. and as that facebook in a letter that he signed along with his officials from the uk and australia do not deploy end-to-end encryption across all their products for messaging by default. and out of fear that would allow pedophilesto go dark . and they cited as a reason for this facebook being a major source of information about child pornography, about 80 percent of the cases of exchange of child porn information came from facebook in 2018. so they are seeking to ask facebook to not deploy and

encryption until the company can provide some way for legal warranted access to communications. technical experts argue that any sort of backdoor and encryption is significantly weakens encryption protections that provides everyone in a legal communications because it would make encryption more fragile. so the question before the panel here is is there a way to have secure communications for the masses and especially for people who need encryption to protect themselves against criminals and hostile foreign powers and have legal access under warrant. where do the constitution and laws of mathematics and physics come to equilibrium on this? can companies likefacebook continue to aid in the fight against child pornography and provide security medications to the rest of us ? so i will allowour panelists to open with that .

i'll let robin speak about and then we will have each panelist briefly and as quickly aspossible we will bring out the audience questions . robin. >> iq julian and kato for inviting me to speak today at this very important event. so i want to first sort of start by talking about why is facebook moving our messaging services to end-to-end encryption? so i started at facebook in february before that i set up eight years working in civil society on many of the same issues and today i lead our privacy policy around the world on law enforcement access and data security so starting in february having the announcement worshiping our messaging services to end-to-end encryption in march was an exciting time to start but i think it's really important to think about why this is happening. ultimately facebook has always been committed to

helping people build communities, having their voices heard. many of our services, facebook and instagram we think of as the public square but what we're seeing increasingly is that people are wanting to have more private communications, wanting to have one-on-one or small group communications and have ephemeral communications. there are more conscious of the private information there sharing with one another because they're having more personal communications online. whether it's sharing stories or personal information about your life and photos, or transacting business, people want to be sure that the communications at their having over there messaging services are secure. and that's secure from facebook, that's secure from external threats like hackers and other malicious actors and that's secure from any other unintended recipients including the government . and so we think it's critically important to make sure that people can have that kind of control and confidence in their communications to know that

they have the privacy and security as needed and how much data is getting shared. and how private and sensitive data is. in addition to that, we want to make sure we do this right so we're not just flipping a switch. this is a long process, there are a lot of technical challenges that were addressing with doing this to make sure that we do it in a way that is good for users and make sure that we're providing them with the end-to-end encryption but were also making our services interoperable so that you can have a more streamlined and simplified experience across all of our services. and so we want to make surewe get a privacy part of that right as well . but beyondthat , we have four years now and industry leaders when it comes to taking on our platform. as you mentioned a large portion of the information that nick at the national

center for missing and exploited children receives comes from facebook because we are soproactive, because we pride safety as one of our top priorities on the platform . were going to continue to do that in an end to end encrypted space . our methods will have to be different and we're thinking hard about how to be the leader in the industry and encrypted messaging on safety while making sure people have that same song end-to-end encryption where only they and their intended recipients can see the information . >> jim? brad, go ahead. >> let me give you the thanks for having me here today to talk about these issues and i appreciate robin's comments. we in government and i think as a society are finding an absolute epidemic of child exploitation , much of which facilitated by online platforms through which predators aregrooming their victims .

this includes absolutely or if the sexual abuse of children and toddlers. >> facebook matic 2.68 millionreports to the national space center for missing and exploited children, 12million from facebook messenger alone . we are very grateful for these reports , to facebook for recording this abuse of online and an for the cooperation we get. we rely on facebook as to other governments around the world. thousands upon thousands of children are safeguarded as a direct result of these reports. in march bob mentioned facebook announced it plans toimplement end-to-end encryption across its messaging services so that it will no longer be able to see the content of messages on their platform . we will no longer be able to see the child sexual abuse images . the ceo acknowledged falsely

that there are real safety concerns to address associated with the shift and in encryption and that we have a responsibility to work with law enforcement to help prevent the use of facebook content exploitation as well as other social ills such as terrorism, organized fraud, trafficking and a host of other social ills area the author acknowledged after the change quote, you will never find all the potential harm that we do today but our security systems can see the messages itself. so in response to this governments of not just the united states but united kingdom and australia wrote to the ceo of facebook in october asking that he not implement and and encryption without ensuring there is no reduction in user safety without including a means for lawful access of constant communications, something we as a public official charged with public safety protecting your children and children around the world. we haven't yet received a response and they haven't been consulted . some suggested that pattern now can substitute for access

to content to identify child sexual expectations or other harms. we are very skeptical, there's no substitute for seeing the content. we certainly can't identify the children involved without the content, you can't investigate and have evidence to convict the perpetrator without content. we're interested in hearing more about that. it's interesting to compare facebook with apple. apple's instant messaging service as long been and end encrypted in the same year facebook worth 12 million reports of child sexual application from facebook messenger which is not an end and encrypted currently we received only 23 from apple in the same training. that might give you some idea of how this was the implement it for sure but maybe some indication of what we discussed and had a little concerned about. to be clear, government support encryption.

