pursuant to section 702 of the foreign intelligence surveillance act.

section 702 permits the attorney general to join the authorize surveillance of targeted persons who are not u.s. persons who are recently believed to be outside of the united states with compelled assistance of electronic communication service providers in order to obtain foreign intelligence information. although u.s. worsens may not be targeted under section 702, communications of or concerning u.s. persons may be acquired. 702 program is extremely complex. it involves multiple agencies, collecting multiple types of information for multiple purposes. overall, the board has found the information the program collects has been valuable and -- ineffective in protecting the national security. the program is operated under a statute that was publicly debated and the text of the statute outlines the basic structure of the program. the operation of the section 702 program has been subject to judicial oversight and extensive andrnal supervision,

the board is found no indication of intentional abuse. outside of this fundamental core, certain aspects of the section 702 program do raise theacy concerns and push program close to the line of constitutional reasonableness. including the scope of u.s. versus communications, the use of medications acquired through the internet that are neither to or from the target of the surveillance, and the use of such queries to search information collected under the program for the medications of certain u.s. persons. with these concerns in mind, the report that we are voting on today offers a set of policy proposals that should strike a better balance between privacy and civil liberties and national security. push theesigned to program more comfortably into the sphere of reasonableness ensuring that the program remains tight to its constitutionally legitimate core . the key goal of our studies to

improve public understanding of how the program operates. therefore we look forward to discussing our proposal, and i want to start by dispelling a great snow should about the program's operation. first, it is audible collection program. the program only targets medications a particular person. laster, approximately 90,000 targets were assigned in the program, but it is not a widespread collection of information. other than for those who are targeted based on the belief that there are non-us people outside of the united states with foreign intelligence values. second, non-us persons are not targeted when a person has the government has only a belief that a 50% likelihood that the person is overseas. there is no 51% test. is obligated to obtain a standard of due diligence. if there is conflicting information and equating whether a person is located in the

united states or is a u.s. person, that conflict must be resolved and the user must be u.s.rmined to be a non- person in order to be targeted. used inmericans are not targeted for discussing things such as osama bin laden. only specific electorates such as e-mail addresses can be used. tois important for the board enhance public debate by making the operation of counterterrorism programs consistent with national security concerns. during the process of preparing this report, we sought and obtained the classification of facts about the still highly classified program. in order to allow us to put in context how the program operates and clarify some public misconceptions. as a result, over 100 new facts were declassified by the government to provide needed context for the program's operation. i want to extend the appreciation to the personnel of

the officer of director of intelligence, department of justice, nsa, fbi, and cia, who worked constructively with the board in this process. the result is the more comprehensive program of how 72 operates, and we believe this will advance the public's understanding of the program. analysis was adopted unanimously. the board also unanimously operates 10 recommendations to strengthen privacy safeguards and to address these concerns. they are in a number of categories. first is a targeting process. the board called for the government to clearly articulate the foreign intelligence basis for its targeting decisions. second regards the role of the four intelligence surveillance court and the board calls for the government to submit a sample of sheets and query terms of the court can consider them. programparts of the

known as up street or about, the board calls for a periodic assessment to make sure that the best technology is being used to filter out purely domestic medications and urges the development of technology that would permit policy decisions to be made about whether so-called can be made.ns the board calls for declassification of consistent with national security of fbi, cia, and nsa atomization procedures and have the government provide more insight into the extent to which it acquires and utilizes communication of u.s. persons. with regard to efficacy, the board asked the government to develop a comprehensive methodology for assessing the efficacy of counterterrorism programs. lastly with regard to u.s. person queries, that is queries using u.s. persons, data program, for the 702 indicates of u.s. person queries conducted by the fbi, the board agreed that the fbi should update its minimization procedures to make it clear that in criminal matters, its agents

routinely query the database for section 702 information. the board also agreed that limits should be imposed on the fbi's ability to use and disclose 702 data. three additional statements are included in the board's report representing different board to limitingroaches the fbi's use and dissemination of section 702 information. one position is that there should be enhance internal review of that process. is that if this question is not pressing now should be addressed before it becomes urgent, and a third, such queries should be subject to approval before it should be made. he board takes up at the nsa and cia should take up committees for section 702 for four intelligence versus -- for foreign intelligence purposes only if the query is reasonably likely to return for intelligence information as defined in the foreign intelligence surveillance act. gone wald and i would've

further and we have separately proposed to additional regulations that were not adopted by a majority of the first is to ensure that medications when americans are properly purged if not evidence of a crime. the second is that for intelligence queries using americans as identifiers should only be made with court approval. board members brand and cook take the position that such queries are already rigorous and judicial review is not necessary or appropriate. all of the board's recommendations are based on policy grounds and none of them require legislation to be implemented. as part of the study we conducted two public hearings and one public workshop, and the board also solicited public comments through regulations.gov. dozens of comments were received and the board has reviewed all of those comments. we appreciate the public input that were valuable to the publication of this report. the board has received full quad

portion of the intelligence community. while the board was the report was subject to review, none of the changes that resulted from that process affected our analysis or recommendations. the entire report that the board is going to vote on today is unclassified, there is no classified appendix. pursuant to the board's statutory duty to of eyes the president and elements of the executive branch and congress, staff on briefed june 2 regarding the board's tentative: illusions and senior white house staff on june 17. in the course of inductive the found nothing but hard-working men and women in the intelligence community who are dedicated to protecting this country and we have seen no evidence of misconduct. the215 and 702 fit into router mandate to balance national security and oversee existing programs and providing advice on new programs.

it is not our institutional job to always oppose or critique counterterrorist reruns but analyze them. we will hold a public meeting to discuss where the board goes from here and get input on the boards long-term agenda. the board now has sufficient staff to work on more project -- on more than one project at a time, and we look forward to extending our oversight function and our advice function as well. to thank board staff who works tirelessly both to study , analyze them, and to make sure that the classification progress work smoothly. i will not give individual board members an opportunity to address themselves starting with ms. cook. >> thank you, david. i wanted to also start with thanks to the incredible work of the staff. for all intents and purposes, we have been building this airplane as we have been playing it, and

it takes extraordinary skill and dedication to do that, so thank you. i would also commend the chairman and in particular our executive director for again at flying this metaphor too far, their remarkable work piloting the plane. opportunityke this to briefly discuss some of the recommendations we have made. we concluded that the section 702 program is legal, valuable, and subject to intense oversight. our recommendation should not be indication of concern about the current operation of the program. instead, they are targeted and focused recommendations for relatively slight changes at the margins of the program. first and foremost, our recommendations as to queries using u.s. persons, identifiers, notabout corrections are driven by a concern that u.s. persons rights are being violated. instead, the recommendations are designed to prevent the section

