technical team and feeds it back up. all of these elements of framework are very important. the department of homeland security has the responsibility of assisting entities in using this framework to improve their cyber security and we do that through a program we call c cubed vp because you have to have an acronym for everything. it's critical infrastructure cyber community because it really is a community effort here. voluntary program. and if you go to the uscert website, u.s.-cert.gov. mitigation guidance, et cetera that the u.s. cert puts out. so that is out there for the legal community, law firms are increasingly targets themselves because they hold customer data and oftentimes intellectual property of their clients, et

cetera, so thank you for the -- giving me the opportunity to give that plug. and join ustion tuesday here on c-span 3 for programs focussing on health care issues. we'll show you remarks from larry murlow and a house hearing on medicare fraud all starting tuesday at 8:00 p.m. eastern. plenty more live campaign 2014 debate coverage coming up tuesday on c-span. starting at 8:00 p.m. eastern, an arkansas senate debate between incumbent mark pryor and republican congressman, tom cotton. recent polling has this race as a tossup. right after that, south carolina govern nikki haley faces off with vincent sheheen and tom ervin. and then john kitzhaber versus

dennis richardson. 10:00 p.m. eastern also on c-span. with live coverage of the u.s. house on c-span and the senate on c-span2, here on c-span3, we compliment that coverage by showing you the most relevant congressional hearings and public affairs events. then on weekends, c-span 3 is the home to american history tv with programs that tell our nation's story. the civil war 150th anniversary, visiting battlefields and key events. american artifacts touring museums and historic sites. history book shelf with the best known american history writers. the presidency, looking at the policies and leg sis of our nation's commanders in chief. lectures in history, with top college professors delving into america's past. and our new series -- reel america. created by the cable tv industry

and funded by your local cable or satellite provider. watch us in hd, like us on facebook and follow us on twitter. now more from the american bar association's annual homeland security conference. this portion features remarks from robert litt, general counsel for the office of the director of national intelligence. he discusses the relationship between security and privacy, while also looking at nsa surveillance. recent supreme court decisions and the fourth amendment. this is about an hour. >> should have brought my sunglasses. >> you can help us out if you speak directly into the mics. hard rule of thumb. not to be rude. >> okay. >> you can turn it towards you.

>> folks, we got -- we're round out the conversations in back of the room and then we'll get started. we'll get started now with our next panel, this is our first breakout session of the day and we're going to go to other breakouts as we go past the hour our lunchtime presentation. reminder about lunch. you should go get your lunch in room 207 and then resume -- attendance in this room. i'm going to call sergeant in arms to arrest those of you in the back of the room that are still talking and that will happen in another life time. let me mention that this topic is one that i know is familiar to many of you that practice law in government and in the private sector, particularly here in

washington, d.c. and that's striking the balance between privacy versus security. and, again, this year we are honored to have congressman turner from formerly u.s. congressman from texas as our moderator. jim served with distinction for four terms in congress. he has a military background, formerly a captain in the u.s. army. jim won praise from both parties for his work on homeland security issues in the time post 9/11. before congress, jim has a distinguished career in texas state government both serving in the house and state in texas and he is a university of texas law school graduate and aspired to be what jim turner is as both a leader and a lawyer. and if anyone in this room ever needs help on any issue both in front of congress or with the executive branch, certainly with jim turner at the helm, it's

going to be successful. or you'll get as much success as possible. so with that, let me turn it over to you, jim, thank you. >> thank you, joe. really appreciate the opportunity to be a part of this panel and i want to thank joe for all his many efforts this year and in previous years to organize this program for the aba. in this panel, we're going to be discussing, as joe mentioned, tension that exists between civil liberties and national security. we have a very distinguished panel and i would like to introduce each of them to you. first, to my left, we have jennifer daskal, stanlt professor of law, american university school of law. jennifer is an assistant professor of law and she focuses on criminal, national security and constitutional law.

prior to joining the washington college of law in 2013, she was a national security fellow anded a jujt professor at judgetown law center. from 2009 to '11 she served in various positions in the department of justice, including as counsel to the assistant attorney general for national security and served on the secretary of defense and attorney general led detention policy task force. she is the founding editor and contributor to the recently launched "just security blog" and she's a graduate of brown university, harvard law school and cambridge university. to her left, is chuck blanchard. chuck is a partner at law firm of arnold and porter where he -- i had the opportunity to see him frequently. he is in the government contract and national security practices at our firm. prior to joining arlen and porter, he held several senior

government positions over his 28-year legal career. chuck served as a general counsel and chief ethics officer for the u.s. air force. he served as general counsel at the u.s. army at the u.s. department of the army. and he served two terms as a state senator in the state of arizona. in 2003, he was named interim homeland security director for former arizona govern, january net that pal tan know. he graduated first in the class of harvard. next to chuck is bob litt. a name i'm sure you've come across quite often in the last few months in newspapers. bob is the general counsel at the office of the director of national intelligence. he was yun nam mousily confirmed by the senate in june in 2009. prior to joining odni, bob was a

