considering u.s. v jones, the government, that was the case where the court said if the government attaches a gps device to your vehicle and then uses it to follow you around for 28 days that violates the fourth amendment. but it said that violates the fourth amendment because there was surveillance plus the trespass. and that was the key to the case. but the government in that case said that doesn't matter fourth amendment doesn't protect you because you're on the public roads. exactly zero justices accepted that argument. that gives me hope that the drone that follows you around is violation of a fourth amendment. unless there's a warrant that permits it. >> so eager for your answer that i had your jump in without

introducing you. of course, greg, the senior council director of the project at the center for democracy and technology. that's enough of an introduction. >> you left out the website. it's www.cdt.org. >> don't forget the plug. >> listen, i -- it's easy to come here and be pessimistic about the future of the fourth amendment in the technology and digital age. it's kind of easy because you look at what courts decided in the past. when i was at the aclu about 20 years ago, used to call the fourth amendment the incredible shrinking fourth amendment. well, i'm not so sure that the fourth amendment is going to continue to shrink. and i think there's reasons to be optimistic. i want to talk about the reasons to be not so optimistic. some of the doctrines that do shrink the fourth amendment are themselves growing.

the administrative search you have to endure in the airport before you get on an airplane. it used to be a quick, less intrusive magnetometer. now you go through an electronic strip search machine that reveals information about what's happening underneath your clothing. the fisa court has issued an opinion that indicates it believes there's an exception. and as you've heard throughout the day, we're leaving digital footprints behind all the time. and these digital footprints are held by third parties. and the third party doctrine makes it so that the fourth amendment often doesn't protect those footprints. that's why we should be worried. there's three good reasons to be optimistic. and the first one goes to what i would characterize as the supreme court's growing embrace

of the notion that technology poses challenges to privacy. and it's unwillingness to apply by analogy its decisions dealing with things that weren't so technological, if you will, and couldn't store a lot of data. for example in 2001, the court ruled that use of thermal imaging to explore activity in a private home requires a warrant. tracking a car for 28 days by attaching a gps device requires a warrant. and then most recently in riley versus california, the court ruled that police can't search the cell phone on an arrestee without a warrant. the government went into that

case and said, well, when they pat you down when you're being arrested and they find something in your pocket, they can pull that out and find out whether it's something that could be dangerous to the policemen or not. and they can make you -- and they can examine it. well, the court said cell phones are different. they carry a lot more information. and so i think the court's growing ownership of the notion that technology can facilitate privacy invasion and therefore needs to be maybe given a little more protection is a good sign. another good sign is having david over here on the panel. i say that because business has engaged in the last few years in a way it hadn't in the past. turns out, privacy's good for the bottom line. so there is a good -- it builds trust and it's essential for technology companies to sell

their products to have that trust. there's a powerful new constituency in the debate in congress and even some of the countries are bringing, i think, extraordinary lawsuits. google challenged surveillance -- i'm sorry, not google, yahoo brought an action. >> it did. >> that's right. >> the first amendment case. this was different, became section 702 of the fisa, of fisa. and yahoo under threat of a fine of $250,000 challenged a directive that the government issued to yahoo saying that they had to turn over information pursuant to this program. that did not operate and did allow for disclosure of content. and the last thing to mention that gives me hope is encryption.

the idea that people can encrypt their data to make it so the bad guys can't get it. and if they do get it, they can't use it well. and the strong protection that encryption can provide and the ease, the increasing ease with which we can encrypt our data. >> wonderful. thank you for those optimistic observations. and also, your sense that the 24/7 drone surveillance in public would violate the fourth amendment because the court in jones rejected the government's claim that individuals have no expectation of privacy in public. justice waynestein will be the final vote. well, the lower court gets

affirmed if it's a 2-2 split. >> you'll have to make a decision. >> no, the moderator has no opinion on the matters. the chair of the white collar group where he focuses his practice on corporate and internal investigations and civil and criminal enforcement proceedings. he's been an assistant u.s. attorney in the celebrated southern district and the celebrated district of columbia where he's handled many important criminal prosecutions ranging from public corruption to gang prosecution cases. he has been director of the executive office for u.s. attorneys, general counsel of the fbi and chief of staff to the fbi director bob muller. wow, that is an impressive background. and justice, does 24/7 drone surveillance in public without a warrant violate the fourth amendment? >> well, thanks, that's a nice question. nice question to duck.

first thing i'd say is this. when i listen to you describe this drone capability 24/7 full-time surveillance on individual. i can tell you, i just drove back in from a college trip where i'm taking my oldest to go look at a college because she's about to leave and i'm facing the prospect of not having my little girl around for me to keep an eye on. i'm thinking that drone looks really good about now. i hear greg's argument and it's a sound one based on the decision in jones. it's very important in the jones decision they have the trespass element to seize on. and the problem is if you don't have that, if there is a decision that there's an expectation of privacy without anything more than that, then there's a huge slippery slope argument. you know, 24/7, high detail viewing by a drone. people might say, boy, that is intrusive.

and you're learning about everything i do in public and whatever it is. eight hours of my day are out in the public domain. that's a lot for the government to know and compile and then synthesize and analyze. then you think, that might make intuitive sense. how do we do that? and how do we distinguish that from 24/7 police surveillance? that's done every day of the year? and we want done every day of the year. we have to make sure he's not going to blow up a federal building. is that going to be constitutional? is that going to require us, nope, go get a warrant for this. it's done obviously much lesser important context than terrorist threat investigations, as well. so that cctv. you can think of myriad situations where right now we think, oh, yeah, there's no need for a warrant. if there's a decision like that, slippery slope will be the big challenge.

so i think, i don't see us getting to that point. i see the drone being sort of the perfect argument of the 24/7 -- the perfect argument for finding that greg is advocating. i think it's just the court, especially this court is going to be likely to get there unless there's some element to that decision that is going to prevent that slippery slope. in terms of just the general remarks. she gave me sort of marching orders about today's panel and what i should be discussing and sort of generally a look forward to, you know, where i see things going with the various programs being debated now and what i see happening. and i'd like to talk about not what the constitutional interpretations are going to be and what the constitutional rulings we're going to see over the next few years, but rather, where most of this debate is going to be fought out, which is in the policy realm in front of

congress. just to step back, we all think every time the new issue comes up, we think it's the first time we've wrestled with this. but maybe earlier panels have made this point today, i'm sure they have, but this is an ongoing issue, right? technology evolves, fourth amendment drafted, couple hundred years ago or more and it's got to adapt to this new technology. we saw that with the telephone and the cast decision. we saw that with bulk data being, you know, assembled and accessible and then the smith decision saying there's no reasonable expectation of privacy and, you know, we've seen that in the e-mail context, in fact. you know, we have the fisa statute that was passed in 1978 before there was e-mail and then e-mail came along and suddenly the sort of the concepts that -- or the operational underpinnings of fisa were now sort of turned on their head.

you were just focusing on telephones. you're focusing on e-mail traffic. and a lot of overseas, you know, overseas to overseas e-mail traffic coming to the u.s. and did it make sense that when we wanted to tap into the overseas to overseas communication we needed to go to the court and get an order. and that got, you know, there's a healthy debate about that and that results in the fisa amendments act that allowed the 702 collection that greg was talking about. geolocation technology and the jones decision. the courts have to deal with them. the public has to deal with them in this kind of context and think about how we want to balance security versus privacy. i shouldn't say versus privacy. i don't think they're adversarial, but security and

privacy. and then most importantly, congress actually has to decide where to draw those lines inside the constitutional lines that determine where the government can go and under what conditions in terms of surveillance. we're having this debate, the issues raised here going dark, which is fbi's term for what will happen if encryption is allowed to deny them access to content of communications. will there be a dramatic curtailment by congress of the government's surveillance capabilities? and my answer is, not likely. not a dramatic one. there will be curtailing, but it's not going to be a major scaling back. and there are a couple of reasons. nothing terribly profound here, but one, it's politically difficult for congress to do that. members of congress will have to look at what will be the potential outcomes of their votes and what their exposure is of the vote. and when you're talking about national security authorities, if the government can come and branch can come in and make a

strong argument for the authority, the power that they've been given that authority and why they should maintain it and give examples of how it's been useful, it's politically difficult for congress to really scale back and, you know, and deny the authority. that was passed in 2008 when the popularity ratings were not high. he was against congress that was, you know, skeptical of security authorities. and that, what was a very strong piece of national security legislation went through. and especially now, i think it's difficult for congress to do that. you know we've got isis rampaging across the middle east. we've got the threats in the aftermath of the arab spring that -- on a scale that are greater and more dangerous than before. and so i think politically it's

going to be difficult for there to be a dramatic scaling back that's not to say there won't be changes. and this is to play into greg's optimism. i think there will be. the changes, not so much a denial of authority, but rather an application of further safeguards, further limitations, more oversight of the various existing authorities that we have right now. we saw that, the classic example of that is with the patriot act. remember, the patriot act was passed six weeks after 9/11 in october 2001, gave 22 or so new authorities or added to different authorities. done hurriedly, which was wise to do and in the intervening four or five years between then and 2006 when it was reauthorized, there was a healthy debate about the need for these authorities.