702 program from transforming over time from a foreign intelligence program to a means of effectively surveilling u.s. persons. we have seen no evidence of a backdoor, so our recommendations are designed to make sure one is not billed. second, the current requirements for the foreign intelligence purpose of the targeting itionale are the natural primed the statutory structure as well as the historical underpinnings of the section 72 program. section 702 was designed to move away from requiring the expensive justification necessary for traditional fisa and for good reason. we're not recommending a return to a full traditional fisa packets, just the statement of facts, which will have the effect of increasing the rigor ch in thealysts' approa oversight process. i also wanted to emphasize the board's conclusion as to the

value of the program for the government's counterterrorism efforts, to say nothing of its larger for intelligence benefits. this program has assisted the government's efforts to learn more systematically about the membership, leadership structure, robbery, tactic -- priorities, tactic, and plans of international terrorist organizations. it has enabled the discovery of rigorously unknown terrorist -- previously unknown terrorist operatives, provided the location of known suspects, and allowed the discovery and disruptions of clots directed against the united states and foreign countries. a program can have value to my have substantial value, separate and apart from plots t hwarted, and the section 702 is an example of that. finally, the value of the board's report may be in the dispelling of the misunderstanding and ms. deceptions of the section 702

row graham -- misconceptions of the section 702 program. it is not always require a change in the government's operations. i hope we will now focus on building out our advisory capacity. the last year has been largely devoted to oversight, but our mandate is twofold. as we continue to build the permanent, meaningful federal agency envisioned by the 9/11 commission and congress, we have the opportunity to really think about how best to protect privacy and civil liberties in light of the need for counterterrorism programs, and i look forward to that process. >> judge wald. >> thank you. i do thank everybody was engaged in getting this fairly mammoth and complex report out in record time. i want to take just a few minutes, put in context why the

chair and i wrote an additional statements dealing with u.s. personal queries. as diligent readers of the reports will recognize, this is a very complex program, and its be able to is to collect the communications of foreign, non-us persons who are based abroad. in that process, however, the maycations of u.s. persons and are collected where they are communicating with the foreign target. in many cases, the u.s. person may well not know, in most cases may well not know that they are communicating with a foreign target. since we are a privacy oversight our focus was on the privacy of the u.s. persons who

indicate with targets, in many cases not knowing that they are target. if those medications on their face contain foreign intelligence of it seems quite reasonable to other members of the board that the government be to thatuse have access for intelligence. however, the fact that is in the vast scope of the numbers of two indications of u.s. persons that are collected without their ,nowing it in this process there will be much private and financial information, which beer normal rules would , where isas privacy that everybody, and this is in the main body of the report, recognize that americans have a fourth amendment, some fourth amendment interest, protected interest in their private indications, so to get to -- to

go to the chase, the two recommendations that we felt were needed additionally were one -- right now, when u.s. persons can indications come in, they may contain a lot of private information, which is not at all relevant to foreign intelligence. in the current practice, those are not purged in any regularized fashion. the minimization requirements which we proposed made more restrictive, say that the analyst upon review, but there is no duty to review ever, ,hould be purged of a taken out but only if clearly they cannot be of any foreign intelligence value, and the standard that is

used is what we would call kind of a mosaic standard. the analyst has to decide that even if right now there appears to be no foreign intelligence value, is inconceivable that in some distant future or some other analyst or somehow it might become relevant -- we don't think that should be the standard. we believe that there should be a duty to at the point any query is made of u.s. interests, u.s. persons interests, that there should be a purging process going on, which takes out the information which is not of foreign intelligence value. we said in our statement that is what the original definitions in the fisa registration, still apply to 702, and the thought of meant tonal directors happen. the other recommendations we had were for some kind of judicial oversight, and in this case it

has to be fisa because there is no access to regular district courts for individual applications. courtnk that the fisa should have to approve a query foreign a potential intelligence value. the same thing would be true in the case of the fbi when they send these things through to see if there is any evidence when they are making an assessment or investigation of a regular crime. there ought to be some judicial approval of the fact that it is reasonably likely to come up with foreign intelligence value. perhaps it is my own insurance as a judge, but i do feel that some kind of outside, not involved approval ought to be necessary before the private information of a u.s. persons which is not of intelligence

value should be made accessible in these queries. >> abraham. >> thank you, mr. chairman. staff your thanks to our who tirelessly worked throughout this respect and to shepherd it through the preclassic, preclearance review process. turning to the substance of the report, i think it is a -- significant of the board with our very it grounds unanimously concluded that this program at its core is statutorily authorized, cause additional, and highly effective. our believe that our target recommendations for the program will protect civil liberties without impacting the effectiveness of the program. i do not plan this morning to address these separate statement of chairman mdeine and judge wald -- chairman medine and judge wald, but i do want to dispel the common misconceptions that have surrounded this program in recent months.

irst, as our report made clear, this is not able collection program or a dragnet. i do not think we can stress that often enough because it has been such a common misconception. under section 702, the government may only target individual non-u.s. persons located outside the united states from the government -- whom the government believes will have for intelligence information. to impact that, the government may never target americans under section 702 no matter where they are located. they may never target anyone inside the united states. the government must select specific targets for surveillance and collect only the communications of the target and even when selecting a particular foreigner or abroad -- second, i would like to dispel any notion that this program is likely to give the government a complete or even a significant picture of an american's private life. our report discusses incidental collection under section 702, and chairman medine already

reference this. if a targeted foreigner abroad communicates with a person, that will be collected. vote -- it is unavoidable under the program. concerns have been raised about the extent of collections. we spent a lot of time at the board looking at that, but the fact is that the government is not exactly have a u.s. two indications are collected under section 702. that, we have made recommendations that the government take measures to access the collection, and we look forward to seeing a result of that inquiry and deciding whether in the additional regulations to the program should be made on the basis. but it is already clear based on what we do know that the chance that any given american will have any of his or her communications collected an under section 702 is remote.

if the individual is an communication with a targeted thengner unde abroad, yes, it can indications with that individual will be collected, but none of his other can indications. and if an individual is regularly in contact with a number of targeted foreigners abroad, such as a significant number being incidentally collected, then that collection can be very important for the government to know. value --to maturity examples to maturity value where they exist. i hope the rest of the board's report will dispel the program and i look forward to you with the government on the recommendations we have made. ask mr. dempsey. >> thank you, mr. german. -- mr. chairman. obviously, missing the work of our staff and getting this report to conclusion, i would say as a person who values his weekends and there were far too

many weekend and e-mails with this report, but that is something that it takes, and i appreciate it time people put in on this. there were couple of overarching .eports one, as the chairman said, everything we wanted to say is in this unclassified report. nothing that we really wanted to say to explain this program that we were not able to say, and in the process of producing the reports and pushing it through the interagency review process and classification, as the chairman discrete additional facts about the program were declassified for release, and i think there is a very important lesson about intelligence and national security in the

post-9/11 world that our governments, any government, i believe, but our government can talk about programs of this nature, of this importance and that it can be done in an unclassified way. secondly, the report unanimously find that the program fits within the statutory framework that was publicly adopted by congress. in this way, there is a major -- contrastween between this program and the 215 telephony data, would the board concluded was not statutorily authorize. this program is the program that congress andy written into the statute. i think that as well carries a very important lesson about

intelligence and national security in a democratic society. that the statute on the books can describe the governmental powers that are being exercise. d. thirdly as to constitutionality, i remember when section 702 was being debated, there was a lot of questions being raised as to whether a program targeting non-u.s. persons overseas, court who under current interpretations have no fourth amendment rights under our constitution, whether a program targeting non-u.s. citizens abroad implicated the constitution at all, even though it clearly was going to intersect some communications to and from people inside united states. that debate in my opinion is over with, whether this program implicates the constitution. the government position is yes, this program does implicate the

fourth imminent rights of americans that this program must be analyzed through a constitutional lens, and our report is premised on analyzing this program through the lens of the fourth amendment. the program collects can indications to and from u.s. citizens and others in this country. really urge anybody, including members of the public -- i really think we tried in a pretty clear way to spell out the constitutional analysis by which a program like this should be analyzed, and i think really provide a lot of important clarity to how to think about the application of the fourth amendment to the constitution and the context of intelligence collection programs that collect communications to and from americans.