they're not against encryption, we use and corruption in thegovernment. we are responsible also for private security . that's our responsibility. we rely on and understand the commerce is dependent on it and our society is going to be dependent on it area what we oppose is end-to-end encryption that does not permit lawful access when necessary. we think it can be done safely, the concern has been it can't be done safely but look, facebook messenger today is not and and encrypted and i don't think people think it's not safe platform. online banking is done today, but has access to your information, no one says online banking is not safe but the cloud is by and large not encrypted as i understand area no one has information on the cloud is not safe the solution can be found for this problem. >> jim. >> i'm looking forward to having a discussion about these issues so i worked on going dark or the encryption issue for a long time and this is has really been a personal journey for me.

both at the justice department, in the private sector, the fbi and since i've left the fbi and so i take with great seriousness the comments that brad has made about the victim. thereare real victims , because encryption does inhibit. it does slow down, it makes law enforcement less efficient and less effective in the san bernardino case, and when i was at the fbi and general counsel i saw we had a very serious and solemn obligation to the victims of the terrorist attack to do everything we could to run down every investigative lead so having in our possession one of the bones of one of the perpetrators, and iphone and having consent from the city of san bernardino that owns the phones, he was a city worker and having a warrant, he thought it was

the logical thing to do to try togo and get access to that information . we, apple disagreed, we ended up in court and that dispute, that legal dispute fizzled because of a third-party came forward and explained that they had a way to enable us to technically get into the phone so there was no initial resolution of the matter. and so because the case was movedthere at that point because we had a way to get into the phone . but my concern, i have several concerns about the government's current approach and i had to rethink my own approach which was strongly in favor of trying to find a way to enable the government to get access to encrypted communications and a couple things have driven my thinking on this. number one is the problem, this is the end of the day is a legal problem, not a technical problem because the

sophisticated companies and write software to get access to the government that can be done. the question is or the technical reality is it can't be done in a way that provides a substantial amount of cyber security the same way that kind of encryption systems that we have today do , lost my purse. so you can rewrite the software but it's not going to be as secure,that's the basic idea . so the problem to me is not technical. in that sense, like it could be done what the government wants to do but with significant risks attached. the problem is not the fourth amendment because the governor government can go and get whatever were they want or whatever device or system they want to get under the various legal regimes would apply. the problem is there is no clear legal mechanism under federal law or under state law to force companies to rewrite their software, to redesign their system.

the various legal provisions that i won't go through at this point, they simply don't empower the government to get a court order to force companies to do what the government wants them to do. it just doesn't exist to me the government, law enforcement agencies, we've been telling the public about this for years, congress about this for years and nothing has happened. congress has failed to act. there's a lot of reasons we could go into about why that is but they just had done it so to me, that's just like dealing with reality, that's justreality. reality is congress and elected and i don't foresee them acting in the future . the and ministration as revived this issue recently read there's a hearing next week from the senate judiciary to discuss all this, maybe that will start to have an impact but i doubt it so that's one reality. i don't see congress and the administration the legal tools that it needs to force companies to do this. the second reality is that in my view, the country of the united states and its allies

face and ask essential threat with respect to cyber security and malicious actors. our cyber security is that bad. is subpar, it is for. i don't know how else you want to describe it so the encryption, encrypting end-to-end communications and store data and basically spreading the use of encryption wherever we can in the very complex digital ecosystem that we bought on to conduct our most essential services and the business and activities as a society, that is just, encryption is a way. it's not the only way and it's not a perfect way but it is a significant way we can use to protect ourselves from the significant exit stencil in my view cyber security threat we face what i'm urging law enforcement, what i did and what i'm urging law enforcement to do is rethink their approach to encryption. because they are stewards of our safety and they have to

protect most people from the horse farm, they need to i think rethink their approach to encryption and actually embrace it. i think the right thing to do is embrace it recognizing and what brad says is true, there are real victims of crime. there are real victims of crime that will suffer because encryption in certain circumstances will inhibit the government's ability to do its job, it will slow them down and make them less efficient . it doesn't stop them, they use other investigative means but having said all that i think it's time for the government to rethink its approach to encryption and embrace it instead of trying to find ways to undermine it. thanks. so a couple of questions come to mind and first i want to give everybody a chance to respond but also add in that just a couple of concerns that come up from everyone! here and that is what is driving the demand for end-to-end encryption on facebook right now and in