partner at arlin and porter and served on the governing body of aba's criminal justice section and as an advisory member to to the standing committee on law and national security. from 1994 to 19999, bob worked in leadership positions in the department of justice at depsy assistant attorney in criminal division and principal where he was responsible for national security matters ranging from fiza applications, covert action reviews and computer security. bob has his bachelor's degree from harvard and masters in law degrees from yale university. so, the score on the panel so far is two harvard graduates, one yale. so i guess harvard wins today. >> even odds. >> but we are very pleased to have this distinguished panel and i'm going to let each of them make a brief introductory remarks then we'll begin to discuss among ourselves the

issues that are laid before you and, of course, i hope that it will spark some interest from the audience and allow you to ask our panel some questions as we proceed. so, first, jennifer, i'll let you lead off. >> well, thanks to the aba for putting on this wonderful program for inviting me here today and thank you for the kind introduction. i believe we're going to focus most of our discussion on the surveillance regime and the many debates and disputes and discussions about it. i want to spend a few minutes talking about some of the legal underpinnings of the government surveillance programs and to suggest that some of the doctrine on which the government has long relied is shifting under its felt a little bit and that this creates a range of opportunities and challenges for both doctrine and policy going forward. in particular, i want to talk about two aspects of the fourth amendment doctrine, chast moan as a third party doctrine and

territoriality doctrine in which is the long standing presumption that the fourth amendment only applies in the united states and outside of the united states it applies solely to u.s. citizens and persons with significant voluntary connections to the united states. so, just starting briefly with the third party doctrine, as i believe probably all of you know, the government's argument with respect to telephoning collection under the 215 program and presumably other meta data collections as well is premised to some extent on the idea that there's no fourth amendment issue involved because there's no search and seizure of information that's been turned other to a telephone company. and this is based largely on what's known as a third party doctrine which stems in part from a 1979 case, smith v maryland in which the government recorded the telephone numbers called out of a particular suspect for two days and in the course of his criminal trial he

challenged the government's collection of this information because the government didn't get a warrant and the court said there is no fourth amendment issue. there's no cognizable search or seizure because this individual already turned over the numbers that he called out to the telephone company and therefore had no reasonable expectation of privacy in those telephone numbers. and this case has now been relied on po argue that there is no expectation of privacy in all of our numbers called in and out and has been the basis or at least part of the basis for the meta data collection program. and i want to suggest that this understanding of the third party doctrine is challenged and is being challenged most recently by the supreme court's ruling in riley v california which came out late spring, early summer. and the very least the supreme court's ruling casts doubt on the validity of the third party doctrine going forward. for those of who aren't familiar

with the case the facts were that two cases were joined and one case the government seized a smart phone of an individual during the course of his arrest and another case the government agent seized a flip phone, those were the old phones that probably none of us use anymore but that basically they don't record that much information other than the call log who you called and the number dialed. and the cases were joined and in both cases the defendant in those cases claimed that the search and seizure of their phones was impermissible and the government claims no, it's totally valid as a search incident and arrest we don't need a warrant. we don't need to go through the ordinary fourth amendment procedures. and the court ruled unanimously that against the government. the court ruled that the seizure of these phones was not justified as a search incident and arrest and the court disagreed with the government's arguments about exigencies said

that there are ways to preserve this information if you're concerned about the information getting lost. the court disagreed with t government's claim that there was any sort of safety risk associated with these phones. and most importantly for the purposes of my point is that the government -- the court disagreed with the idea that there weren't any legitimate recognizable privacy interests in the phones and they describe the wealth of information that can be stored digitally on these phones as possibly providing more information than is uncovered during the search of one's house. the court distinguished both quantitatively and qualitatively between the wealth of information that can be seized and revealed through the review of one's phone from tangible evidence and they quoted -- the court quoted with approval from an earlier concurrence by jus sis sotomayor in which she defined gps monitoring kprae

hending record that reflects a wealth of detail about her familial and sexual associations. and what's very interesting about this ruling on this reasoning is it didn't just apply to the smart phone, which we all know reveals a whole host of information about us, but it also applied to that flip phone which doesn't tell us that much more than the call log details, who you called, who called you and for how long the call lasted, which is about what's collected in the meta data collection. and so my point is that this strongly suggests that the court will be highly skeptical of the claim that the third party doctrine can be applied in this new context, that it means that when the government collects the meta telephoning data and other meta data that there is no fourth amendment violation. i'm not saying that meta data

