and resilience of critical infrastructure. and so i would encourage you to encourage your clients to feel comfortable in reaching out. the information is protected under the pcii, the protected critical infrastructure information regime, and we've never had an unauthorized disclosure of information that is protected under that regime which was set up when the department was first created. you have important roles to play as lawyers who are engaged in transactional activity. i've been working with the american bar association to try to see if we can't get a more clear statement about the responsibility of lawyers who are doing due diligence in transactional activity, mergers and acquisitions, to include cyber security as part of the risk that they are assessing and analyzing. right? i can't tell you how many companies we've talked to that

have grown through mergers and acquisitions and that have acquired companies and later find out after they have connected all their networks and systems, that that company that they acquired did not have good cyber hygiene and was riddled with problems that have now infected the entire network. lawyers need to help with that. auditors need to help with that. venture capitalists. we're out talking to venture capitalists to say if you're investing in a company, you're investing in large part in that intellectual property, and if you haven't done the due diligence to assure yourself that they have good cyber hygiene and have taken appropriate care to protect that information, you are throwing your money down a rat hole because that intellectual property is going out the back door. attorneys in this room and your colleagues work with these folks on a daily basis. i need your help in spreading the word. the more secure any one of us becomes, the more secure all of

us are. this is a -- this is a joint responsibility and only by working collaboratively and together will we meet this challenge, but i am confident that those of you in this room understand that. that's why you're here today. that's why you're going to be here, many of you, for the next couple of days,re for the next of days, and i thank you for the work that you're doing and for all of your help as we tackle this significant changes. thank you very much. so i talked longer than i meant to for which i apologize. but i am happy to take a few questions. i see david wolf in the back of the room, which reminds me, you should never sort of thank people oreck nice people in your organization, that i certainly meant to call out among the we have in nppd, our assistant secretary kaitlin dirkovich who

is theas assistant secretary foy the office of security with protection and has been with nppd from the very inception o shortly the day thereafter and brings tremendous expertise to s that role and energy and passion, and david wolf who works with her as the head of the -- of iscd, infrastructure, security and compliance d division, which is the office ce that manages our chemical facility anti-terrorism david standards and david and kaitlin have done an outstanding job of turning around what was a very troubled program that was -- that had a very difficult time g getting off the ground, and i -e and i'm here to tell you that wi within the last two years that -- they have, with their team, gone from having approvedt zero, no site security plans for highest risk chemical facilities across the country, to having cs just signed the 1,000th val, s

approval, so they have gone from zero approvals to 1,000 -- 1,00p aproeflts within the space of two years, and they are on a great trend line to get throughh what became a pretty significani backlog of plans to be approved to raise the security for the country with regard to these highest risk chemical facilities. they are making aegar differencs each and every day. so, david, thank you. ar i know you'll hear from david and he'll get to brag, but i wanted to brag a little bit about him. sorry, joe. >> we have a microphone here.he please come up to the microphone if you have a question.mi i'm not shy. let me ask a question of you, if i could. suzan, i know you can't really n look into a crystal ball right now and think about, it's been ten years, more than ten years

since the department was created, but if you could sort of project ahead what we might be seeing in this sector ject a possibly over the next tenhe ing years. i thinkn you've touched on somes of that already in your remarksv but -- and i'm going to ask a ir multi-part question. you know, this is the -- the think that you get sometimes with the questions like this, but i'm thinking about the international piece, the second piece, this international, and when i work for tom ridge, one of the comments he made to me, e sort of as he was going out door, was he wished he spent a little more time on the international piece. he did spend a lot on it, but so much of this is domestic, but if you could touch on, you know, sort of the projection ahead and the international piece, if you could. thank you. >> yeah,on a great, joe. i'll start with the a international piece.te you and i appreciate you bringing it up, because it's a critical parf of what we do, and our folks arh very much engaged in co

conversations and collaboration with their counterparts across the globe.relati we have a particularly rich relationship with what, of course, we in the intelligence community refer to as the five eyes, the critical five and thes ottawa five and, you know, any number of forum in which these o folks come together, but also ii dealing with the eu on these e issues and folks, you know, as r they say around theou world, on both the general critical infrastructure protection across all hazards, in the counterterrorism context and, of course, in the cyber context. and in the cyber context in particular, we have very strongv ander active relationships betwn our computer emergency readiness teams and certs that are being stood up all around the world by countries. the uk has just stood up a new cert.

they had a couple of certs before that, and they have a new one that's a fuller counterpart to the mkik and there are certs in lots of countries with which they interaction on a daily viol basis, and that is obviously essential. these threats -- i mean, it's most obvious in cyber, but it's true across the board, you know. mother nature doesn't really know borders, and we saw that as we contemplated the potential consequences of the aftereffects of the tsunami in japan. terrorism clearly is a effect transnational crime.f we've got to have an international piece. the ten-year, again, the landscape changes so rapidly i that it is ant incredibly hardb challenge to think about what wo might confront, but i will tell you my sort of utopian vision for where i'd like to see us heading and where i'd like to see us closer to in ten years. and, you know, again, it goes

back with this -- starts with this notion of sense and ts wit sense-making. it -- it -- it is really all about better understanding and k taking advantage of our comparative advantages. it goes back to these partnerships with our stakeholders across dhs, acrosss the federal interagency, state and local and territorial, tribal, private sector and international, that we would all understand each other's lities capabilities, authorities, limitations and that we would by have an ability through our shared information exchanges. we would have tremendous situational awareness of what's going on in the world out there. we would be able to detect perturbations. we would be ableba to quickly share that across all of those stakeholders and we would inhe understand inherently who can t bring what to bear to address

that challenge, and as that situation changed we would understand to, you know, okay, now you've got the -- the ot situation has changed.has you nowno have a comparative advantage over to you, you know. i've got it, and we would in bg that way, you know, really be able to bring all of the talent, the resources, the capabilitiesy to t bear in a very efficient a effective way to address these challenges, so that's a pretty n utopian vision, but i think havs that's important to have some wo sense where youul would like to go, where you would like to be s as you build capability and as y you build those relationships.ot >> hi. i'm at dhs.u you mentioned for a minute that you're working with the aba to o encourage the private bar to do more effective due diligence ony evaluating cyber security networks before they merge. i'm just wondering if you can

talk a little bit more about the context of how you're tha incentivizing the private bar to do that and what the response has been. >> yes, thank you. the -- i have been working mosts closely with my former colleagues at the aba standing committee on law and international security, but ther are reaching out to the business law section and others in the s aba. very early stages of those jus conversations, but just before e went into the department helped stand up a cyber security legal task force in the american bar association, and i met with thea in boston at the aba annual meeting, just a couple weekends ago, and, again, encouraged thed to put this on the agenda, and r there's a receptivity and understanding that this is really just are fundamental par of what the -- of their ir responsibility and what they should be doing.n't so i don't think that this is going to be, you know, a hard et challenge to get lawyers to sors of, again, take this more se

seriously and stand up to it, and there are a lot of lawyers, don't get me wrong, who are doing this extremely well today- and who have from the get-go understood the importance of this, and the goal really is to just get those bestth practices out more broadly to folks, and t in terms of o sort of how do yo do that? it's the same kinds of assistance that we're providing directly to critical owners and operators and small and medium-sized and businesses of d all size across the country.y. first and foremost we're encouraging folks to use the cyber security framework developed by sinist with the he of a lot of folks, including wih folks from dhs and a lot of folks in the private sector which was developed pursuant toe the cyber security development order. that cyber security framework is not just a compilation of best i practices, which it is. it is -- it has taken from the private sector all of the t standards and things that are already out there and best practices and they have put thee and they have organized them. what is i think most useful is

really the texonomy that gives e us a language and way of talking about assessing the threats.righ the five categories, identify the risks and the assets that you need to protection, you know, to look at the steps that you are looking at to detect come in, to ight respond and then to recover. pretty basic, but to have that framework and have everybody adopt that w gives us a way of n talking about this, and then 'sr there's very useful guidance inw there about how you would implement this in a business with a management -- with a meeting of your board of directors to provide high-level guidance and make sure they understand the importance and allocation of resources, n providing direction to management that then provides technical, you know, more granular guidance to the technical team and then feeds if back out.k all of these elements of the framework are very important.ve the department of homeland security has the responsibility of assisting entities in using o

this framework to improve their cyber security and we do that through a program we called cqpb, so it's critical information cyber community itye because it really is a community effort here, voluntary program.r and if you go to the u.s. cert website, us-cert.gov, will you find links to the c cubed vp program as well as, you know, ways in which you can also benefit from all. alerts, mitigation, guidance, e cetera, that the u.s. cert puts out so that is, you know, out there for the legal community. law firms are increasingly targets themselves because theyy hold h customer data and often times intellectual property of their clients, et cetera, so thank you for giving me the opportunity to give that plug. >> and join us tuesday here on c-span3 for programs focusing on health care issues.