the political environment post crisis to one that was, you know, healthy skepticism. ig reviews. this kind of thing, i think this is what we're going to see here. most of the authorities debated now are going to survive. in that kind of fashion. the one outliar just to make one last point is the encryption issue. and i say it's an outlier because it doesn't fit that paradigm so well. it's a little more binary. and i'm not an expert. but if you read the literature, at least what i see in the newspapers, it seems to be a more binary choice. you can encrypt or can't encrypt. and that's going to be a tough p one. that would be terribly detrimental to national security and law enforcement if there is a large category of content that's beyond the reach of government content surveillance. that's going to be an

interesting debate to see. and that's a high stakes debate. >> great. thank you for that. and thank you for flagging a series of issues in congress that some of your colleagues have mentioned, as well which all involve access to data by law enforcement and private companies that makes it 3-1 against the constitutionality of the 24/7 drone surveillance. and just to sum up the discussion i've heard, david said that the supreme court in the case said is there an expectation of privacy in

public? greg said that the court in jones said that we do have some expectation of privacy in public. justice alito said, that reveals great information about us for a month violates our expectations of privacy. ken mentioned that jones emphasized that there's an important element of trespass in jones where the gps was affixed to the bottom of the car and justice scalia made that the center of his opinion, but it sounded to me you were reading the tea leaves thinking maybe four or five justices, if you add justice sotomayor and maybe some of the others, as well, might think that 24/7 drone surveillance crosses a line. although, you like justice scalia are worried about the slippery slope.

and there was an interesting exchange where he said a month is too long, but a day is okay. what's the magic line? that leads me back to ahmed. tell me one more time why you thought it would be okay in light of the persuasive arguments your colleagues have made on the other side. >> well, i think in joan, this concurring opinion that greg referred to, the alito's concurrence had more to do with aggregation than individual collection. and so, again, you know, to what extent is the -- is there a drone following you around? and that is getting stored some place in aggregate for a long period of time. or is it just following you around and surveilling you in case you pull out a knife, it will zap you with some electroshock? i don't know. in terms of -- i just don't see -- i forget, actually, david what your argument was. and if you -- i just don't see the current doctrine not allowing something that is -- it's not the 24/7 that will --

that is, that takes the government action past constitutional limitations. in fact, you could probably analogize that the drone is just like a cop waiting outside i don't have of your house, et cetera. the speech would be a bigger deal breaker for the court. i think the idea of having any machine or camera or surveillance -- in fact, there are studies that show individuals working in national security, cyber security, more recently, journalists that cover national security issues are saying they feel that they cannot, they feel chilled in their speech and their ability to get source information, et cetera. i think a lot of this stuff may make sense. it wouldn't pass the laugh test to say, i feel like i should have reasonable expectation of private outside, unless the information was being aggregated and processed, unless it was definitely being stored, et cetera. i think you need more than just

inspection. >> i see. so greg, i'm going to ask you to respond. but your view is if the drone is following you and collecting the information, but it's not being broadcast or aggravated, it's okay. but if the drone is following you 24/7 and being broadcast live on the internet, that is a different matter. and that would raise concerns under jones? is that what you're arguing? >> no, i'm thinking if it's aggregated that is, that would support the alito concurrence

and i can take a ride that way. but the reason i would -- i look at that more of a potential use of information of collected information issue rather than just the collection. and once it's been collected, it's sitting around and you use it, essentially, process it and you have an outcome, i think that's a due process issue. >> i'm trying to understand, the drone follows me around 24/7, and like a reality show is being broadcast on the internet. does that violate the fourth amendment? >> i think that passes the fourth amendment's test. i don't think it passes the first amendment's test. i think that's government conduct that essentially chilled speech at the end of the day. >> great, your response to this distinction between aggregation and collection. >> i thought when you were talking about aggregation, you meant aggregating the drone data with other data.

is that correct? >> yes. well, aggregating it with itself and then with other data. you can have a buffer that only stores three seconds of information at a time in the drone, and to the extent it detects any illegal activity, that puts you in the jacobson world of -- >> this is a month long surveillance. >> for the analysis, i'm going to think of aggregation as taking the drone data, adding to it other data, and then drawing conclusions from it. versus persistence which is taking the drone data for days and days. and my view is persistence alone is going to be enough to trigger the fourth amendment protection. and i base that view on the jones case and the five justices who seem to think that the trespass didn't really matter so long as there was persisted surveillance even though the case did go down on trespass grounds.

i want to flag to folks a really interesting discussion about exactly this at the privacy law scholar's conference on june 24th, 2012. just search on this from jones to drones how to define the fourth amendment. >> right. you can't hold back those clever scholars. now, i want to -- this was a good discussion. i want to flip the hypothetical, which is not so hypothetical and, david, ask you what if google did it? and to be nice, of course it wouldn't be google, but it would be facebook. then it's fine and you can answer it. mark zuckerberg decides i'm going to start a cool new app, called open planet and collect all of the current surveillance camera data in the world and broadcast it live on facebook and also encourage people to broadcast live from their phones allowing say ahmed to follow me 24/7 with his iphone and broadcast that 24/7 on the internet.

if zuckerberg did that, he'd say check up on your friends and learn cool stuff. whatever. if that were to be done, obviously the fourth amendment does not apply to google and facebook, even though google and facebook arguably have more power over privacy and free speech than any king, president or supreme court justice under current statutory law and you're telling us a lot about the complicated debates in congress. could facebook broadcast on its own private 24/7 camera feeds that would allow 24/7 tracking of anyone in the world. >> so i think part of this would depend, you know, i can't envision a scenario where a large technology company would put a product or service out like this without describing what it was doing and having specific privacy protocols behind it. so i would surmise that if such a product service application existed, there would be pretty robust controls around the

collection and use of that information and that, you know, when those -- at the point those representations were made, there would be legal restrictions on the ability of a company to collect and use that information or to make material changed. that's more of a function of the privacy policy itself than it is with respect to statutory law. you know, i think there are situations, too, where it would be implicated to the extent that information is being disclosed to third parties in way where the original user hasn't consented to that type of disclosure. so, i mean, i think there are other statutes that would likely come into play here. but, look, there's been lots -- there's been a lot of discussion about whether, you know, whether there ought to be a baseline privacy law, for example, that governs what companies that aren't currently governed by other types of privacy law.

legitimate discussion to have. i do think, though, it is a separate and distinct discussion from the types of debates that we're having in washington right now around government surveillance. and i think it's incumbent upon technology companies like google and facebook when we are, you know, venturing into new territories that have new types of privacy implications that we do give users the control that i think they expect when there's uncertainty around these types of applications. >> a thoughtful answer. not so hypothetical in some sense. i was at a wonderful legal futures conference that google sponsored in 2007 and andrew who was then chief of public policy said he expected within a few years google and facebook would face pressure both from the government and from users to aggregate public and private surveillance cameras and broadcast them live. we all talked about it and he thought google would choose not

to do it. what i want to know now under current law is if facebook chose to do it without restrictions, would it violate current statutes? ken weinstein, could someone make the argument that we're all voluntarily turning over our geolocational information where these camera feeds to third parties when we walk down the street and therefore private companies can broadcast them to the world without restrictions? >> yeah, i think you took the words right out of my mouth. i think that's a perfectly legitimate argument. especially since don't have a lot of signs saying this area covered by cctv. you decide to go ahead and walk down the street. you've accepted the consequences. i'm not necessarily advocating it as the right result. but i think as a statutory matter, i haven't gone through the cataloging of statutes that

might relate to this as it relates to a private party. but as constitutional matter, if it's a nonstate actor and there isn't a directly applicable statutory bar, seems like that would be a sound argument. >> greg, that sounds like an outrage. how could this be possible? and in particular, describe specifically the movements afoot in congress to address precisely this question. and if they're not afoot, what laws do you think are necessary to prevent mark zuckerberg from this invasion of privacy? >> i don't think there are really statutes or bills that are moving that would address something like that. and i think there is a significant hole in the extent to which consumers have privacy as against corporate collection of information. but i don't see it being plugged in a meaningful way by a baseline privacy statute in the near future. you know, jeff, let me put a twist on your example. maybe you were going there

anyway. so all this data's being collected by a company. and then the government says, hey, that would be pretty useful for our investigations. hey, we want the realtime feed, or hey, we want to be able to query the data base at will. what controls that right now? and really, we're in murky land. i don't think that much does. and i think that as privacy advocates, we need to start thinking along the lines that ahmed is talking about, which is not just protections are there at the collection stage. because often times when a privatecollecting, they won't be there, but at the access stage when the government says we want to buy it or the government says, you know, and we just want to act just like every other purchaser of information from this database.