other platforms as well is a lot of it is feeling a lack of privacy because of a loss of trust in some of the platform providers overthe past few years . things like the cambridge analytic scandal and the spreading of personal information variousmeans , admittedly algorithmically, not necessarily by people but there's still a lot of concern about conversations being cast for long periods of time, other data collected from users across different platforms and on the other side of the coin from the standpoint of asking facebook cannot useend-to-end encryption , doesn't that push the people who would use end-to-end encryption on facebook on the other platforms? there are a number of platforms that operate, ebay, signal and places like that have features killer to facebook in termsof the

ability to share with a large number of people and and encryption capability . so why would you specifically go after facebook in this case? i understand are the major contributor to report but doesn't that create a situation where people who are aware of this debate or in that, or our perpetrators of those crimes moving to another place where they can already go dark. >> if i can address that. so first of all on your question whether people who are platform over thisissue we haven't seen that space, instant messenger or other platforms are available now because they're using facebook messenger today , and we haven't seen that today. second point is though i want to be clear, i do not intend to single out facebook. facebook has been a good citizen today by all the reports that i mentioned. my concern is the shift to a paradigm in which we no longer getting the reports that we do today. even like these google's like

we have all of the industry to operate and provide public access, not just facebook but all other companies. >> i just want to say we will continue to be good citizens after we moved and and encryption. and safety is one of the top priorities on our platform and we are thinking very hard and really to taking time to build the tools in a way where we can be confident that we're addressing the various legitimate safety concerns, not only of law enforcement but department of justice but of ourselves and as a public and our users. nobody wants to be using platforms that have harmful activity on them that we are committed to a program basically of prevent, detect and respond. and so we're going to prevent , we're looking for ways to identify how our bad actors getting in touch with each other. how are they finding victims

that we can prevent connections from happening in the first place . then we're looking to detect that activity. no, we won't have the content of information. we will have to change our methods but we're going to be able to find what that bad activity looks like that we can take action on it, on the platform. then we want to be able to respond. we want to make sure people have the ability to report that activity when it's happening so if you receive some kind of harmful message or abusive message you can do a report on facebook and if you do a report, you can consent to share with us that harmful or potentially illegal activity in which case we will have access to the content and could share it with the authorities . though things will change and that's for certain. but what we are doing is engaging in a robust complicated process. we're having conversations with governments and law

enforcement about what are the kinds of signals you are seeing that are helpful are not content based so we can figure out what are the ways to identify, you know some of these problems. we're talking public safety experts, had consultations with dozens of public safety experts to make sure that we're getting all the information that we need so we can build a safe product and similarly we're having conversations with experts because none of this works if people don't feel like they have control and that privacy that they really desire. we are seeing a significant shift to end-to-end messaging. 85 percent of messages are sent over encrypted messaging services worldwide. this is what people expect and that's why we are looking to provide it. and the way that people are using their messaging services really demand because of the kinds of cyber security texts that you mentioned. people are having private indications that they want to keep between themselves and their intended recipient. but they're also doing business, sharing property information. there sharing financial information and engaging in conversationalpartners . they share medical

information. we now do most of our conversing over messaging services so we have to make sure that they are secure. the one thing about the ad is when we're thinking about how to do safety right, that was a bad apple. but there are ways to make sure that you can continue recording . i will share that what for example takes on 250,000 accounts because of harmful activity every months. we are able to find harmful activity even when we don't have access to content and were going to continue to do so and we think we're really well-positioned to build the spaces and the most secure and end encrypted messaging service because we have spent so long leaning into our services. >> is mostly because of user reporting? >> some of its user reporting.

we are also, a lot of the reports for example, these are not necessarily, i don't have that number off the top of my head. but we will still continue doing stands for abusive content so child sexual jewel explicated imagery for example on our public platforms so all public spaces, nothing changes. we're still going to be looking for abusive content on facebook and on instagram. it's the messaging spaces where that changes there are still some public parts of the messaging spaces so for example profile photos and groupings can be public. so if you wind up using explicated imagery as your profile photo, that's a pretty good indicator that this is not an okay account area so we would be able to identify that account because of the scanning and send that information to and of course