controversialthe aspects of the program, among the most controversial aspects of the so-called about collection, and to a lesser extent the multi- --ication transactions, multi-communication transactions, mct's, the board found after digging deep into this that both of those info involve necessities the way the technology associated with the way the program operates. and we concluded us to both of them that as of now it is not possible to avoid technologically speaking, not aboutle to avoid even

collection. we're not talking about keyword or collections about an american at that point, we are talking about collection and can indications that are about the selectors being searched for. we spell all of this out in great detail in the report, and say that more work is needed to be done on the technology about collection and with upstream collection in general. and we urge the government to work with telling -- telik medication service providers to develop the technology that will segregatellow us to those communications, then you can have sort of a policy debate about how and under what criteria to do so. and finally on queries, querying the database of collected 702

data looking for two indications , u.s.from americans persons from using the identifiers -- again, the board unanimously agreed that this clearly raises fourth amendment implications and policy implications. it clearly affects the rights of americans. my own view was that trying to limit discovery of data in the database in the hands of the government is not the right way to go here. that discovery of the information should be permitted under a relatively -- under criteria, but under a relatively flexible and agile and prompt process. i do believe that limits should be placed on the use of that data, and i've referenced in my one paragraph on this issue the

president's own policy directive in which he is doubtless limits on the use, limiting to national security matters the use of data collected about non-u.s. persons abroad in both collections scenarios. i thought that was a place to look. this issue will continue to be debated. is one contribution to that. i think the board will continue to be engaged on that issue. think there are a variety of ways in addition to those separateut in the two statements by board members on that question. again, thank you, mr. chairman, thank you to the board members. we spend a huge amount of time on this, debating among ourselves, and the product is found in this unanimous report, which i do urge you all to read. just don't go through the headlines -- dig in on this report.

i think it is a remarkable report. backspace on the board was a review of the section 702 operated under the foreign intelligence surveillance act, i now move that the board approves its report and the recommendations. all in favor say aya. >> aye. the vote is an animus -- >> the vote is unanimous. i want to indicate that the board will be holding a public meeting later this month to vote on the issues of its semiannual report to discuss the board for the board was a short-term agenda and to seek public input on the board's medium and long-term agenda. i now move that the board approved the publication of the federal register, announcing that meeting to be held on july 23 at 1:00 p.m. all in favor say aye. >> aye. >> the vote is unanimous. the july 23 80 will be published. the board for the activities for the day are now complete. the board encourages all of

those who are interested to review the report, as did see said today, go to --where the report can be transmitted. available onll be our website. all in favor of adjourning, say aye. >> aye. >> we are now adjourned. the time is 10:35. thank you. [captions copyright national cable satellite corp. 2014] [captioning performed by national captioning institute] screeria -- nigeria. -to

prosecute those accused of committing war crimes in syria. texas congressman ted poe took part in a recent discussion on digital privacy laws at the cato institute. the republican lawmaker is a

co-sponsor of legislation that would require the federal government to show probable cause before accessing electronic communications. he was joined by privacy advocates and industry representatives for this hour and a half discussion. >> good afternoon and welcome to the cato institute, both to those joining us in the auditorium and those joining remotely via the magic of the moving pictures i'm told the young people today enjoy so much. my name is julian sanchez, i'm a senior fellow here. we're here to discuss the path toward digital privacy

reform. i refer not merely to unprecedented public scrutiny on government intelligence surveillance that has emerged over the past year as a result of leaks originating with former nsa contractor edward snowden. often i find in my experience speaking and writing about those issues that members of the public are shocked to discover that extraordinarily easy access to our most sensitive forms of digital information is not restricted to hypersecretive spy agencies chasing international terrorists and spies, but that smaller-scale versions of similar capabilities are enjoyed by local prosecutors and police departments on the trail of drug dealers and tax evaders. certainly even collectively they can't quite compete with nsa for sheer magnitude, but the explosion of digital surveillance by law enforcement is nevertheless quite

staggering, especially when we recognize that until extraordinarily recently, it has largely occurred out of public view. just to give you a taste of the information -- the scale of this that we've recently begun to become aware of using companies who we have representatives of here today and which have voluntarily begun providing some transparency on that score. google in the second half of 2013 alone fielded more than 10,000 requests for government information about more than 18,000 accounts. 4,000 of those accounts were the targets of search warrants. the rest subpoenas and other kinds of court orders subject to much lower standards. only 11 of those orders were full-blown wiretap orders which require a fairly high standard of evidence. higher even than an ordinary search warrant. and which we do have public information about, because wiretap orders are aggregated and counted annually in a fairly detailed report.

microsoft must be jealous. they fielded a measly 5,000 requests in the same six-month period at the end of 2013, covering some 13,000 accounts. again, as for other companies did not voluntarily begun providing transparency reports, we simply have no accurate picture of the scale of government access to either the contents of people's digital communications or equivalently sensitive metadata about their online activities. this is somewhat remarkable because the supreme court recently held in a unanimous ruling in riley v. california, search of a modern cell phone, the data on that phone, would typically expose to the government far more than the most exhaustive search of a house. this is sort of bringing out the constitutional heavy ammunition, since the home is traditionally the most strongly protected domain of privacy. the court further observed showing they are somewhat

clueful technologically, at least that increasingly this kind of sensitive information is as likely to be stored remotely as locally. and that as they put it cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference. the court noted of course it makes little difference to the user. under federal statute, the 1986 electronic communications privacy act, it makes an enormous difference. under many circumstances the statute allows cloud-stored contents or metadata about people's internet activities so detailed as to be equally invasive, to be pursuant -- to be obtained pursuant to mere subpoenas or other court orders with substantially lower standards than search warrants. certainly court orders in several districts -- court rulings in several districts, most notably the 2010

rorschach ruling have empowered providers to insist on warrants for content at least. this leaves us with an uncertain patchwork of rules leaving users, tech companies, and law enforcement all fairly uncertain about the scope of legitimate government authority to demand information about users. almost everyone at this point acknowledges this state of affairs is not tenable. more than half the members in the u.s. house of representatives have signed on as co-sponsors to legislation that would update privacy safeguards for the cloud computing era. even the justice department and fbi have effectively acknowledged the law is out of date and amendments requiring warrants for remotely stored content are appropriate. yet nearly 30 years after the passage, reform remains stalled. today we're going to explore why that is and what we might do about it. before i introduce our panel of

experts to discuss this, i'm very pleased to say we have with us congressman ted poe to deliver introductory remarks. congressman poe represents the second district of texas. apparently the first republican to hold that honor. came to congress from a long career in law including eight years as a felony prosecutor and two decades as a harris county judge where his wikipedia page will tell you he became famous or notorious for creative sentencing, though representative poe assures me many of those colorful stories should be marked "citation needed." more relevant today, has he been a powerful advocate for privacy reform with his colleague he co-sponsored online communications and geo location protect act, which as he put it in an op ed last year aims to revise to protect internet users from intrusive and unwarranted government surveillance. i'm very pleased to welcome congressman ted poe.