we'll show you remarks from cvs pharmacies president larry merlow, a senate hearing on health care systems around the world and a house hearing on medicare fraud, all starting tuesday at 8:00 p.m. eastern. our campaign 2014 coverage continues with a week full of debates. tonight at 8:00 eastern on c-span live coverage of the arkansas u.s. senate debate between incumbent democratic senator mark pryor and republican state senator tom cotton and also at 8:00 p.m. on c-span2 live coverage. louisiana senate debate between three canned datds, incumbents senator democrat mary landrieu, u.s. representative republican bill cassidy and represent rob maness and then the south carolina governor's debate between 13 candidates, incumbent republican governor and followed live at 10:00 by the oregon governor's debate with incumbent

governor democrat and said republican candidate dennis richardson. on c-span wednesday night at 7:00 eastern live coverage of the florida's governor debate between florida incumbent governor rick scott and former democratic governor charlie christ. live on c-span2 the delaware senate debate with democrat chris coons and independent kevin wade. at 8:00 it's live coverage of the u.s. kansas senate debate between republican senate incumbent pact rorts and independent candidate and at 8:00 eastern on c-span live coverage of the third and final iowa senate debate between democrat brew braley and state senator joanie ernst and the wisconsin's governor debate between incumbent governor republican scott walker and democrat mary burke. c-span campaign 2014, more than 100 debates for the control of congress. yesterday a debate was held between the candidates for

arkansas's u.s. senate seat between incumbent mark pryor and republican challenger tom cotton. they were also joined by third-party candidates nancy la france and mark swaney. it was held in conway. here's a little bit of the debate. >> before i go on with my closing statement, i have to go back for just a minute because congressman cotton just told a whopper. when he said that i have voted for every single one of barack obama's taxes, it's not even close. in fact, i voted against every budget that president obama has offered. my real record on taxes is i voted to cut taxes by $5.5 trillion since i've been in the senate, cut taxes by $5.5 trillion, and i'm a big believer in tax reform. we need to simplify the tax code and need to lower the rates. this is more of this fog of misinformation and this rhetoric that congressman cotton has

gotten so good at doing over the course of this campaign, but, again, if you look at his real voting record, what you see in his voting record is these investors, these people who are investing in him and want the big return on his investment, that's who he's listening to. that's who he's carrying the water for since he's been in the house, and that's exactly what he'll do if he gets elected to the senate. listen, he is not listening to you. he's listening to those out-of-state billionaires who are writing those checks and paying for his campaign. in my office i have a plaque on my desk and it's -- many of you have all been there. it stays arkansas comes first. this is what i mean by that. i listen to the people in the state of arkansas. i work hard year after year. i'm ranked as the most independent or one of the most independent senators in washington. i would very much appreciate your vote. early voting starts on october 20th, and election day is november 4th. let's go out and win this one and let's keep this seat for the people of arkansas.

thank you. >> mr. pryor is next. mr. codton. >> i was very blowsed to crow up in the cotton farm, and i'm very blessed ann and i are expecting our first child, a baby boy. i want our baby to have the same opportunities as we did and want your family to have the same opportunity as well, to have a better life. barack obama's policies are making it hard. president obama says his policies are on the policy. in arkansas the name of those policies is mark pryor. he votes with barack obama 93% of the time and that's why a vote for mark pryor is a vote for barack obama's failed policies. he supports barack obama's failed economic policies. mark pryor cast a decisive vote for obamacare which is driving up the cost of health insurance and hurting arkansas seniors with its cuts to medicare. mark pryor has voted for every single penny of new debt, $11 trillion a year on average under barack obama's six years even

while we're cutting $1 trillion from our military. mark pryor is a rubber stamp for barack obama's failed foreign policy of weakness, he is it's and indecision and he won't even hold president obama accountable for not protecting our country and families from ebola. there's the different way, the arkansas way. let's get the economy moving and put people back to work so we can have people achieving dreams. let's repeal obamacare and start over, trusting arkansans, patients, doctors and families. let's balance our budget and quit stealing from our kids, rebuild the military and keep the families safe and secure whether the threat is terrorism or disease. this is the choice you face. barack obama said his policies are on the ballot and they are. here in arkansas they go by the name of mark pryor. if you're happy with barack obama's policies and the status quo then your vote for mark pryor will be a vote for barack obama, but if you want change, if you want a new direction for

arkansas and our country then i would appreciate your vote. >> recent polls list the race as a tossup. just a reminder tonight at 8:00 eastern we'll have another arkansas senate debate, this time with only senator pryor and congressman cotton taking part. watch their meeting live at 8:00 p.m. eastern on c-span. be part of c-span's campaign 2014 coverage. follow us on twitter and like us on facebook to get debate schedul schedules, video clips of key moments, debate previews from our politics team. c-span is bringing you over 100 senate, house and governor debates, and you can instantly share your reactions to what the candidates are saying. the battle for control of congress. stay in touch and engage by following us on twitter at c-span and liking us on facebook at facebook.com/c-span. now more from the american bar association's annual

homeland security conference. this portion features remarks from robert litt, general council for the office of the director of national intelligence. he discusses the relationship between security and privacy while also looking at nsa surveillance, recent supreme court decisions and the fourth amendment. this is about an hour. >> i should have brought my sunglasses. >> okay. folks. we'll round out the conversations in the back of the room and then we'll get started.

we'll get started now with our next panel, and this is our first breakout session of the day, and we're going to go to other breakouts as we go past our lunchtime presentation. a reminder about lunch. you should go get your lunch in room 207 and then resume attendance in this room. i'm going to call the sergeant at arms to arrest those of you in the back of the room that are still talking and that will happen in another lifetime. let me mention that this -- this topic is one that i know is familiar to many of you that practice law in government and in the private sector, particularly here in washington, d.c., and that's striking the balance between privacy versus security, and again this year we're honored to have congressman turner from formerly

congress from texas as our moderator. jenner issed of with distoings for three years in congress. he has a military background, formerly a captain in the u.s. army. jim won praise from both parties for his work on homeland security issues in the time post- 9/11. before congress jim had a distinguished career in texas state government, both serving in the house and senate in texas, and he is a university of texas law school graduate, and i aspire to be what jim turner is as both a leader and a lawyer. and if anyone in this room ever needs help on any issue, both in front of congress or with the executive branch, certainly with jim turner at helm, it's going to be successful, or you'll get as much success as possible, so with that let me turn it over to you, jim. thank you.

>> thank you, joe. really appreciate the opportunity to be a part of this panel, and i want to thank joe for all of his many efforts this year and in previous years to organize this program for the aba. in this panel we're going to be discussing, as joe mentioned, the tension that exists between civil liberties and national security. we have a very distinguished panel, and i would like to introduce each of them to you. first, to my left, we have jen daskle, assistant professor of law. university school of law. jennifer is an assistant professor of law and focuses on criminal national security and constitutional law. prior to joining the washington college of law in 2013, she was a national security fellow and add junkt professor at georgetown law center. from 2009 to '11 she served in

various positions in the department of justice, including as counsel to the assistant attorney general for national security and served on the secretary of defense and attorney general led detention policy task force. she is the founding editor and contributor to the recently launched just security blog, and she's a graduate of brown university, harvard law school and cambridge university. to her left is chuck blanchard. chuck is a partner at the law firm of arnold & porter where he -- i had the opportunity to see him frequently. he is in the government contracts and national security practices at our firm. prior to joining the firm he held several senior positions over his 28-year legal career. chuck served as a general counsel and chief ethics overs for the u.s. air force. he served as general counsel at the u.s. army -- at the u.s.

department of the army, and he served two terms as a state senator in the state of arizona. in 2013 he was named interim homeland security direct or for former arizona governor janet napolitano. chuck graduated first from harvard and holds a masters from harvard's jfk school of government. next to him is bob litt, a name you've come across quite often in the last few months in the newspapers. bob is the general counsel at office of the director of national intelligence. he was unanimously confirmed by the senate in june of 2009. prior to joining od & i bob was a partner at arnold & porter and served on the governing body of aba's criminal justice sector and as an advisory member to the

standing committee on law and national security. from 1994 to 1999 bob worked in leadership positions at the department of justice as deputy assistant attorney general in the criminal division and then aspirins pal assistant deputy associated where he was responsible for national security matters,rizing from fisa applications, covert action reviews and computer security. pop has his bachelors degree from harvard and his masters and law degrees from yale university, so the score on the panel so far is two harvard graduates and one yale. >> even odds. >> but we're very pleased to have this distinguished panel, and i'm going to let each of them make a brief introductory remarks, and then we'll begin to discuss among ourselves the issues laid before you, and i hope it will spark some interest from the audience and allow you to ask our panel some questions as we proceed. so, first. jennifer, i'll let you lead off.