>> that's great. and greg points to this danger in addition to the invasion of privacy of facebook broadcasting the state live. the government could also seize it. in your initial thoughts, you drew this really thoughtful parallel between the fourth and first amendment. i love that because it was so brandeisian. my hero. whenever i have a free speech question, i ask what would brandeis do. and his incredible opinion in the wiretapping case, he like you noted the intersection between fourth amendment protections against virtual searches and first amendment protection for freedom of thought. and he thought it was so important for citizens to be able to develop their faculties and form their opinions in order to be immune from government surveillance.

i want you to take up this facebook example. it's not the government, it's facebook, although government can buy the feeds. do you think the 24/7 facebook broadcasting violates current law? and if not, what laws would you propose to constrain it? >> so, it doesn't violate current law because you consent out of the fourth amendment. in other words, you've provided your consent to google -- sorry -- >> facebook. yeah. >> google would never do that. >> to facebook. i think this is what europeans refer to as data protection, which i distinguish from privacy in my own line of thinking. i think there's a difference between the idea of invading someone's expectation of privacy. and in our case, collecting data. and i think there's a difference between that and then using the data for a variety -- one has control over that. and that is a distinction i make in my head in terms of a doctrinal distinction. but i do find that when you kind of separate, it's a lot easier

to have a separation about this stuff. so you've given your consent, the company takes your data, you no longer have a right of privacy. but maybe you ought to have a right to control the data. or to -- or a right for your data to be protected. and maybe the government then could get involved and facilitate that or regulate that. but i think another thing that greg mentioned is sort of -- what these companies can do with their analytics. so google -- well, google and facebook. google can parse through and categorize youtube videos and tell you what all google, youtube videos have somebody wearing orange pants and raising their hands. facebook can tell you if somebody's depressed before they're clinically diagnosable with depression.

when you think about these things from a law enforcement or intelligence perspective, they're very useful tools. and so at what point will -- at what point will that be purchased or requested or asked for or compelled. that's sort of a question i have about social media. >> we're positive, of course, google would never process these feeds. but google unlike facebook is subject to a privacy protection from europe and that's the right to be forgotten. and i won't hide the ball on this. i just debated the european privacy commissioner and believe this represents the biggest clash between american notions

of free speech and european notions of privacy in the digital age. why don't you tell us about google's response the right to be forgotten and other regulatory pressures that it's facing to, from europe to protect privacy. >> well, spoiler alert, we lost that case. didn't go so well for us in the european court of justice. and i think we're pretty laser focused right now in trying to implement that decision in a responsible way. i don't think, you know, i don't think it'll come as a surprise to anyone to hear that the issues are challenging in terms of trying to figure out when information is, you know, irrelevant or outdated in the context of an individual's quote, unquote right to be forgotten. i know that's a term that some europeans take exception to. it's become sort of common in the discussion and i think we're, this is not this is not there's tho analog to what we are doing right now. i think it's an uncomfortable

undertaking in the sense that there is i think from the broader public, a sense that there is a large international company that is making editiondecisions that are going to determine what is available and accessible on the internet and what's not. it's certainly not a position that i think we want to be in. i think from a from a small per speck ty, it's not the right result. that said, i think we're trying to figure out how to implement this decision, to do it in a responsible way that's reflective, not only of the right to free expression in europe, but the right to free expression here and there have been some controversies that have surfaced about whether the right to be forgotten ought to be extended to dot com and i think it's an issue we're continuing to have discussions with protection authority but we believe there are real, sort of you know, philosophical and legal issues around extending the reach of the rules. and extraterritorial way to

reach dot com. there are issues now, too, around webmaster notice, the extent to which the publishers of websites will receive notice when there are right to be forgotten requests that weren't processed or those who pursued them were successful with and the extent to which those notices can be specific or whether they can be general. so, can a webmaster say that you know, they're you know, what you are seeing here or can we say i should say, what you are seeing here in the search results may not be completely reflective of what's out there. opposed to when you search on a specific term and there's been a request that's been processed you say some search results are not going to appear here. there's been less continue versy with the former example. i think jeff you're right, they're a real sort of serious implications here for the future of free expression.

which hasn't gone far, the notion that we ought to think about you know how we can -- our right to be forgotten in the united states and do so in a way that comports with the first andment. >> there are indeed. just to disaggregate a bit, we jumped right in the right to be forgotten gives any user in europe the right to demand the deletion from google, yahoo! with any information about them unless first google and then a european privacy commissioner decides it's not irrelevant, outdated or relevant to some public purpose so if during this panel now, someone tweeting i'm a really boeing moderator, after the show, i could object in europe that this violates by dignitary right and demand this post be deleted from google and google has to decide whether i'm a public figure with a tweet

that's relevant. at the moment for modest finds, but pending data regulation passes, the fines could rise to what is it, up to 2 or even more percent of your annual income which is more than $50 billion. that's some pretty heavy penalties if you guess wrong about this secureless and unfair tweet i'm trying to have a mood. >> i think that's as envisioned under the data protection and types of fines that might be imposed. that's a possibility. >> don't answer if you haven't followed it, but most americans support some form of a right to be forgotten. is it a good idea and should congress pass it? >> i can't claim to be an expert in this area. it strikes me as impossible. it's impossible to actually implement it. and you're right. it just flies in the face of the

idea that our culture our political democratic culture is based on the idea of free dissemination of information and the marketplace of ideas is nourished by more information, as opposed to less. it seems doesn't really fit with my vision. in terms of your question. >> great. >> any takers? anyone want to argue for it? on the bran dice question was this really great new book called intellectual privacy and he traces his evolution. because bran dice wrote the original article which looked a lot like the right to be forgotten. allowed people to sue if there was truthful, but embarrassing information that harmed their dignity, but he thought hard about the question. he decided free speech in a democracy was more important than dignity because people had to decide for themselves what was relevant for public discourse, then he wrote these

beautiful speeches about the necessity of favoring free speech over privacy. greg, give p the fact no one is arguing for a right to be forgotten, what is the most important of the pending laws in congress that you think are necessary to address one big problem that everyone identified, which is that third party doctrine, the notion that thes have said if i -- in it for all-purposes. so, you could argue, you talked about the cell phone search case, but the government might argue that when i walk down the street, i'm voluntarily surrendering my information to verizon or at&t or where ever my carrier is, therefore, they can share it with the government or anyone else. what are the laws having to address that big problem? >> first, david mentioned one key bill. that is the bill to require warrants for contents stored with third parties. i agree with david.

i think that legislation's time has come. the it's got strong support. i'm hopeful it will move this year. there's other legislation, the gps act that would make it so that government would need a warrant to get information generated by the use of mobile devices like cell phone whether it's gps information or cell site location information. whether it's prospective meaning going forward or whether it's stored. that legislation isn't as far along and i think we need to have more debate more hearings about it. complex issues come up. law enforcement does these things called cell tower tops. who was at third and main on the day the bank at that corner was robbed? which phones were there? they got a dump from the cell tower and that lets them know which phones were there.

why would they want that? could be thousands of people. because then they ask well, who was at 2nd and water street on the day the bank there got robbed? and all of a sudden they look for which numbers were at both locations because it was the same mo at both locations and then all of a sudden, they have their suspect. so, is that going to require a warrant and what would be the standard for that warrant? then there's the one time ping. it's different to say where is greg now versus where was federal government at each moment for the last 90 days? i think it's hard to draw that line. and so my inclination is to say you need a warrant for location information, period. but others will want to draw that line. so i think that the location legislation isn't as far along. i think it's worthy of consideration and more debate.

and i'm hopeful that it will move forward after the warrant for content legislation goes through. the other bills that are pending, can kind of alluded to the section 215 section legislation. congress is facing an important decision about whether to continue to permit bulk collection of information. about every phone call made to, from, or within the united states. for that prarmogram, so, ipg that's going to come up as well. i don't want folks to miss one ore debate and that is the cybersecurity legislation.

there's legislation pending now that would allow companies to share what are called cyber threat indicators that are derived from your communications with the government not just for cybersecurity reasons though, but also particular in the senate legislation also for criminal reasons. a number of criminal statutes could be used to trigger this information from providers to the government. i think that's very dangerous. i'm all for cybersecurity. i think there's a flaw in current law that doesn't allow companies to share what they ought to be able to share. they ought to share, but that the legislation is going way overboard in terms of describing and permitting the sharing of that information. from. >> that's very helpful and let's get the panel's thought on the categories of debates you've talked at. first, bulling collection, then the warrant for contact an then

some of those cybersecurity issues. counsel for chelsea manning, is the bulk collection ban by congress necessary or do you believe that bulk collection as practiced by the nsa violated the fourth amendment as at least one court has held? >> i think a ban is necessary. because i'm on the fence as to whether dock trinly there's an issue and there may not be an issue, so that's why i think, a ban is is necessary for normative reasons. however, the examples that we give as to the harm, natural privacy, harm that derives from bulk collection, especially to 15 bulk collection, is a result of the use of the data and again, i think that's i distinguish collection in use.