take downthe account . >> have you done analysis to see whether the 17 million reports we get each year, if there's going to be any drop off? you have to acknowledge there's going to be a significant diminution of reporting . >> i can't the percentage of decline but certainly we think the recording will change. so it won't be the same kind of image hashes but we are consulting with law enforcement to find out how can we make or identify useful information for you that's not content based and that build upon the privacy model when it does come tothe data we have . >> as far as other ways to go after this content to pursue people in an end-to-end environment, what type of techniques have you seen that could aid in going after

these types of problems that don't require a man in the middle sort of backdoor? >> maybe a couple different observations. one is -- let me back up and talk a little bit more. societies failure to protect children is colossal and profound and everybody in society share the blame for that, everybody because we have not done what we needed to do to protect children, period,.. even as we've heard from brad, even with the current medication systems we have, we still have thousands and thousands i think he said children , i was worried when i was with the government giving any facts and figures because they often turned out to be wrong and they would send me out with these things in this sort of area but even by that, thousands of thousands of children are being abused in society is

failing them now. and this failure is systemic and it has to do with way more than encrypted indications, it has to do with the ability of government to absorb all this material, of the technical systems that government has to deal with this kind of material, to deal with the perpetrators. it's a systematic failure across a, across many dimensions and society needs to deal with it and it's caused by providing better tools, more money to the investigators and the centers that are trying to deal with this so for example, try to think about how this could perhaps do a better job, that even to something i've been thinking a lot lately which is not only i think this

government needs to rethink encryption, it needs to rethink its investigation and how it does investigations and i think again just embracing reality, the reality is these systems are there. the reality isencryption is out-of-the-box, reality is it's going to be used either in the united states or other platforms andpeople are going to gravitate towards it , protected their communications, lawful actors are going to gravitate towards it and unlawfulactors are going to gravitate towards it . they're going to find ways to communicate so government needs to adapt to the world that we have today , not try to go back to the past where they had all this access to the content of communications. they need to figure out how to do a better job analyzing data, doing the data analytics with respect to finding thebad guys and finding the victims. they could invest much more in that , i think perhaps industry could do, could assist law enforcement with that as well. something that we might have to change some laws to accomplish but doing more data analytics, making more use of open source information and i think also reinvigorating governments ability to use human sources,

informants in organizations undercover operations. the government has to i think do a better job of doing. in my experience those are the investigations that are most effective when you have good human sources in the places where they need to be. they're hard, it's harder to do, it's moreexpensive and time-consumingbut in my view it's ultimately more effective . >> will go to questions from the audience . >> i think in points but in an investigation as you might imagine, there is absolutely no substitute for having the content, the access to the images the child has been exploited. i'd also say not going to have human intel forces to go into that scenario, you might have a toddler in the individual is using that toddler. there is no one else involved in a transaction, no other way to get that information and if that person is, sending those images of those toddler online there is no other wayto get that information and to have access to the content of those photographs . is what i would say.

the other point i would say is we're not trying to go back to the past, we're trying to update laws from the past two today. we got telephones forever. and we have a lot of old communications systems old law enforcement act which the systems have beeninspired required to block . what they're asking for is a new era, decades old now but to update those lost so that a different means of medication today is much more pervasive, we need the same requirements that phone companies have done for decades. we had wiretaps for decades, wiretaps is a fundamental one that we need to be able todo. the question is what is different ? >> because, do you want me to? >> the digital ecosystem has changed substantially and the volume, variety and velocity of the medications is just a different world than it was five years ago, 10 years ago.

before really the advent. >> you have the exact same voice communications over the internet can have a telephone line. i see no legal or moral justification forthat . >> so my point is, then go to congress. >> congress, my point is there are victims we've been talking about here and the children are victims and other people, kidnap victims, victims of violent crime, this whole range of victims exist and who will exist and who will suffer as a result of crimes that law enforcement, proceeding and the way that it does today as quickly as it might otherwise. so there are victims area there's also substantial risks to society with respect to our again, societal failure to build a digital ecosystem is actually secure.

we don't have that. we are more dependent on that than we've ever been in the past. and if we have a significant catastrophic failure for a significant period of time, i'm quite worried about society's ability to function effectively and people will be harmed, injured, die if we have a failure like that. so with victims on one side, victims on the other, how do we sort this out to mark the risk to the digital ecosystem from doing something that would interfere with the ability to ask encrypted communications, congress needs to resolve that. the elected representatives of the peopleneed to balance that, step up to the plate , either pass a law and changed the landscapeor not , but i don't think it's up to the private sector to sort that out. companies in the united states i'm confident will follow the law whatever it is so congress needs to and so far the government has failed to persuade hundreds to act and i think that's what,