>> thank you, julian. thanks for the invitation to be here. it's good to see all you all this afternoon. as julian mentioned in my other life before i came to congress, i spent 30 years down at the courthouse in houston, criminal courts building, which i dubbed the palace of perjury. i spent that time as a prosecutor and then as a judge, a felony court judge, hearing criminal cases, everything from stealing to killing and everything in between. because of that experience, i spent a great amount of time dealing with the u.s. constitution, primarily the bill of rights and primarily the fourth amendment. to give you a little background and address specific issues that we have here today, back in colonial days, the british were determined to make sure that goods brought into the united states were not smuggled.

because if they were smuggled, they didn't pay -- the colonist didn't pay the tax that was due the king. so they came up with an idea to search the colonists, primarily their businesses and their hopes, to see if any of that smuggled goods came in without paying the tax to the king. they invented this document called the writs of assistance which was a flowery term for a general warrant for the british military to go into someone's residence or business and look for really anything but primarily looking for smuggled goods where people didn't pay the tax that was due the king. this irritated the colonists a great deal. after all, they did have a war of independence. one of the reasons was because of the writs of assistance. after the war was over, got our independence from britain, wrote a constitution, then came up

with a few bill of rights, ten of those that really had their founding and purpose to prevent government from intruding the right of privacy of specific individuals under the new country called the united states. which led to the enactment of the bill of rights, primarily the fourth amendment. i have it up here on the podium. i guess if i was high-tech enough i would have it here on the screen but it's on a poster. i will read to you the fourth amendment. you can look at it. there's a lot of provisions in it. volumes of legal treatises have been written about the fourth amendment, volumes. we're not going to have a law school indoctrination about the fourth amendment. let's just read it and see how it applies to today's society in 2014. the right of the people to be secure in their persons, their

houses, papers and effects against unreasonable searches and seizures shall not be violated. and no warrants shall issue but upon probable cause supported by an oath or affirmation and particularly describing the place to be searched and the persons or things to be seized. what this means is this. if law enforcement wants to search something in your residence or in your effects or in your property, the officer that wants to do the searching must go before an independent magistrate, the buffer between law enforcement and the citizen, and swear out an oath, under oath, a warrant to search a specific place for a specific thing or person. that's on the back end of the fourth amendment.

it has to be very specific. it has to be specific enough under our law that if the judge signed the warrant, the judge could give the warrant to a different person and that law enforcement officer could read this warrant, know exactly where to go, know exactly what he's supposed to be seizing, and who he should be arresting if there is an arrest. that's how specific the warrants have to be today. and that was the reason the fourth amendment was written the way that it was written. but the purpose is to secure privacy of the individual. so let's use a hypothetical. not a specific -- it's not specific -- really too specific, but it's a general hypothetical that i would like to just talk about. we have two notorious outlaws in texas. that's where i'm from. one is ollie oglethorpe and the other is bobby joe oglethorpe.

they are bad guys, they are bank robbers, they rob people, they rob banks. let's say that they decide to come to washington and they plot and scheme to rob the congressional credit union over in the longworth building. they go inside. they rob the place, take the loot, and they make away their escape and get away. and they hide somewhere in washington, d.c. that's all we know. they're not captured. but we know probably that the two individuals are somewhere in washington. so if law enforcement decided, okay, we're going to go get ollie oglethorpe and bobby joe oglethorpe, we know they're in washington, they would go to a judge. they would say to the judge, we know they're in washington. we know they're in zip code 20003.

but that's really all we know. we would like a warrant to go into all of the places in zip code 20003 and find bobby joe oglethorpe and his brother ollie and most importantly get the loot. there is not a judge that would sign the warrant to allow law enforcement to go into every building and residence. we all know that's absurd. there is no way that would occur. because the residence or the place in the warrant is not specific enough to go to that location and find the oglethorpes and or the money. that would be a general warrant. that would be warrants that maybe the british would have imposed back in colonial days. because the fourth amendment prohibits that type of conduct. however, let's assume the oglethorpes have spent some time

on the internet discussing this criminal activity, discussing where they're going to hide, where they hid the money, and some of their other criminal enterprises. if law enforcement had probable cause to believe that occurred, then they could go to the appropriate judge and get a specific warrant and maybe go to one of these folks here and get that information, their e-mails. but let's say they don't have probable cause. they just don't have enough information to convince a judge they have probable cause to believe the information is there that they're looking for. so what do they do? they wait six months. all of a sudden on six months and one day, without the use of a warrant stating probable cause, they may seize that information without probable cause because the law says you can seize it.

one would think that that's absurd, that just because it's six months and one day that the warrant requirement should not be required. but that is currently the law. because the law was written too long ago to keep up up with modern technology. the electronic communications privacy act as julian said was written in 1986. the internet and all our electronic knowledge and storage has changed since then. because of that, zoe lofgren and myself and others have sponsored one piece of legislation, and there's other pieces of legislation members of congress have signed on to, to fix that problem and guarantee the right of privacy. if e-mail storage is over six

months old. stored in the cloud somewhere. will the supreme court, independent of this legislation, will the supreme court rule that you have a reasonable expectation of privacy if your e-mails are stored over six months in the cloud? i don't know how they would rule. i really don't. that's why it's up to congress has the responsibility to legally state there is an expectation of privacy, because that is the key phrase under our law and under the fourth amendment. what is the reasonable expectation of privacy of the citizen whose information or property or papers is being seized. i don't know what the judges and supreme court would rule. they may say, you don't have a reasonable expectation of privacy. there's people in law enforcement say, you don't have a reasonable expectation of privacy, we're going to seize all that information. then there's others who say, yeah, there should be a reasonable expectation of

privacy. we can debate that issue theoretically forever. congress must come in and say, yes, there is a legal expectation of privacy when your e-mails are stored in the cloud. go back to the situation with regular mail. now called snail mail i guess is what it's called. some of us still use snail mail. you know, of course, if you're writing a letter to someone and you seal the letter and put the stamp in it, over it, you actually give that letter to government. and government sends that letter all over the country until it finally reaches your mother-in-law's house. but there is a general expectation of privacy in the contents of that letter. sure there are exceptions. we're not going to talk about the exceptions. but there's a general rule, government cannot go into that letter and read what you're writing to your mother-in-law.

