>> so when we reflect on this case, rightly or wrongly, what seems to have been lacking was the jury being able to hear all of the facts that would make it possible to make that determination. >> and i think that's -- it shouldn't be -- it shouldn't be for judges at all to decide, except in the most extreme case what a defendant can tell a jury. it is up to the jurors to believe whether the defendant is telling the truth or not. up to prosecutors to say no. i think you put a layer of secrecy over that and empower the people to do what they can do, people asked me for a lot of years, why didn't you take the stand? i didn't take the stand in my defense, nor did i elocute at sentencing. you know if i had elocuted at sentencing, i could have had a lower prison sentence because judges like when you get up and say, now that you caught me, i feel bad, i've seen the light, please forgive me, you know, and

they give you less time. i remained silent. i wouldn't address the court. and people said to me, why don't you do that? and maybe i was polly annaish about this but i felt it was a matter of principle. i felt i was in a kangaroo court. i felt my constitutional rights had been violated, and i wasn't going to participate. and as a result, i turned down a deal, by the way, i could have had a deal on one count probably would have done 18 months. the doj was going to insist on prison time, but the deal i turned down was 1 count, 18 months. it was a $10,000. my restitution would have been $10,000. i would have been fined $1 million. instead, i said, no, they indicted me on 43 counts, faced 430 -- the government asked for 430 years in prison. i ultimately got only 72 months. i had to forfeit $62 million and fined $19 million on top of it. and then, of course, there is a story for another time, how enjoyable it is to be in federal

prison 4 1/2 years when the feds are watching you. because there are special designations. i was called a cim inmate. c-i-m. centralized inmate management. that meant wherever i was, the people had to report to people in washington. who these people are, who these wizard of oz people are behind the curtain is beyond me. i could tell you, i got a lot of unusual treatment. i had a 15-minute court appearance on resentencing. it took -- instead of the -- i had 15 minutes, real quick story, 15-minute court appearance in denver. warden could have granted me a furlough to go to denver and back in one day, we offered for we'd pay for the marshals to escort me. remember, i had been out on bail. i was not a flight risk. i should have been the candidate to do that. they said no. and instead i got treated to in the prison system among inmates diesel therapy. diesel therapy is when they turn

you over to the u.s. marshals. for a 15-minute court appearance, i spent seven weeks on the road, four flights on con air, in solitary in oklahoma city for eight days which we inmates call the hole. okay? i was in three penitentiary cell blocks. if any of you know the federal system, i had the enjoyment of being in brooklyn mdc metropolitan detention center which is truly one of the poorer facilities. for 15 minutes in court. okay? and they didn't have to do that. so what i learned, and i want to end on this, what i learned being in prison and through this whole experience is something that most americans take for granted. and that's -- and some of you heard me say this at lunch, dinner last night, i kept coming back to saying, whatever the issue is the most important thing is a person's freedom to make the choice. okay. freedom is for americans somewhat esoteric concept. all of us have been born into a free society. okay? when you go into prison and you

have no constitutional rights no freedom, and they remind you the only obligation is to feed you, to house you, and to give you clothes, anything else is a privilege, okay, and when they say jump, you jump, when they say you do x, you do x, you get a real appreciation for freedom. and i hate to see what i fear is a very dangerous path this country is going down, where we're giving up our freedom, in increments, because we're constantly being told there is a threat to national security. i think james madison said this well back in the federalist papers, he said he was more worried that -- of our strong central government that americans would lose their freedoms in small bits rather than a sudden ursipation of power. that's what's been going on since 2001. fight for your freedom, that's important.

any system that has no checks and balances is going to be abused, okay, which is the problem with secret courts. and you are in for a good fight of your lives, too. so -- >> ready to take some questions? >> happy to. >> and, yes, i am a convicted felon. and, yes, i can't vote, and i'm not allowed to carry a gun. a whole bunch of other things depending where you live. like 40,000 of them depending what state you're in. >> with angela and frazer coming to the microphone who oversaw our collateral damage report, that's a perfect segue. >> there you go. >> my question goes to that. so you talked about a couple of the collateral consequences that you faced. one of the collateral consequences that you don't necessarily face is that you are an attractive white man with a suit and a tie on and you're given the benefit of the doubt when you walk into the room that you don't have a conviction. one of the things that some of

the folks who we have talked to when we were doing the report was, they he can't even get a foot in the door. my question is, since you probably can get a foot in the door, how has that experience been for you, and then my second question is, how did you feel about people who had records or incarcerated prior to you being incarcerated yourself and what are the types of people that you met when you were in incarceration? >> i'm glad you asked me that question. look, i have -- i'm blessed. i have a wife of -- we know each other 40 years, married 37, she never missed a visit in 4 years except when i was on a road trip and i couldn't get visits. my kids all got through this fine, although there was some damage there. but my friends, my three closest friends coming out of prison now, one is an african-american drug dealer, did ten years, one is a puerto rican drug dealer who did ten years, and one is a dominican drug dealer who did ten years. those are my three closest friends in prison.

one, respectively, his name is q., spoony, and juice. okay? because people -- now, these guys, and me, are about as different as you could ever imagine from background. we became the closest friends. one of the -- -- they had a difficult time finding job. one of the things i should mention is what prison taught me. i said this in front of the federal judge when i was going back to resentencing. i asked to be sent back to the prison i was in as fast as i could. i didn't need to be there for resentencing. i said i want to go back because the character of people i'm in prison with is better than the characters of people i worked in business in the government with okay? and these guys, all of whom got their ged degrees, or two out of three got ged degrees when we

were in prison and i was a tutor to one of them all have enormous difficulties finding jobs. if they're lucky, they make 10 bucks an hour. the government comes in takes 15% off the top for restitution, then they pay their taxes on the full amount. they -- even though the federal law says you can't diskrim krimcriminate because you're an ex-con, everybody does. you asked me about my personal experience. it's really interesting, you know when i was the head i'd been invited to -- i'm not picking on anybody to be specific here. i'd been invited to gate's house a few times. i knew the ceos of everybody. okay? only one ever contacted me once there was an indictment. okay? only one. i'm not -- i didn't need their money, i didn't need their support. it would have been nice for them to say, you know, joe, we think you got screwed, we don't believe what they're saying

about you. nobody ever did it. my friends in prison, they'd have your back. they would share the last bit of contraband food that we smuggled in, okay? you know, to help you out. and all three of these guys are having a tough time. and you know what i do, the little i can do. i've tried to find jobs for them, but i'm not in that circle anymore. but i talk to them about once a month. just to keep them on the straight path. because, you know, you're making -- you're making 10 bucks an hour. you can't afford your family. you know, you've got to see a parole board. you can't travel out of state. every month as one of them tells me, i won't say which one, he's deeper and deeper in debt. everybody they know in the communities they grew up with is associated with the drug trade. so up pops your friend. and he says, you're 11,000 in the hole on your credit card. you've been out a year. and he says, hey, i want you to do me a favor. drive to baltimore and pick up

five keys of cocaine bring it to new york, i'll give you $20,000. you do that and get caught you're doing 20 years mandatory on your second federal sentence. now, these people are in for economic crimes. i know drugs are bad. but the government wanted to stop drugs, they could. >> all right. let's go to another question. >> we'll leave -- we'll leave the drug wars for another day. >> and by the way, i applaud the president yesterday, this week, i think somebody in here's affiliated, i think 20, he's only got 250,000 more to do, you know, right? good. take the 20 and run. >> hi, joe. i'm ellen nakashima with the "washington post" and co-wrote that article you referred to. i tried calling you back then and you didn't take my call but i found you here now, eight years later. >> i was busy. >> so back then, we saw in court documents, i guess, you said you'd thought you were, you lost

out on contracts for the nsa because of your refusal to participate in this nsa program. so now today, just to clarify, are you saying you think you were prosecuted because of your refusal to participate in that program? and secondly, if you had decided if you had gone along with the nsa's request and participated, do you think they would have come back to you again a second time and asked you to take part in that second program? >> well, i can't answer the second because i didn't participate in the first. but, no, to this day, i believe, i used to joke with some of my friends in prison. i told them why i was there. that i was the only guy in prison who got to prison for refusing to break a law. okay? and so you know, yeah, as a matter of fact, i think -- yeah i think, i'll be very direct. i think i was singled out and targeted to be made an example of. i think for five years they

crawled through the quest books every which way. it would have been easier to get me on a sarbanes oxley violation and much bigger consequences from a sentencing point of view. they couldn't find anything. they couldn't find anything on a normal insider trading case so they came up with this novel theory. we thought it was absurd. when we heard the theory. we thought it was a slam dunk, we were going to beat it, until i found out what happens before you get to a jury, what you can say and can't say. i'm certain of it. as a matter of fact, give you guys a preview, i'm battling the u.s. government in court of claims here. doj is representing the irs. it deals with my forfeiture of money and the tax i paid on it before. they double fined you. you pay the tax then they make you pay the gross amount as a penalty anyhow. so what's happening is doj is choosing not to go to court on this. they're going to stipulate at the trial court. they offered me a stipulation to win. and i said no. i said i want to go to trial. i want a court record because i

know appellate courts only read what's in the court record. we're negotiating with doj right now. my lawyer should have it done within 30 days because they asked the judge for a 30-day stay. i'm putting in a stipulated statement in that case, in that federal case that says, if i'd been allowed to testify in 2001, here's what i would have said. here's the contracts that we were blackballed on. and here's the amount of money i thought i was expecting in my budget. that's going to become -- i'm not going to tell you what that is now. i'm going to let it get filed in federal court. i'm going to let the judge affirm the victory at the trial court and then we can talk about it. >> to be continued. >> to be continued. yes. >> thank you. so, i think, we've run out of time, joe. thank you very much. i appreciate your participation. >> keep up the good work. [ applause ] more from this forum on the latest government surveillance