that's where the focus should be. >> i agree with you on that point. >> any questions from the audience? we have a microphone. start off with alright. >> i don't have a life so i'll start up here. >>. [inaudible]. we have a microphone for you. >> i have a few comments on what you folks said and i'd appreciate your reactions. first, my assumption is that the vast majority of the people in this room have not, if not everyone is against exploitation of children. and i think it's a red herring to use that. because the law enforcement authorities we are dealing with this sort of problem and

a whole range of other problems long before we had the technology we're talking about so far other techniques to deal with it. and end-to-end infection and all the other technologies we're talking about have very legitimate uses. to help protect dissidents in third world countries area they help protect business here, etc. also technology can't make it disappear. if you forbid facebook from providing something, i'll be able to get it. other people will be able to get it. in one way or of the other so i think it's not really feasible to even do what you're trying to talk about. when the attorney general talks about having a backdoor quite frankly he showing he doesn't understand these technologies involved. and i've had conversations with former tia director hayden and he's also of the opinion that it's just not possible to do what you

describing. so again, thank you for your comments and i'd appreciate hearing what you have to say. >> thank you. that does bring up a number of issues that i got in mind and that is experts in the field and cryptography have said that if you put a backdoor into a system regardless of how youapproach it , there's room for abuse and room for breaking. there's also the concern that what can be warranted can also be abused. in terms of access. i've seen a number of cases where legal actors have been abused in the past and i understand they're not the majority. so given that and given the weaknesses that you would introduce inthis system , what is, what is your

response to that? again, this issomething that obviously legislation has to decide but from the standpoint of a mathematical perspective , there is no known way and a lot of people have tried to build cryptologic backdoors into things that allows for only warranted access, the only way this sort of thing would work is if there was a man in the middle type arrangement like there currently is where everything flows through the service provider and your given access through the service provider. and the service provider can be accountable. so how do we deal with the lawsof physics and mathematics ? >> i'm not a cryptographer but i can say that people in the government, and essay who are leading experts in photography think the solution is doable.no less than bill gates said this is not a question of ability, it's a question of will. a number of governments have said, australia, the united kingdom, united states kingdom and other parts of

the world have all said this. >> for two former nsa director since it is. >> let's not assume this is not doable. let's talk about the systems that exist today, that exist today. facebook has a system today that is not end and encrypted area that maybe not as safe as it would be with end-to-end encryption but it exists today. there's ones i can identify that are available where companies have made decisions to maintain access to the information. if an ache and maintain it to sell advertising or for whatever reason, why can't they do that for law enforcement to mark why can apple maintain a key to send software updates the phone around the world, ithas a key that they can send a software update for its phones .

they have and apple, they have to protect that key. it would be a huge security incident if apple were to lose that key and someone could get in there but they maintain that fee because they need that for access to the system. all we're asking if there will be a key that we can get for law enforcement . >> pardon my information but are you looking at it as a solution similar to what australia has legislated where law enforcement can require a software provider to make amodification to software and a warrant against specific individuals to allow access to accounts ? >> we're looking for any solution that will ensure we have lawful access . which method they use we will have a discussion with companies that's more effective andaddress cyber security. we're investigating those same crimes . are interested in protecting those dissidents, but we think this can be done. we don't think it is not achievable, these are the most innovative companies in the world. the idea they can't come up with solutions when they're doing it when the need to maintain their own access is not credible. >> okay, there's several.

let's start off in the back. >> freddie from the government. last year we heard talk about the phq's provision or group messaging and lawful access for messaging. even the doj didn't support that publicly so i guess my question is really how did doj put together a technical solution that they think would work because asset that a lot of the people in this room are debating something that's sort of hypothetical. >> we talked about different options, i talked about a couple today . we think different companies have different platforms and services, if some of them are device makers, some of them are making communications stems, they need to come up with their own methods . with their technology for

providing the access that we want as opposed to having a government top-down solution. i think the worst from a company's perspective would be for our legislators to say this must be the type of solution you. . >> i'm quite confident if you dig through the video archives you will find a clip of me saying exactly what route has been saying in the past. i understood the problem exactly the way that he particular now. i guess just having spent years and years working on this, my understanding is also that there actually is no technical solution, not adequately in the sense of like perfectly protects cyber security and provides the government access. itjust doesn't exist . so yes, the companies have different systems where they made different choices, where they don't use encryption and so on and they decided to use