>> well, thanks to the aba for putting on this wonderful program and for inviting me here today and thank you for the kind introduction. we -- i believe we're going to focus most of our discussion on the surveillance regime and the many debates and disputes and discussions about it so i want to spend a few minutes talking about some of the legal underpinnings of the government surveillance programs and to suggest that some of the doctrine on which the government has long relied is shifting under its feet a little bit and that this creates a range of opportunities and challenges for both doctrine and policy going forward. in particular, i want to talk about two aspects of fourth amendment doctrine, what's known as a third-party doctrine and territoriality doctrine which is the long-standing presumption of the fourth amendment, only applies in the united states and outside of the united states it applies solely to u.s. citizens and persons with significant

voluntary connections to the united states. so just starting briefly with the third-party doctrine, as i believe probably all of you know, the government's argument with respect to telephone meta data collection under the 215 program and presumably other meta data collection programs as well is premised to some extent on the idea that there's no fourth amendment issue involved because there's no search and seizure of meta data information that's been turned over to a telephone company. and this is based largely on what's known as a third-party doctrine which stems in part from a 1979 case, smith v. maryland in, which the government recorded a telephone number called out of a particular suspect for two days, and in the course of his criminal trial he challenged the government's collection of this information because the government didn't get a warrant, and the court said there is no fourth amendment issue. there's no cognisable search and

seizure because the person had alread turned out the numbers he called out to the telephone company and had no reasonable expectation of privacy in that case. there is no expectation of privacy in all of our numbers called in and out and has been the basis or at least in part of the basis for the meta data collection program. and i just -- i want to suggest that this understanding of the third-party doctrine is challenged and is being challenged most recently by the supreme court's ruling in riley v. california which came out late -- late spring, early summ summer, and at the very least the supreme court's ruling cast out on the third-party doctrine going forward. for those of you not familiar with the case, the facts are two cases was joined. in one case the government seized a smartphone of an individual during the course his arrest and in another case the government agents seized a flip

phone, one of the old phones that nobody used any more. they don't recall much more information other than call log and the number dialed, and the cases were joined, and in both cases the defendant in those cases claimed that the search and seizure of their phones was impermissible and that the government claimed, no, it's totally valid as a search incident to an aref. we don't need a warrant, don't need to go through the ordinary fourth amendment procedures, and the court ruled unanimously that -- against the government. the court ruled that the seizure of these phones was not justified as a search incident and the arrest disagreed with the government's arguments about exigencies and said there's ways to preserve this information if you're concerned about the information getting law. the court disagreed with the government's claim that there was any sort of safety risk associated with the phones and most importantly for purpose of

my point is that the government -- the court disagree with the idea that there weren't any legitimate recognizable privacy interests in the phones and they describe the wealth of information that can be stored digitally on these phones as possibly providing more information that is required during the search of one use house. the court distinguished both quantitatively and qualitatively between the wealth of information that can be seized and revealed through the review of one's phone from tangible evidence, and they quoted -- the court quoted with approval from an earlier concurrence by justice sotomayor in which she defined gps monitoring as creating a precise comprehensive record. what's very interesting about this ruling and this reasoning is it didn't just apply to the

smartphone which we all know reveals a whole host of information about us, but it also applied to that flip phone which doesn't tell us that much more than the call log details, who you called, who called you and for how long the call lasted which is about what -- what's elected in the meta data, at least the meta data phoning collection. so my point is the court will be highly skeptical of the claim that the third-party doctrine can be applied in this new context, that it means that when the government collects the telephoning meta data and other meta data as well that there is no fourth amendment violation. i'm not saying that meta data collection would therefore be impermissible but i think we'll see is a shift and a new question as to whether or not the foreign intelligence exception applies and new pressure on what's known as a

special needs doctrine which justifies a rang of searches that are paced on compelling needs based on separate law enforcement needs, and then we have agreed to speak very shortly but i won't get into the details. i nope there is a chance to talk about how we think data challenges -- the considered that the four amendment is circumscribed and applies to only certain people and the way data moves about and the arbitrariness of the way data moves about and the difficulty of distinguishinging between u.s. person information and non-u.s. person information at to cause us to at least re-examine some of the foundational principles on which some of our collection programs rely. so i'll stop there. >> okay. >> i'm also going to focus on

the third-party doctrine rule. i agree recent ditka and concurrences from the supreme court as well as the decision of judge lyon in the district of columbia of columbia district, and the claimant case was challenging the old version of the nsa meta data program has put into doubt when the continued viability of the third-party doctrine or whether it will be limited. and just i want to talk briefly about a few things. first, it's important that you -- that you understand that the fourth amendment decisions that have come out of the fisa court have largely relied on third-party doctrine as a rationale as to why there's not a fourth amendment issue but there's a lot of statutory issues also in play and most of the decisions actually focus on those. so even if the third-party doctrine survives, i think the debate will continue to be going forward on the more -- the

regulatory and statutory governance here which may be ultimately where the action is going to be. but as jennifer said, there's been some recent decisions. i think the first one that's worthy of talking about is the jones decision which occurred a few years ago that involved gps trackers. and the majority opinion really went off an -- as one critic said. they looked at a 2013ry problem and came up with a 19th century solution and that is they -- they ignored the technology and just focused on the fact that there was a trespass on the car in order to put the gps system on and that was enough for justice scalia to find a problem. there were two concurrences that is important. one was by sotomayor which is one that she did by herself where she did a frontal

challenge to the continued viability and wisdom of the third-party rule in an age of -- where a lot of our data in digital form is out with third parties, our financial data, our telecommunications data and a whole host of other information, and she raised the issue of whether it was time to reconsider the third-party doctrine because people do have -- if you ask them a sense of privacy interest in information that they send out to third parties so i think she put a frontal challenge. the other concurrence was by justice alito who is joined by i believe kagan and briere.

i don't think the riley case which dealt with cell phones suggests much more than in that case it was a concession search and focused more on what the focus of a search could be. i don't know if you read too much into, that but that case, too, rejected an argument, at least, that there was no search because all that was on those phones was the kind of data that you could get from a third party. the argument being, no, it's not a third party, it's a person's phone, the third-party doctrine doesn't apply. where is this headed? it's hard to tell. the third-party rule. it's important to recognize it's not a neighboro fourth ament doctrine. it has wide applicability across fourth amendment doctrine, and it's been used as a line of

separation between what is protected in the home and what is not protected, so, for example, bank records, financial records, not the contents of your letter but the surface of your letter, who you wrote to have long traditionally been held for decades as not protected by the fourth amendment, and owen fisk a few years ago wrote an interesting article where he tried to give a defense of this doctrine, and this is a doctrine more about consent than it is a doctrine about anything else and we ought not treat it as a reasonable expectation of privacy but more the concept is that when you take information and you put it outside yourself to a third party, we legitimately draw the lines to give you less fourth amendment protection. his other argument which is interesting is that the third-party rule has a vantage of not being a technologically

driven rule, that is you ought to completely change it every time the technology changes. we have various ways we communicate that changes so his argument is that the rule is technology agnostic. it's an article well worth reading. so, where are we headed? i think we're headed for clearly there sees some discomfort on the supreme court by the third of-party rule, and i think in its present form it will likely see some change, and i don't think it will be completely rejected because it's too embedded in too many other parts of the fourth amendment, but i do think it might actuallyin truncated. and my suggestion would be that we -- we -- that the best way maybe to approach the third-party rule is by focusing less on collection and more on use, because one advantage of the digital world when

everything is in ones and zeros, it's sort of like quantum mechanics in that you don't know what's actually there until you look, and once you look then the damage is done. privacy is done, and it may be the best approach which is similar to what is actually being done on the regulatory and statutory side with the nsa programs, is to put more control on when you can look at the data that is collected and instead put less emphasis on restrictions on the collection, so with that i'll enjoy the conversation. >> thank you. bob? >> as jim noted, he and i were law partners for a number of years. if there's any congressional staffers in the office, nothing in my behavior should be attributed to anything that i learned from jim. i do have some thoughts on the third-party doctrine but i thought i'd save them for later

discussion and step back a little bit and give a slightly broader framework. i think -- i actually reject the idea that what we're talking about is a balance or a trade-off between privacy and national security. i think that our goal should be how to achieve both. if you read the newspapers today i think it's pretty easy to understand the importance of national security and for my perspective the importance of intelligence to protecting the nation and its citizens. not only in the area of terrorisms but in szish security and simply the behavior of foreign nations, but we have to do this in a way that also preserves and protects fundamental privacy and civil liberties interests and we have to find ways to accomplish both and not to say, well, there's an inevitable zero sum between them. so i want to offer a couple of thoughts about surveillance and privacy technology in general that can maybe help frame some

of the legal discussions. i think it's important to understand the nature of the problem today. during the cold war it was pretty easy to identify our targets, and if you wanted to do surveillance you sort of did the equivalent of clipping a couple of alligator clips on a telephone wire and listening into them. the telephone communications were generally flowing over telephone wires. today with digital communications and the internet it's entirely different. communications that we're interested in are mingled with communications we're not interested in, and they are all traveling over the same wires broken down into individual electronic packets. they are not physically separated the way they were a few years ago. and what this means is no matter how much we directly try to direct our activities at intelligence targets, we're also going to look at communications of uninvolved people, not only

because they may be talking to the foreign targets but also because they are all traveling together on the same wires. we don't have any interest in this information. we have absolutely no interest in what mrs. jones or her foreign counterpart is cooking for dinner, but in targeting and collecting foreign intelligence information we can't avoid collecting irrelevant information because of the way the communications flow. one of my colleagues at od & i has phrased this there's no such thing as immaculate collection and there's really theoretically two ways you can deal with this problem, the prab that we're innings dentally going to invariably connect incidencely, communications we're not interested in. one is to say the risks to privacy from this collection are so great that we ought to bar certain kinds of collection all together, and the other is the approach that chuck just averted to which is to say we're going to permit the collection and we're going to impose stringent regulations on how you use the