and data gathering technologies and how they're outpacing today's laws. this panel is part of a conference examining how digital searches, government surveillance programs, and digital age technologies are impacting fourth amendment protections against unreasonable searches and seizure. all of this american university conference is available online at c-span.org. so welcome, everyone. good morning. thank you all for being here. a special thanks to necdl and the criminal law practitioner and particularly to those who did a lot of the behind the scenes work to make this happen. so i'm going to do very brief introductions so we can get right into the meat of our panel. all the way on -- you also have longer bios that you all should have received attached to the agenda for today. so all the way on my far right

we have katherine crump who is an assistant professor and clinical proser if and associate director of the samuelson law technology and public policy clinic at berkeley. she was also a former staff attorney at the aclu for nine years. next to here we have eric wenger who is a director of cyber security and privacy at cisco's global affairs division here in d.c. also former counsel at microsoft. to his left, my right, is liza goitein. that's very complicated for me up here. she's co-director of the national security project at the brennan center, also former counsel to senator russ feingold. and immediately next to me we have joseph lorenzo hall who is the chief technologist at the center for democracy and technology and we're particularly excited to have him here to talk about the technological aspects of all of this. so i am going to remind us of what we all know. that there's been a tectonic shift in the way data is collected, stored, the ways in which we communicate over the past 10, 15 years. so our panel is going to explore

the implications of that, both what's happened and what that means for the law and for policy. and i'm going to run this as a moderated discussion. i really want to have a conversation between the panelists and eventually there will be time for all of you to ask your questions as well. i'm going to start with joseph, and i want -- my question is about the underlying technology, just to lay out what's happened. so what have we seen? what's changed in the past 10, 15, 20 years, and what's the world we're living in now? >> thank you very much for having me and for organizing this event. to put it simply, surveillance is -- and collecting data about individuals that are targeted for investigation or not targeted for investigation has simply ballooned extraordinarily. surveillance has gone from passive types of collection to increasingly active types of collection. i will describe what i'm talking about there in a minute. from targeted to increasingly bulk forms of collection.

and to sort of less intrusive forms of getting this stuff to pretty dramatically intrusive and shocking in some cases at least to me as a technologist and probably to people who care about civil liberties in general, pretty shocking intrusive methods. surveillance historically has been what we call sort of passive signals collection. what that means is you can think of it as just listening. traditional eavesdropping where someone is communicating and you sit there and you capture the stuff and you analyze it there. with the sort of amazing explosion that the internet and digital technologies have created there is a much more active surveillance. what i mean by that is not just listening but participating in these communication flows in ways that are meant to sort of undermine the trust in these systems, and to get access to things that they might not already have access to. so for example when you communicate online with your

bank or something you will see a little lock in the web browser. that's basically saying this is an encrypted transmission. it means if someone were to eavesdrop on it, it looks like gobbledygook. not only that but it's authenticated. when someone vouches that this is your bank and browsers go to great lengths to make sure that is the case, there's something called a man in the middle attack where, say catherine on the end of my panel is trying to communicate with me, and we won't use eric, we'll use liza here, liza wants to intercept our communications. what could happen is catherine could send a signal into the ether, liza can essentially pretend like she's me and send credentials back to catherine that look like me and then very transparently pass that information on to me. that sounds very passive in that they are not modifying the content of the communications. but what they can modify are the credentials sent to sort of undermine your ability to engage in confidential and --

confidential communications that have some underlying integrity so they can't be changed. not only that but we have seen this sort of weaponized by the national security agency and its global partners into something called quantum, which make no mistake about it is basically what i call a global attack infrastructure on the internet. what i mean by that is we don't know a lot of details about this stuff. it often comes up in powerpoint slide decks from the nsa. essentially this is something that's with a select targeted program, with a selector it can intervene in communications flowing over the internet such that it can poke a hole in your browser and exploit a vulnerability in what you're using to communicate with, and then once they have that installed software in your you computer to do a variety of things. capture skistrokes for passwords and a whole bunch of things.

it is targeted so they're not doing this to everyone all the time. there is other stuff they're doing to everyone all the time. that's what i mean when it's gone from targeted surveillance to increasingly bulk. a good example of this is the muscular program. muscular is all caps. i wish i could shout it. muscular! the muscular program was one where the nsa was overseas tapping the entire data links between yahoo! data centers and google data centers. these are the private networks between these data centers taking all the information that was sent over those links. it's a lot of information and when yahoo! pushed out an update to its internal file system storage, the way they store data they had to sync this stuff back, nsa had to turn it off because they were getting essentially all the stuff from everyone all at once over the period of a day or a few weeks. that is decidedly bulk. and the first thing we look about from the 215 metadata program was pretty shocking to a lot of us when we realized that, you know, some amazingly large 99.9 something fraction of these people are entirely innocent in

their data that's is being collected. i like to say the nsa and its partners were converts to what we call big data way before industry caught up. they were basically collecting all of the hay in the haystack to get access to however many needles they believe are in the haystack. finally this kind of surveillance is gone from sort of relatively unintrusive. part of this is just how society has evolved. so going from relatively unintrusive to very intrusive. we used to say our digital watches have more computing power than the early computers and unfortunately your smartphones and ipad and i'm using to look at my notes right now are vastly more complex and capable. and so you get this combination of sophisticated analytical techniques, and then subversion of technical hardware and software. you have heard about content chaining in the 215 database where they look at these phone numbers called these phone numbers, these phone numbers

called these. those all can be implicated once you have everyone's phone number calling records. and there's other things like cohort analysis where people on the same train, a target may be implicated as well. we are all creatures of habit and i see the same people on my train all the time. so there's a big opportunity for what we call false positives identifying someone for suspicion that shouldn't have a suspicion. the last thing i will mention this when we get to -- when we talk about less intrusive to increasingly intrusive we are starting to see very sophisticated subversion of hardware and software. some of these things are attacks on what we call keying material as technical folks. these are the encryption keys that sort of make sure that all the things you do can't be modified in transit and can't be eavesdropped on while you're communicating. i think this is especially acute in a case with cisco and eric can talk more about this. apparently the nsa is doing this

stuff where when someone orders products and specifically cisco products because they send a lot of routers and servers, very chokepoint computers that control a lot of your communications around the world, they'll capture these things, apparently very carefully open them and modify the hardware or maybe the software inside of that device, and send it on its way. this is very troubling to a lot of us in the sense that these are sort of chokepoint communications technologies that are being subverted technically which means just the same kinds of concerns that you may have heard about with the backdoor discussion with the fbi, this is fundamentally undermining the security and integrity of these products. it is important to the people using the products but it's also important to the businesses that require this trust to sell these products and to put this really good stuff out there. i know a lot of particularly cisco engineers. i know a lot of engineers. but i know a lot of cisco engineers who are just some of the best and they work very hard to make sure that businesses who buy these things conduct communications that keep things

like trade secrets, business deals and things that are time sensitive and sensitive personal and medical and financial information safe. we don't want to see that leveraged for bad uses such as organized crime or things like that. i think i'll stop there. >> all right. thank withdrew. so one announcement, for those of you watching online there will be a question-and-answer session and you can e-mail your questions to nacdlquestions@gmail.com. we won't get to them all but you can start thinking about that for those of you watching online. now i want to turn to liza. having heard about the technological developments, can you describe for us how the legal framework has or has not kept up with these developments over time? >> sure. first, thanks very much to washington college of law for hosting this event and for having me participate. i think it's pretty clear that technology has made it much easier for the government to collect americans' information in massive amounts.

even programs that are nominally targeted at foreigners overseas are likely to sweep in a huge amount of americans' data, either inadvertently or as they say incidentally. so the logical response to this would be to fortify the protections, the privacy protections for americans in the law. but in fact the law has evolved and exactly the opposite direction and indeed since 9/11 there has been a sea change in the law. if you back up a few decades following the church committee's revelations in the 1970s there was a series of laws and policies put in place that establish a kind of golden rule. intelligence agencies could not collect information on americans from within the united states without some individualized fact-based suspicion of wrongdoing. now the purpose and the effect of this rule was to constrain the abuses that had come before it. in the past 14 years this cardinal principle has been

utterly jettisoned from the law. so let's talk about the three legal authorities that we know of under which mass surveillance is currently occurring. the first is section 215 of the patriot act. this is the provision that allows the government to get a fisa court order compelling companies to turn over business records in foreign intelligence investigations. and these are records like phone records, financial records, hotel records, and the like. before 9/11, the government had to demonstrate to the fisa court that the subject of these records was a foreign power or an agent of a foreign power. that is defined in the case of an american in a way that necessarily involves some element of criminal activity. congress amended the law through the patriot act so that the government doesn't have to show anything about the subject of the records, rather the government just has to show that the records themselves are relevant to the investigation.

now relevance as we all know is a very low standard. this still seems to preserve some level of individualized review. but in fact as we now know the fisa court interpreted this provision to allow the bulk collection of essentially all americans' telephone records on the bizarre theory that millions and millions of totally irrelevant records can be considered relevant if there are some relevant records buried within them. now this is a very dangerous interpretation because there are a lot of other information collection statutes out there that use the relevant standard. so who knows how they're going to be interpreted in the future. so with this program we have moved from individualized suspicion of likely criminality to no individualized showing of anything. the second program is section 702 of the fisa amendments act which relates to the collection

of communications content, phone calls and e-mails, between americans and foreigners overseas. until quite recently, just a few years ago if the government wanted to collect such communications it had to show probable cause to the fisa court that the target of the communication -- i'm sorry the target of the surveillance was a foreign power or its agent. and again if the target was an american it had to involve some level of criminality. this was for surveillance occurring within the united states. that's what the government had to show. in 2007 and again in 2008 congress amended the law to get rid of any requirement for an individualized court order when the government acting within the united states collects communications between an american and a foreign target for foreign intelligence purposes. moreover the target no longer has to be a foreign power or an agent of a foreign power. the target only has to be any foreigner abroad. the role of the fisa court is

limited to approving the broad procedures for targeting which is how the government figures out whether the target is actually a foreigner overseas. not so easy in the digital era. and minimization. which has been construed to mean that the information about the american on one end of the communication should be deleted or masked or thrown away after some period of time, which is usually five years. maybe more. and there's a laundry list of exceptions to allow information about americans to be retained and used. so again we have moved from essentially something that was very much like a warrant to a mass collection with no suspicion of wrongdoing. finally, there's the collection of signals intelligence. that's communications and metadata that occurs from overseas under executive order 12333. this is by far the most expansive of the government's foreign intelligence surveillance authorities.