can't do it. what if the government hangs on to that letter for six months? does that change your reasonable expectation of privacy? probably not. and this is going to not a private company, it's going to government has the duty to protect your right of privacy. e-mails, they're not going to the government. they're going through a server through a private enterprise. through a private corporation. that should be even more protected. not less protected than regular mail. why? because it's not in the possession of the government, it's in the possession of a private entity. but yet if government waits out the six months, then they can seize all of that information through the cloud. i think that's a violation of the fourth amendment and i certainly think congress should weigh in on this issue to make sure it's a protected right under our constitution and

legislatively. there are other examples. you have a safe-deposit box. you take over your birth certificates or whatever people put in safe-deposit boxes. you take it over to the bank and you leave it there. is your right of privacy, the right that you must require government to get a warrant to search your safe-deposit box, forfeited after six months because it's six months old? i think not. yet for some reason because of the way the law was written, the when all of this high-technology didn't exist, the law allows for that seizure of information. not only is it seized, the citizen doesn't know it's seized. they're not informed that it was seized or what was seized. going back to the search warrant requirement. now the search warrant requirements giver from state to

state but they all require an affirmation or oath by the person who wants to do the searching. but in many warrants, criminal warrants, for example, in the state of texas, those warrants are returned to the judge and the judge gets to review what is in the return. what was seized by government. eventually those warrants can become public record so everybody is on notice as to what was seized. plus the person the property was seized from gets a copy of what was seized. that's how important warrants are, except in the area of receiving information through e-mails. you not only don't know that your property, e-mails, were searched. you don't know what was taken by government. further, government keeps that information forever. you may never know about that, even if you're an innocent bystander.

let's go back to ollie oglethorpe and his brother bobby joe oglethorpe. in their e-mail train of criminal activity, if you wait six months, the government can seize without warrant all of their e-mails. not just between each other and their criminal enterprise but to whoever they were sending e-mails to, or communicating with back and forth. that third party, innocent party, let's assume, certainly doesn't know about that. my personal opinion, that's a violation of the fourth amendment right to be secure in your persons and your papers and your effects under the fourth amendment to the constitution. so what does this do, it basically applies the changes in all the legislation, applies the fourth amendment standard to e-mails. there's a lot of reasons why that should happen. first, it puts people on notice

as to what the rules are going to be. not wait for the supreme court or other courts to make maybe different opinions down the road as to whether it's lawful or unlawful now. put them on notice. congress has that responsibility to do so. but also, we have a disadvantage -- i say we. american companies have somewhat of a disadvantage because this rule, people know that this is what occurs, so other companies, other countries compete against the united states where people go to some other server where they don't have this problem with the right of privacy. who would have thought that this nation, being the nation that's supposed to be the most democratic, freedom-loving, protects the right of people to be secure in their houses, right of privacy, would be second to

countries that supposedly don't have that issue, supposedly, but yet protect that right on their servers. so that puts our american companies at a disadvantage. get a warrant. that's the bottom line. get a warrant. if you don't have probable cause to get a warrant, you can't seize the information. that's what the standard should be. it should be -- it's been that way since we enacted the fourth amendment of the u.s. constitution. and it should be that way indefinitely. some say that the constitution is archaic, it doesn't apply, you can't make this work based on the constitution. i think it applies quite easily. the general rule to get a warrant if you want to seize the information that belongs to individuals. whether it's in snail mail or whether it's in e-mail or whether it's a lockbox at some bank. now, where is this legislation going? well, i hope it goes and passes this year.

it is a bipartisan piece of legislation. all this legislation is bipartisan. it's in the house, it's also in the senate. passed the judiciary committee of the u.s. senate. a piece of legislation to protect the right of privacy, get a warrant if the e-mails are over six months of age. i would hope -- i'm on the judiciary schedule -- i would hope we could get this through committee and on the floor this year. this is actually something i think will pass. it will pass the house, it will pass the senate, in a bipartisan way. the president indicated some months ago now that he thought there should be some epca reform as well. so i think that's something that ought to happen, something that ought to continue -- we should continue to work on with other members of congress and move out of the judiciary committee in the house, then get a floor vote on the house bill and get a floor vote now on the senate bill as well.

now, i will stop at this point and take a couple questions, see what's on your mind, or comments if you wish. yes? >> my question is [ inaudible ] -- treating what i call the disease rather than the symptom. using the fourth amendment to protect privacy, it's a symptom of a bigger disease of government doing things that it shouldn't be doing, passing thousands upon thousands of criminal statutes that it just shouldn't be doing. so my question is, is there anything that combines the two? >> i think i heard most of your question. i'll try to respond to the parts i heard. you can correct me if i didn't get it correct. yes, this is just one issue of

government oppressiveness of citizenry. law enforcement always seems to push the envelope as to whether they can do what they're doing to get information, especially on what they think is criminal conduct. based on my experience at the courthouse, based on what we've seen. they will always interpret the law to the extent that allows them to seize the information. that's why when we draft this legislation, it has to be very specific so they know you can do this and you cannot do that. but it's not just with what's stored in the cloud. you could talk about the nsa, for example. the massive amounts of data that have been seized on americans from the nsa in violation of the patriot act.

they still have that information. we don't know all the information they have because they're not telling us what they have on individuals. i will say this, it's always in the name of national security. nothing wrong with national security but that's the argument. we have to give up rights is what we're told in the name of safety and security. that argument that been used by governments always. unfortunately people historically, whether it's a democracy or not, have been kind of willing to give up their personal liberty in the name -- hoping to get protection and safety. nsa, let me give you one comment. we had the undersecretary of the justice department before the judiciary committee. and i asked him, of all the information that has been seized

by nsa, all of it, how many people have been prosecuted upon this massive seizure of information in the name of national security? do you know what he said? make maybe one. so actually what they're saying is not making us any safer.ybe . so actually what they're saying is not making us any safer. they're not getting the information that protects us from the bad guys because only one person maybe has been prosecuted. but they store this information on americans. i think it's wrong. i think it's a violation of privacy. it certainly also was a violation of the patriot act. that's why week before last many of us got an amendment to make it more specific on what nsa can seize and what they cannot seize. it is a symptom of a bigger problem of government seizure of information on citizens in violation of the law and the spirit of the fourth amendment.

does that answer your question? >> i think we can probably squeeze in one more. i think we have microphones if we have any further -- >> one problem we've heard for many decades now is enforcing the fourth amendment is that the only remedy provided when the fourth amendment has been violated is excluding the evidence, which means if the fourth amendment rights of an innocent person have been violated, there's no remedy. i was wondering, does your legislation try to address that, provide some remedies to enforce, you know, in case -- in case those seizures that you're making illegal, in case they are made, no judge is reviewing the evidence but also protecting innocent people? >> excellent. excellent comment.