would therefore be impermissible. what i think is we'll see a shift. whether or not the foreign intelligence section applies and new pressure on what's known as the special needs doctrine which justifies a range of searches that require less than reasonable suspicion, sometimes suspicionless search based on compelling government needs separate from law enforcement needs. and then we have agreed to speak very shortly so i won't get into the details but i hope we get a chance to talk about the ways in which i think data challenges the very foundation of what i call territoriality doctrine, the idea that the fourth amendment is circumscribed and only applies in certain places and as to certain people and that the way data moves about and the arbitrariness with which data moves about and the difficulty of effectively distinguishing between u.s. person information and non-u.s. person information ought to

cause us to at least re-examine some of the foundational principles on which some of our collection programs rely. i'll stop there. >> okay. thank you, chuck. >> i'm also going to focus a little bit on the third party doctrine rule because i agree that recent concurrences can from the supreme court as well as the decision of judge leon in the district of columbia district was challenging the old version of the nsa-meta data program has put into doubt whether the viability the third party doctrine or whether it will be limited. i want to talk just briefly about a few things. first, it's important that you understand that the fourth amendment decisions that have come out of the pfizer court have largely relied on the third party doctrine as rational for why there's not a fourth amendment issue, but there are

also a lot of statutory issues that are in play and most of the decisions focus on those. even if the third party doctrine survives, i think the debate will continue to be going forward on the more regulatory and statutory govern ens here which may be ultimately where the action is going to be. but as jennifer said, there's been some recent decisions. i thinkty first one that's worthy of talking about is the jones decision which occurred a few years ago that involved gps trackers. and the majority opinion really went off on -- one critic said they looked at 21st century problem and came up with a 19th century solution. that is, they sort of ignored the technology and just focussed on the fact that there was a trespass on the car in order to put the gps system on and that

was enough for justice scalia to find a fourth amendment problem returning to the way the law was in the 19th century. but there were two concurrences that were important. one was by sotomayor where she did by herself she did a frontal challenge to the continued viability and wisdom to the third party rule in an age where a lot of our data is in digital form is out with third parties. our financial data, our telecommunications data and a whole host of other information and she raised the issue whether it was time to reconsider this third party doctrine because people do have -- if you ask them, a sense of privacy interest in the information that they send out to third parties. so she really put a frontal challenge. the other concurrence was by justice solito who was joined by kagan and briar where he didn't

directly address the third party rule but did suggest, similar to what justice sotomayor mentioned that in a modern digital internet-focussed world maybe we need to step back and rethink this doctrine of the third party rule. i don't think that the riley case, which dealt with cell phones suggests much more than in that case it was a concession that there was a search and focus was more on what the scope of a search could be. so i don't know if you read much into that, but that case, too, rejected an argument, at least, that there was no search because all that was on that -- those phones was were the kind of data that you could get from a third party. the argument being, no, it's -- it's not a third party, it's the person's phone. the third party doctrine doesn't apply. where is this headed? it's hard to tell. the third party rule is

important to recognize is not a narrow fourth amendment doctrine. it has wide applicability across fourth amendment doctrine. and it's used -- been used as a line of separation between what is protected in the home and what is not protected. so, for example, bank records, financial records, not the contents of your letter but the surface of your letter, who you wrote to, have long traditionally been held for decades as not protected by the fourth amendment. and owen fists wrote a few years ago wrote an interesting article where he tried to give a defense of this doctrine. his point is this doctrine is more about consent than it is a doctrine about anything else. and we ought not treat it as a petition of privacy but more the concept is that when you take information and put it outside yourself to a third party, you are -- we legitimately can draw

the line and give you less fourth amendment protection. his other argument which is -- i think is interesting is that the third party rule has a vantage of not being a technologically driven rule, that is you ought to change it every time the technology changes, while -- because we have -- the various ways we communicate is ever changing, so his argument was that the rule actually is technology agnostic. it's an article that's well worth reading. so where are we headed? i think we are headed for -- there's clearly some discomfort from the supreme court by the third party rule. i think in its present form it likely will see some change. and i don't think it will be completesly rejected because it is too embedded too many other parts of the fourth amendment, but i do think it might actually be truncated. and my suggestion would be that we -- the best way maybe to

approach the third party rule is by focussing less on collection and more on use because one advantage of the digital world when everything is 1s and 0s is that it's sort of like quantityum mechanics. you don't know what's there until you actually look. and once you look, then the damage is done, privacy is done. and it may be the best approach, which is similar to what is actually being done on the regulatory and statutory side with the nsa programs is to put more control on when you can look at the data that is collected and instead put less emphasis on restrictions on the collection. so with that i'll enjoy the conversation. >> thank you. bob? >> thank you. as jim noted he and i were law