it's also kind of a different bucket from the other two because there was never a golden rule here. there was never any individualized suspicion required because this was supposedly surveillance of foreigners overseas and these people supposedly have no constitutional rights so no court involvement. the executive order basically allowed agencies to collect foreign intelligence which was defined, which is defined as pretty much any information about any foreign person or any foreign entity and they can do so without any judicial involvement. there is a provision in the executive order for minimization of u.s. person information. again minimization means that, in theory, the information is disposed of in some way. in fact, it is kept for years or more, and there's a long list of exceptions for keeping and using

this information. so the change in this area has been less about the legal constraints because they are for never that many constraints but more the practical constraints. once upon a time there were limits on data storage and limits on analytical capacity, computer analytics such that you know, collecting all of the phone calls going in and out of a particular country and storing them for 30 days was neither possible nor really worthwhile because you couldn't analyze all that stuff. that is clearly no longer the case. it is happening. and then the other change in this area is that the distinction, this legal distinction between collecting information at home and collecting information overseas has really become legal fiction given the way that digital data is transmitted and stored. this notion that americans have no constitutional interest at stake when the nsa taps into data centers in europe and therefore no court has to be

involved, really doesn't make any sense anymore. so i think i will stop there. >> so we've now heard about both the major technological changes -- thank you -- and relaxation at the same time of some of the legal limitations on collection. i want to turn to eric and ask about the business implications. what are the resulting perceptions around the world? what are the implications for u.s. business and what is the response then? and has it been adequate? >> thank you. first off i wanted to note you can see in my bio, but i also have a background in government, and i worked at the state attorney general's office in new york, the federal trade commission, and then at the computer crime section of the department of justice as a computer crime prosecutor so i have a pretty good background in the electronic surveillance laws, at least on the criminal side. but i also need to start out by coming back to the point that joseph was raising about the impact on companies and an

example that pertained to my company. clearly we are facing a difficult challenge with regard to striking the right balance with regard to the powers of the government has, the transparency around the use of those powers, being able to have a dialogue about what powers the government ought to have, really requires transparency as a starting point because if we don't know what's being done you can't effectively evaluate whether or not the powers have been granted properly, used properly. at cisco we don't view privacy and security as a zero-sum game. they are clearly connected. at the same time we don't view economic growth as being something that is separate from national security. they are intertwined. economic growth should be a core value that is considered when we are figuring out what we want to be able to enable our government to do with regard to national security and economic growth

depends on trust. it's hard to quantify damage, but i think if you look at some of the examples that we have talked about that you see significant expenditures by u.s. companies that can serve as a pretty good proxy for measuring the scope of the problem. you see litigation that has been brought by companies like twitter and yahoo to push back on surveillance requests. you see microsoft filing a lawsuit or engaging in litigation with the u.s. attorney's office in new york over data that's stored in ireland. and you see a very large range of companies joining in to that litigation in support of the position, including not only cisco but ebay, hp, ibm, sales force, verizon, at&t, the government of ireland. so that gives you a pretty good sense of the scope of the concerns.

and then you also see companies making efforts to build data centers in a way that allow for localization putting data closer to their customers. some of that may be based on performance but some of that is based on satisfying concerns that customers might have about where the data is stored and what laws are used to protect that data. that is all expensive. trust has clearly been impacted for companies across the technology industry including cisco. we have dedicated engineers as joseph mentioned whose job it is to engineer our products and services with security in mind. and to build security in and to deliver those products in the way that we intend them. at some point there are things that we don't control. there are points where we deliver the product to our customers. the customers operate those products inside their networks. they have to maintain those things and so there are a number of different places where

attacks can happen and we are talking essentially about nation-state to nation-state attacks. those are highly sophisticated well-resourced, and in order to be able to address them and to figure out whether or not they are beyond the pale of what we as citizens are willing to accept, what we really need is a dialogue that takes place between governments. we need to have some new rules of the road and we need to have a conversation between those governments about what normative behaviors are acceptable and which ones are not because the scope and the sophistication of the actors in the space are greater than the resources of any particular technology company. >> great. thank you. i want to turn to catherine. we have been talking a lot about foreign surveillance. and these vast intelligence collection programs. but we're also seeing some real significant changes in the realm of ordinary law enforcement. so, catherine, i'm hoping that

you can talk to us a little bit about that, as well. >> sure. first of all, thanks so much for having me. i'm a huge fan of nacdl. when i was an aclu attorney the nacdl was a frequent comrade in arms working on many privacy issues. they were a client of mine, we represented them, challenging the government's policy of engaging in purely suspicionless searches of laptops and other devices at the international border. we co--counseled some cases together dealing with the supreme court's decision in united states versus jones, does attaching a gps device to a car require a warrant? so i'm particularly honored to be able to come here and speak at a conversation organized by people who are out there doing so much good work. so, yeah, we've heard a lot about these large national security programs. but when i was at the aclu and now at berkeley one of my primary concerns is okay, right,

most people's everyday interactions with law enforcement actually happens at the local level, and so to what extent are national security programs spilling over and affecting national local policing as well? which can happen in a number of ways. sometimes individuals who are being prosecuted for say a drug crime may be have been incidentally swept up in one of the big national security programs. but i think it's important to remember another big post-9/11 push that occurred, which was there is a great emphasis on the need to focus on homegrown terrorism and as a result to gather more information about what was happening at the local level. so we've seen the creation of very large pots of money that exists for the purpose of allowing local law enforcement agencies to acquire technologies at little or no cost. they have names like the port security grant program, operation stone garden. at first it might not be obvious why something called the port security grant program

would result in the expansion of, you know, why seattle, for instance, purchased this surveillance drone using money from the port security grant program. but it turns out that most urban areas are also the port areas similarly the operation stone garden which is justified as a border program, you know, many states have borders and at least water borders. so a lot of these programs created poet- 9/11 are used to purchase surveillance technology that gets upused in local policing. it happens for a second reason which is that the same technologies that may capture evidence of someone connected to terrorism are exactly the type of technologies that would be used in local law enforcement agencies. for more routine crimes. one of the things that was so describing recently was a story out of tacoma, washington, which acquired a sting ray device, which is a technology that can be used, it replicates a cell phone tower and it can be used to track the location of a cell

phone without having to go through the carrier. and the way that device was presented to the city council was as a device capable of locating improvised explosive devices. but when people filed foia public records requests to say how is this device actually used? it turns out it had never been used in such a way. it was primarily used in prosecuting drug crimes. so first of all the post-9/11 pots of money are often facilitating surveillance at the local level. second of all the same broad technological changes, the ability to collect, store, analyze and share information at unprecedented rates have also made surveillance at the local level more expansive. i'm sure criminal defense lawyers see this all the time in their cases in some respects. right? it's now pretty well understood that cell phone tracking is a common law enforcement technique. it's amazing to me today that there are still so few opinions on this point about whether the government needs a warrant based

on probable cause to gather either realtime or historical cell tracking information. but at least we now know about the technique. automatic license plate readers are common. then there's technologies that are just around the corner, drones and increase expansion of facial recognition which i think people at the local level are also going to have to start dealing with and these things will crop up routinely in criminal investigations. so i want to allow for a more dynamic discussion, so i won't say too much else. but i think there's a double problem here, right? first of all, many of these technologies have been shrouded in secrecy. criminal defense attorneys can't file suppression motions when they don't know that the evidence was gathered in a way that might be amenable to that. a lot of the secrecy has been deliberate. the government made a strategic decision not to disclose that it was using stingrays and instead filed orders with court seeking authorization to use them under less than probable cause

standard in some cases, probable cause in others, that made them look like generic requests to use other surveillance technologies. so first of all we have to find a way to combat the secrecy. and second of all we have to come up with an organized strategy for sharing materials and briefs on how to actually craft arguments that judges will listen to about these technologies. >> thank you. so, i want to turn back to you and talk about -- the whole conference is about the fourth amendment. we often turn to the fourth amendment as a way to regulate all of these foreign surveillance and the kind of surveillance techniques we're seeing in ordinary law enforcement. so how effective is the fourth amendment in this area? what are the limits? >> well, i can talk about how effective it is in these national foreign intelligence programs and maybe catherine has some thoughts about their effective with some of these local strategies. when it comes to the collection of communications, phone calls, e-mails and the like, there are

a couple of potential limitations on the fourth amendment in this context. and why it's not, i would say, sufficiently protective. the first is something called the foreign intelligence exception. as all criminal attorneys know, the fourth amendment means that when the government conducts a search on an american it needs a warrant unless the search falls into one of several established exceptions to the warrant requirement. such as for example a search incident to arrest. in the 1970s four circuit courts or federal appeals courts held that the government did not need a warrant to collect foreign intelligence information. but these courts put very strict limits on the exception. for example, the target of the surveillance had to be a foreign power or its agent. there was one circuit court, the d.c. circuit, that refused to recognize a foreign intelligence exception. the fisa court has recognized an exception but has absolutely discarded all of the limits that

the other circuit courts so carefully crafted. the supreme court has not weighed in. hasn't said whether or not there is a foreign intelligence exception, let alone now broad it is. so there's really a lot of uncertainty in the law in that area. another possible limitation on the fourth amendment at least an argument that is made, is that foreigners overseas have no fourth amendment rights so the government doesn't need a warrant to gather their collection -- i'm sorry, their communications. once you are collecting someone's communications you are permitted to collect the communications by definition of anyone they're talking to and you need no additional process to do that. that is not, in fact, the rule. there have been some court rulings in cases where there was a warrant at the beginning of the collection and where there were very, very strict requirements for getting rid of any information that fell outside what was identified in the warrant.