>> can we recently saw that the obama administration had considered ending bulk collection before the snowden revelations. would a ban on bulk collection by congress harm law enforcement and be a bad idea? >> why are you answering that one? >> yeah, why? >> subtle moderation here. >> yeah. look, the, i'm not sure about the, there's accounts about how the it was considered whether or not to end the bulk met data collection 2i 15 to the cause certain follow on reports as people react to that initial report about how serious that consideration was. though that does raise an interesting question. i think they're in the public

debate, they've got the constitutionality, whether that collection fits under 215. whether that stretches allows for that bulk collection and then the question about utility. that's on the executive branch to make that argument and it's important that they make this arlgt to congress. it's porpt. and to find this. what core of that authority do they really need? at some level, i think the argument can be made because the question then, i'm going back to my old slippery slope argument as an advocate for the government. in this situation, i am sort of doing that. what is is bulk collection? it's a broad term and once again, like the 24/7 drone, we're talking here about the collection of millions and millions of phone calls, so, sort of a relatively speak ging, extreme form of bulk collection. and the question, legal question

is it relevant for every piece of that information relevant to a terrorism investigation, national security investigation to have all that. the argument of course is is that we need all those telephone numbers to see those patterns. the type of thing greg was talking about in relation to banks and cell tower information. you can start seeing, oh, this is a bad guy's number here and he's in touch with this number and that number and that then helps you to potentially unwind a terrorist cell. the question is well, yeah, but you know, all those millions of phone numbers the vast, vast, vast majority are going to be calling made by people who have nothing to do with terrorism and are completely innocent. that's true. and that sort of extreme example, you say the government's taking control of this information, most of which doesn't have a direct connection to terrorism. take it to a smaller level. government hears that through some intelligence channel that a

terrorist has got on a plane from paris to jfk. no identity. don't know who it is. do you want the government to be able to immediately get the manifest of all the names of the passengers passengers on that plane. 109 of them have nothing to do with terrorism but one does. is but in order to find out who that person is you want all those names, you want to run them against your databases to see if you can identify who the bad guy is before he tries to blow his underwear up or whatever. so i'm at a practical level you have to think about what is bulk data collection. it's not just the extreme. and there are situations where i think most of us would agree that's the kind of thing we want to do quickly and shouldn't require a warrant. >> we have a technical term for that collection of all the names of everybody on the airplane along with terrorists. it's "bulkish" collection. [ laughter ] >> so what happens in the case of bulkish collection?

bulk collection means they're not using an identifier to collect on that specific term, okay? so they're not saying give me everything -- it's not like a pen register all the numbers dialed to and from a phone number. it's all the numbers dialed, all phones. that's bulk collection. in the airplane scenario the key issue for the privacy folks i think is not whether you can get the manifest it's what happens to all the other names on the manifest that are of no interest. >> well that goes back to achmed's point which is that it's the use. i'm sorry. it's the use of the information and the limitations. it's not the limitation on the collection on the front end but how it's used and the nsa went to great pains to say there is a limited number of people who can access it very limited reasons, purposes for for which they can access x number of levels of authority for doing et cetera.

so joe nsa operator can't just check to see whether his girlfriend is making calls to somebody he doesn't like. >> here's the problem. the fbi doesn't have a rule that says they have to throw out that data after they make the match and that's where the fight is, a big part of the fight on the section 2 15 reform right now. make the bhach, throw out the data for the people who don't fit the match. you'll save it while the investigation is happening and you'll making sure that the terrorist cohort is or is not on the plaen, i get that. but at some point relatively quickly after that assessment is made, get rid of the data about the innocent people and there's not a good rule about. >> that david, does google have a position on whether bulk collection should be renewed or banned? >> yes we do. we've been strong supporters of the usa freedom act.

there were several iterations of that bill last year. it's interesting to hear the discussion. i don't know candidly at the end of the day from a functional perspective whether there is that much disagreement in the sense that there's been a lot of discussion around the bulk meta data program and the broader communications metadata program and the solution that has been offered is to require that the government use a specific selection term. it's part of the usa freedom act. it's also part of the on going discussions around surveillance reform legislation and there's been a lot of discussion about how to get that to the point where it doesn't permit bulk collection, where it doesn't open the door to the types of surveillance that we've seen in recent years and at the same time gives the government the flexibility, particularly in some of these cases and the hypothetical that ken raised so that where they can't, for example, use a very specific

identifier, whether that be an e-mail address or a phone number, that they're able to obtain records that enable them to identify and thwart a terrorist attack. is the more the debate focuses on the use of that data, i think eat important to talk about miniization procedures. and what the usa freedom act, what we saw last year was that industry privacy advocates it will administration the intelligence community managed to coalesce around what was the right definition in a way to get this so there was not bulk collection so i would say we don't need to start necessarily from scratch. we have a solution that's on the table that works. we have about two months to get it right. and i'm hopeful that we can move forward with that bill. >> it sounds like the perfect reform supported by the administration and industry and google and yet it didn't pass

last year. why not and will it pass this year? >> so i think a lot of it had to do -- i think a lot of it had to do with at least last november. there were some process-based objections about the way that the bill came to the floor. it didn't go through committee first. there was an opportunity to pass it in the lame duck session and there was a sense and understandably from some who felt like it should go through regular order. that opportunity is there now and i think, you know, congress probably should avail itself of that regular order process toe the extent that that's important. there were 58 votes in the senate, two short of moving it on the motion to proceed. some of those in the senate who've supported that reform are gone. but if you sort of take a look at the numbers, it's difficult from both sides. on the one sense you know the senate, when you have to get to 60 votes you have to be able to bring along the other 40 in some way.

last year it was the burden of those who wanted to move that bill, this year it's the burden of those who may want to simply reauthorize section 215 in its current form and i would submit that that is not truly in the realm of reality. and, you know, i think it's incumbent upon everybody to get around a table and figure this out. we've done it to some extent already with the usa freedom act and so what i'm hopeful is that folks can sort of recognize that the types of solutions that are being forged here are relatively modest ones in the grand scheme. there are broader reforms that have yet to be undertaken. there are really important concerns. i want to underscore very important concerns outside of the confines of the normal fourth amendment issues we discuss about what types of rights non-u.s. persons are going to have going forward. the internet is a global medium it does not have borders. folks who are -- rightly look at

the way our laws operate and the way we operate our surveillance programs and can't seem to fathom why it is we focus solely on the rights of u.s. persons. that's a really important debate that we're going to have. but i think it's really important to get this right here because it does in some ways frame the terms of the debate going forward. >> can you talk about how hard it is for congress to scale back powers to the executive once granted? will the usa freedom act pass and should it? >> you know, i'm not overly optimistic that it will pass in the current form especially given the geopolitical events since last year, so i'm not really sure that they would trend toward passage as opposed to the other direction frankly. >> let's talk about the other category of bills that greg flagged, warrant for content-based information and warrants for geolocational

information. i'm interested in the political landscape. will those pass or should they? >> i think on the -- in terms of the content -- now, this is about the 180-day rule and whether you can -- whether you need to get a warrant to get e-mail content even if it's over 180 days and hasn't been opened. i think there's a strong movement for that and i believe actually, that the justice department has come out and supported it, as a matter of practice i believe the justice department the getting -- i believe they're getting warrants as a matter of practice even though they're not statutorily obligated to. i think that will. less up to speed on the geolocational aspect of it the geolocational legislation but i could certainly see, especially in the aftermath of the jones decision that it would stand a fighting chance. >> interesting. greg, do you agree with ken's analysis? and if so, why is it congress

might be more willing to restrict private-sector collection of data than to restrict government surveillance? >> i don't see congress passing a meaningful bill restricting writ large private sector collection of data. the white house has proposed a rather weak consumer bill of rights recently so i just don't see a strong one going through the, at least in this congress. now, on the usa freedom issue i think it's an open question about what -- i think some legislation is going to pass. it almost has to right? because it's going to be hard as david said, to reauthorize section 215 as it is and really, jeff we're in a debate about to what extent will section 215 be amended to prohibit bulk

collection or to permit it in some circumstances but more limited than not. i think that's the debate. i don't think there's going to be a completely binary question on that. as for reform, i'm pretty confident that there's enough support now to get it through. and for the government -- from the government's perspective, all the large providers -- virtually all the large providers now, not all of them but virtually all of them, are requiring warrants for content. they're basing that stance on a sixth circuit case called the warshack case where the court found a warrant is required and no court has gone the other way no circuit court has gone the other way. so all the providers are pretty much lined up behind that case and saying if you want content you need to come back with a warrant. so what's the big deal about staff tiesing it? >> great. questions in a moment but i want to take up the last big issue on the table anded that is

cyber security and encryption. achmed, i love the fact that your biography says you're a journalist accused of being a spokesperson for the hactivist group anonymous. >> that's a client, yes. >> are you, in fact, the spokesperson? >> no my client barrett brown was accused of being the spokesperson for anonymous. >> i see. there's a big misreading of the bio. you were lead counsel for garrett brown, a journalist accused of being the spokesperson. so i can still ask you the question. the argument against recent moves by apple and others to encrypt data is it makes it much harder for law enforcement and child molesters and other serious bad guys. what do you think of those arguments? >> well, it certainly makes it more difficult but i don't think those are good arguments to prevent a maker of technology not to provide secure, efficient, and robust technology to customers.