partners for a number of years. any congressional staffers in the audience, nothing many my behavior should be attributed to anything that i learned from jim. i do have some thoughts on the third party doctrine, but i thought i would save them for later discussion and step back a little bit and give a slightly broader frame work. i think -- i actually reject the idea that what we're talking about is a balance or a tradeoff between privacy and national security. i think that our goal should be how to achieve both. if you read the newspapers today, i think it's pretty easy to understand the importance of national security and from my perspective the importance of intelligence to protecting the nation and its citizens, not only in the area of terrorisms but in cybersecurity and simply the behave or of foreign nations. but we have to do this in a way that also preserves and protects fundamental privacy and civil liberties interests. and we have to find ways to

accomplish both and not to say, well, there's an inevitable zero between them. so i want to offer a couple of thoughts about surveillance and privacy and technology in general that can help frame this. it's important to understand the nature of the problem today. during the cold war, it was pretty easy to identify our targets and if you wanted to do surveillance, you did the equivalent of clipping a couple alligator clips and listen to them. they were generally flowing over telephone wires. today, with digital communications in the internet it's entirely different. the communications that we're interested in are mingled with communications we're not interested in and they're all traveling over the same wires broken down into individual electronic pacts. they're not physically separated the way they were a few years ago. what this means is that no

matter how much we try to directly target our activities at appropriate foreign intelligence targets, we're also going to collect and look at communications of uninvolved people not only because they may be talking to the foreign targets, but also because they're all traveling together on the same wires. we don't have any interest in this information. we have absolutely no interest in what mrs. jones or her foreign counterpart are cooking for dinner. but in collecting this we can't avoid collecting irrelevant information because of the way the communications flow. one of my colleagues at odni phrased this there's no such thing as immaculate collection. there's really theoretically two ways you can deal with this problem. the problem that we're incidentally invariably going to collect incidentally communications that we aren't interested in. one is to say the risks to privacy from this collection are so great that we ought to bar

certain kinds of collection all together. and the other is the approach that chuck just averted to which is to say we're going to permit the collection but we're going to impose stringent regulations on how you use the data to ensure that it's not used inappropriately. and it probably will not surprise anybody in this room given my current position that i favor the latter approach over the former. i think it's unwise in the current security environment to say that the power of government is so great and the risks of surveillance are so substantial that we should bar and prevent us from collecting this information, particularly since we know that our adversaries are not so restrained. we simply cannot designate portions of the global communications infrastructure as entirely off limits. i think that the preferable way to do it is to say, yes, you can collect this. but we are concerned about the possibility of misuse. and so we're going to have legal policy and oversight regulation

to ensure to the greatest extent possible that you don't misuse it. that is, in fact, the approach that we generally take now and by and large it's worked. all of the collection activities that the intelligence community undertakes are appropriately authorized by law and to the extent they are conducted under the foreign intelligence surveillance act they're approved by the court. they're all made known to the appropriate committees of congress. they're subject to strict and multi-layered and interagency oversight within the executive branch. we don't conduct surveillance of political, religious or activist figures solely because they disagree with public policies or criticize the government. we don't use our intelligence collection capabilities to repress citizens of any country for their beliefs. we don't target ordinary citizens, americans or otherwise, who aren't otherwise of foreign intelligence value. in fact, the information that has been leaked over the course of the last year as well as the considerable additional information that the intelligence community has

affirmatively released as part of our desire to be more transparent about what we do has born out the effectiveness of this essentially regulatory approach. in all the information that has come out, it's important to know that there has been no indication of any kind of systematic abuse or misuse of intelligence collection capabilities for improper purposes. there have been a few instances where individuals have gone into collection data bases and used them for personal purposes. those people have been caught and dealt with appropriately. there have been a variety of technical and other compliance problems with the programs. those are self-identified, self-reported and corrected. what there hasn't been is any indication that we are abusing these collection authorities to improperly invade people's privacies. and this leads to the third -- the last point i want to make which is about technology. when people have talked about technology in the context of

surveillance, they've tended to focus on one of two concepts. one is the extent to which technology enables surveillance. the incredible capabilities that the national security agency has. people often fail to mention that nsa only uses these cape nlts as authorized by law, that for example, to the extent they work on breaking inkripgs techniques they do it so they can read the communication of terrorists in foreign governments who are using inkripgs to try to avoid our surveillance. the second way people talk about technology in the way of surveillance, how individuals can use technology to avoid surveillance. but there's a third way in which i they we should think about technology in the concept of surveillance and it goes to my theme that we're not talking about trading off security and privacy but achieving both. that is that the technology can