and in those cases the courts held that the government did not need to get a warrant for each individual person with whom the target was communicating. that does not map onto a situation where the initial collection involves no warrant and they're very lax minimization requirements. so these first two potential exceptions as you can tell under skeptical of but they are problematic. then there's the fourth amendment and metadata. so the fisa court held that the bulk collection of americans' telephone records did not constitute a search under the fourth amendment because information about who we call, when we call them, how long we talk to them, is information that we have shared with a third party. that's the telephone company. and as we all know by now the something called the third-party doctrine which says that any information that you voluntarily disclosed to a third party, you do not have a reasonable expectation of privacy in that information.

this doctrine which came about in the late 1970s has come under attack recently and is unlikely to survive. it simply does not square with the reality of life in the digital era. each one of us leaves a trail of digital exhaust about a mile wide. the e-mails that we share with our internet service providers, the text messages we share with our mobile phone companies, the financial data that we share with atms, the location data we are sharing with cell towers that surround us. these forced disclosure to the companies that provide services to us really should not be equated with a voluntary disclosure to the entire world, including the nsa. so those are the issues. >> that concept of the third party doctrine actually plays right into the litigation over

the warrant with microsoft for the data that's stored in ireland that cisco and many other companies have been supportive of. the reason is because the government's position is that, that they can demand access to the information that is stored in a foreign data center by subpoenaing a company that has headquarters or principle place of business in the united states. and so they essentially treat the records that belong to the customers as being records that belong to the provider. and pertain to the customer. this is an important distinction that elizabeth was just touching upon. so you turn back to the decision in the sixth circuit from 2010, and it holds that the electronic communication privacy act to the extent that it would allow the government to gain access to the kinds of indications with something less than award is unconstitutional.

and the position that the company's in the litigation are taking essentially is that not only do you need a warrant in order to gain access to the information but that warrants our territorial. and that they have application within the boundaries of the united states. and the goal is not to block access to use government to gain information they need in the course of lawfully authorized investigation but to establish a modernized framework and to avoid putting companies in the middle of conflicting legal regimes where it might be required to produce the information in one country and against the law to produce it in another. coming back to the notion of the third party doctrine, though, that it's my view that the record that cloud-based providers are holding when you're talking about the contents of the communications, that's fundamentally different than --

i mean, i think there's a fair point that the whole doctrine might not hold. but there's a fundamental difference between the records of the transactions and the contents of the communications themselves. if you're talking about a bank record, the bank cannot transfer the money unless it knows what account it's coming from and where it's going to. so in a sense the government's argument is that the information about the transfer belongs to the bank. but when you're talking about the data that is stored in your cloud-based account, i would argue that that is a different level, that there is metadata information that pertains to the storage of information and the transference of the but the content of the communication require a warrant. it rises to a digit level of privacy protection and clearly we believe that the warrants should not have applications beyond the united states. if the u.s. government wants to gain access to that information

stored in a data center in ireland, they should route that request through the government of ireland and make the request that way. >> can i just previously respond to that? i think the distinction between content that's held by third parties and metadata that's held metadata that's held by third parties makes a little too much -- suggests a sort of difference in kind that's not necessarily there. the metadata itself, and this has been shown in a number of ways, especially since the snowden disclosures is equally revealing of the personal information that is part of the communication sometimes as the content itself. an example would be if someone calls a suicide hot line and hangs up repeatedly. there's zero content to that call. zero content. but the metadata tells you everything you need to know and it's incredibly personal and incredibly private and that is information that belongs to the person who made the call. it is true that the company

generates the record. it is a ministerial act generating that record reflecting the private act of the person. so i think i'm going to solicit a comment during the question and answer or perhaps a question from mike price of the brennan center who is studying this exact subject but for now i'll just sort of put a pin in that. >> one more thought. i think there are good policy arguments for the point thaelz beth that elizabeth is making but in the law there is currently the distinction between in my view -- a more clear distinction between the contents of communication and the metadata. for instance, when you come back to a bank record, the bank has to be able to document for anti-money laundering purposes that it has transferred monies in certain ways and kept certain records. so you know, there is -- you can i think make a fair policy argument that a certain level metadata does create a picture that's invasive to the point that it should be treated like

contents of communications. but we do have in the current law reflected a greater deal of privacy protection for the contents of communication and the argument that i'm making is not to say that you're wrong about the invasiveness of collecting metadata and that it should be treated in a different way but at least insofar as the current law is written we would argue that the government's perspective that they should be able to treat the doentscontents of communications like something they can demand way subpoena to be domesticated back to the united states and turned over to them is incorrect that because we're talking about the contents of communications this is a territorial demand and they need to go through the proper government channels to route that request. >> i want to turn to catherine and let her talk a little bit also about the fourth amendment implications and talk a little bit about the public view doctrine and the plain view doctrine as well. >> sure.

i want to make one thing explicit which is the role edward snowden has in bringing us all together here today. i've been working on these issues for a long time. it was extremely unusual even five years ago, let alone ten years ago, to have major american corporations speaking out in favor of greater data security protections at least publicly. and that is not to fault the corporations in any way. but it is to suggest that because of his disclosures it has redesigned the landscape such that now it gives the major -- the internet companies some cover to take steps protective of privacy whereas before they would have just been hammered for the government for being on the side of the terrorists. and i think we owe edward snowden a debt of gratitude for many things but that is certainly one of them because the unfortunate reality is that the lobbying power of of organizations like aclu and the national -- well, the people on

this side of the civil liberties community compared to what facebook and twitter and google can accomplish unfortunately there's a disbalance there and we should take our allies where we can find them. i do want to talk a little bit about the original question you asked, which is how useful is the fourth amendment in this. i feel really substantially more optimistic after the supreme court's decision in riley because it was the first time the court officially recognized that there is a meaningful difference between digital data and the types of data you used to just carry around with you. i experienced this firsthand in my practice. i'd be arguing these cases about can the government search your laptop at the border? the government's argument was always, well, we could search you know your wallet at the border right? this is simply no different. and if you don't want to be searched you can leave the stuff at home. and i think the supreme court in riley by recognizing the fact that people carry these devices with them wherever they go, they

contain vast quantities of information that are quantitatively and qualitatively different and found that justified the application of a heightened standard, i think that is game changing. i agree also that the third party doctrine is a major issue right? righty is useful particularly to the extent the government is engaged in the surveillance directly itself. but given how cheap and how much surveillance technology is proliferating, private parties will gather this information. unless there is some at least barrier on the government obtaining the data from the private parties in the form of a change to the third party doctrine riley won't be useful unless we can win that. the other thing i wanted to mention was this issue of fourth amendment remedies is obviously huge. i was listening to the nacdl president, theodore simon talk about win on exclusionary role

issues which has almost been unheard of in my legal career unfortunately. i'll quickly tell you the sad story of my last aclu case which is something peter goldberger, an nacdl participant was very helpful in which we got this great decision from the third circuit court of appeals holding that when you attached a gps decisive to device to a car you need a warrant based on probable cause, which is like an invitation inform an enbank decision and then the case went on bank and what we got was a decision not even reaching this gps attachment fourth amendment question but just holding that regardless the good faith exception to the exclusively rule means that the evidence wasn't going to be suppressed. so here we are many years after jones and we have like very few court rulings on what seems a relatively straightforward question which is whether you need a warrant to attach a gps device. i do think the other major question is privacy in public. the alito opinion in jones gave

some suggestion that the fourth amendment gives protections to at least prolonged surveillance of individuals' movements in public because there's something about the aggregate of that information that is more innovatesin invasive than the individual pieces and that's a huge question when it comes to things like automatic license plate reader data being collected. i don't know if you saw this but last week ars tech nicca released a story based on -- it got given by the oakland police department 4.2 million points of alpr data that that city had gathered through a public records act request. so if you actually want to go see what this stuff looks like apparently you can just do a public records act request for it. they didn't release the actual data base i think out of privacy concerns. but the point is like there are these data base that's are sitting out there and if we don't have any greater protection from public movements merely because it would happen in public that's going to be

another area where the fourth amendment falls short. >> i want to turn back to you. and as has been implicit in this under the fourth amendment doctrine there's a dinks between how we treat u.s. citizens, u.s. legal residents and those present in the united states and how we treat non-u.s. persons, non-citizens lacking sufficient voluntary connections to the united states who are outside of the united states. and so making that determination requires an ability to distinguish on two axes, on location and identity. my question for you, joseph-s how feasible is that as a technological matter? does the technology match the legal distinctions would've here? >> it's tough. and the first thing i should say is catherine check today's "washington post." you'll be horrified to see that there is a program being disclosed the dhs is going to

essentially contract with a third party license plate reader data base company to be able to search willy-nilly the stuff for the past five years all americans' car travel with very few protections. i encourage you to check that out. back to the question determining location and identity. it can be very hard to do this. you can see this in some of the documents disclosed by edward snowden like the 702 targeting documents. but before i get into that, what i'd often do, my passion in life is translating some of the technical reality to things that lawyers, media, and regular people can understand physical geography is something we deal with every day. how did you get here? maybe not the easiest place to get to in d.c. but it's a wonderful place to be when we do get here, right? network geography, if you permit me to sort of take some artistic