for me it's open-and-shut. prime minister but it's interesting because you've got a lot of different technologies being developed and having dual purposes. for instance, the -- the notion that -- somebody mentioned vpns earlier and the idea of sort of cloaking your online identity or using anonmizing technology so that the person on -- or the computer on the end point from whatever communications you're making won't know where you're located, won't know your ip address. that's a huge problem for law enforcement because law enforcement generally likes to go through friendly third parties like the icp. so as a result of that for instance, there will be a modification of rule 41 of the federal rules of normal procedure allowing fbi agents to hack into computers as a mode of search. now, when you apply that to

targets whose location is unknown, almost 90% of those targets will be outside of the united states. so now you've got a situation where an fbi agent or a prosecutor with an fbi agent are making an application to a magistrate judge getting a warrant to conduct a hack. there's a nine out of 10 chance that hack is going to be abroad and it's unilateral you haven't gotten consent of that country. so all of a sudden you have a magistrate judge and law enforcement engaging in what i would think of as foreign relations. so i guess i -- i'm telling this story just to sort of underscore the complexity of all these technologies but also the fact that law enforcement is not our -- and should not trump everything. i would also note that this rule 41 modification would be used in general crimes, so we're not just limiting it to national security. of course cyber security is the new national security.

and so when kenneth -- the great examples that kenneth gave on stopping a terror attack, those same exact type of scenarios could be presented in the cyber security context because in fact, cyber security is a higher national security threat than terrorism. so i'm wondering -- and that is the perfect slippery slope right? so you've got a lot more information sharing between private companies and a very vague indicator of whatever cyber threat information is. i don't know what it is. and that also being shared with government and at the same time you're trying to protect for person abuse of that information sharing such as antitrust violation, for instance. so a great deal of that has happened in a black box where nobody can be exposed to it. and some would argue that that

makes it private as well. in fact, i think the leading view in scholarship on privacy is that you need some form of human exposure. all to say that we've got more information being exchanged or shared and analytics being conducted on that information and then outcomes that are pretty opaque to the naked eye. and for me, again i think that's -- it's not just a privacy issue. it's also a chilling of each issue but really a due process issue. >> nice to draw those connections. david, does google have a position first on -- what's google's reactions to apple's decision to encrypt and what's its position on the cyber security? >> thanks. so we are very much too sort of moving toward the result of encrypting devices in the same way. we've encountered some issues

just with the performance of devices that run on the android operating system. it's a little bit different, as many of you know, because apple has a soup-to-nuts operation whereas we work with different carriers, different original equipment manufacturers but we're very much sort of heading in that direction. you know, i think just to take a step back there is a tendency to view the movement toward end-to-end encryption as necessarily responsive to the edward snowden revelations. i think that oversimplifys the debate, at least vis-a-vis google. we've been working on various forms of encryption, whether that's in transit from the browser to google and now obviously end-to-end encryption we were working on these things for quite some time, well before the snowden revelations. and i think looking at surveillance as a common denominator is the wrong approach. looking at it from a security lens is the right approach. if you look at the number over

the last 15 years, the top complaint made to the federal trade commission is identity theft. we take that pretty seriously in terms of trying to think about the ways that we can protect our users. it is true that the snowden revelations in some senses have created additional sort of -- if you want to call them vectors for compromise, the revelations have taught us a lot about the ways that theoretically the government is obtaining data and service providers have reacted in some ways accordingly but this is a much more complex debate than simply whether companies are nsa-proofing or law enforcement-proofing devices. that's really not what this is about. in a lot of senses, it's -- one of the reasons that i think folks in the smart phone space have been doing this is because of complaints around lost and

stolen phones and the fact that the vast majority of consumers don't -- unfortunately don't avail themselves to even basic security measures to protect beta that is stored on those phones. so part of that is about protecting users, just with basic security so that that type of data isn't compromised. you asked about cyber security. let me just say real briefly, we filed comments in this proposed change to rule 41 of the federal rules of control procedure and for some of the very reasons that achmed was just mentioning. i mentioned before that we need to think more in our privacy policy debates about the rights of non-u.s. persons. one of the reasons we wanted to file is because of the concerns about how the cross-district searches would be undertaken in light of some of the network investigative techniques that we know are out there. and the fact that the rule

assumes at the outset that the location of the electronic media or storage is going to be unknown. it is a virtual certainty that there will be instance where those devices will be located overseas, those implicate foreign policy and foreign relations concerns. so it was important for us in that respect i think to engage. on the cyber security bill i mean, we haven't taken a position on the bill itself. i will say that, you know there are obviously some concerns about sequentially taking up a bill that has real concerns around privacy before we sort of take up surveillance reform legislation. so i would say that, you know particularly given the expiration of section 215 coming at the end of may that ought to be the priority. but i also think that we should -- if we're having a debate about cyber security i think information sharing is not in and of itself a panacea.

i worry that the debate has been sort of -- sort of reflects that as a truism when that's not necessarily the case. i think we can have a broader discussion about policies around zero day vulnerabilities, for example, whether those vulnerabilities are being disclosed to the private sect knorr a timely manner, what are the government policies around that, whether those policies ought to be codify sod that there is a clear bias as opposed to sharing or stockpiling. so i'm hopeful we'll have that discussion, too, in the context of the broader cyber security policy debate. >> thanks for those thoughtful comments. i do want to get to questions right away but i have to ask ken as a former prosecutor. are you concerned by the movement by apple and now we learn by google toward encryption? >> yes, i am. i'm very concerned about it. the government has expressed -- the executive branch has expressed its concerns jim

thome, the fbi director on a couple of occasions i believe last week in congress, was taking a very strong stand about the dangers of absolute encryption that it puts content beyond the reach of law enforcement and he's a man who picks his battles carefully and calibrates the strength of his position and he did so, i think very intentionally in this case because of the seriousness of the issue. i think someone said earlier on data security or communications security is good for the bottom line. and that's true but terrorist attacks are bad for the bottom line and the reality is there is -- the concern here is not that encryption might make it more difficult for the government to get information that might relate to terrorists or other threats. it it's that this encryption could make it impossible. so the battlefield here is not we need to give the government full rein and open season to

access this content whatever they want. no, the question is if the government goes through the process of getting a warrant meets the criteria for a warrant, has the predicate information to get a warrant gets a warrant should they be foiled by the fact that that communication is encrypted? and, you know, we know it's going to happen. once a certain category of communications or providers are recognized as having encryption as beyond the capabilities of the government, that's exactly where the bad actors are going to gravitate to. so the question is -- i've heard two arguments in the press about this. one is as a technical matter it's really not possible to put a back door or some kind of access that the government can use without creating a vulnerability that others may use. and i -- you know, that's a technical matter. my first reaction is there's got to be a way to do it but that's really for the technical people to iron out and i've seen both sides of that issue played out

in the press. the second argument is well gosh, if you did create a process like that for the u.s. government, shouldn't we have to also do that for other governments? and i get that argument and i get that argument for an international multinational corporation but at the end of the day i'm personally looking out for the interests of this government and my feeling is this government needs that information. i see how critical content surveillance of communications is in just the counterterrorism fight as opposed to any other area of enforcement or intelligence operations and to have that put beyond the reach of the government, i think could be very dangerous. >> thanks very much for that. we have about ten minutes for questions, both for your questions and questions submitted through gmail with complete security and privacy i'm sure, thanks to david. are there any questions from the audience? we can begin with some of our great gmail questions.