data to make sure it's not used inappropriately, and it probably won't surprise anybody in this room given my current position that i favor the latter approach over the former. i think it's unwise in the current security environment to say that the power of government is so great and the risks of surveillance are so substantial that we should bar and prevent us from collecting this information, particularly since we know that our adversaries are not so restrained. we simply cannot designation portions of the global communications infrastructure as entirely off limits. i think the preferable way to do it is to say, yes, you can collect this but we're concerned about the possibility of misuse so we'll have legal oversight and regulation to make sure that you don't overuse it. that's the approach we generally take now and by and large it's word. all of the activities are

completely ought rides by law and to the extend that they are conducted under the foreign sfaps iltell jebs court, they are known to the courts. they are subject to strict and multi-layered and interagency oversight within the executive branch. we don't conduct surveillance of political, religious or activist figures solely because they disagree with public policies or criticize the government. we don't use our intelligence capability to repress citizens of any countries for their belief. we don't target ordinary citizens, american oros wise, who aren't a foreign intelligence value. the information that's been leaked over the past year as well as the considerable amount of information that the intelligence community has affirmatively released as part of our desire to be more transparent about what we do, has borne out the effectiveness of this essentially regulatory approach. in all the information that has

come out it's important to know that there's been no indication of any kind of systematic abuse or misnews of intelligence collections capabilities for improper purposes. there's been a very instances where individuals have gone into collection databases and used them for personal purposes. those people have been caught and dealt with appropriately. there's been a variety of technical and other compliance problems with the program. those are self-identified and self-reported and corrected. what there hasn't been is any indication that we're abusing these collection authorities to improperly invade people's privacies. and this leads to the -- the last point that i want to make which is about technology. when people have talked about technology in the context of surveillance, they have tended to focus on one of two concepts. one is the extent to which technology enables surveillance. the incredible capabilities that the national security agency

has. people often fail to mention that nsa only uses these capabilities as authorized by law enforcement for example, to the extent that they work on breaking encryption techniques, they do that so they cannot only read your communications but read the communications of terrorists and other foreign governments that are trying to invade our surveillance. the second context is how individuals can use technology to avoid surveillance, through encryption or anonymousization or other techniques. there's a third way in which i think we can think about technology in the context of surveillance, and it goes to my theme that we're not talking about trading off security and privacy but achieving both. that is that the technology can help us conduct our intelligence activities in a way that in fact maximizes the protections for privacy and civil liberties. as i said, the intelligence community actually has no

interest in the activities of ordinary private citizens. so one of the things that we do is we employ technological tools like access controls, auditing and monitoring of databases and so on to try to ensure that only authorized and trained people have access to signals and intelligence collection and only have it for authorized purposes and there's no information disseminated except when appropriate. we would actually welcome the technological genius of america in providing additional technological tools that we could use to more precise ly preserve our intelligence. in fact, the president has directed the national academy of sciences to provide some guidance in this regard, to look at whether there are ways that we can use technology to more precisely focus collection. but ultimately i think we'll have to rely on strong controls on use and strong oversight as the best way to achieve both

national security and privacy protections. >> thank you, bob. it's interesting as you listen to bob's remarks and i've, of course, come from a background that's very sympathetic in the sense that i served as the ranking member of the house homeland security committee and had the opportunity to receive numerous classified briefings from time to time and i know that it is interesting that we are at a time where we're talking about a subject where, in fact, there's no examples that anyone can cite where the government has abused the powers given it to under law. much of what we're talking about today is of the nature of what edward snowden did. he decided to violate the law and disclose classified

information because he disagreed with the policy and at the heart of this i think there is that underlying distrust of government that even though we can give assurances as bob did here today that there are going to be systems in place to assure that privacy is protected when there's a strong underlying distrust of government, people still don't think that's enough. and i would be interested in -- after listening to jennifer, if jennifer in any way kind of disagrees with the solution that bob proposed or whether you think there needs to be more protections just on a constitutional basis for a u.s. citizen against the type of surveillance that is now conducted. >> so i largely agree with what bob said. i think the one place where i think it's worth -- and i

largely agree with what -- what everyone said, but i do think it's -- that we shouldn't -- i guess what i want to focus on is the way in which the united states has distinguished between collection of u.s. persons and collection of non-u.s. persons. and as bob pointed out and as we've heard today, that the intermingling of data means that even if there's strict regulations on targeted collection of u.s. persons relatively strict regulations, the fact that there's much looser regulations on collection of non-u.s. persons means that because all that data is intermingled we are collecting a whole lot of what is called incidental collections of u.s. persons and that we ought to at least at the collection stage acknowledge some of the fiction that the distinction between the rules on direct targeting of u.s. persons and targeting of non-u.s. persons creates and acknowledge that we are collecting a lot of information of u.s. persons through our rules on non-u.s. persons and think about whether or not these distinctions even make sense

given the way that data operates. i think that there are two distinct moments that we need to be focused on. one is the moment of collection and the other is obviously the moment of use. and i think they're both important and they're both relevant to the discussion. the concerns about abuse not just by the government but by private individuals who get access to this information like somebody like snowden who has the possibility of revealing a whole wealth about a person make people nervous and that's a legitimate concern and that we shouldn't discount the concerns about collection. that doesn't necessarily mean we shouldn't collect, but we ought to have a frank and honest discussion about it as well. >> although i would -- the abuse by the single individual is probably as great in the private sector as it is at nsa in that google and lot of the other companies -- private individual

that wants to do great damage can release. so i don't think we want to eliminate the great value we have from our collection efforts because of the fear of individual one-off cases will be abusive because it can be very abusive and be very damaging. this is true of the private sector as the public. the real challenge is i think as bob alluded to is the globalization of our telecommunication networks in such a way that it really -- it is true in collection that distinguishing between u.s./non-u.s. at the collection stage becomes difficult. clearly in some cases you know what you're collecting. you're largely collecting from overseas. but in other areas given how the

internet package that i may send to a friend in san francisco may end up going through 15 other countries and communications between vladimir putin and someone in the disputed areas of ukraine might also end up going through the united states. so it's that global nature of our telecommunications network that i think creates the problems. and i think the -- so i don't think at the collection stage imposing a fourth amendment standard of requiring warrants for collection really are workable or feasible and i think the only real alternative we have is ensuring that you have a robust oversight at the use stage and that could be a fisa -- more empowered fisa. could be more judicial review. i think that's really where the real value in protecting privacy can be. and i want -- one thing that bob did every year was get all the lawyers who dealt with

intelligence issues together in a large room, secure, classified so we could talk about lot of these issues. and i started attending those in 2009. i can say that the thrust, the focus, the concern of -- this is well before eric snowden did anything was how we deal with privacy interest and u.s. values. so this is not an issue that's only caused concern in the intelligence community since edward snowden, but it occurred long before and it's been an obsession, i would say with lawyers in the intelligence community. in fact, one lawyer here in town, stewart baker, actually thinks lawyers are ruining the effectiveness and have ruined the effectiveness of the u.s. intelligence agencies because we told our clients to be more careful than he thinks we ought

to be. >> i guess one thing that comes to mind is when we talk about the judicial precedence in this area and when you go back to smith versus maryland and you're talking about the old standard, what's the reasonable expectation of privacy in the age of big data, what is the meaning of a reasonable expectation of privacy? i mean, after all, the average citizen doesn't really know what the government or the private sector is collecting. we can see that every day with the kind of things that all of us share on the internet and so whatever we think might be reasonable is probably based on misinformation or lack of understanding about the capabilities of both the government and the private sector with regard to the collection of data.

so, i mean, is it an outdated standard for that reason as well? >> so this is my opportunity to weigh in on the topic that jen and chuck have already talked about. i think it's important to understand that there's a reason why the doctrine that jen and chuck were talking about is called the third party doctrine. and that is that the information that's being talked about is not being obtained from you. it's information that you've given to somebody else. and the analogy is that if i have a conversation with you, there's nothing to stop you from going and telling anybody about it. i've given that information. i've lost my expectation of privacy information in that information. so the first case that announced this doctrine was actually a case involving bank records

where a subpoena was served on a bank for somebody's financial records, which are, in fact, far more revealing than the telephone metadata here. the court said, no these are the bank business information you gave the bank this information. the same thing is true of the telephone metadata. that's the critical difference between the situation we're talking about with respect to intelligence collection and the riley case. the riley case it was the defendant's phone. it was his phone on which he had his information. so the question is, to what extent can you get information from that person. under what circumstances can you get information from that person. the third party doctrine says once you've given the information to somebody else under what circumstances can you get the information from somebody else? now, having said that, i do think there is a strong sense

that that doctrine can't necessarily be applied unqualifiedly in the current technological environment. and i do think that -- i tend to agree with chuck that what we're likely to see is a recalibration of the doctrine. and i think particularly of the context where people are storing their entire life in the cloud. it may be that there is a difference that courts will draw a difference between the types of information that you're giving to a third party and if it's -- if the type of information is the type that you used to formerly keep locked up in a file cabinet at home only now you keep it locked up in a file cabinet at google, they will accord one level of protection to it. but if it's the sort of thing that we always provided to third parties, maybe they'll provide lesser protection to it. but i think that that's something that will be worked