you're exactly right. the united states has come up with the philosophy of the exclusionary rule, which means if evidence that's unlawfully seized under fourth amendment in a criminal case, that evidence is excluded and government may not use that evidence if a judge determines that it was unlawfully seized. whether it's fourth amendment or whether it's a confession. any lawful -- that's the remedy under our law. i think your point is well taken. as we move forward on epca, there has to be some other remedy besides exclusion as to what we do with that information. certainly i think we ought to eliminate that information if it's unlawfully obtained. we need to have that debate and that discussion. i don't know the exact answer on what it should be but it should be something else besides the evidence is excluded. that doesn't help the individual who's the innocent person out there. it may help bobby oglethorpe and ollie oglethorpe, but it doesn't

help the innocent person whose information was seized and is still stored by government. good point. we need to add that into legislation before it gets out of our committee. one more question or are we done? >> one more quick one. >> quick question. technology [ inaudible ] -- >> hang on for a second. >> you have social media and things like secure portals that companies use to exchange information with each other, things like that, that are all out in the cloud. so what's your next step once you get the e-mail protected? >> we have to address all of those issues as well. right now we want to solve the e-mail issue with epca. i think for passage we ought to deal specifically with e-mails so that we can get something and then amend it as we progress through technology, keeping in mind the spirit of the fourth amendment as well.

all right. well, thank you very much for your attention. i appreciate it. thank you. >> thanks again. i'll invite our panel members to join me on the stage here. we have i think -- as formidable a panel as one could ask for for an event like this. joining me here we have, greg newjames hoy know quite well who's senior counsel for the head of project on freedom, security, technology as well as co-chair of american bar committee on american civil liberties. before that an attorney in private practice and director of legal services for the american arab discrimination committee as well as legislative counsel at the american civil liberties union. a veteran of the fight for

digital privacy and also one of the driving forces behind the digital due process coalition. we actually have several members represented onstage. also to my left we have nick jones, who is an attorney at the legal and corporate affairs group at microsoft where he provides legal and policy advice on a range of issues related to legal compliance and government access to data. he's also been on the other side. before joining microsoft he was director for counter-terrorism of the national security council staff at the white house and also previously counsel to the assistant attorney general in the national security division at doj. he's also spent more than seven years working on capitol hill including five and a half at counsel for the senate judiciary committee. my immediate left, david leiber, privacy policy counsel for google where he works on privacy and data security issues. i hear occasionally those come up at google.

previously he was an associate at e-commerce and privacy company and worked as legislative aide to dick durbin. to my right, katie mcauliffe, americans for tax reform and executive director of their digital liberty project. she researches not only privacy but impressively geeky issues such as spectrum allocation and internet taxation. she previously was a staff reporter for congressman sterns and a radio professional, both u.s. and abroad. her commentary has appeared in a dizzying array of national publications. she holds a master's in mass communication and telecom policy from the university of florida. so please welcome our panel. i want to again -- i want to begin with greg because -- i know really few people who are more well-schooled in the intricacies of epca. so before we discuss current

challenges in any reform it's certainly important to have as clear an understanding of that byzantine statute as is possible before we talk about the needed changes. so i want to ask greg to maybe begin by sort of giving us a quick thumbnail sketch of how epca works now and why at one time people thought that made sense. >> thanks, julian. again, center for democracy and technology. i want to thank the cato institute for hosting this event and julian in particular. thank you very much. so ecpa is a statute from 1986. and just to put a little flesh on the bones of 1986, i imagine some people in the room weren't yet born in 1986. one of the leading car models was the ford maverick. i didn't have one, i couldn't afford one. but that was one of the leading car models. we had just put away our eight-track tapes and

that governs privacy on the internet was born. when we first were using internet, a lot of us used aol, america online, downloaded e-mail from aol servers to computers. storage was expensive. you know what you did? you printed that e-mail out because it was too expensive to save. aol would only save it for a few days after you had downloaded it. fast forward to today. storage is cheap. companies are out there saying, why would you ever delete anything? people don't delete stuff. they leave it forever. it's really cool. you can access it wherever you are. you can use this little device and access information in the cloud no matter where you are. you can be in germany and do it. it's really amazing how much technology has progressed. but the law didn't.

the law stuck back in 1986, so it reflects its time. so for example, because the aols of the world would not save your e-mail for you for six months, if an e-mail was that old, six months old and still on aol servers, it was their property. that's how it was looked at. you had basically abandoned it. it had become a business record of aol, and it was available to law enforcement with a subpoena. that's the way the statute is written. if it's newer, a warrant aplies to get that e-mail. and ecpa didn't account for things in common use at the time. these little guys, cell phones. there were cell phones. you know who had a cell phone in 1996, captain kirk had a cell phone.

and so the statute doesn't reflect, didn't set a rule for law enforcement access to the location information that this little guy generates. every few seconds he pings off a tower. i'm here, if the call comes for greg, send it here. that's what this phone is doing every few seconds. and a record is made that the phone is registering on that tower. what does ecpa stay about reference to access to that information? nothing. the reason it doesn't say anything it was not an issue to be resolved back in 1986. and now we have to face these issues and judge poe in his credit has got legislation to face those issues in a very good way. >> so, i'll address that to perhaps david in tandem, you can

divide these up if you want. but we've had an array of court decisions beginning to address these problems. as we mentioned, location. we now have two at least federal district courts, federal appellate courts holding historical software information does actually act, because it's not a dial phone number. it's information that your phone is sending automatically with or without your knowledge. it doesn't fall under the third party exempting them basically from fourth amendment protection. but you guys are dealing with some of the practical questions that arise as a result, not just the federal statute, but involving court decisions, a decision called rorschach, holding it that it does apply to e-mail as long as it's stored.

there's a whole range of visual-type contents. the u.s. now, those companies across the board require a warrant in forms of content, in terms of transparency. but i'm wondering to what expanse you still get requests for content or other kinds of information without a warrant. and also an attempt how you draw that thorny line between content and metadata and content online. it's not always clear what is content and what is metadata. you go to a web page, and it tells you what the content is, is that content or metadata. i'm unclear, what kind of problems, what legal puzzles arrive and what kind of pushback do you see from law enforcement. >> yeah, i mean, thanks, julian. you alluded to the case in 2010 where the 6th circuit held that

users do enjoy a reasonable expectation of privacy in their e-mail. notwithstanding what ecpa says and the distinctions that it makes which candidly frustrates the expectations of users that take advantage of our services. and the court went a little further in warshack to the extent that ecpa does not require a warrant for content it's unconstitutional. and i know google and microsoft and others have relied on that decision. i think at least perceptually, that application is aggressive. but i would submit it wasn't so much our application of the warshack that should be the focus, but rather, the application of the 4th amendment outside of the 6th circuit. the court's decision in warshack, really sort of rested on, you know, core fourth amendment principles.

i don't think we've seen in recent years since the warshack decision, a lot of pushback. we've heard periodically there would be efforts to challenge the notion that a warrant should be applied from all circumstances. when i see the issue crop up at least from the google side, it comes from state and local law enforcement agencies, which of whom are not as familiar with the warshack decision, they will file, or issue a subpoena for content, will remind them or at least make them aware of the warshack decision or don't come back to us or they will come back to us with a warrant. we haven't seen a lot of pushback on that. one of the bigger risks is not so much the googles and microsofts of the world will

gather content. it's smaller provider, some of whom have thousands, hundreds of thousands or millions of users but are still sort of fledgling businesses that don't have necessarily the resources or the legal acumen to recognize the differences between what ecpaization and the fourth amendment. and maybe follow it as closely so they'll see an official-looking subpoena that demands content based on the subpoena. and they will provide it. so those are the bigger risks from the public policy perspective which i think underscores the importance of codifying the warrant for content requirement. >> i agree with everything that david said. and i would add a couple things. one is, you know, we're operating in a global marketplace, right. where people have less familiarity with the legal requirements in the u.s. and particularly, less familiar when you're talking about case law and how that's being implemented.