help us conduct our intelligence activities in a way that, in fact, maximizes the protections for privacy and civil liberties. as i said, the intelligence community actually has no interest in the activities of ordinary private citizens. and so one of the things we do is we employee technological tools like access controls, aud itting and monitoring of data bases and so on to try to ensure that only authorized and trained people have access to signals and intelligence collection and only have that for authorized purpose and no information disseminated except when appropriate. we would actually welcome the technological genius of america in providing additional technological tools that we could use to more precisely focus our collection and to provide more robust privacy protections while still preserving the operational capabilities we need. in fact, the president has directed the national academy of sciences to provide some guidance in this regard to look

at whether there are ways we can use technology to more precisely focus collection. but ultimately i think we have to rely on strong controls on use and strong oversight as the best way to achieve both national security and privacy protections. >> thank you, bob. it's interesting as you listen to bob's remarks and i've, of course, come from a background that's very sympathetic in the sense that i served as the ranking member of the house homeland security committee and had the opportunity to receive numerous classified briefings from time to time and i know that it is interesting that we are at a time where we're talking about a subject where, in fact, there's no examples that anyone can site where the government has abused the powers

given it to under law. much of what we're talking about today is of the nature of what edward snowden did. he decided to violate the law and disclose classified information because he disagreed with the policy and at the heart of this i think there is that underlying distrust of government that even though we can give assurances as bob did here today that there are going to be systems in place to assure that privacy is protected when there's a strong underlying distrust of government people still don't think that's enough. and i would be interested in -- after listening to jennifer, if jennifer in any way kind of disagrees with the solution that bob proposed or whether you think there needs to be more protections just on a constitutional basis for a u.s. citizen against the type of surveillance that is now

conducted. >> so i largely agree with what bob said. i think the one place where i think it's worth -- and i largely agree with what -- what everyone said, but i do think it's -- that we shouldn't -- i guess what i want to focus on is the way in which the united states has distinguished between collection of u.s. persons and collection of non-u.s. persons. and as bob pointed out and as we've heard today, that the intermingling of data means that even if there's strict regulations on targeted collection of u.s. persons relatively strict regulations, the fact that there's much looser regulations on collection of non-u.s. persons means that because all that data is intermingled we are collecting a whole lot of what is called incidental collections of u.s. persons and that we ought to at least at the collection stage

acknowledge some of the fiction that the distinction between the rules on direct targeting of u.s. persons and targeting of non-u.s. persons creates and acknowledge that we are collecting a lot of information of u.s. persons through our rules on non-u.s. persons and think about whether or not these distinctions even make sense given the way that data operates. i think that there are two distinct moments that we need to be focussed on. one is the moment of collection and the other is obviously the moment of use. and i think they're both important and they're both relevant to the discussion. the concerns about abuse not just by the government but by private individuals who get access to this information like somebody like snowden who has the possibility of revealing a whole wealth about a person make people nervous and that's a legitimate concern and that we shouldn't discount the concerns about collection. that doesn't necessarily mean we shouldn't collect, but we ought

to have a frank and honest discussion about it as well. >> although i would -- the abuse by the single individual is probably as great in the private sector as it is at nsa in that google and lot of the other companies -- private individual that wants to do great damage can release. so i don't think we want to eliminate the great value we have from our collection efforts because of the fear of individual one-off cases will be abusive because it can be very abusive and be very damaging. this is true of the private sector as the public. the real challenge is i think as bob eluded to is the globalization of our telecommunication networks in such a way that it really -- it is true in collection that distinguishing between u.s./non-u.s. at the collection stage becomes difficult. clearly in some cases you know what you're collecting.

you're largely collecting from overseas. but in other areas given how the internet package that i may send to a friend in san francisco may end up going through 15 other countries and communications between vladimir putin and someone in the disputed areas of ukraine might also end up going through the united states. so it's that global nature of our telecommunications network that i think creates the problems. and i think the -- so i don't think at the collection stage imposing a fourth amendment standard of requiring warrants for collection really are workable or feasible and i think the really alternative is ensuring that you have a robust oversight at the use stage and that could be a pfiza or more

judicial review. i think that's really where the real value in protecting privacy can be. and i want -- one thing that bob did every year was get all the lawyers who dealt with intelligence issues together in a large room, secure, classified so we could talk about lot of these issues. and i started attending those in 2009. i can say that the thrust, the focus, the concern of -- this is well before eric snowden did anything was how we deal with privacy interest and u.s. values. so this is not an issue that's only caused concern in the intelligence community since edward snowden, but it occurred long before and it's been an obsession, i would say with lawyers in the intelligence community. in fact, one lawyer here in town, stewart baker, actually

thinks lawyers are ruining the effectiveness and have ruined the effectness of the u.s. intelligence agencies because we told our clients to be more careful than he thinks we ought to be. >> i guess one thing that comes to mind is when we talk about the judicial precedence in this area and when you go back to smith versus maryland and you're talking about the old standard, what's the reasonable expectation of privacy in the age of big data, what is the meaning of a reasonable expectation of privacy? i mean, after all, the average citizen doesn't really know what the government or the private sector is collecting. we can see that everyday with the kind of things that all of us share on the internet and so whatever we think might be reasonable is probably based on