>> so there's currently three of them. i'm going do go through all of them so you can take them on. the first one is another hypothetical. what about a street level robot segway that answers questions to lost pedestrians, observes and reports traffic congestion but also collects face imagery and location information from every pedestrian it passes. so someone is giving you a hypothetical. >> should we start with that or do you want to do all? what a great hypothetical. i was real -- now this sounds name dropping but i was at south by southwest the other day and there was a cool robot going down the street, i don't know what this app is but it was a woman in some other city who was scaping at her computer and was walking down the street and this robot observing the scene so it takes it further and the robot of this actual app is recording information like a sort of rove manager google street view and collecting and aggravating.

greg, is that any less problematic than the flying drone? it's the street level rather than overhead. >> well again, for bulk i don't think that we have laws that really deal we they are. the drone that can collect data 24/7 and follow an individual around no matter what their mode of transportation is seems a lot more intrusive to me than a robot that probably only moves a few feet an hour and can't really follow one person around for a long time. but i do want to follow up on the encryption comments that ken was making. we are -- we have to be encrypting more and more data. every time you buy something on the internet, that communication has to be encrypted. if it's not, bad guys can get it and get your credit card information and then you won't

make purchases on the internet, you won't go to different places on the internet where it's not secure to make the queries that you want to make. so we are going to have more en encryption and we're going to need it. and i can't fathom, i really can't fathom congress coming up with legislation that would actually make communications and communications devices less secure. i just can't believe that they would do that at the same time there's always this debate about cyber security. i don't think we're going down that road, ken. >> thanks for that. yes, sir? >> achmed, this is related to the proposed rule changes, to rule 41 specifically. i'm wondering what you think might be potential kind of avenues of attack for defense attorneys in the future that are

going to be defending cases where the fbi -- we've seen cases already where the fbi has been hacking into servers located abroad and unfortunately being able to get away with it but maybe somehow under these new rule changes when they do come into effect there will be some -- some possible grounds for attack from are defense attorneys and, you know defending against this type of hacking by law enforcement. i'm just wondering what you anticipate might be some of those arguments. >> so i think one good argument -- and of course it would depend on the method of attack -- so presuming that one very popular method of executing a network investigative technique is a phishing attack, which is intentionally sending somebody an e-mail and duping them into clicking on something and the malware gets installed on their machine. at that point the fbi agent

hacker is in control of of the machine. something like a phishing attack, for instance might violate the fourth amendment's requirement for particularity your identifier is not the compute ere but somebody's e-mail address and that e-mail address can be accessed from any computer. so if i were on your computer and i was the target, i got a phishing attack and it -- your computer gets infected and then they find some sort of criminal activity that you're up to. i think that would be a great challenge. i think there's -- the international issues and the territorial issues are not as easy to challenge obviously because we've just heard throughout the day that the

privacy rights abroad exist even less than they do in the united states and so it would be -- i would be very hard-pressed to find a judge that would actual lily register an argument that, a, i had a reasonable expectation of privacy being abroad, for instance, or using this anonmizing technology or the, b, the violation of another state sovereignty and i think you might be referring to the silk road case for instance. the silk road case you had the fbi agents -- well, the fbi agents were alleged to have typed in a series of key strokes at the capture page for the silk road and that that series of key strokes was equivocal to hacking the server and that is what got them to know of the location of the machine, its true ip

address. and i think you'd be very hard pressed to say that you violated another state's sovereignty in hacking a machine abroad without taking their consent and somehow that relates to a suppression motion somehow. of course the fundamental problem with all of this is the fact that you are asking for exanti relief in a world where the exclusionary rule does not help you as much and professor kerr explained that all in the last panel. >> that sounds great. we have four minutes left so why don't you give us one more gmail question. >> just sotomayor wrote in jones that even short periods of public surveillance could implicate the fourth amendment and the technology allows

searches that were once prohibitively expensive. to what extent does our righting to the cheap availability of information affect the fourth amendment? >> greg? >> it affects both fourth amendment and first amendment analysis. there is a chilling affect that the fourth amendment can have on free speech right bus sotomayor went even further than that quote that was -- that was just given to us. she questioned whether the third party doctrine, the doctrine that says that when you entrust data to a third party for example so it can be transmitted to a communication whether the third party yeey doctrine continues to serve us well. so she's -- it's a fascinating opinion. she's questioning really the

whole basis for law enforcement access to a lot of information without a warrant. and and i'm waiting for that location case to get under the court so we can see where the third party doctrine is going. >> well, i would love to continue this thoughtful nuance, diverse discussion but all panels have to get out on time and some of just to get out for passover so happy passover, happy easter and thank our panelists for a great discussion. >> the house and senate are not in session today but lawmakers will return next week for a busy week of debate and votes. senatesors plan to work on a measure that requires the obama administration to submit any nuclear agreement with iran to congress for a review. he'll attempt to override president obama's veto on legislation disapproving the

national labor relations board regulations issued last year on union election rules. see the senate live on c-span 2. and house members will meet with senators for a joint meeting of congress to hear remarks from japanese prime minister shinzo abe on wednesday before returning to work on 2016 federal spending and military construction veterans affairs and energy and water development. you can see the house live as always on c-span. we have more now from the conference on the fourth amendment in the digital age as a panel of legal analysts discuss government surveillance and data-gathering technologies in the digital age. they examine the role congress, the courts and the administration play in enacting rules to protect consumer privacy. >> thanks to all of you here and those of you watching us online. i'm the senior privacy national security council with the national association of criminal defense lawyers and if you missed it and i'm sure you

haven't, but if you're watching online and you have questions you can e-mail them to nacdlquestions @gmail.com. i want to introduce the moderator of our next panel, gerry morris, a sole practitioner in austin texas, who has practiced criminal defense, state and federal, for 36 years. he focuses on trial work but handles appeals and post-judgment relief. he is the president-elect inacdl and our fourth amendment advocacy committee co-chair. in addition to the fourth amendment work he does including this symposium which he worked on closely, he also works on indigent defense reform and working in travis county, texas, on an effort to strengthen the assigned council system there. he will be moderating the panel and welcoming the rest of our panel so please help me welcome him to the podium. [ applause ]

>> thank you. i want to once again thank american university for dedicating the resources and the staff and all that goes into having us here to put on this symposium. i have asked around and i'm quite confident that this is the most comprehensive symposium on this topic that's ever been held. that's both rewarding and a bit concerning because this is not new stuff. and the discussion certainly needs to move forward. the panel? -- the topic of this panel is a good segue from the last panel. we talked in the last panel about what is the technology out there for surveillance, data content, location. what have are the techniques that are available to the government and the devices, technology. this panel is basically going to talk about what can we as practitioners do about it? how do we challenge the use of

these techniques and devices in our cases? i'm not going to give long introductions because you have the biographies in your material s our panelists are hani acory. senior staff attorney from the freedom frontier foundation. most of you are familiar with that organization and what they do. also if you look at the materials that you were given when you came in you'll see a copy of the champion this month's issue of the national association of criminal defense lawyers magazine. there's an article in here by mr. acory thaw discusses the "riley decision." nima singh, legislative council, american civil liberties union. jim harper, senior fellow, kato institute, and orrin kerr, fred

steven son research professor of law, george washington university law school. i proposed three general areas of discussion. these are -- the panels are not limited to these but to give you an idea of where we're going with this. those areas of discussion are what is the current law, fourth amendment law regarding these issues y doand where do we think it's going? and corollary to that is does the current analysis under the fourth amendment reasonable expectation of privacy does it really fit this subject matter? or is there another way to look at it perhaps? another topic is how do we find out in our cases whether this technology has been used? you've heard that efforts have been made by law enforcement to keep it secret. how do we determine that it has been used?

and for instance, in the instance of the stingray device, even after it was discovered that it was being used, law enforcement made an effort to keep the details of how the device worked secret. how do you discover how these devices are used, whether, for instance, they involve a trespass that would evoke the plurality of opinion in "jones," how are they attached to something? do they grab something out of the air? how do they work? how do we litigate this stuff? how do we specifically raise these issues in court. with that i will direct the first discussion to professor kerr.

i'd like you to go first and jim follow up. >> thank you for the invitation to be here this morning. it took me for a while to realize when passover was scheduled for this year. i was like, oops, that's a problem. so i wanted to talk about the situation for the development of fourth amendment law in the digital age some of the major default lines. from a defense attorney standpoint there's good news and bad news. the good news is courts are being creative in interpreting the fourth amendment as it applies to new technologies. they're doing interesting things, they're expanding constitutional rights in a lot of surprising ways. think of the "riley" decision recently, the supreme court's decision on searching a cell phone incident to arrest. a unanimous decision in favor of rejecting the traditional fourth amendment rule and enacting a

broad warrant requirement. kind of a surprising development in a lot of the ways as to its unanimity. from a right standpoint good news from defense council. there's creative arguments that a defense lawyer should be and can be making that things violate the fourth amendment that a few years ago would have seemed like very very hard arguments to make. and the down side is just as that's happening the supreme court is cutting away on the scope of the remedy that matters most to defense attorneys. that is the suppression remedy and cases such as davis v. united states saying no exclusionary rule applies when the court for -- when the officer relied on then-existing law, full disclosure, you can blame me. i argued the case for "davis" and i lost. so it pains me that i have to keep talking about it wherever i go because i knew this was going to happen and -- oh well, two votes. what can you do? so in effect i think these trends are related, actually.