license there, sort of the topology or the geography of the internet is much more different. it changes every second. and so, for example, sending a signal from your building to someone who may be in the building across the street may go like an extremely crazy way. it's not just going to like walk across the street so to speak or go through wires that are embedded across the street. it may leave the country. that may be the best way to get your information quickly and timely with whatever quality demands you have. if you're making a voice call, they want to make sure that's engineered very well so you don't have to turn into a gloried walkie talkie and say hi, how you doing? over. i'm doing okay, over. that's not how we want to interact in life. at least that's not how i want to interact in life. political and geographic borders so to speak don't map very well onto the network geography except for certain choke points like going across large bodies of water and stuff like that. so if you look at the 702 targeting procedures it's really sort of this extremely strange way of giving guidance in how you do this stuff and analysts

to the fisa court and stuff like that. they essentially focus on determining if any lead of source information that they have in their vast quantities of data can sort of indicate someone is not on u.s. soil. and once they've made that determination, they use a bunch of ways to do this. for example did the communication come through a link that is facing an ocean where there's a bunch of foreign countries on the other side? that's one of the kind of things they do. unfortunately, as i just pointed out, that may be the network trying to route your stuff as well as you can. you may use a vpn product. lots of businesses and lawyers, if you don't know what this is, please come talk to me. because you've got to use these things. a vpn essentially tunnels your traffic in a highly encrypted little pipe up through another server before it goes to the rest of the network. and those can very easily be in other countries. in fact, i use a product that will allow me to exit from 100-plus countries for whatever reason. i do a lot of testing and stuff. so it's -- you know trying to use these sort of technical

analogs as proxies where someone is actually located is sort of a losing game. and only then do they get to the identity portion. only then do they get to this person may be overseas but we've got to be sure they're not a u.s. person or do we have any evidence this is a non-u.s. person? and so, in those kinds of cases, they essentially assume they could target someone unless they have some type of information that points to them being a u.s. person. so we don't know how this works. and, in fact, i would love to do technical analyses of this stuff. getting back to catherine's sort of two point boom-boom kind of analysis. that here, you know, what you see in some of this stuff, even when it gets down to domestic criminal law enforcement stuff. you see the fbi or somebody, you know, seeking an order to put what's called a network exploitation device or a computer and internet protocol address verifier. they never say what they're doing to install the software.

and inevitably it involves social engineering trying to send you e-mails that you errantly click on because you think it's from a trusted friend. or poking through your browser to undermine your entire stuff. it's a very, very strained way of doing this kind of stuff which points to the fact that this is how the network and digital technologies have evolved. we want them to do very specific outcome-related things. we didn't design the internet to identify everyone and that's a very good thing. there are very powerful ways if you are careful to be anonymous on line. i'll stop there. >> can i add one thing? joe alluded to this. the rules for targeting and for minimization allow the government to assume that if it has no information about where the person is or what the nationality is that that person is a non-u.s. citizen overseas. so that is a default that the government has literally no information. that is a pretty big incentive for the government not to do its due diligence to try to figure out where the person is.

it also doesn't strike me necessarily that the lack of any information whatsoever is the equivalent of a reasonable belief that someone is a foreigner overseas which is what this statute requires. >> i should also real quick say there's some really strange pieces from a technical perspective of the minimization guidelines. for example, anything that is enciphered or reasonably believed to hold secret content you can keep indefinitely with no minimization whatsoever. 30% of the net right now is encrypted. it's going to be -- i'm doing my best and a lot of us are doing our best to make sure that's 100 -- maybe not getting exactly to 100 but we're getting as close as we can. and the federal government, which is interesting. the u.s. government has a plan to essentially strongly encrypt all web services within two years, which is really cool to some of us. anyway but the point there is that you know the fact that we're going to be able to collect encrypted information and do stuff with it indefinitely means that one, you're eventually going to

encompass most of the stuff we transact about on the internet. so this is sort of a relic of the past. but also means that, you know, encryption is something that sort of rots. it sort of ages poorly. we find flaws in stuff regularly. so the fact that they can keep this stuff and just wait for some sort of flaw to allow them to get full access to the underlying communications is totally unacceptable. i'm hoping to be able to work constructively. we have some work on this i'm previewing right now. i hope we can work constructively to sort of amend those things to recognize that maybe ten years is better for that kind of stuff and maybe you shouldn't have a default to collect all the stuff. you need some other sort of information, some other lead or something to really -- maybe it's not probable cause. i don't know what it is, but something that -- it's not just the fact it's encrypted which is a relic of when encryption really meant you were doing something interesting rather than what we do every day. >> you started out by talking about how at least with 702 collection and other foreign intelligence programs we've moved away from this idea

of a target that's collected only based on finding a probable cause which still exists in ordinary law enforcement activities in the united states. and so we're also seeing this infiltration of foreign intelligence information being used in law enforcement for law enforcement purposes and in criminal cases. i'm hoping you can talk a little bit about what limits if any are in place and whether they're effective in dealing with this use of foreign intelligence information in criminal cases? >> i spoke earlier about the rulings of courts of appeals in the 1970s, that there was a foreign intelligence exception. and the very strict limits those courts put on that exception. and the reason for those limits was to make sure that the foreign intelligence exception wasn't used as an end run around the warrant requirement in ordinary criminal cases. one of the most important limits that the courts put on this exception was that the primary purpose of collection had to be acquiring foreign intelligence.

and that limitation was also incorporated into the fisa, into the foreign intelligence surveillance act back in 1978. that limitation was jettisoned by congress in the patriot act and now foreign intelligence collection only has to be a significant purpose of the collection, which means that the primary purpose can be gathering evidence for a domestic criminal prosecution. now, on its face the statute provides some protection here in that it prohibits the government from deliberately targeting a particular known person in the united states. particular known u.s. person. because, of course, if the government were targeting a particular known u.s. person for surveillance for criminal prosecution purposes it would need a warrant. so here's how that looks in practice. the government certifies to the fisa court would have no interest in any particular known u.s. person, collects the data, then runs searches on the data using the names, phone numbers and e-mail accounts of

particular known u.s. persons. and this is called backdoor searches. the nsa and the cia did approximately 2,000 of these searches in 2013. according to the privacy and civil liberties oversight board, the fbi does these searches routinely. routinely searches databases containing section 702 data when it investigates americans or even performs assessments. which means no factual basis for suspicion at all. so you know, warrantless surveillance. warrantless foreign intelligence surveillance has absolutely become a domestic law enforcement tool. >> catherine, i don't know if you have anything to add or if you're seeing -- if this is a concern you're seeing in some of your cases as well, you've seen? >> i think that is a concern. i think we sort of in how we sketched this out previously we see two concerns, right? the large data collection programs being data culled and being used in prosecutions and other sort of technological

trends driving mass collection by local government agencies, as well because it's just not that expensive anymore. >> i want to give each of the panelists a chance to talk about what they see as the biggest challenges going forward. so i'm going to let them go down the line and do that. then i'm going to open it up to questions and remind our audience that you can e-mail questions to nacdlquestions@gmail.com. we will get through hopefully as many of them as possible, probably not all of them. >> i guess the biggest challenge i see -- there's a ton of big challenges but the biggest challenge from my perspective as a technologist who works with lawyers all the time is giving you the information you can use to reason about some of these things. there's two challenges. one is knowing what they are doing, which is very difficult to know especially through powerpoint decks and fisk filings. those are not the currencies

technologists really use to make decisions and to help others do that. but also for example, and just to pick one out of the top of my head that i'm working on right now, in terms of information sharing and domestic cybersecurity. it's very hard to sort of teach lawyers how network operations and network security works. it's not impossible and we're going to do but it's the kind of thing where there's sets of ways of talking about information that we just haven't really built up over the years that we're going to really need to sort of invest in so to speak and have little like network security for lawyers or network security not for dummies but for people who may not be as familiar with that and may not understand how this stuff works. so you can then say things like geez, you want to share all this information, well, the stuff we use to defend ourselves all the time has -- there's no liability associated, there's no ecpa stuff or whatever related to that in the sense that it doesn't contain the stuff that would prohibit you from sharing this. it's very hard to sort of talk about that in a way that sort of bridges the technologist sort of lawyer gap and that's one of my

big challenges. >> i see several challenges. i think one of the primary ones is convincing the public of the threat. i think a lot of people think i share all my information with google anyway. but there's a big difference in the stakes of sharing all your information with google and sharing all your information with the nsa. the potential for abuse when the government collects this much information on everyone is real. and i think it's only a matter of time before that potential starts to be realized in ways that people can see and can feel. i think it's part of american exceptionalism that people think that their government, our government would never use it national security powers against the people. even though other governments do it all the time and our own government did it for decades. another challenge is that technology just moves so quickly and public opinion moves more

slowly and the law moves even more slowly than that. so by the time the law catches up, it can be sort of de facto too late. so right now we now have an entire intelligence establishment whose central function is to maintain and use vast data bases of information gathered through mass surveillance. changing this is going to be, as it's not just going to be about changing the law at this point. this far into the game it's going to be about breaking down and redefining institutions. and there are very powerful institutional forces arrayed against that kind of change. and we're seeing that now. >> i would say that we have an important case going on right now regarding -- i'm sorry. we have an important debate going on regarding the usa freedom act and the scope of the authorities of the u.s. government to collect metadata information and to target communications of people in the united states that are communicating with people overseas. what the scope of those

authorities are, how oversight should be conducted, what amount of transparency should be required of the government and permitted of the companies that are impacted by that. but i also think that there's a broader debate that we've had trouble focusing on which relates to the scope of authorities that take place outside of the particular statutes that we have. and those are the ones that are most directly impacting trust in technology that is built by u.s. companies and our ability to sell the technology around the world. i mentioned before the concept of having new rules of the road. and the issues that i would flag are many of the ones that you see in the intelligence review group report. the initial messaging that came out of the administration focused on the fact that the programs that are authorized by 215 and 702 only relate to, you know, the purpose of foreign intelligence collection is to focus on people who are not u.s.