out in the future going forward. >> yeah. one approach could be that they distinguish between information that really is just being stored by a third party versus information that is actually worked and needed for the business purposes of that third party. so, for example, with bank records, banks need those records because they actually are performing a service so they truly are the records of the bank. similarly the metadata and a telephone call, it really is needed by the -- as business records by the telephone company for its purposes. so therefore you can do a third party search for those business records. but the content of the phone call, which has never been subject to the third party doctrine is really not kept or stored or the business of the third party. even though you use a third party to provide that content. so using the example of putting your stuff in the cloud, amazon, which provides cloud services, really doesn't care or use or do anything with what you put in its cloud. and so that would continue to be protected. that kind of line between what's truly business records of a third party and what's really being stored by a third party

might be a line that can be drawn. >> one of the suggestions that have been made recently about the storage of all this metadata is that it's better off if we contract that out to the private sector rather than let the government. does that change really effect anything here in terms of the appropriateness of the collection and storage of the data? >> well, there are sort of two different private sector models. the model that is actually been endorsed by the president and subject of legislation moving through congress basically says the telephone companies will continue to keep the metadata as their own business records and they'll be statistic forly mechanisms for obtaining that information from the telephone companies. there was an alternative that was proposed -- it's important to understand that what this -- what the program -- the metadata program was was a program under which the government collected metadata in bulk, and then subsequently made inquiries of it based on the reasonable

suspicion that a telephone number was associated with terrorism and what they're moving towards now is you'll simply make that query of the telephone numbers. the intermediate model that was suggested is that let's give the bulk metadata to a third party that will hold it and have the government have the ability to send those queries to the third party. i don't think there was any substantial support for that both because it simply creates a whole new security problem because you know have all this metadata held by somebody else and it didn't really seem to provide substantial additional privacy protections. >> let's open it up now for questions from the audience who will have plenty of time to allow each of you to ask anything you might want to ask on any of the subjects that we've discussed here. >> hi, my name is kimba walden at dhs. i just wanted to poke the bear a little bit and sort of challenge

that line of use, or restricting the use of data, and where that line is drawn. just what would be your response to the challenge that you really can't -- individual really can't -- it's not really voluntary anymore for an individual to provide metadata to a telephone company or to provide bank records to a bank. it's difficult to sort of function without using a bank or without using a phone so that it no longer becomes the voluntary giving up of data rather its necessary. so what would your response be when you're drawing that line. >> i think one answer is that that was true with p.i.n. records in the '50s. that was true of bank records even before then. so this is an argument that would have been used at the creation of the third party doctrine.

i know there's no more -- if you want a bank, you have to give your records to a bank. that's always been the case. i do think that there is a challenge in that the reasonable expectation of privacy line of thinking is circular because what's reasonable really depends on what the law is. and what the rules are. and so i think there may be room to sort of rethink how we think about privacy. we've moved from a 19th century trespass model to this new reasonable expectation of privacy and it may be time -- and i'm not smart enough on the fly to think of what that new regime would be, but to think about other ways to think about privacy interests that don't rely on this circular reasonable expectation of privacy. but owen fitz in his article points out if you reject the third party doctrine, in effect what you're allowing people to do is expand the scope of their home. that is -- and they can use third parties as tools --

affirmative tools to avoid surveillance and that would be the problem of getting rid of the doctrine. >> so i think that to me the key difference is not necessarily the consent question but just the wealth of information that's provided. so, at the time that those rulings were issued, the court was looking at very discreet areas of the law. they were looking at bank records in a discreet area. they were looking at telephone calls made and there wasn't a sense of a society where we have now where basically everything we do is in some ways can be recorded by a third party. and so the wealth of information

that's available that's potentially available through this third party doctrine is quite staggering. and that's where i think some of the language from the riley case is relevant is the supreme court recognizing the wealth of information that's available through digitally stored information and that digitally stored information is generally also provided to a third party. even though the riley case wasn't specifically about a third party issue, that's why i think the riley case puts pressure on the third party doctrine and i think it will in my view of this is that it will and should force the court and others to start thinking about drawing lines so we simply don't say just because information is provided to a third party that therefore there's no search or

seizure when it's subsequently obtained by the government. >> yes, sir. >> hi, my name is dennis pittman from george mason university. i was interested to hear the panel's thoughts on the use side as far as the adequacy of current safeguards and the efficacy of information sharing between agencies after the data is collected. what are your thoughts on -- are they effective for promoting sharing and on the flip side, are there adequate safeguards to protect the information once it leaves the hands of the agency that collected the data? >> this is obviously one of the principle challenges at my office has to deal with, one of the main reasons the odni was set up was to facilitate information sharing among intelligence agencies. and basically with respect to signals intelligence information, you can share finished signals intelligence products within the intelligence community according to the rules that govern the dissemination of intelligence products. there's -- we're working essentially on a set of rules to allow sharing of broader --

before it's evaluating but to the extent that one agency shares them with another, they're subject to the rules that govern that agency. so the protections follow the data. as i've said earlier, there's really no indication that these rules been ineffective. i think what the argument has been is people think the law shouldn't allow what the law does allow, not that we don't have effective controls to enforce the law as it currently exists. >> yes, sir. >> patrick from mga. so if the third party doctrine were to go away completely or be radically modified, would that mean then that say local police would now have to get warrants to get pen registers, which presently i don't think they have to do, because of the third party doctrine? >> well, i think -- i mean, any of us -- i think that there's a whole range of possibilities of the third party doctrine were

eliminated. there's a whole host of other possible doctrines that might step in and take its place. so there is the special needs doctrine that basically says that if the government is engaging in certain types of nonlaw enforcement tips of collection, that different rules apply and you don't necessarily need a warrant, you don't necessarily need suspicion to engage in certain types of activities. so there's the possibility that the special needs doctrine would expand to cover some of the types of surveillance activities and other activities that are taking place. there's the possibility before an intelligence exception. there's a whole host of other doctrines that may step in and take its place, but that would require at least in the special needs context and in other context to have a specific articulation of what the government's purpose was balanced against some sort of evaluation of the privacy interests at stake that simply doesn't happen once you invoke the third party doctrine. >> to shift analogy a little bit

to the jones case then if in a future case the court were to find that there is some kind of privacy interest in one's public movements as opposed to the trespass argument that scalia used, i think, to try to kind of -- >> avoid the issue. >> look down the road and see some of those unintended consequences, would that then mean that traditional surveillance by -- physical surveillance by a person then the fbi and police wouldn't then have to get a warrant, if let's say they did it for a month. would that mean they would have to get a warrant to do that as opposed to in the past that was deemed to be, hey, your public, you don't have privacy interest in that so they can surveil you all they want if they're physically looking at you. >> there's sort of an undercurrent in the sotomayor concurrences that suggests how

easy technology has made surveillance what is most troubling. i think they would say doing the old fashion way of following them in a bunch of cars, if you're willing to devote those resources we'll continue to say that's not a reasonable expectation of privacy. but there's an undercurrent that there's an unease with how technology might make surveillance easy and cheap. scalia solved the problem about the trespass. a lot of cars have data. and if we collected the data from a car manufacturer that was getting a feed about where that car was going. that would, i think, raise similar issues to what we have with the metadata. my guess is that there will be a change in the third party doctrine. it won't be overruled. i think pen registers will continue to be pen registers but i think there might be limits or recasting. largely because these are older doctrines and there's a lot of unintended consequences from simply repealing the doctrine altogether. >> i would hope that whatever re-calibration of the rule takes place we don't end up in the

position where the line is drawn between surveillance that you can do easily and surveillance that's expensive to do. >> right. i agree. >> yes. >> i'm rita simian. i'm national security policy counselor with the constitution project here in d.c. my question that i'm happy to hear from other panelists, as well, but it's for bob in particular is, i was hoping you could respond with the government's view of judge bates' suggestion two weeks ago that the government would not be as candid or forthright in proceedings before the fisc if there was a special advocate present, security cleared, of course, who was there to represent privacy and civil liberties interests. >> so i should take this opportunity to say that i'm not here speaking for the government. i'm speak speaking for bob litt. i do think that the president has indicated that he supports the idea of a special advocate and i think that comports with the expectation that the fisa court processes will continue to work. whether they change in any

respect as a result of this will remain to be seen but i think there's a view within the executive branch that a special advocate amicus curaie construct will not unduly impede the operation of the court. >> we lost charlie. >> do we have anyone else that has a question they'd like the panel to address? do we have someone? >> we have more time here because our other panel is running longer so if there's any questions, take their time. >> i actually have one on the tip of my tongue.

i'm cindy from dhs. i had a question for the panel on your thoughts of the categorization of information particularly the classification and how that affects the debate between the ability to achieve both privacy and security. >> can you explain what you mean a little bit more? >> there's a quote that i was reminded of and i forget who actually said it, when you classify everything you protect nothing and so, you know, i'm very curious to see once the information is collected, how is that information categorized by a particular department or agency and how does that affect the argument between being able to achieve both privacy and security concerns? >> well, classification is sort of an independent concept from collection.