as the courts move away from the exclusionary rule they feel more comfortable creating broad rules because no one is getting out of jail so the good news from a defense attorney standpoint is the fourth amendment is expanding and the bad news is your client is probably not going to benefit much from it. but there are certainly arguments to be made to get around this and we can talk about this. let me focus on the rights standpoint. so from a standpoint of what is a search or seizure great cases throughout that you should be using if you're a defense attorney with a digital evidence case. you should be relying on -- there's the "jones" majority opinion, the trespass case. nobody quite knows what the trespass theory is in jones. it's really counterintuitive that placing a gps device on a car is a trespass into the car. it's not actually going into the car, it's affixed on to the car. just this week we saw a decision in grady v. north carolina saying that also applies to an ankle bracelet around a gps

monitoring bracelet around a person's ankle and they did that without argument even. they just reversed on that ground so on the rights question, there's the trespass argument, the jones concurring opinions which really sort of depart from traditional understandings of fourth amendment law by suggesting that monitoring over time could be a search even though individual pieces of collection of evidence are not searches. that's another thing you should be using wherever you have digital evidence collection because a lot of times digital evidence collection is part of a broader effort to collect evidence. that could be argued to create a mosaic which constitutes a search even if in the traditional context it might not seem like a search. for fourth amendment reasonableness we have the riley case which i talked about a minute ago and you should be pushing for riley moments in your cases. just as the supreme court said

in riley that the traditional fourth amendment rule for search incidence arrest does not apply in the computer context because computers are different, i think of that as the riley moment where the court says we need a new rule and that opens the door for lots of opportunities to make riley moment arguments in other contexts and some courts have already gone in this direction. and so from a rights standpoint there's a lot of arguments that can be made as to what's a search, what's reasonable, pushing against the doctrine as it exists now with riley at your back and jones at your back and other cases that are suggesting that the courts are open to do lots of creative things. so i'll emphasize that part and then i'll not talk about the exclusionary rule part because, oh, i'm out of time. so someone else. >> i whether probably use the same internal clock to figure out when i'm out of time. and i may not be the most helpful to defense kouncounsel with

their cases because sfwhierchltzi'm sort of a one-note johnny. of course, as dplierjtzpractical matter you want to argue that because i'm always intrigued to find many lawyers believe that reasonable expectation -- is a prefix to the word privacy. not regarding privacy as a separate condition that exists or doesn't exist without respect to what people think about it. but understand -- so argue that, but understand that that doctrine is a failure. and i think it won't survive very long along with the third-party doctrine. the supreme court hasn't been using reasonable expectation doctrine for the last little while, at least not very much. sure, a lot of people read jones as being all about that but that was the concurrence and on the majority opinion. what's wrong with that test? well, it's not administered very well. rarely does a court actually

examine the subjective feeling of the defendant as to their privacy. the objective part of the reasonable expectation of privacy is actually just a subjective statement on the part of the judge or judges who issued the decision. usually -- or as you have been as not, i should say, in accuracy, it comes to the wrong result and i think that a well-done study of people's expectations, that is people out in the land not here in this room, with regard to their telephone dialing information would find that smith v. maryland is simply wrong. most people who aren't lawyers, who don't know about smith v. maryland would say "heck, no, you can't see the content of my phone bill that's stuff i have that." it's also not a product of the katz decision. it's a product of a solely on lyly concurrence in katz. justice harlan i think was doing his very best to try to capture

these difficult problems, the intersection between technology and the fourth amendment when he stated what has now become what's called the katz test. but katz actually went down on the fact that the defendant had entered into a phone booth and there concealed the sound of his voice from other people. so in closing himself in a miniature room, of sorts, prevented the information from reaching others and the government accessing it through use of a bug was unreasonable. the majority -- read your cases, folks. the majority in katz did not decide based on what has now become the katz test, reasonable expectation of privacy. my argument is to obviously use it but also argue for administering the fourth amendment the way you would any other lau. so you go through it like a student would through a statutory law. for right to be secure against unreasonable searches and

seizures in a person's houses papers, and effects. you go through the major elements of that. was there a seizure? was there a search? was the thing seized or searched protected by the fourth amendment? then you get to the question of whether it was reasonable. the seizure -- so seizure and search are often collapsed together and that makes it hard to work with sometimes. but there are cases where there are seizures that are not in part of the -- not part of the search and there are cases where there searches that are not part of a seizure. but jones is a good seizure case because the court found -- it used the word "search" but what it was talking about was the invasion of a property right. kara will send you off on a tangent because it treats the property right and the possessory interest as the same thing. but property rights go beyond the possession of a thing about use, administration benefitting

from the profits of having a thing. these are all within the realm of property lights according to that bundle of sticks that we learned about in law school. and attaching a device to a car converts the car to the purposes of an outsider, an interloper on this piece of property. so attaching a gps device to a car very much is an invasion of a property right. it's just not the possessory right. so jones didn't lose control of his car, the car wasn't taken away but his car was used by somebody else which is a violation of that right to exclude. so watch for seizures. very often seizures and searches are mixed because the law enforcement officer will look at the underside, this is the seizure, this is is search and there are one or two cases where the court articulates those independently. search canning happen in a stand alone way and kylo is the best example of that. that's the case with where law enforcement used a thermal imageer to access the heat profile on the side of the the

building. it made things that were otherwise imperceptible perceptible. literally a thermal imageer takes heat waves are that are imperceptible to the human eye and moves them a different place on the spectrum so you can actually see the heat as visible. so in ordinary light no one can see what the heat on the side of a building is but using this technology that made visible what was there to for invisible. there are terms about how to administer a search, in terms of going to subjective intention of law enforcement. were they really, really, really looking very hard at a certain thing? you can call that a search. but even more granular and scientific about taking things from imperceptible to perceptible is when you get to search.

third question, is the thing seized or searched protected by the fourth amendment. we have things people carry cars are in effect, the court has found, et cetera. then the question finally is was it or was it not reasonable? this is where the judging happens. and judging has to happen. there's no test for the fourth amendment that gets away from it. but at least the question is focused on the right place which is on whether or not the government was being reasonable when it searched. the way the reasonable expectation of privacy doctrine works is that it examines whether the individual was being reasonable in expecting privacy and that's not what the terms of the fourth amendment call for. to apply this statutory style way of working with the fourth amendment you really, really have to understand how the technologies work. let me walk you through the technologies we've encountered over time to show you how it applies and i'll start with

mail. paper is a very handy form factor for cellulose that's lightweight. it has a terrific sort of absorbency of ink and we use paper to put hieroglyphs into a fixed form letters, numbers and symbols. and in the right order these hieroglyphs convey our thoughts feelings emotions, et cetera et cetera. when folded and concealed in an envelope, the opacity of the paper makes those thoughts feelings emotions et cetera et cetera, imperceptible to others that have not accessed the inside of the mail. what we find is that when we use these physical characteristics of paper to conceal information, the information gets fourth amendment protection.

so in exparte jackson in 1877 which discussed very interestingly the constitutional difference between sealed mail and opened mail like newspapers and flyers, the court said letters and sealed packages of this kind in the mail are as fully guarded from examination and inspection except as to their outward form and weight as if they were retained by the parties forwarding them in their own domiciles. the constitutional guarantee extends to their paper, thus closed against inspection wherever they may be. so using the opacity of paper to conceal information gives you constitutional protection as a matter of physics in the first instance, which is backed by law. fast-forward from 1877 to 1929 and the olmsted decision. olmsted majority got it wrong, but the dissents were the really interesting ones. brandeis is neat and all because he said that there's this wonderful right to be let alone which is maybe a little too broad and quite hard to

administer. look to justice butler's dissent. he argued in fascinating language "the contracts between telephone companies and users contemplate the private use of the facileties employed in the service. the communications belong to the parties between whom they pass. sort of a statement of property rights. during their transmission, the exclusive use of the wire belongs to the person served by it. tapping the wires and listening in by the officers literally constitutes a search for evidence. let's go back to how that technology works. remember those hieroglyphs we talked about? written language. that's an abstraction on spoken language. and when i speak into a microphone, the microphone takes the sound waves, translates that into an analog electrical signal which passes along the wire and is literally passing along this wire here inaudibly and invisibly to anyone.