so explaining to people and reassuring them that a warrant is actually required for content is sometimes difficult when you're dealing with people who are less familiar with our legal system and applicable law. so i think there's a significant interest that we all have in making sure that this is clarified in the law. you know, the second thing i would say, i think what we're seeing here and what we're all talking about is trying to make sure what the law and the protections afforded to it under the constitution. keep pace with not just technological development. and the way people use that technology, the things that are stored in the cloud. you know, i think we're seeing important steps taken by the court. those thing, helpful. we're not getting a lot of pushback on those things but while the court's been a leader in recent weeks and months and with warshack, certainly, there's a problem that we still have, where it's not a

comprehensive solution, it does leave a lot of gaps where we know what the law is what we're supposed to be doing or not doing. we've got a case in new york, facebook does as well. both of which raise important questions about what providers legal rights are to challenge things when they receive them. and, you know, the geographic scope of u.s. legal process. and whether or not congress actually meant warrant when it said warrant, and what the implications of that are, in terms what the tick alert requirement which congressman poe talked about and all the other aspects. >> you mentioned the global market in competing. i'm curious what extent you see this raised. particularly with customers, i know if you're sort of a large corporation, potentially dealing in regulatory agencies or, you know, global u.s. attorneys who might be looking into what

another company is doing, you might really prefer that it a request for information come to your in-house counsel, rather than someone's else's attorney. >> yeah. >> to what extent domestically and internationally do you have a sense that there is a weariness of moving to the cloud for all that it entails because of the practicalness of being to assure all of that data? >> yeah, it's a huge issue. it's probably one of the things i underappreciated when i took this job, just how much time i would spend dealing with customer concern on the enterprise side. and to sort of use an example to sort of illustrate this, i think this is another area where the law really hasn't kept pace with technology and the way people are using it. if you're a large multinational corporation today, and you're providing your own e-mail

service. and you have an on-premise e-mail or cloud storage service, the government goes to you to get the information. and they serve an order, a subpoena or sometime, a search warrant, on the company itself. it goes to their general counsel's office, and they figure out how to respond to it. and there's certain information that they possess that is afforded protections under the law. there is a great fear out there, not just about government obtaining their information, but doing it without their knowledge. and i think, you know, when you're talking about a company considering moving to the cloud, there are a lot of them that are concerned that they're going to serve legal process on microsoft or google or somebody else and get that information without them knowing because of a nondisclosure order. our position is basically, you went to the multinational corporation yesterday, you should go to them tomorrow.

and we shouldn't be in the middle of that. and to the extent there are nondisclosure obligations they should account for certainly the government's interest in makes sure evidence isn't lost or lives aren't lost. but there's often, almost always a way to do that without compromising the information. if you can talk with company, general counsel's office, they aren't going to notify the target. they're found by the same disclosure and i think the law should account for that. you know, one of the things that was interesting, i was recently reading the legislative history of ecpa, one of the things that congress stressed, even though it got a fair amount wrong when it drew the 180-day line, one of the things they were trying to do, and they made this very clear, is sort of promote the adoption of new technologies like this.

so i think without clarifying this, and you know, without clarifying the law in some of these other respects, you risk undermining the adoption of these new technologies which provide a number of benefits as greg was alluding to. >> we've talked a fair amount of content, we've been using it as e-mails for content generally, obviously, both microsoft and google and many other companies store an enormous amount of content, other than e-mails, you know, including the backed up concepts of phones. but there is plenty of stuff that may be less sort of obviously content as opposed to metadata. you know, if you create an event on a calendar is the act of

creating the calendar event is that the content of the communication? or is it somehow the metadata? even though you might just be hard-pressed to distinguish. we've mentioned location data. both microsoft and google have maps that would allow them to have repositories of location data. in google's case, i know google's had to fight off privacy litigation involving ads in g-mail. i mean, the scam to provide keyboard pads. i don't know if anyone's done this yet. you can imagine, a creative prosecutor or law enforcement person saying, okay, you want a warrant for the content, we won't ask for the content. we'll look at the ad logs and see if this user's been served ads about searching for tax dodges or marijuana or something like that. you know, we're not asking for content.

we're asking for your record of your ads. i'm curious if there are either situations where you've been pressed to draw that line that you found difficult? or you're not sure when you'd be able to hold the line and insist on the warrant? >> so, i mean, i think we talked a little bit about this in our transparency report. i mean, i can say broadly speaking that we take a more expansive view about what constitute content versus what is metadata. i think, julian, as you've alluded to, there's certainly a number of areas that are sort of in that gray area. and those are issues candidly that, you know, congress may need to attack in the next wave of ecpa reform. given the challenges that we face, codifying those rules, not sure when those issues will be taken up, but when you talk about things that aren't clearly content or metadata. photos, those are things we consider to be content. as greg was alluding to before, you know, there are pieces of data that congress didn't contemplate when it enacted ecpa in 1986. i think you see appeal let courts all disagree for example, location information requires a warrant, whether it requires it prospectively versus retrospectively. how long does a collection need to occur before the restricts of the fourth amendment apply. >> we keep talking about privacy

reform. there are a couple of different areas that fit into this broad umbrella. we talk about content. we talk about location. metadata is always one of the favorite gray areas. i think your question about subpoenaing the ad logs, what kind of information that, that's something that we haven't talked about, to, from, who called who, metadata. you can go out and figure out the when it was, if the content doesn't get turned over to you. content is going to get electronically communicated. you have to talk about what this communication is going to mean like you said, outlook calendars. if i invite one other person, is that an e-mail some kind of public communication? i would wage tore guess that that content when you invite someone to an e-mail, blah, blah, blah.

i think most of us would expect it to be the same as when you send a wedding invitation in the mail. when you look at e-mail, cloud storage, photos stored online, anything like that stored online between one or two other parties. now when we get into the third party doctrine which is really where kind of the crux of this is. if i gave my information, katie mcauliffe gives her stuff over to david at google, then david specifically just, google the whole, is google considered the person i just gave that information to? but really what they're doing is sorting a file cabinet. they're not the person that gave it to you. so they shouldn't be able to be subpoenaed. but if i did send it to david, david could be subpoenaed because he has the other end of that e-mail. very basic, bare bones, when we're talking about communication-type content, content in e-mails, that's what we're talking about. there's also location. there's pings and date dumps and

all of these other things. but the warrant for content is kind of what we're talking about right now. and i think the main question that we're really debating and what congress needs to address and what congressman poe aed through is what is reasonable and unreasonable search and seizure. that's what our debate is here. i think, me, personally, i think it's highly unreasonable to go through my e-mails stored with -- stored with google. and not let me know about it. >> you mentioned an array of things. maybe you can bring some vision on where things stand now in terms of reform. and maybe why we're sort of not already there. i realize congress is in general fairly dysfunctional. but there seems to be a shocking degree of unanimity, and yet it seems to be stalled. can you give us a sense of what the political landscape and what the sticks points here are?