there's an executive order that tells when you can classify information and it basically depends upon the extent of the impact on national security. obviously the more highly classified information is, number one, the more it's protected and, number two, the more difficult it is to share it and make use of it so there are countervailing considerations. i think the -- the extent of classification is a problem. i think that for a variety of reasons that i actually -- i talk about this at a.u. this past spring, there are a number of reasons why there are incentives to classify rather than not classify. it's not in my experience -- it does not reflect any malevolence or desire to cover up problems, it's simply a series of bureaucratic incentives that push people to classify things. but i guess the protections for

privacy that exist are sort of different category from the protections for classified information. >> there is -- there is a lesson over the last year since the edward snowden disclosure came out. there is a problem and a challenge, i should say between the transparency you need to describe what it is you're doing in ways that are going to make the american people feel good about what you're doing versus your concern about protecting how you do things if you're too transparent, the bad guys know how to hide their tracks. if you're not transparent, then the parade of horribles that can come up in people's minds about how you're acting can take over and can drive policy and that can affect collection so my sense and i was there for part of this time, my sense is that there is a move by many within the intelligence community to try to increase the amount of transparency about what that community does but that's running against the culture of that community and it's a challenge because there are

legitimate security reasons you don't blab about what you do but i do think that the lessons the last two years are that to the extent -- to a much greater extent than in the past the intelligence community would benefit from greater transparency about what it's doing and why. which is easy to say and hard to do. >> do any of our panelists have any comments on the usa freedom act pending in congress and the differences between the house and the senate version of the bill, one of our questions related to the provision that's not in the house bill but in the senate bill regarding the special advocate for -- to be present before the fisa court. >> there was a provision in the

house bill that's somewhat different than the senate bill. so i mean the house bill also had -- it's not exactly special advocate. what it is, both bills provide for essentially a pool of cleared lawyers from whom the court can appoint an amicus curae in a case, there are differences but the concept is the same in both bills. >> so you're -- bob litt speaking, are you expressing a preference for the senate bill, did i pick that up? >> no, perish the thought i would favor one house of congress over the other. i think -- but i think that either of the two -- well, i guess i'm not going to -- there probably will be at some point in the near future an official statement from the administration on what its view is on the legislation. i think i'll probably let that statement come. >> yeah, i just wanted to go back to a question that was raised earlier about the issue

we haven't spoken about yet but it's the question of and the interconnectedness of databases and putting aside questions of abuse and misuse, we know -- we know when we're dealing with data that's this big and massive that there will be mistakes sometimes. it happens, even with the best intentions, even with the best protocols in place. and one area where i think there isn't insufficient -- there isn't sufficient attention and we ought to be focused on is what happens once a mistake is made and information is disseminated. and how long does that information stay in databases and how effective is the government able to rescind information once it's already been disseminated and kind of pushed out through various databases and just as one example that's not from the surveillance context but the no-fly list.

we know there was a recent ruling out of california in which there was a woman who was placed on the no-fly list by mistake. there was an error. the box that was checked with the wrong box was checked and it took according to the court's review it took many years before that error was discovered. and eastern after that error was discovered it took some time before the relevant databases where all -- the information was cleared from all the databases. and i think that's one of the underlying concerns and issues that motivates some on this debate and discomfort of the american people both about collection and also about the sufficiency of even the best use protocols, is what happens in those instances of mistake. and what are the consequences for real people.

>> so in the fisa context, we actually have very, very stringent and effective rules in that regard. for example, under one particular provision of fisa, we're not allowed to target either united states persons or persons within the united states. sometimes it happens that we think somebody is not a u.s. person and then we discover, oh, my gosh, this person has a green card. we didn't know that before. and the rules are at that point, you have to go and purge the collection -- you have to report it to the fisa court. you have to purge the collection and you have to purge any downstream reporting that comes from that, as well and all of this is overseen within the government, reported to the court and also reported in summary fashion each year to congress. so it actually -- it actually is possible to get rules and

procedures that do protect against these kind of mistakes. >> well i want to thank our panel for sharing their thoughts and wisdom with us this morning. and thanks to the audience for your participation. and i understand we now are going to break for lunch, and i believe joe said we're going to bring our lunch back in here, and then be ready for the next presentation. thank you very much. [ applause ] join us tuesday here on c-span3 for programs focusing on health care issues. we'll show you remarks from cvs pharmacy's president. a senate hearing on health care systems around the world, and a house hearing on medicare fraud. all starting tuesday at 8:00 p.m. eastern. sglmpblts sglnchts c-span's student cam competition will award 150 prizes. create a five to seven-minute documentary on the topic "the three branchs and you." they need to show varying points of view and be submitted by

january 20th, 2015. go to studentcam.org for more information. grab a camera and get started today. sgl in the final portion of the american bar association's annual homeland security conference shs a discussion on the state, local and federal resources during a crisis. speakers include representatives from the defense department, fema, the national guard and the the air force. this is an hour. >> emily thank you for that very kind introduction. i want to assure all of you that is the first phone call i've received in three weeks. and it's from my wife. don't tell her i said that and i hope she's not watching c-span at some point to get me in trouble. emily, that was very kind. i thank you very much for it. we have a terrific panel here

today. i've known just about everyone on the panel for a long time. we truly have national experts in the realm of defense supported civil authorities, homeland defense. today's program, the role of the military within our own borders, could not be more timely. as we meet in washington national guardsmen and state status at the direction of governor perry are providing security along the texas border with mexico. national guardsmen in title 32 status are providing security elsewhere along the southwest border. active duty title 10 military personnel under northcom's command and control are executing counternarcotics missions along our borders. the missouri national guard has been called out by the governor to restore order in ferguson, local missouri police are armed with surplus military equipment. and northcom's army north is

preparing for possible hurricanes. since our country's founding the role of the military within our own borders has been a matter of public safety. and a matter of significant public concern. in the very brief amount of time i have i won't recount to you the content of federalist aid but i encourage you to read alexander hamilton's federalist aid because it covers a really insightful perspective on the limited role of the military within our society. and the enduring requirement in a constitutional democracy for the military to be subordinate to civilian authority. hamilton's thoughts in federal and state are particularly inciteful and prescient in terms of the kinds of missions i described just a moment ago. so where do we find a balance between essential, even life-saving operational military

capabilities and vital civil liberty? what's the right policy? and what's the applicable law? we do have a distinguished panel to address these issues today and i'm going to introduce them each immediately prior to their individual presentations. our first speaker is brad kieserman. brad has been kind enough to participate in this panel for a number of years now. many of you know brad in his former capacity as chief counsel to fema. he is currently the assistant administrator more recovery office of response and recovery within fema. he is an extraordinarily talented attorney, thoroughly knowledgeable in operational capabilities and spent years within dhs as an attorney before he moved to the subordinate element of dhs, fema. he's a member of the senior executive service and he spent 22 years in civilian enlisted and commissioned capacities with the united states coast guard. brad, the floor is yours. >> appreciate that. good morning, everybody. and good afternoon, i guess is

the case may be. let me begin i think it's probably appropriate that we begin the conversation about defense support of civil authorities and probably useful to begin with the civil authorities. perhaps the most useful place to begin this conversation is with the basic principle of american civics. the principles of disaster management in this country assume a leadership role, not by the federal government but by state, local and tribal governments. that is a fundamental principle of emergency management in this country. if you think about it, it makes political sense, as well. the official closest to the disaster and the one most accountable is probably going to be a local mayor or a county

councilman or city councilman or in some parts of the south and southwest a judge, elected judge. but these are the officials elected by the local community to govern that community and to essentially exercise all of the police powers vested in local government and what is emergency management fundamentally if not the exercise of a police power? think about it. if you have a -- i won't say if it's you, if you have a teenage son like i might have and that son is stopped by the police while driving home one evening and asked to step out of his car and perhaps given a breathalyzer test or patted down for any type of paraphernalia, that son has all sorts of process that is due under law. might be given a notice to appear, might be given a ticket. might be taken in and booked and released. but in the end there's all manner of process that surrounds that transaction. now, think for a minute about an evacuation because of an oncoming flood or the threat of a tornado. what process there? a local police officer knocks on a door, someone comes to the door and they're told this is a mandatory evacuation, you need to leave immediately because your life is in danger. and there will be no process.