persons. and given that the vast majority of u.s. technology companies are already selling the biggest part of their market share and certainly the future of their growth is around the world that gave very little comfort to customers of our companies. so you've seen the administration evolve in some of its messaging. they have put out the ppd 28 document which talks about the rights of foreign persons versus u.s. and yet you see the government taking positions in the litigation that i mentioned before with regard to the warrant for data that's stored outside the united states that again goes to this issue of trust and it impacts the ability of people around the world to lay claim to the laws that they believe are best designed to protect their own privacy and to

guard against access to government agencies. i would say among the recommendations that are in that intelligence review group report i pick out as an interesting example the vulnerability disclosure point and you saw some movement by the administration there. michael daniel did a blog last year that talked about a bias toward disclosing information about vulnerabilities to companies that might be impacted by them. but we still know very little about the operation of this policy. there was a lawsuit by the aclu to gain access to documents that would describe how the policy works that was blocked. i think it would be useful for not only americans and for people around the world but also for the government to have more information in the public domain about what this process is, where in the government the decisions are made which would give us a little more certainty about the weighing of the different impacts that go long with decisions like that, and

what factors would be used in determining had exceptions are made. potentially there's a good story there that the administration has but i think they continue to be caught up in the concerns with what left of disclosure they're willing to make even around the processes. so i think those are the top challenges that i see. >> for far too long the government has been able -- the executives specifically has been able to engage in extremely aggressive surveillance programs with little public knowledge. and with real harms as a result. i think one of the most striking things was after edward snowden revealed the existence of the 215 program which resulted in the mass collection of all americans' telephone metadata listening to president obama saying don't worry, it's just the metadata and besides everyone has approved it really fell flat. and the reason it fell flat was

because there hadn't been any public debate and the public -- i think the jury is still out on how that program is ultimately going to fare. but it's really at the least prompted a very particular debate. i think that's the broad theme-s that a lot of this stuff has been going on in secret for too long and it's had really damaging consequences. to bring it back to the national association of criminal defense lawyers, to make this really practical, it makes it really hard to file appropriate suppression motions on behalf of your clients if you don't know what technology is being used. i think the stingray example is the best one of that right? i'm really dismayed that stingrays have been used for i think at least a decade. and nonetheless, it's really only been in the last few years that people have been aware of how widespread this technology is. so we are always playing catch-up, and just now the criminal defense bar has really

made great strides in filing appropriate suppression motions in this area. i just want to point out one sort of practical useful resource which is that the aclu of northern california published a report on the use of stingrays but it's geared toward criminal defense attorneys. like here is how you know -- here is how you can make a good guess about whether this secret technology was actually used in your case. right? and then here are some things you can do if you want to try to get criminal discovery about the use of the technology. so i think there are sort of many pressure points. i think criminal defense attorneys have an important role to play. i'm very optimistic and i'm looking at frank from the aclu of virginia while i say np i'm optimistic about what can happen at the local level. the federal government maybe largely bought into this stuff but i think we've seen an incredible nuv privacymber of privacy-related bills introduced at the state level.

virginia has been active there. but seattle and tacoma both passed really innovative laws essentially saying to their local law enforcement agencies if you want to acquire surveillance technology you have to come to the city council beforehand, right? and tell us about it because what happens now is because federal grant programs make money available to local police departments often even the city councils don't learn about the akcquisition of the technologies until after the fact. those particular bills that those two cities passed unfortunately have some serious flaws. but again, the aclu of northern california put out a model which i think is quite useful that cities can follow if they want to implement these types of surveillance ordinances, surveillance notification ordinances which are sort of neutral on the technology but basically city councils are trying to reassert some control by saying you have to tell us if you're going to use this technology. and i'm really broadly in favor of that because while i don't want to minimize the fact that the government has a legitimate

national security interest in certain areas, by the time -- the problem is other cities can't even know what their police departments are doing in criminal cases. i think the secrecy has gone too far. >> i just want to make one more point for optimism to echo what we just heard. i do think there are a fair number of really important decisions that we've seen that have not really been challenged by the government and that the trend in the courts is finding more things to be within the realm of the reasonable expectation of privacies much u.s. citizens. when the rorschach decision came out in 2010 i think there was a fair amount of expectation that the government was going to challenge that point and to try to obtain information that was more than 180 days old without a warrant. we have not seen that happen. and over time first google and then followed by pretty much every major provider of cloud-based services in the country the demand has been made that the u.s. government produce

warrants before contents will be turned over. and that is effectively the law of the land even though that is not how the statute is currently written. and even the department of justice has over time conceded the point in testimony before congress that the 180-day rule is arbitrary, doesn't make any sense, should be updated. we've had difficulty getting that across the finish line in terms of codifying the change. but the jones case, again was a principle i think that for many years was accepted, that if the government was just observing things that were happening on the streets that automating that through technology would not create additional concerns that would require a warrant and yet the courts have held otherwise. and then the riley decision that we heard about before holds not only very interesting points about cell phones themselves and the contents of what they hold but there's -- i believe it's in justice roberts' part of the

opinion. a reference to the notion that these devices are connected to the cloud and that that might create additional concerns. but the phones themselves obviously hold so much more information than when the original doctrine was developed. my phone has 64 gigabytes of memory on it and probably exceeds some of the computers that might be in the room. so you know, the technology's changing. the courts -- the law is clearly not keeping pace with the development of the technology. but there are i think positive trends in the courts with regard to the development of fourth amendment law that we should be fairly happy about. >> i would agree with that. the only one point that i just want to make is i think the reason@government isn't pushing back harder against rorschach and sort of where things are going wechlt mail conith e-mail content is because the government can get 95% of what it needs through metadata. >> great. i'd like to open it up for

questions. on a note of optimism i also encourage folks to look at ppd 28, which is not whether or not it has real significance. it's an interesting step forward in the u.s. government acknowledging the benefits of providing rights to non-citizens in this area as well. so there's a lot to be pessimistic about but there's notes of optimism too. so with that i'd like to invite you up to ask questions. there's a microphone on both sides of the room. please ask questions. this is not a chance to make speeches. we can talk to our panelists later. but please come forward and ask your questions. and those -- again, another reminder for those who are watching. you can send a question to nacdlquestions@gmail.com. and we will answer your questions. thanks. >> norman riemer, nacdl's executive director. thank you to all of you. catherine, you ticked off some of the local surveillance

capacity that's out there. can you give us a more comprehensive list of what local law enforcement is able to do in terms of collecting data images, and all the rest on folks? >> thanks. good to see you too. why don't i start off a brainstorming session and then other people can jump in. right? so there's automatic license plate readers which can snap photographs of every passing car. right? local law enforcement agencies can install these themselves, on patrol cars or on highway overpasses. they can also purchase access to large private data bases. there are repo men who attach these to their cars and go around snapping photographs. then those pictures get put into huge data bases with billions of location hits. query whether access to those violates the fourth amendment. aerials are very interesting olth i think it is in some sense overhyped what can be done now. it has a lot of potential. a manned helicopter is extremely

expensive and not many local law enforcement agencies own those. drones are cheap, right? and the little ones, you know, aren't that sophisticated right now. but what i think is really fascinating is the possibility of persistent aerial surveillance. right? the idea that you could fly something over a city. i don't know if you've seen these demonstrations you but you could see individuals walking around the streets and cars. i think that's really fascinating. cell phone data can be obtained. this is location data stretching back as long as the mobile phone carrier wants to keep it. less with text messages. it can be browsing history. it can be records of phone calls people have dialed right? everything you do on social media. this is really depressing. as i'm listing it off. i'm just trying to be as comprehensive as possible. there's circumstances in which you can get access to people's facebook data or other accounts. unfortunately, we all know of people who share more there than perhaps would be wise. there's the story in maine of

the guy who was -- who posted his marijuana photographs on facebook but didn't realize that a friend of his friend was a cop and then got busted this way. that's not a great example. but the point is there's a lot of data about what people there. if your car has an inboard navigation system it may be possible -- it's sort of unclear. there's actually one sort of interesting federal court decision on this to be able to track you through that. and maybe automate the microphone if that's possible. and obviously there are sort of surveillance cameras in a lot of different locations. anyone -- what else is on the list? >> so i'm going to be a little more forward thinking in the sense that a lot of the stuff you see put on aerial surveillance platforms has previously existed in military contexts. so the kind of fun technical toys that they're putting on military surveillance drones are pretty striking. so things like lidar, which you can they've as laser ranging.

essentially, it can see through foliage because the leaves move and it knows the thing that's not moving behind it over a little bit of time it can actually tell you what's behind things that look like leaves. which can be leaves, they can be other things. synthetic aperture radar sar, which can look through thin types of materials like your drapes and your blinds and stuff like that. you know talk about -- and the kylo types of things, like infrared kinds of stuff. there's also stuff like spherical lens surveillance platforms. suffice it to say these things can take what we call gigapixel images on a regular basis of an entire urban area or rural area or wherever it's looking, these will give you the ability to basically see features from a pretty high vantage point at like, you know, a foot to inch or a few centimeter kinds of resolutions and are she highly time sensitive way.