now, this is immediately being translated back into sound waves to be broadcast out to you. but on this wire the things i'm saying are inaudible and invisible. imperceptible to someone coming along the wire. if it was a mile long somebodies spying this wire would not be able to see or hear what was happening on the wire. when they access it they are accessing information that is mine. this communicationon this wire is mine. if the wire is mine or if i rented the wire for this purpose. so it's an invasion of the property right to take this communication from me and make a copy of it for yourself. the internetworks in much the same way. taking analog signals, the appearance of my face, the sound of my voice, the things i've typed, the things i say into the phone, and converting them not into analog electrical signals but digital electrical signals broken up into packets and transferred out across the internet. when i hand over this

information to an icp it's subject to contractual protections so that if you want to talk about the signal itself, the communications as a unit of property it's essentially mine. but i've given an easement in the information to the icp and i have obligate it had icp through at least implied contract to make sure that information is maintained in confidence across the internet to its destination. so there's as good an argument until the internet context as there is in the phone context that the communication belongs to the parties among whom it travels. obviously the details of any given circumstance are you have to navigate through the very, very fact-specific instances. but this is a way to administer the fourth amendment that's sound, that doesn't rely on the subjective whims of judges in a given situation and over time

could restore the strength of the fourth amendment, applying it on its terms and consistent with precedent to new technological circumstances. i hope i've at least been interesting and maybe informative. thank you. >> thanks so much for having me. so i want to maybe take a step back and look a little bit at how the current federal policies are really impacting how these technologies are used by state and local law enforcement and how that affects the barriers to really addressing some of the technologies in court. so right now we have sort of a bizarre a tension happening at the federal level. on one hand we are completely unable to keep pace with the technology development. congress is legislating not a lot in this area as they are not a lot in a lot of areas. and when we look at some of the issues thaw have arisen in

recent months, it really involves technologies that's almost decades old. so for example in the previous panel i know you discussed sort of location tracking and stingrays and we're having a debate right now over those technologies, but they were invented decades ago. and i'm pretty certain that are there's probably other technologies that are either in the pipeline or even being deployed that we don't even know about yet and we haven't even had the opportunity to have a congressional or public debate about. and at the same time that we have sort of this complete inability at a federal level to put in place privacy protections or civil liberties protection regarding the use of these technologies, the government is awfully good at getting these technologies out into the hands of state and local law enforcement. and so we know that the department of justice and the department of homeland security have created grant programs. these grant programs fund the purchase of surveillance technologies by state and local law enforcement agencies and

often these grants go out with relatively little strings attached. there's not really a sufficient oversight and sufficient action by the federal government to make sure that these technologies are used responsibly. so saying all that what are some of the policy changes that we can push for that will facile facilitate our ability to challenge the uses of these technologies in courts and will make sure that defense attorneys in the public are kind of armed with the information they need to have a debate on what the appropriate use of location tracking or radar technology etc. is. rp so i so i want to leave with four points in particular. the first is i think that we need a federal policy that prohibits the federal government from asking states and localities to deliberately hide the use of technologies. so this has come up in a lot of different contexts. in the stingray dirt box context through foia we found out that

the department of justice was asking states and localities not to disclose use of this information. in some instances they were asking state and local law enforcement to refer to information that was obtained by these devices as information from a confidential source so that judges would not really have an idea that that's how the information was obtained. in other cases they had asked prosecutors to dismiss cases where defense attorneys were seeking to challenge the use of these devices. we've also seen cases where, you know, when a challenge does go up and is being debated by the courts they offer a very attractive plea deal for the express purpose, really, of trying do avoid a court oversight over the use of these technologies. and so i think attacking this problem really requires at a federal level less -- a federal level prohibition on stopping states and localities from actually disclosing information

about these devices to courts. the second piece of it is obviously stopping information going to judges about uses of these devices. depending on the context there are cases where judges are being asked for either a search warrant or a penn trapp order before law enforcement uses these devices. but unfortunately there are a lot of cases where the judges don't know what they're signing. for example in tacoma, washington judges signed over 700 orders to approve the sting ray boxes. the warrant didn't say here is the device we're using and here is how it works and here is what we are doing to the extraneous information that is likely to be collected. and so allowing judges to do their jobs has to be a central piece of the federal policies.

the third is, you know, i talked briefly about the amount of funding that is going from the federal governments to states and localities to purchase these surveillance devices and it's sort of become a blank check. for whatever reason in this area, the federal government is not good at athatching strings to that money. if we are going to give out money to use a particular device or purchase a particular device that state or locality has to have laws in place. otherwise it is leaving us in this strange place where we are pushing out all this technology in a way that does not ensure it is used responsibility. and i think the last piece i would say, you know, the federal government has been unable to adopt consistent policies in this area with regard to technology. you know we're not seeing public guidance from the department of justice saying, look, if law enforcement wants

to use a particular technology they need a warrant. here are the exceptions to warrants and the situations where there can be no exception. and that is sort of leaving states and localities without a firm sense of what best practices are or minimum standards should be. there needs to be a push at a federal level to put in consistent standards that the public is aware of and attorneys are aware of so when they are confronting these issues in court they have a sense of what the rules of the road. are so having said all of that and all the things that don't exist, what is congress doing? if i was you that is where i would say, i'm sorry, i ran out of time. unfortunately, i think the answer is very clearly not enough. there have been i think recent efforts by members of congress to do more oversight in this area. but we can't really have a system where members of congress only get upset about something

when day read about in the a newspaper, right? we haven't created a system where congress is demanding notification prior to new technologies being deployed. they are creating an infrastructure that ensures we have the debate before it is a problem. this is a problem of the general mind set which is use the technology now and think about the consequences later and put in the privacy infrastructure after the fact. that is the piece that congress hasn't atacked. how do we create an infrastructure where we can debate these things before they are huge problems. the one area that congress has taken a stab of addressing is more in the area of national security and how surveillance technologies are used in the national security context. that is because of the deadlines that force a congressional debate. but without the deadlines and without a clear push from states

and localities practitioners and others to proactively address some of these problems i think we are going to continuously be in a state where the technology has developed and we are ten or 15 steps behind where we should be in terms of the legislation on the federal policies. >> so that is actually a pretty good segue to what i want to talk about which is what can practitioners do in specific criminal cases and what can folks do at the state level either working through their state representatives or working through the state nacdl affiliate. the answer is i think there is a lot that can be done. so while i don't hold out much hope for congress to do anything about anything i have a lot of optimism about what is happening in discrete criminal cases and at the state level. we have heard a lot of very general discussion about the

proliferation of these technologies and how it track also down, how judges have been deceived and how it has been hidden and what is important for defense practitioners a few years ago you were in a specific criminal case, the judge will laugh you out of the courthouse and basically say i'm not going to take you seriously. but we have amassed just straight up evidence that shows this is happening. it's happening at a systemic level across the country. you mentioned tacoma. it's not just tacoma. you know in baltimore they threw out a case because the officer got up -- they threw out evidence in a criminal case about a sting ray device where basically, the officer during a suppression hearing was on a witness stand and asked to answer questions about the use of the device. a nondisclosure agreement kind i have the transcript. and the judge said you don't

have a nondisclosure agreement with me i will hold you in contempt if you answer my question. we will concede on the motion to suppress. i used to be a federal defender and never got a motion to suppress. this happened in a criminal case just you know, a couple -- not a couple -- but the next state over, right? so that's another example. in florida, the "washington post" ran a story about a guy looking at a four-year minimum charge in a robbery case involving the using of a bb gun to rob a marijuana dealer to steal $100 worth of weed. they used the stingray to find the guy. the judge ordered the stingray to be disclosed. the government cut the guy a probation deal. wrz we can amass all of this to show what is happening and there will be results.

when the government concedes on a suppression moment six months of probation, that is a win for that specific client. for criminal defense lawyers that has to obviously be the first priority. but we can use those victories in specific cases even if they don't result in the evidence being disclosed we use that as evidence to show, judge we're not crazy here. this is not people who wear tinfoil hats telling you this is a problem, this is a documented problem. in tacoma -- and we are talk about stingrays here but it applies in other contexts. in tacoma the newspaper reporting resulted in the judges having a closed-door meetings with police officers. and they agreed, okay, we'll change how we do things. but it is on the defense bar specifically to make help about this and to look where this is a play. if you have a a case where there

is a search warrant affidavit a wiretap application that says a source revealed your client's location you have to start asking questions. is that source a human or a computer or some other thing? if you have a case that involves the government retaining a lot of digital data they have seized from a computer doing a forensic imaging of a hard drive if you have handled any case that involves a computer you know that is what is happening, you have to start asking questions. how long of a held onto the data to where they keeping it? what are they doing with it? are they deleting it starting to grapple with this at the federal and state level. once we can make these sorts of discovery requests we can make the legal arguments. and when it comes to the legal argument they talk more specifically about what is referred to as the riley moment. you know, what is this -- we

have talked about riley so much. but i mean, what is it about riley that is significant? and to me, this is just my opinion. but to me what is significant about riley what is this riley moment the "s" two separate things. the first thing is that the court did not feel bound to apply an earlier decision that involved a very different item. a little bit of background in riley the ultimate issue was whether the police could search the data on the cell phone to arrest. police could search the data. before robinson the supreme court has said you can search a pack of cigarettes found in a jacket because that is a container. you can search any container found on the person or the arrestee or in their vicinity in immediate to arrest. the government argued and many courts agreed that a cell phone is a container that is like a pack of cigarettes.

the court in robinson did not distinguish the container based on what was in it or the nature of the container and thus, the search was okay. riley rejects that. saying these two things are similar is like saying a ride on a horse is like a rocket ship to the moon. they get you from point "a" to point "b" but nothing else justifies lumping them together. that's the point we have to make when the government comes into court and says the court has ruled on this, 40 years ago, they ruled on a case and that's the answer here. it's not the answer here. this is different. and the second riley moment, i think, is the courts and this is the court's own language, that there is a quantitative and qualitative difference about that cell phone that triggers a different