encryption on different things but again, given the fact that there is no system that actually provides either security, that provides strong encryption and provides the government with access, that thing does not exist and if you're going to induce introduce some cyber security risk into a system then that's a call that congress have to make area i'll come back to that. it's, they've got to legislate if they want that to happen and they then on behalf of society take the risk that some bad person, some bad organization, some bad foreign government is going to figure out a way to disrupt all the medications that we today are encrypted when you change things this way, thereno longer implement to the effect of being infected and societies to bear that burden so congress has to make that call . >> what facebook done in the space as far as looking at alternatives -mark have there been any examination of ways to do this sort of backdoor

that you looked at and what would have been the results? >> technologists have said for a long time now that it's simply not possible to build an encrypted system with exceptional access and have their not be a potentially very dangerous for ability can be exploited by malicious actors area it's just not somethingthat's possible . so we haven't to my knowledge invested in trying to build any such system and we certainly won't be investing in building any such system in the future. >> another question of there. >> thank you very much, my name is chip gibbons. i work with an organization that not only defend the rights of political expression but had her own right to vote political expression violated, the church community sites the fbi's conduct against their

organization as an example of an abuse of power so it's concerning to me is the chilling effect that putting in this law enforcement backdoor into encryption could have on free speech. for example up until two or three years ago thanks to a supreme court ruling and the sec , the socialist workers party was immune from searching sec filing decisions on the basis but by disclosing the names of their donors , they would be making them potentially liable to law enforcement abuse based on a real history, so given that there are instances throughout our history with the government has been the malicious actor including one against my organization, do you worry about putting this law enforcement backdoor into encryption or having chilling impact on speech or help to facilitate these types of abuses? >> my answer to that is we have to depend on our laws.

our federal courts. what were talking about here is a court authorized access so today, with that court authorized access, we can wipe out half your phone, we can search your home. we can search your car, do all those things when an independent federal judge has decided that we have probable cause to believe you engaged in criminal activity and only when a federal judge decide. that's that are standard since the founding of the country that we can do that. we have to be able to do that to protect people . to search those peoples homes , cars, etc. especially now that we have new technology. to be able to have that same ability with approval to protect civil liberties, first amendment rights where there is a new state or are we going to have a state that is immune from that which has been a closed environment, the house that your kids can

go into and if your kid has disappeared, there's no way to get him back. there's no way to put that house, you can't go in. you get away from the judge, youcan buy that, same way you can't get indications online so were talking about the new technology if it's going to be immune from loss of process, lawful access or not . >> i think there's a distinction because i think what you're talking about is the legal standard that when you get a warrant , you should be able to execute your search but it's not just that only a law-enforcement official with a warrant would be able to access to medications if there was a sexual access. the problem with exceptional access is the front door for the government is a backdoor for malicious actors. an end-to-end infection means only you and your intended recipient are able to see the communications and there's just no secure way to be able to build in that kind of exceptional access or the government to loan. >> that's where i disagree

because i think companies have maintained that access for themselves. apple has a key, we can access all the phones and send software on the phones, why can't we have that same key? today as you acknowledge facebook have that access today and government as access in the case of facebook messenger. that's not a problem to date. >> it's the secure system today. >> users are demanding more secure. >> it hasn't been aproblem to date . >> up there and then down, we have three people there so let's start with the middle and work our way over . >> i everyone, thanks for being here, shannon from cyber snoop and i wonder if you could the situation we have here, there's obviously disagreement between facebook and the department of justice on this issue. it is this preemption can we

interpret it as a preemption to talkabout legislation, for instance , has been discussed in 2013, does the department of justice out plans to use this moment to put sort of silicon valley on notice that amendments may be coming down the pike? >> that's a broader discussion and we don't have facebook's position on that. >> i'd like to follow up with another question you in terms of speaking of chilling speech and and and encryption is delayed or not allowed, what can you say to what this would do to the market in terms of your ability to access books and encryption, and and encrypted conversations if they take them to other markets that's not in the us forexample ? >> we want to work with other foreign governments so that we have solutions that are not applicable only to foreign competitors as well.

>> center for democracy and technology, brad, question for you . you said the corridor of lawful process, is it always the case or if exceptional access was built in, are you telling us that an essay for example wouldn't be able to exploit that exceptional access that was given to the fbi and that, there would never be the use for example of section 702 or executive order 12333 to access communications through this exceptional process? >> i'll tell you the proverbial that were talking about would be court authorized access. >> this is the nsa in the past has worked to break other infections for the purposes of surveillance so that doesn't mean it would exclude them from using that capability togo after foreign intelligence started for example . >> asked what nsa does, that's what we pay them to do