this stuff some of it is not available to people operating current types of aerial surveillance platforms but it's not going to be a whole lot of time before that's demanded. for whatever reason. to use in these kinds of contexts. >> i would add biometrics, fingerprint scanners and such. there's also what can be done with this data. so you have aerial surveillance, you pull in all these videos you see tiny little people down there, facial recognition technology. fingerprints can be captured from incredibly large distances because you can -- the images are so precise they can blow them up and get your fingerprints. they can identify all these blurs on the video feed. and then, you know, rocks. i don't know if anybody red about this. but the military when it was withdrawing from villages in afghanistan would leave rocks that had cameras in them and that 20-year batteries. why can't i get one of those for my phone? 20-year batteries that it could just record continuously and

feed it back. and those rocks are now at the border. so you know, beware of rocks. it's just incredible. it's anything. >> and remote biometrics like facial recognition are very very powerful. there's things you may not know about that are even more powerful. side face and gait how you walk, those two combinations together are extremely identifiable. unless you're wearing something that obscures that, and often there's mask laws brought about from the margo kaminsky of the law school has a great paper on this talking about the kkk intimidating people meant that there's a lost states that have laws that say you can't wear masks other than halloween and some other holidays. so you can't actually protect yourself from that kind of stuff. and to mask your gait you basically have a ministry of silly walks kind of thing where you have to make sure your silly walk is random enough to where they can't profile your silly walk. >> jumana. >> i'm reading taking questions from e-mail. we got one from maeisenberg

who's asking about it being reductive to conflate all metadata as being equivalent to underlying content or personally identifiable information. he said there's a broad range of items, detail, and accessibility of many met atagging systems used by carriers agencies and other collectors huge range just among different health care participants creating a meta data barrier to ie hr interoperability. i don't know if you know thatwhat that is. i don't np but i think the point of the question is r&r tlntd there different degrees of meta data isn't it a lot to conflate them all to personal information? >> i'll just say absolutely. that's not a very -- sorry mr. eisenberg. it's not a very profound statement. you can record metadata about anything and some of that is not going to be interesting and not be useful for whatever you want to use it for. the trick is in the inference that's capable with metadata we know about is extremely powerful. for example, a science paper

about four weeks ago showed that with a large body of 30 million financial transactions it was sufficient to identify a single individual by observing four transactions of theirs. and by trying to munge it a little bit they weren't able to protect individuals in that data set much more. that's not saying you shouldn't connect financial data. it's saying you need to protect it more robustly than you might think. and certainly the temperature of this room is a type of metadata. it doesn't reveal a lot about who's in it. specifically it may sort of map onto how much fun we're having and other kinds of things. >> sir. >> mike price from the rental center. i'll take you up on your offer. and to -- >> but please phrase your comment in the form of a question. >> i will. i'll couch my comment in the form of a question. so here goes. on the metadata versus content issue. eric, you're absolutely correct

that the current state of the law draws this distinction between content and metadata. but as we started to tease out metadata can actually be really really important if not more so than content. if i sent an fyi to a group of supporters, maybe there's not much there in terms of content but you have an entire membership list. or you know, given enough met adate awe don't reallyameta data you don't really need content. content is difficult. it requires sophistication to analyze. metadata's really easy. you can put it into an algorithm. and the more metadata you have it seems like content becomes less and less important. i think it was michael hayden who said we kill people based on metadata. sought so the question for the panel is whether the fourth amendment compels that sort of distinction or whether that's something we have drafted onto it and can reverse. >> well, as most people here

probably know, the fourth amendment has been interpreted in different ways at different times in our country's history and has really struggled to keep up with technology and has generally lagged for a very long time. so in 1927 the supreme court ruled that there was no fourth amendment expectation of privacy in a phone call because to wiretap the phone call the government didn't have to intrude on your property in any way. and it wasn't until 1967 that the supreme court revisited this and said, well, okay, privacy isn't just in your property, privacy can be -- it follows the person, not the property, and it can be in a phone call if you go into a phone booth and you close the door. so we have seen doctrines, many fourth amendment doctrines have changed over time to sort of match the technology. and the challenge for, you know all these brilliant minds here and this is something we're trying to do at the brennan

center, is to try to figure out approaches to the fourth amendment going for it. because these doctrines, many of them are going to go by the wayside. i truly believe based on the signals we've gotten from the supreme court, that the third party doctrine will not last in its current form. what will replace it? the challenge is to find an enduring vision of the fourth amendment that is not technology dependent, that won't go by the wayside the next time there's a new technology that's really not easy to do but it should be possible and it should incorporate metadata where searches of that metadata do impinge on a reasonable expectation of privacy. >> really quickly it's also much harder technically to protect metadata. not all metadata. but a lot of that is used in routing or communication or something in the middle that if you remove that we just wouldn't be able to do those communications. so i think there's also sort of that kind of an angle where we've gotten a lot better at man week, doing pretty good, i was a little pessimistic last year but we're doing pretty good at encrypting things. encrypting the metadata you get into things like shuffling, tor

which is an anonymous browsing tool where you route it through a bunch of ways and there are serp things you can't do that. it's very difficult to have real-time voice and video calling and that kind of thing because it's bouncing around the world. >> i don't think the -- i don't have a copy in front of me. but i don't think the word metadata is in the fourth amendment. and so but -- no, but my point there is the concepts change. and i think even the concept of what we consider to be met adita has changed over time and will continue to change. assemble ajsages of metadata as the jones case may implicate the fourth amendment over time. we also have to recognize there is this element in the kes that we use that relates to what people company. and expectations change too. this is something that's going to evolve hopefully and i think it's one of the reasons why it's important for the courts to be engaged in these things. i don't think there's any hope that the law much less the

constitution is going to move at the pace we require in order to protect what we need. >> and i would just add -- while i would agree with everything liza said about the evolution of the fourth amendment and it changing over time, i'm not -- i side more with eric on my views about what's likely to happen with the third party doctrine. is that i'm skeptical that the supreme court's just going to overrule its prior third-party cases. i think it will attempt to limit them. and one way that it may try to limit them is by making this content, non-content metadata, content business record distinction. jumana. >> yes. i'm going to read a couple of these. i know time is winding up. i don't know if you want to take a few questions and then go back to the panel. >> sure. >> we have a few more. one is from robert guerra. and i may have said that wrong. it's for you joe. he said you mentioned the use of internet geography as a challenge. what other aspects of internet are little known to the user

like ad networks would further undermine the privacy of users? canon is data being shared by law enforcement for domestic cases. there's a question from carson asking what effect if any would affiliating the third party doctrine have on subpoenas administrative grand jury in preegd et cetera. preegd et cetera. and the last question i think was directed at catherine, raising the constitution-free zone in the u.s. is it accurate the zone still exists and fourth amendment protections are not granted to americans on these areas, i'm assuming she means at border and entry points. she adds yes, are there efforts being made to protect civil liberties in these areas? >> that was a lot. >> i'll be really quick and just punt and say accepted me an e-mail joe@cdt.org. we can have a phone call. there's a lot of things people don't understand or have intuitive feelings for where the technical reality doesn't match very well. so for example people tend to think encryption is all about

hiding things. but it's also about making sure you that can't change things in transit. it's why a lot of us like cdt now, you can only reach our website via https with the s being secure. and we have engineered that. it's extremely hard to exploit anyone against you. maybe we're not so much of a destination. the reason we do that is because if we don't and you have one little advertiser -- and this is something i've been working on. we bring in a third-party element on that page that's not encrypted. that's an of avenue for someone in between us to be inject malicious software and exploit all the people involved in that conversation. there's just -- unfortunately, i have a long list of things i can talk about and it's probably not a good use of our time. maybe i should write something exactly to that. but send me an e-mail joe@cdt.org and we can have a longer conversation. >> on the constitution-free zone question, i want to separate out two concepts. there is this idea that the government has extraordinary powers not only at the border

but some distance inland in order to exercise its border authority. there's a separate government policy for customers and border protection in which the government asserts that at ports of entry themselves at the border it can search people's cell phones and laptops and other electronic devices with absolutely no suspicion whatsoever that they contain evidence of a law violation or information relevant to the customs authority. but i have not heard of that particular authority being applied outside of a port of entry itself. there's the caveat that they will sometimes take your laptop at the border and then transport it elsewhere and search it but they do the physical seizing at the border. sir. >> rob pullmanclass from the aclu of virginia. assumeing the supreme court largely leaves the third party doctrine in place it sounds like it would be necessary to amend state constitutions. is anyone up here aware of

language that would in effect overrule the third-party doctrine in a state constitution? how could you do that? >> i'm not aware of any attempt to do that. i think -- and partly, i have to confess, sort of my focus on a lot of these issues are national and i don't think a state constitution is going to protect people from the federal government coming in and doing foreign intelligence surveillance and pick up metadata. it's not going to protect against collection of americans' phone records under section 215. so -- but it is interesting because at the state level we are seeing all those no drone zone legislation and we're seeing legislation about license plate readers and all of that. and i'm actually not aware of any efforts to amend state constitutions. i suppose it's just easier to get legislation than a constitutional amendment at the state level. that's where the efforts have been put. >> but with regard to that idea

of pursuing equa through state bills, we are seeing a number of states where there are proposals that say something like obviously they can't control federal authorities but they will say police agencies that are part of the state or local governments of this state cannot seek to obtain the contents of communications without a warrant. you could i think in theory define with regard to the authorities of the state and local police agencies their ability to demand various types of data including metadata with rarnts. and that might be an approach. >> and just to clarify one thing i don't in any way think the supreme court is going to say no more third party doctrine, you have absolute reasonable expectation of privacy in everything you share with everyone. i don't think that's going to happen. i do think we have very strong signals not just from justice sotomayor's concurrence in jones but even in riley when justice roberts was talking about the

things that made a cell phone so private, he was talking about apps. the information we put into apps. he was talking about information that is necessarily shared with third parties. and clearly there is an implicit recognition that that privacy was there despite having shared this information with third parties. so i don't see how that doctrine can continue to exist in its current form. or i shouldn't say its current form. but in the fisa courts' interpretation of it. >> i'll just say quickly i love what's going on at the state level when it comes to privacy. virginia and in particular the aclu of virginia has been at the forefront of a lot of that. we've been reading about your work on stingrays, for example. i think that state -- oh yeah. i think that state constitutions are some of the most exciting places to go. i'd be happy to work with you or talk to you about that offline. i don't actually think it's that difficult. just a little tricky because if the state constitution doesn't mention the third party doctrine it's tricky to figure out how to reject its application in