misinformation or lack of understanding about the capabilities of both the government and the private sector with regard to the collection of data. so, i mean, is it an outdated standard for that reason as well? >> so this is my opportunity to weigh in on the topic that jen and chuck have already talked about. i think it's important to understand that there's a reason why the doctrine that jen and chuck were talking about is called the third party doctrine. and that is that the information that's being talked about is not being obtained from you. it's information that you've given to somebody else. and the analogy is that if i have a conversation with you, there's nothing to stop you from going and telling anybody about it. i've given that information. i've lost my expectation of privacy information in that information. so the first case that announced this doctrine was actually a case involving bank records where a subpoena was served on a

bank for somebody's financial records, which are, in fact, far more revealing than the telephone meta data here. the court said, no these are the bank business information you gave the bank this information. the same thing is true of the telephone meta data. that's the critical difference between the situation we're talking about respect to intelligence collection and the riley case. the riley case it was the defendant's phone. it was his phone on which he had his information. so the question is, to what extent can you get information from that person around under what circumstances can you get information from that person? the third party doctrine says once you've given the information to somebody else under what circumstances can you get the information from somebody else? now, having said that, i do think there is a strong sense that that doctrine can't necessarily be applied unqualifiedly in the current technological environment. and i do think that -- i tend to

agree with chuck that what we're likely to see is a recalibration of the doctrine. and i think particularly of the context where people are storing their entire life in the cloud. it may be that there is a difference that courts will draw a difference between the types of information that you're giving to a third party and if it's -- if the type of information is the type that you used to formerly keep locked up in a file cabinet at home only now you keep it locked up in a file cabinet at google, they will accord one level of protection to it. but if it's the sort of thing that we always provided to third parties, maybe they'll provide lesser protection to it. but i think that that's something that will be worked out in the future going forward. >> yeah. one approach could be that they distinguish between information that really is just being stored by the third party versus information that is actually worked and needed for the business purposes of that third

party. so, for example, with bank records, banks needs those records because they actually are performing a service so they truly are the records of the bank. similarly the meta data and a telephone call, it really is needed as business records by the telephone company for its purposes so therefore you can do a third party search for those business records. but the content of the phone call, which has never been subject to the third party doctrine is really not kept or stored or the business of the third party. even though you use a third party to provide that content. so using the example of putting your stuff in the cloud, amazon, which provides cloud services, really doesn't care or use or do anything with what you put in its cloud. and so that would continue to bo b protected. that kind of line between what's truly business records of a third party and what's really being stored by a third party might be a line that can be drawn. >> one of the suggestions that

have been made recently about the storage of all this meta data is that it's better off if we contract that out to the private sector rather than let the government. does that change really effect anything here in terms of the appropriateness of the collection and storage of the data? >> well, there are sort of two different private sector models. the model that is actually been endorsed by the president and subject of legislation moving through congress basically says the telephone companies will continue to keep the meta day ta as their own business records and statutory yally mechanisms from obtaining that information from the telephone companies. there was an alternative that was proposed -- it's important to understand that what this -- what the program -- the metta data program was was a program under which the government collected metta data in bulk and

then subsequently made inquiries of it based on the reasonable suspicion that a telephone number was associated with terrorism and what they're moving towards now is you'll simply make that query of the telephone numbers. the intermediate model that was suggested is that let's give the bulk me ta data to a third party that will hold it and have the government have the ability to send those queries to the third party. i don't think there was any substantial support for that both because it simply creates a whole new security problem because you know have all this meta data held by somebody else and it didn't really seem to provide substantial additional privacy protections. >> let's open it up now for questions from the audience who will have plenty of time to allow each of you to ask anything you might want to ask

on any of the subjects that we've discussed here. >> hi, my name is ki bhrks ba walden at dhs. i wanted to poke the bear is little bit and sort of challenge that line of use or restricting the use of data and where that line is drawn. just what would be your response to the challenge that you really can't -- individual really can't -- it's not really voluntary anymore for an individual to provide meta data to a telephone company or to provide bank records to a bank. it's difficult to sort of function without using a bank or without using a phone so that it no longer becomes the voluntary giving up of data rather its necessary. so what would your response be when you're drawing that line. >> i think one answer is that that was true with pin records in the '50s. that was true of bank records