to break in fiction today so it's interesting that we have this discussion because what people are saying, what people argue is what's better is like you guys just trying to break into the system that's a better model and having unlawful access and on tour when it why anyone thinks that's safer for us to identify . >> and not tell anybody about them and have that vulnerability out there. what is that better ? >> and jim well knows, that's what fbi sometimes like to do is find that vulnerability, why is it better for anyone? we all know what robin said, is there security even under these new systems, there are ways to break in. we're talking a fiction if we're saying there's no system, no unlawful access when you describe cyber security but we can have perfect security, there's always a balance read we regulate in other contexts, or automobiles. we say you got to have fewer emission standards. we meant for certainty your car is going to be less safe if you have to have a card that is not going to be as

big and as heavy and result in more fatalities. but we make a decision that as a society we want, we have competing goals and we want to have emission standards that have clean air, a safer planet and so you're willing to accept that causeit's the same trade-off we're talking about here . there is no perfect security in the same waythere is no perfect car can be immune from a car accident . >> i agree jim that ultimately these are things that the congress should be tackling. they have not tackled over the last decade but they should be because they shouldn't bedecisions that are made unilaterally by the company which is the situation we're in now . >> let members of congress, members of congress cast a vote when everybody's telling them the result of that vote will be less cyber security, less security for the american people in the digital ecosystem, let them pass that book, let them

assert their name with that. >> or security for all the child explication victims , all the victims being victimized by online activities. >> maybe but the failure as i said earlier, thefailure is with respect to children exist today . but you're talking about, horrible world you're describing out exist the government has failed . >> how many victims are they still? >> let's get another question from the audience while we have time . >> sharon bedford franklin, my question is also for brad read him "looted to this issue a little earlier about going out there withnumbers that might not be correct . so in june of 2018 if i remember the month correctly, it was taking it came out that doj and the fbi had for some time been using an incorrect figure on the number of locked phones that was unable to access due to encryption. the number was 7800 and the news accounts the number

might be closer to 1000 but we are working on it. subsequently doj and fbi but a lot of asterix on speeches saying this number is wrong. i'm wondering if you can give us any update or if doj and fbi are working to provide more information as you seek to have thisconversation on what the true extent of this problem really is . >> ..

it wants to persuade congress to do something it's got to do a better job of accounting could i know how hard that is. it's very hard to do but they have got to do a better job. otherwise they are just not going to prevail. >> mr. baker when the world would we trust u.s. government to the top terrorist on the planet. the fbi has had information on sex trafficker jeffrey epstein for more than a decade and has done nothing to incarcerate or investigate the perpetrators of people who have exploited children and girls all over the world and all over the country and from new york city's public schools. >> i don't know the details about the epstein case but my understanding is it's actively being investigated at the u.s.

attorney's office. we are still working on it along with the ai. i can explain what exactly is happening with separate i will tell you i could not disagree with your more about the united states government being terrorists. that's preposterous but with respect to the other matter he will have passed the government about that. b i'm unaffiliated but my understanding without getting too technical on the one hand it's technically not feasible to have a bad door and on the other hand to talk about google. i know they have two different encryptions methods. one is for data in transit and the others for data at rest. if you are going to the cloud when there's a gap between switching from the one modality to the other vets were google comes in to get data that they

use for marketing purposes etc.. my intuition is that a point of fact the fbi does have access when it wants to from the technical perspective but the issue is that the doj can't quite use that information because it's sort of fruit of the poisoned tree. it's in improperly access produces a legal matter or a technical matter? it sounds like it's more of a legal matter going back the point that technically what we call end-to-end it has numerous not points where entities either malefactors or the fbi for example government entities can get in. that's really not the issue. i would be interested in your thoughts on that.

>> to interject a little bit the point you are talking about when it's end-to-end the endpoints are themselves a plan of access but whether the end be storage on one end or the other so in transit, so that happens in software. it would depend upon the software provider and that means there has to be some sort of interjection applied in the software that picks up on the data as it's translated from received two stores. that would be exploiting the software that the vendor provides. i don't believe facebook is looking at doing it. there are a number of steps where it could happen any fact i asked nick carr does about as well as go. couldn't you say have something on the client side for the receiver gets the message and you can process the image to see if it's harmful and that's not

going to happen because it requires too much overhead in different places and it totally breaks the whole idea and it ends the privacy. it is a good question in terms of whether that sort of surveillance and using that interjection surveillances from the department of justice perspective something that would require a change in software. >> the way encryption over the wire works it's encrypted in one form that has received an unencrypt did but then when it's stored its encrypt it in a different way. google is encrypted with users credentials but it's not encrypted in the public-private key type exchange that happens for the key that's used for the session. she's asking is there a gap

between the two to get the information that's passing over in processing for security. >> i don't know the answer to that technical question that i've seen both sides of the debate which is some companies will argue book we have access to all these other categories of information. you don't get them but you can get these other three things. we turn that around and say if we can get access to these other things why can't we get access to this? you've made business decisions to obtain lawful access. it's impossible to do this. very sensitive data that they savor their own business reasons we will pain access for this one but not for the other one. they argue we are allowed to have another one.