there's no process due, and you may never be able to come back to your home again, and everything you own, everything you have may be gone when you come back. and that's the exercise of a police power. not the notion of putting handcuffs on someone or binding them over for trial but the notion of protecting the civil population. the welfare, the health, the sanitation of that population. that is the essence of police powers. and it is what local governments do every single day and you may say, so why are you beginning a conversation about the role of dod and the role of the defense authorities in emergency management? because when we talk about the role of the federal government and particularly the department of defense in disaster management and emergency

management, at some level we are talking about an interface between the national security and national defense forces of our country with those people behind the door being told they have to evacuate because of a flood or a fire. with people who are in shelters because their homes are not accessible or have been destroyed. we're talking about interface with the civilian community on matters that are fundamentally tied, and from a legal perspective, to the exercise of police powers. so when the federal government gets involved, in the vast majority of disasters or emergencies in this country, when the federal government gets involved is it at the request, the very specific request of a governor, or a tribal chief executive, who has determined that some municipality or counties or political subdivisions within the

boundaries of his or her state or tribal area have been overwhelmed and that the state or the tribal government requires such supplemental assistance from the federal government because it is overwhelmed. so just to get the feds in the door, a governor is essentially saying i can't handle this. we need help from the federal government and then the president, the president of the united states makes a decision about whether the conditions are such that that state is overwhelmed and whether it's appropriate to bring federal resources to bear. and when we bring federal resources to bear, the federal emergency management agency is called upon to lead the federal government's response and

recovery to those declared events. we declare on the average of about 50 to 70 events a year. we don't do water main breaks, we don't do generally power outages, we don't do small fires, we don't do the vast majority of what most people, what you would consider to be an emergency or disaster in your life. very small fraction of what happens in this country is actually federalized in terms of disaster response and recovery. when it is federalized, there's three basic forms of assistance available. what we call public assistance which is designed to help repair, restore and replace public entity buildings and some private nonprofit critical fast tl is. individual assistance, which is assistance to individuals and households. it's capped at about $34,000 a year. it's not designed to make anyone whole. let me be clear the federal government is not your insurance policy and wasn't designed to be by congress. it is supplemental assistance. and then something called hazard mitigation which are dollars generated through the total amount of money that is spent on the disaster. some percentage of that money is set aside. it is available for states to make decisions about mitigating the risk of future disasters. so those are the three forms of assistance that are available. when the federal government comes into play, fema's role is to coordinate that system. fema is not as you'll hear our administrator craig fugate say,

fema is not the team, we're a part of the team. there are many parts of the team. the department of agriculture, department of transportation, the department of housing and urban development. the small business administration. all of these federal agencies bring dollars, resources, information to the table designed to help states and their communities respond and recover. but when the president makes a declaration under certain circumstances, fema will task other federal departments and agencies with performing certain mission essential critical functions and the department of defense is absolutely one of our key and most critical partners

and i'll tell you why. and this goes, i think, to the crux of the issues that bob and dawn and mike will talk about so hopefully i'm teeing these up well for you, who is present in the united states? look, from the founding of the republic when we talk about the whole community response to emergencies and disasters, who is present in the 17th century, the 18th century, the 19th century. who had forts on the frontier? it wasn't fema. fema didn't come around till 1979. it was our defense -- it was the army. that's who was present and so there is a long tradition of defense support to civil authorities. but as the role of the military in the united states and the threats that the united states confronts increasingly expand, as the scale of the military

increasingly grows we have a fascinating tension because who is there, well, sometimes the military is there, we have people in garrison and people on base but more and more it's deployed abroad and who has capability and capacity? from sheer scale many people believe it's dod that has that. capability and capacity. so the question becomes, what is it that dod has avail and in extent in terms of capability and capacity? what authorities can fema and other departments and agencies bring to the table to make use of that capability and capacity? and how do we form partnerships so that we can leverage those authorities, those capabilities and capacities in the way that make the most sense both operationally and economically? because from a cost perspective, and i say with my brother to the right of me, there is probably no higher value but no higher cost than working with dod to get resources in. but sometimes there's also no comparable service provider who

can bring those types of resources in. and so it's finding that sweet spot. and remembering at all times that when we are bringing resources to the table from dod, they are fundamentally being used by state, local and tribal governments for the execution of police powers by those authorities. there's a few occasions just to wrap up where the president may in fact do what's called an emergency declaration for a matter that is solely within the jurisdiction or the responsibility of the united states. a truly federal disaster that has only happened three times in the history of the robert t. stafford act. and you would not be surprised to learn that one of those was the murrah building attack, terrorist attack on the murrah building, which was federal property. the 9/11 attack on the pentagon, again, federal property and the first space shuttle explosion, federal property. so in cases where large federal property is involved the federal government may declare and the president may declare an emergency and the federal government pays for 100% of those costs.

otherwise, the costs are shared by the state and local and tribal governments involved. generally at a 25% cost share for the state and local government, adjustable at the president's discretion. 75% floor for the federal government. so where does that leave us? we at fema, we do two things. we write checks and coordinate. that's what we do. we are only able to do the second because we do the first. when we write the check generally people are willing to be coordinated. absent that check, we tend to run into some resistance to coordination. that won't surprise you. so that is our role at the federal emergency management agency, to coordinate the team and write many or some of the checks that are necessary, generally in the forms of grant money or iaas or agreements where our dod partners are concerned to assist our state, local and tribal partners in recovering and responding to disasters. which are primarily their legal responsibility and their political responsibility to

respond to. so with that, i will turn to paul and to the next speaker and look forward to your questions later in the day, thank you. >> so what happens when writing checks and coordinating within the interagency is an insufficient response? when the event is of such magnitude that life-saving capabilities are required, usually within a very short tame frame in order to be successful and executing the mission. you can't write a check to do that. coordination is too late. you have to have deliverable operational capabilities. and so when there is a major disaster declared by the president under the stafford act, and the lead federal agency, dhs, fema under the holland security act of 2002, sends a mission assignment to the department of defense, what happens to it? when fema attempts to incorporate into its response and its leadership the capabilities of dod, that request goes to bob salesses. bob is a retired marine logistics officer. i met him when he was still in uniform.

he joined the staff of asd homeland defense when that office was created by the congress in 2002. bob has had an extraordinary career. he's now a member of the senior executive service and truly bob is such a good friend i have trouble saying this without some considerable prejudice on my part but he is the expert in our nation on the subject of defense supportive civil authorities. he knows more about that topic than anybody else i have ever met and he's been at it in the service to our country now for about 12 years. we are exceptionally fortunate to have bob salesses, deputy assistant secretary of defense for integration and defense supportive civil authorities as our next speaker. >> paul, thank you very much. let me start with -- i think it's important -- i'm going to talk about defense support to civil authorities but i wanted to provide a little bit of context before we got going on dod's two main roles here domestically. we've spent a lot of time, nearly a decade and assistant

secretary mchale was obviously the author of a lot of these policies that we have in the defense department. but it was really to define dod's role here domestically, and there's two mission sets. the first one is homeland defense. when you think about homeland defense it is different from homeland security. it is the defense missions that the department of defense executes for the defense of the nation under the president. and those traditional missions are air defense and maritime defense. and in those missions, dod is in the lead for those missions. so i want to just get that out there so there's a clear understanding of that. we've also established two operational commands to oversee that responsibility in northcom out in colorado springs and paycom out in hawaii that oversee the operational responsibility for the maritime defense of the nation. the next issue is defense support to civil authorities. fascinating issue. and i try to look at it in three areas in particular. the first is how the department provides support to federal law enforcement agencies.

the second big area is in disaster response. and the third in my view is public health emergencies which is sometimes overlooked. and the defense department can be called in to assist in any of those areas. all of those are governed obviously brad talked about our role with fema and i'm going to focus on disasters, in particular large-scale disasters, and talk a little bit about sandy, and the critical role that the defense department played in sandy. and i think you'll be surprised quite honestly because when you think of the defense department, you most often think of military members, but there's tremendous capabilities in the defense department that are brought to bear in our national response system. but with that, and dod is always, always in support, whether it's supporting law enforcement, supporting disasters or in public health emergencies supporting hhs and

those kinds of organizations. and i know mike is going to talk a little about border assistance and how the guard works and state duty and title 32 so i'm not going to talk about that but maybe during the questioning period we can have a discussion about that. but even when the defense department is executing a defense support to civil authorities mission in support of another federal department and agency, the chain of command remains to the secretary of defense, military forces always remain under the command and control of the secretary of defense. so today i want to step back just a second and kind of go up a little bit on this discussion because having had the opportunity to look at this for several years as paul indicated, i think there's some leading strategic indicators out there as we think about disasters of the future.

and certainly climate change and there's a lot of discussion about that, but certainly fires, floods, droughts and hurricanes are more frequent. and a lot of cases more severe. when you combine that with the unregulated areas within the united states, spillways, forested areas, along the coastline, that creates some real challenges for my friends at fema. you also look to the future and you see the population of the united states will grow by 50 million over the next 25 years. and 54% of the population of the united states lives within the coastal areas. in fact, my good friend paul mchale lives in the coastal area. but what that says to me at the start, strategic indicators that the demand for dod capabilities in the future, as we talked with sandy you'll see we're going to continue to grow. and they've grown quite a bit over the last few years. i think it's important to recognize that. also our responsibilities have evolved in the last decade in this area but again we have

tremendous partners that we work with and we're always in support of them no matter what federal department and agency when we're executing our defense support to civil authorities responsibilities. brad talked quickly about the federalist system our national response system is based upon, local, state, federal. what also drives that system and i think it's important to recognize that is the request for assistance process. it's a transactional process that comes from the states. so now we're talking about large-scale events around the country. imagine multiple states, multiple kbr, multiple large cities who all at the same time are doing assessments to determine the types of capability that they need assistance with. and how that is managed. it's a fascinating system. i provided this pamphlet so that you'd have an opportunity just to -- we actually produce this so that our partners at the federal, state and local level have a clear understanding how the defense department is going to interact in this whole process. and we're going to work with our federal partners but there's multiple systems within our

federal response system, our national response system emac, state-to-state compacts where one another provide capability, when that is obviously exceeded then they turn to our friends in fema and ask for a declaration. but let me start with sandy and i think it's -- you know, everybody heard about katrina. and we spent many years reviewing what happened in katrina. but i think it's a real tribute to the federal government, and all the partners that were involved in that, and how we dealt with sandy, and the work that we had done between katrina and sandy to prepare the federal departments and agencies, and in particular the defense department to be effective in responding. hurricane sandy in my opinion although we had several days to prepare for it was still a strategic surprise. and the reason i say that is because of the cascading effects that ensued after the storm went through.