even before then. so this is an argument that would have been used at the creation of the third party doctrine. i know there's no more -- if you want a bank, you have to give your records to a bank. that's always been the case. i do think that there is a challenge in that the reasonable expectation of privacy line of thinking is circular because what's reasonable really depends on what the law is. and what the rules are. and so i think there may be room so sort of rethink how we think about privacy. we've moved from a 19th century trespass model to this new reasonable expectation of privacy and it may be time -- and i'm not smart enough on the fly to think of what that new regime would be, but to think about other ways to think about privacy interests that don't rely on this circular reasonable expectation of privacy. but owen fists in his article points out if you reject the third party doctrine, in effect what you're allowing people to do is expand the scope of their

home. that is -- and they can use third parties as tools -- affirmative tools to avoid surveillance and that would be the problem of getting rid of the doctrine. >> so i think that to me the key difference is not necessarily the consent question but just the wealth of information that's provided. so, at the time that those rulings were issued, the court was looking at very discreet areas of the law. they were looking at bank records in a discreet area. they were looking at telephone calls made and there wasn't a sense of a society where we have now where basically everything we do is in some ways can be recorded by a third party. and so the wealth of information that's available that's potentially available through this third party doctrine is quite staggering. and that's where i think some of the language from the riley case is relevant is the supreme court recognizing the wealth of

information that's available through digitally stored information and that digitally stored information is generally also provided to a third party. even though the riley case wasn't specifically about a third party issue, that's why i think the riley case puts pressure on the third party doctrine and i think it will in my view of this is that it will and should force the court and others to start thinking about drawing lines so we simply don't say just because information is provided to a third party that therefore there's no search or seizure when it's subsequently obtained by the government. >> yes, sir. >> hi, my name is dennis pittman from george mason university. i was interested to hear the panel's thoughts on the use side as far as the adequacy of current safeguards and theette kasy of information sharing between agencies after the data is collected.

what are your thoughts on -- are they effective for promoting sharing and on the flip side, are there adequate safeguards to protect the information once it leaves the hands of the agency that collected the data? >> this is obviously one of the principle challenges at my office has to deal with, one of the main reasons the odni was set up was to facilitate information sharing among intelligence agencies. and basically with respect to signals intelligence information, you can share finished signals intelligence products within the intelligence community according to the rules that govern the dissemination of intelligence products. there's -- we're working essentially on a set of rules to allow sharing of broader -- before it's evaluating but to the extent that one agency shares them with another, they're subject to the rules

that govern that agency. so the protexts follow the data. as i've said earlier, there's really no indication that these rule s been ineffective. i think what the argument has been is people think the law shouldn't allow what the law does allow, not that we don't have effective controls to enforce the law as it currently exists. >> yes, sir. >> patrick from mga. so if the third party doctrine were to go away completely or be radically modified, would that mean then that say local police would now get warrants to get pen registers which presently i don't think they have to do because of the third party doctrine? >> well, i think -- i mean, any of us -- i think that there's a whole range of possibilities of the third party doctrine were

eliminated. there's a whole host of other doctrines that might step in and take its place. there's the special needs doctrine that basically says if the government is engaging in certain types of non-law enforcement types of collection, that different rules apply and you don't necessarily need a warrant, you don't necessarily need suspicion to engage in certain types of activities. so there's the possibility that the special needs doctrine would expand to cover some of the types of surveillance activities and other activities that are taking place. there's the possibility before an intelligence exception. there's a whole host of other doctrines that may step in and take its place, but that would require at least in the special needs context and in other context to have a specific articulation of what the government's purpose was balanced against some sort of evaluation of the privacy interests at stake that simply doesn't happen once you invoke the third party doctrine. >> to shift analogy a little bit to the jones case then if in a future case the court were to find that there is some kind of privacy interest in one's public

movements as opposed to the trespass argument that scalia used, i think, to try to kind of -- >> avoid the issue. >> look down the road and see the unavoided consequences, would that then mean physical surveillance by a person then the fbi and police wouldn't then have to get a warrant if let's say they did it for a month, would that mean they would have to get a warrant to do that as opposed to in the past that was deemed to be, hey, your public, you don't have privacy interest in that so they can surveil you all they want if they're physically looking at you. >> there's sort of an undercurrent in the sotomayor concurrences that suggests how easy technology has made surveillance what is most troubling. i think they would say doing the old fashion way of following them in a bunch of cars, if you're willing to devote those resources we'll continue to say that's not a reasonable expectation of privacy.

but there's an undercurrent that there's an unease with how technology may make surveillance easy and cheap. scalia solved the problem about the trespass. lot of cars have data. what if we collected the data from a car manufacture that was getting a feed about where that car was going? that would, i think, raise similar issues to what we have with the meta data. my guess is that there will be a change in the third party doctrine. it won't be overruled. i think pen registers will continue to be pen registers but i think there might be limits or recasting. largely because these are older doctrines and there's a lot of unattended consequences from simply repealing the doctrine all together. >> i would hope that whatever recalibration of the rule takes place we don't end up in the position where the line is drawn between surveillance that you can do easily and surveillance that's expensive to do. >> right.