just because it exists today. every company here representative our secure and they will continue to make access but they won't have encryption. >> if you would like to respond to that in any way. >> it's apples and oranges because sometimes and it's up to the user to decide how much risk they want to take on that the company or anybody else is going to look at the encryption so if you are using an e-mail system where it's encrypted while it's traveling and when he gets to me it's unencrypted when it gets you it's unencrypted and the company can look at it. we know that a macon maker risk based assessment about whether we want to communicate and whether we trust the company. in certain circumstances we don't want to. i want to be the case that only the two of us can read it and that's what we hear talk about.

we make that assessment and loretta for recent that's the risk that we either want to take or don't want to take. we make choices and the customers make choices and they accept the risk or they don't. that's the multifaceted world we live in today and the encryption is out-of-the-box and the cat is out of the bag and it's not going back in. it's the world we have to figure out how to deal with. >> last word robin. >> business reasons but it is policy reasons. we care about their data and making sure they can have very sensitive communications in a way where we don't have to worry about it because there are many many security threats. whether it's stored data and

billions and billions of records that are the subject of data breaches every single year or whether it's other forms. what jim is saying is right. the world out there when it comes to cybersecurity you are also raising extremely important points about the importance of safety on our platforms and we are extremely committed to making sure we get that right, that we provide strong encryption and other noncontact based ways to address the safety issues. we are committed to safety and continued to be the industry leader in this space and we really value and are appreciative of being credible and the work that law enforcement does to keep the public safe we are going to be doing our part. >> i think the three of you for this week ago on for hours about this. many of you have questions but let's take them off stage.

thank you all for coming and thank you all for watching and thank you for being here to talk with us. it's a very important topic. [applause] seen it thank you again and thank all of you here and at home for tuning in to the 2019 cato surveillance conference. usually i and these days kind of horrified at the enormous -- but we have observed. i'm thinking about the number of smart people there thinking about how to ensure that these powers are kept in their proper place so they work for us rather than used against us. i want to one more time thank not only are speakers that are wonderful wonderful conference

manager kiana graham who does all of the actual hard work. i can stand up here and look very clever for having assembled this. i. some speakers and everything that makes this conference come together works so smoothly as kianna's presents so please join me in applauding her. rather than stretch out my closing remarks i'm just going to invite everyone and for those at home, to join us in the atrium for some beer and wine and hors d'oeuvres. thank you again. [applause] [inaudible conversations] [inaudible conversations]

[inaudible conversations] >> where all elevated in our opinions because the news model

is forcing us toward more provocative stuff. where before they would have just said here's the news and that's my news now it's replaced entertainment. >> i would go into combat in afghanistan all tricked out with my bulletproof everything in my helmet. guys on my right and left with big guns. i was actually. safe. next to be put to someone like richard engel from nbc news. he standing there in an ill-fitting bulletproof vests that i assure assure you wooden stoppable upper 80s got it tinpot, don canted off to one side. he is risking his life to tell us what's happening. do you think he's serving us? i do.

people are eyes asking me what is the path? what's the path to redemption? we have to have something so i would try to come up with an answer because people keep asking me and i realized the answer is i don't know it's not my responsibility to figure out. how about you workshop that you troubleshoot keep trying stuff until you can forgive you.

here's a guy that had an influence on my decision to run for office and it was helpful in my winning and that i looked up to as the president and i wound up having to sit judgment on him and having to say i would vote for impeachment. >> i think you denigrate the role of the senate which has the important adjudicatory role to weigh the evidence, to study what it wants and agree or disagree and then our founding fathers made it extraordinarily difficult to eliminate a president from office by requiring a two-thirds vote and that's why i have always said unless this is done by partisanly and tragically there

is no bipartisanship here but i'm hopeful if it gets to the senate there would be bipartisanship trey dopson that there will be -- >> if the gentleman would deal. dashwood yields. >> now remarks from former national security adviser susan rice and she discusses her experiences in the obama administration talking about her book in her early life. from earlier this week this runs just over half an hour. >> i think we are going to get started.d. if everyone has finished their lunch. i know that was a quick lunch but we have a full day today. >> that was a great