>> sure. i don't necessarily think that congress is dysfunctional. sometimes, the function is dysfunctional, right? >> sure. >> depends which side you're on, right? so looking at this particular issue. and let's just talk about warrant for content on the house side. to start out with. you've got a bill that solves the e-mail problem. yea. also solves cloud documents. no one in here is excited about this at all? i don't know why you're here.

so we've got legislation that will do that. and then moving forward, that's something that 220 -- someone correct me if we've got more -- 220 are in favor of this particular legislation that fixes electronic completions privacy reform act. but it's stuck in the judiciary committee. and i'm not quite sure how

something that is supported by 220 members of congress can be stopped. i'm not quite sure how something with the broad support of companies, coalitions, think tanks, individuals, how something that has such broad support can be stopped. and not move at all. wait, wait, wait. civil agencies don't have a probable cause standard. you know what that means? that means that they aren't get to your e-mail anymore once there's a warrant requirement because they can only have subpoena authority. so civil agencies want to keep being able to read your e-mail. so they want to carve out in legislation i'm a civil agency, if that's okay, i have a civil warrant which is a standard and a warrant of probable cause which you need probable cause but i'm going to be read your e-mail anyway. and because i have digital sharing, i'm going to do that, too. there's a loophole. that's why it's not going anywhere. in the house. that's why it's not going anywhere in the senate. it's not going anywhere because the government wants to read your e-mail without you knowing it. they want a subpoena, that's it. >> the reverse in these hearings is also the sense that it applies on the law enforcement and other purposes less relevant somehow. although the original impetus was costume reserve. >> can i just --

>> yeah. >> it's gotten to the point of absurdity, i have to say. the government's power should be at its zenith when it's investigating a crime. that's when its power should be at its zenith. that's when it should be able to penetrate and get the most sensitive information. and yet, we're on this situation on a criminal side, there's a consensus. even d.o.j. says we think ecpa needs an update and deal with the content rule. and yet, there's this notion on the civil side when the government's power is not at its zenith. it's not investigating the terrorist that's going to blow something up, it's investigating stock fraud or something like that. that in that situation, there ought to be a lower standard.

it just seems absurd. >> absurd. >> i didn't realize you're probably thinking in enormous detail here since both companies have been fairly transparent. what is your sense of sort of the spread of the kinds of information that people come looking for? what is the nature of those investigations? and are you finding, a shift over time as different agencies become more aware of the different capabilities and data that are being stored and what they're asking for? oh, now, you run a location server. that's something information we can ask for. >> yeah. i mean, i think, you know, frankly, law enforcement is sometimes a little bit slow on the uptake. but, the services are public. they do get on and use them. and they eventually figure out sort of how they operate and what data would need to be stored to separate service. and so, i think, you know, they're becoming more and more sophisticated. you know, in terms of the types of investigations, i don't think that's changed much since so much of it is tied to the legal authorities.

you know, now that we're in a warshack, most warshack world that we require a search warrant for content in all cases it becomes a case where you have to get a search warrant to investigate it. so that sort of drives a lot of it but the data types and data fields that are provides are sort of incumbent on, you know, what data there is in existence. and how long it's stored. and what specifically they ask for. you know, we typically require them to be very specific in saying what types of data they're seeking under a arrest. they can't just send us a search warrant and say give us so-and-so's data. they have to specify what fields and things they want. >> both of you -- both companies got quite a lot of request for information for transactional data or activity logs or other information. that's actually the bulk of the class. so i'm wondering what those tend to look like.

and whether that's something that usually is fairly focused, or whether the number of accounts on a significantly larger than the number of requests to both companies. and so i wonder if, you know, if that's in general, you know, requests for a couple of accounts. or you occasionally see a fairly -- well, what one might consider egregious attempts to sort of rope in a whole lot of people at once. >> yeah, with the caveat that we can only talk about what we did on the sort of domestic side of things under ecpa. you mentioned the sort of bulk of requests that we receive send to be transactional information. it's basically information that users provide to us, for example, when they sign up for google accounts. that could be name, gender, information, you know, like that. and that's the information that generally can be obtained under ecpa with a subpoena. you know, there is a significant percentage, somewhere in the neighborhood of 20%, 25%, that we tended to get that does ask for content in which case will

ask for a search warrant. but it's not, you know, generally speaking, that the type of information that we get is pretty run-of-the-mill stuff that you tend to provide when you sign up, sign up for our services. if i could actually just build upon what greg and katie were alluding to before. i wanted to be to be clear in terms of civil agency side of things. a warrant for -- there's a perception that a warrant for

content believed the civil agencies have a remedy to do the sort of things that civil agencies do. for example, in exchange for the s.e.c., to investigate and prosecute securities fraud. typically speaking, in civil litigation and i think dave was alluded to this before, when you're investigating someone, or initiating litigation, you're going to serve a, you know, demand or legal process on the target of the investigation. so you won't be going to a third party service provider. that is generally speaking how civil litigation works. so, you know, if there is a person that's being investigated, that they are the target of the investigation and information is within their custody and control, they're going to have a legal obligation to provide that information. to the extent that they're uncooperative or intransent, they have a responsibility to enforce the subpoenas. agencies that don't comply can

be hit with sanctions, they would be prevented from pursuing claims. all sorts of civil remedies that they have to ensure that bad actors could be perpetrating fraud. if we focus on the e-mail from third party service providers and not the end of the investigation to prevent the underlying fraud that may be occurring i think we're missing the boat. i think there are other remedies some of which exist under ecpa some concerned about the destruction of evidence. you don't need to have any of that at all like google to serve a preservation request. that will freeze the account and ensure that any information destroyed isn't permanently destroyed. look, a lot of examples where we've heard where this may actually end up being a problem where civil agencies don't have a warrant requirement tend to be sort of edge cases and they tend

to be framed in hypothetical or theoretical terms. there are actual case where is these things tend to create problems. they tend to come up in, you know, well, you can imagine a situation where, you know, x person is doing y thing. but without sort of real world examples of how this is impacting civil agencies, it's really difficult to craft a solution that would address the problems they've been raising. we think they're adequate remedies under existing law. and i think that's why there should be a bright line warrant for content standard. >> and you're going off that

again, the next distinction, right, we're talking criminal versus civil so on the criminal side you have the probable cause warrant side to the third party. that would be referred to as the target. on the civil side there is no warrant authority. remember, this side over here, life, death, limb, children, women, all the scary words go over here. money and white collar things and, i don't know, other kinds of fraud goes over here. so, there are emergency exceptions for when someone is missing. there are emergency exceptions for which someone is getting hurt. that is taken care of. the law enforcement has agreed that makes sense. but if we want to find out stuff about you, like, i don't know,