i agree. >> yes. >> hi, i'm rita from national security council with the constitution project here in d.c. my question i'm happy to hear from other panel lists from oth panelists but for bob in particular. i was hoping you could respond with the government's view of judge bates' suggestion two weeks ago that the government would not be as candid or for forthright if there was a special advocate present, security cleared, of course, there to represent privacy and civil liberties interests. >> so i should take this opportunity to say that i'm not here speaking for the government. i'm speak speaking for bob litt. i do think that the president has indicated that he supports the idea of a special advocate and i think that comports with the expectation that the fisa court processes will continue to

work. whether they change in any respect as a result of this will remain to be seen but i think there's a view within the executive branch that a special advocate ameek cuss curae construct will not unduly impede the operation of the court. >> we lost charlie. >> do we have anyone else that has a question they'd like the panel to address? do we have someone? >> we have more time here because our other panel is running longer so if there's any questions, take their time. >> i actually have one on the tip of my tongue. i had a question for the panel on your thoughts of the

categorization of information particularly the classification and how that affects the debate between the ability to achieve both privacy and security. >> can you explain what you mean a little bit more? >> there's a quote that i was reminded of and i forget who actually said it, when you classify everything you protect nothing and so, you know, i'm very curious to see once the information is collected, how is that information categorized by a particular department or agency and how does that affect the argument between being able to achieve both privacy and security concerns? >> well, classification is sort of an independent concept from collection. there's an executive order that tells when you can classify information and it basically depends upon the extent of the

impact on national security. obviously the more highly classified information is, number one, the more it's protected and, number two, the more difficult it is to share it and make use of it so there are counter veiling considerations. the extent -- i think for a variety of reasons that i think -- i talked about this at a.u. this past spring, there are a number of reasons why there are incentives to classify rather than not classify. it's not in my experience -- it does not reflect any malevolence or desire to cover up problem, it's simply a series of bureaucratic incentives that push people to classify things. but i guess the protections for privacy that exist are sort of

different category from the protections for classified information. >> there is -- there is a lesson over the last year since the edwa edward snowden disclosure came out. there is a problem and a challenge, i should say between the transparency you need to describe what it is you're doing in ways that are going to make the american people feel good about what you're doing versus your concern about protecting how you do things if you're too transparent, the bad guys know how to hide their tracks. if you're not transparent, then the parade of horribles that can come up in people's minds about how you're acting can take over and can drive policy and that can affect collection so my sense and i was there for part of this time, my sense is that there is a move by many within the intelligence community to

try to increase the amount of transparency about what that community does but that's running against the culture of that community and it's a challenge because there are legitimate security reasons you don't blab about what you do but i do think that the lessons the last two years are that to the extent -- to a much greater extent than in the past the intelligence community would benefit from greater transparency about what it's doing and why. which is easy to say and hard to do. >> do any of our panelists have any comments on the usa freedom act pending in congress and the differences between the house and the senate version of the bill, one of our questions related to the provision that's not in the house bill but in the senate bill regarding the special advocate for -- to be

present before the fisa court. >> there was a provision in the house bill that's somewhat different than the senate bill. so i mean the house bill also had -- it's not exactly special advocate. what it is, both bills provide for essentially a pool of cleared lawyers from whom the court can appoint and ameek cuss curae, there's differences but the concept is the same in both bills. >> so you're -- bob litt speaking, are you expressing a preference for the senate bill, did i pick that up? >> no, perish the thought i would favor one house of congress over the other. i think -- but i think that either of the two -- well, i guess i'm not going to -- there probably will be a statement from the administration as to

what it's view is on the legislation, i think i'll probably let that statement come. >> yeah, i just wanted to go back to a question that was raised earlier about the issue we haven't spoken about yet but it's the question of and the interconnectedness of databases and putting aside questions of abuse and misuse, we know -- we know when we're dealing with data that's this big and massive that there will be mistakes sometimes. it happens, even with the best intention, even with the best protocols in place and one area where i think there isn't insufficient -- there isn't sufficient attention and we ought to be focused on is what happens once a mistake is made and information is disseminated and how long does that information stay in databases and how effective is the government able to rescind information once it's already been disseminated and kind of

pushed out through various databases and just as one example that's not from the surveillance context but the no-fly list. we know there was a recent ruling out of california in which there was a woman who was placed on the no-fly list by mistake. there was an error. the box that was checked with the wrong box was checked and it took according to the court's review it took many years before that was discovered and after that it took some time before the relevant databases were all -- the information was cleared from all the databases and i think that's one of the underlying concerns and issues that motivates some on this debate and discomfort of the american people both about collection and the sufficiency of even the best use protocols is what happens in those instances of mistake and what are the consequences for real people. >> so in the