but really significant effects. and it was in a densely populated area, major urban area when you think about new york city and what happened. the other thing that was very interesting, it was the competing demands between the city, the major city and the state, fascinating when we look at our federalist response system. but consider within the first few days of what happened in sandy, 8 million people without power, it was severe cold if you remember about nine days after sandy we had a big winter storm roll through. we also had the disruption of the largest fuel transfer distribution site on the east coast in new york. 2500 gas stations in new york

and new jersey without power. they went to gas rationing in new york and new jersey. in those particular areas. commerce was at a standstill. the port of new york was shut down for, i think, it was three or four days. and disruption, total disruption, all the tunnels into new york flooded. 14 major tunnels. people were unable to go to work. public housing, medical facilities, municipal buildings, all severely affected by the pouter outage. not able to provide the kind of support that the citizens within those communities needed. and then the prolonged flooding in manhattan obviously created significant problems on wall street. the first time it's been closed for two days, consecutive days since i think in history. $71 billion worth of damage in new york and new jersey. really significant. so as we think about our federal system and how that impacted the area what i want to turn to now is what the defense department did and i think it's critical

that people understand the role that the defense department plays in this nation in working with our federal partners to be responsive. i talked about the 8 million people without power. we have an organization in the defense department called the corps of engineers, u.s. army corps of engineers. doesn't immediately resonate with you. but they have tremendous capability. tremendous capability and are a critical element of the national response systems. the corps of engineers have its own authorities to go out and operate. it actually functions as one of the 14 emergency support functions that are in direct support of fema in an emergency. the work that they did was phenomenal. they fortunately just before the storm a few months before that they actually go out and assess all the municipal buildings and they work with the state so they know exactly in priority sequence where the state wants the power to be put in whether it's a police station, a hospital or some other type of important facility. but these guys put generators in hundreds and hundreds of places. the other thing is we use u.s.

transcom, which for the department of defense, manages all of our strategic transportation assets, whether those are ships, or airplanes, or how we move on rail, to our force deployment locations. u.s. transcom flew over 300 oue deployment locations. u.s. transcom flew over 300 utility vehicles from the west coast from arizona, california, and the new mexico area, to the east coast to bring the critical infrastructure that was down in new york. kinder morgan, which is the fuel station that provides that capability, the hoboken ferry, again, the corps of engineers and elements of the u.s. navy worked with the city officials to help get that back up. the other thing is fuel resupply. we have another organization in the defense department called dla, defense logistics agency. it for all intents and purposes provides all the military supply capability to our force services.

it also functions as a logistics arm of fema through an interagency agreement that we established several years ago. dla provided over 9 million gallons of fuel to new york and was critical in resupplying fuel to a number of critical locations. i talked about the corps of engineers. they were responsible for unwatering. if you're not familiar with that term, unwatering the tunnels in new york. the logistics support that dla provided, 6 million meals, tons of other equipment, blankets, cots, all the kinds of critical care capability that's needed for folks in those situations. we also provided temporary housing for some displaced people on military installations. and we just recently did that for hhs for the unaccompanied children that have come to the border. we house nearly 8,000 children on military installations over

the last couple months. i've gotten to this point without talking about any military people per se. what i've talked about is the agencies and the capabilities of the department. we also have, as you know, northcom which is an operational command. we had about 4,000 military people in title ten status. for the first time we had title 10 reserve personnel available to respond to this event, and they were brought in. of course, the national guard as always responded with nearly 8,000 national guardsmen from over 19 states through their emac capability. supporting all that is another about 10,000 folks. so that gives you the magnitude of an event like this and how much of a role the defense department plays in supporting these activities and how critical it is that our roles are well defined and well integrated into our federal partner's efforts. but first, let me end with a couple of clear themes here that

i think are important and that we recognize going forward. first of all, dod does a lot more than provide military people to support these events. our defense agencies are critical to how we respond to disasters. whether that's the corps of engineers. whether that's the defense logistics agency, transcom, or transportation command. there is a lot of capability in the defense department that the nation depends on. it should be available. the other unique thing is we use the total force. when you think about the military, army, navy, air force, and marine corps, you think about the active component, reserve component, and the national guard, and we employed all those elements because when we outfit these military organizations, there's a balance of capabilities in those organizations both at the active, reserve, and guard level. i think the other thing is is immediate response authority. as we've talked about, we have a transactional process that puts the request into the system. but we also have policies in

place in the defense department to ensure that our military bases and installations around the country are able to go out and help the citizens of the nation. most bases and installations around the united states have what we call mutual aid agreements. these are agreements that are already put in place with the local fire, the local ems, so that that capability is there. but immediate response is more than that. that allows that local community to call on the installation and provide that support. i think the other thing and last thing in closing here is we've made tremendous investments in the defense department to be effective in this area. specifically the organizational capabilities to enhance unity of effort. and with that i mean specifically at the national guard, the capabilities we provided, the joint force headquarters state that exists there. if you know how fema is organized and look at the handy-dandy chart i gave you here, in the back there's regions.

we have military people called defense coordinating officers and elements at every one of those regions so when we do have a disaster and that state asks for assistance through fema, we're there with them within that region so that we can expedite the kinds of capabilities that are needed. that in itself speeds the process, and when we look at the situation in sandy or in future disasters, the critical element to this in my mind is the speed in which we can deliver that capability and the ability of the federal government to integrate itself rapidly to deliver what's necessary for the american citizens. so with that i'll end. i look forward to your questions and i appreciate your time. thank you. >> bob provided a great segue. into our next speaker's presentation. he just told you that homeland defense is the war fighting defense of the united states and the authorities derived from the

president's powers under article 2 of the constitution as commander in chief. the same war fighting authority that is being exercised in afghanistan today or has been exercised to sustain and authorize the air missions of norad going back to the 1950s and the more recent maritime missions that have been ramped up in the context of the evolving terrorist threat. defense supported civil authorities is essentially a statutory function defined by law as passed by the congress. it ultimately has a constitutional basis, but it is very carefully crafted by statute usually under the stafford act so just to summarize, if a governor experiences within his or her state a catastrophic event and turns to the president for assistance and if the president declares a major disaster under the stafford act and if then under the homeland security act dhs and fema move into the lead and send a mission assignment over to dod, received by bob salesses, the question arises,

which military forces? how do we determine whether they are active duty, national guard, or title 10 reserve? those are choices that need to be made and ten years ago a decision was made in contrast to past decision-making, past policy, that normally we should use reserve component forces for these types of domestic missions. no institution of government in my judgment more broadly reflects the federal character of our constitution than the national guard. the national guard is older than the constitution of the united states, and its existence was well-known to the founders and incorporated into the constitution. our next speaker is mike noyes, colonel mike noyes, he is the chief of the office of complex and administrative investigations for the national guard bureau. he came in through the maryland national guard initially as an infantry officer. subsequently as a judge advocate.

in november 1995 he was appointed maryland's active guard and reserve, active guard component judge advocate and subsequently the chief of international and operational law division for the ngb. he's going to talk to you about the complexity, the legal complexity, involved in the operational employment of the national guard in the various capacities available under the law. state status, title 32 status, and title 10. mike? >> thank you, paul. i first met -- can you hear me? i first met paul in 2006 when the white house had passed word to the pentagon that the president was planning to announce a mission for the national guard on the southwest border. so on mother's day i was summoned to the pentagon and the team -- mr. mchale was the ashd

at the time. the team was assembled to work out how this operation would work. given that the white house was requiring the national guard to be in state status, not title 10 status for this border mission. and the issues are -- the command and control issues and the status issues have been remarkably consistent throughout the years so what i'd like to focus on in this particular segment is i'd like to briefly discuss the militia concept and talk about some command and control issues, describe some of the statutory bases by which the national guard in its various statuses can provide assistance to civil authorities and show you some information about the level of effort nationwide every year for the past 10 or 12 years. so if you would -- you can refer to the slides on the -- my

right, your left, for some of this information. now, i'm not going to address the title 10 issues expect to say when the national guard is placed on active duty, they can be employed just as any other active component member. so that all of -- for example, the posse come that tis restrictions apply to the national guard when they were in their status as the national guard of the united states. when they are in other statuses there's a slightly different set of statutes that apply. now, first of all i'd like to briefly note the statutory definition of the militia. if you can find it in section 311, which is quoted over there, and basically it's all able-bodied males, and it could use some updates because the language seems a little dated, but it does refer to all females that are citizens and members of the national guard.