worked. but it's very interesting. a lot of states' supreme courts have rejected elements of the third-party doctrine in their holdings. i think there's a lot there you can build off of. and i would like to say i really like this because i think it's an alternative view. it can create a workable alternative right out in the world to the federal regime. it may not address the national security issues. it could address at least a lot of the local law enforcement issues. i think showing you can have an tufsht system that protects -- what we all should acknowledge are incredibly legitimate law enforcement needs while also safeguarding civil liberties is really useful. so i've been very excited by what i've seen coming out of the state level and i think it's imminently doable. >> last question. jumana. >> i have a dual question. and one is in his words from jim too lazy to stand up harper who is asking the panel to prognosticate on the likely outcome and significance of city of los angeles versus patel which is a fourth amendment challenge to a city ordinance

making hotel records amenable to law enforcement seizure on demand. and the last question is do you -- from jonathan yoon do you see the normtive inquiry playing a role in changing the third-party doctrine? what types of compromise can be made that protects privacy but also permits law enforcement to conduct investigations? >> so are you asking for speculation on the outcome of that case? >> he's going to have to send another e-mail. >> let's see. so it's hotel records. so it's a little tricky in a sense. because it's not -- it's different from a situation like phone records where you can -- where you can draw inferences very, very easily. so that would not be my pick for the case that should eventually go to the supreme court on the third party records doctrine. i don't know. honestly, i don't know.

i couldn't predict the outcome of that. sorry. >> does anyone want to take the question about normtive implications of rejection of the third-party doctrine? >> it's hard to get away from normtive implications of all of this. the idea that there is a normative idea to all of this is hard to sustain. and that's bound up in it. >> part of that question asked about whether or not it's possible to both modify or reject the third-party doctrine and also retain respect for law enforcement needs. and i just want to -- i think everyone here knows this but i want to remind everybody that rejection of the third-party doctrine doesn't mean the government can't get access to the information. it just needs the government nieds needs a warrant to get access to the probable cause findings. >> but if you come back to the example i gave you before about bank records, we do have

separate regulatory obligations with regard to money laundering. so that might be a place where the -- in order to prevent money laundering that you do have to have maybe different rules. i think the overall point is that we need to dig a little deeper with regard to certain types of metadata and then make decisions about whether or not the metadata itself or aggregation of that data or combination with other types of data create concerns that we would want to elevate the protections surrounding them. but i don't think it's going to be a cut and dried formula you're going to use. >> with that i want to thank the outstanding panel for a really interesting conversation and all of you for being here as well. [ applause ] in a few minutes we'll have more from this conference on how digital searches and government surveillance are affecting fourth amendment protections against unreasonable searches and seizures. but first a bit of news.

a federal appeals court ruled today that the national security agency's bulk collection of billions of u.s. phone records is illegal. the national journal writes that this deals a startling blow to the program. just as congress is weighing reforms to the government's expansive surveillance authorities. we'll get some reaction now from attorney general loretta lynch as she testified at a senate hearing today. >> two questions. one, are you aware of any significant privacy violations that have occurred since the president instituted these reforms? and second, has the justice department made a decision yet on appealing this decision by the 2nd circuit? i realize it just came down. >> yes. thank you senator. obviously, section 215 has been a vital tool in our national

security arsenal. but the department has, as you note, been operating under the new directives by the president with a view toward modifying the program to keep its efficacy but preserve privacy interests. i am not aware at this time of any violations that have come to light. i will certainly seek a briefing on that. and should i learn of any, i will advise the committee of that. if my knowledge changes on that. but as of now i have not been informed of any violations under the new policy. with respect to the decision from the 2nd circuit, my home circuit actually, this morning, we are reviewing that decision. but given the time issues involving the expiration of it we are also and have been working with this body and others to look for ways to reauthorize section 215 in a way that does preserve its efficacy and protect privacy. >> here's a look at some of our featured programs for this

weekend on the c-span networks. saturday morning beginning at 10:00 eastern on c-span we're live from greenville, south carolina for the gop freedom summit. speakers include wisconsin governor scott walker, texas senator ted cruz, carly fiorina ben carson, and florida senator marco rubio. and on mother's day, sunday starting at noon eastern, members of america's first families remember first ladies featuring the daughters of jackie kennedy ladybird johnson, betty ford, and laura bush. on c-span 2 saturday night at 10:00 eastern, on book tv's "after words," author jon krakauer on sexual assaults in the u.s. focusing on the college town of missoula, montana." and sunday evening at 10:00 ann dunwoody, the first female four-star general, talks about her life and military career. and on american history tv on c-span 3 saturday afternoon at 4:45 eastern on "oral histories," remembering the liberation of nazi concentration camps with an interview of kurt klein, who as a teenager escaped

the german persecution of jews by coming to the u.s. lost his parents in auschwitz, and as an interrogator for the u.s. army questioned hitler's personal driver. and the 70th anniversary of the end of world war ii in europe with dignitaries and veterans commemorating the event in washington, d.c. get our complete schedule at cspan.org. more of that washington college of law event at american university. this panel looks at if digital technology in government surveillance has outpaced today's privacy protection laws including the constitution's fourth amendment that prohibits unreasonable searches and seizures. you can see all of this event at cspan.org. >> national constitution center is a unique place. it was founded by congress to disseminate information about the u.s. constitution on a nonpartisan basis.

and we are one of the only places in these polarized times that bring together all sides to debate not political questions but constitutional questions so that you, the people, can make up your own mind. we just launched an incredible series of town hall national debates, co-sponsored by the federalist society and the american constitution society where we're going around the country to debate constitutional issues. we launched in washington last week, next up, new york, and chicago and san francisco, and it's just a great example of the faith that confronted with the best arguments on all sides of constitutional questions people can be elevated and educated. this is a dream team to discuss the future of the fourth amendment. it's eclectic, remarkable diversity of views. and we have a lot to discuss. i'm going to begin by posing a broad hypothetical, which is not so hypothetical anymore. then each of the panelists will

make brief opening statements. then we'll be off and running in the best charlie rose style. here is the hypothetical. imagine that tomorrow, president obama said that in order to protect the security of america, tiny drones would be sent flying in the air with minuscule cameras attached. and using these drones, the government would reserve the right to focus on anyone, say me, follow me forward to see where i was going, if the images were archived, they could go back and follow me back ward to see where i came from and basically allow 24/7 ubiquitous surveillance of any person in the world. and the question i want to ask the panel to engage in is would this violate the fourth amendment to the constitution? which protects the right of the people to be secure in our persons, houses, papers and effects against unreasonable searches and seizures. the supreme court has not ruled

squarely on this question, although there's interesting recent cases that cast light on it. and each of their perspectives will be fascinating in taking up the constitutional question. and then we'll dig in also to the statutory questions and all the really interesting movement in congress there is at the moment to address the question of ubiquitous surveillance in public. let me briefly introduce our panelists. they will make brief opening statements, and then we'll be off and running. visiting assistant professor at uc hastings college of law where he directs the liberty, security and technology clinic. he's a former computer engineer. he has a clinic that litigates constitutional issues involving espionage, counterterrorism and computer hacking. he's a member of chelsea manning's legal team, lead trial counsel for brown, for the group anonymous and served as defense counsel in many cases around the u.s. he was also habeas counsel at guantanamo bay.

ahmed, why don't you go first. >> like any good attorney, i will say that it depends. how big are the drones? how close are they? and also, is the data being aggregated? and is it being processed? i think that the question that you present is actually not a very futuristic scenario in that we've got a lot of public space surveillance as it stands. we have the technologies that allow for license plates to be monitored. we have cameras all over the city. all of this is information that there's a viewpoint that this is all public information that you don't really have a right to privacy walking around on the

street. the jones case, at least alito's concurrence at least talks about ago aggregation, but to me, it's more what you do with the data. so to answer in short, i think the current doctrine would probably allow many drones surveillance under the fourth amendment, in public spaces. >> great. and why don't you go on to flag some of the issues that you'd like -- for us to -- >> i think the interesting issue for me is not necessarily the collection of information because you've heard from a lot of really smart people working on that. and i think they're doing a great job. but as a criminal defense attorney, i'm sort of jaded about a hopeful outcome in terms of what can and can't collect.

and the idea of privacy in public space. i think the interesting issue for me is then what happens with the data. so irrespective, if we win any of these challenges, we're going to have a great amount of data with the government, and it can be analyzed. and the technologies that actually conduct the analytics are increasingly sophisticated. and if you start -- and it's not just that -- you've got technologies that implement artificial intelligence and learning. and so the goal for a lot of this big data stuff is that the algorithm can identify patterns that humans are not cognitively capable of doing on their own. you've got a situation where a computer is telling you that this person is a bad person and you should follow them or you should search them or you should

arrest them or possibly drone them. at a accuracy higher than any human analyst, but you don't know why. that's the question for us. when you have a highly reliable algorithm that cannot articulate why it's giving you an outcome. and that outcome is one of culpability. what do we do? >> great. very interesting observation. the drone surveillance is probably okay. you are concerned about these algorithms and whether or not they're reliable enough to create individualized suspicion. >> just the caveat is that is not normative answer, it's doctrinal answer. >> let's start by describing how you think the current courts would rule on these questions and what some of the pressure points are.

he worked in the privacy practice. previously legislative assistant to senator dick durbin on the committee, a graduate of bates college and northwestern university school of law. david, your quick take will delve in more deeply on whether or not 24/7 camera drone surveillance would violate the fourth amendment. and any additional issues you want us to dig into. >> yeah. mike's own, thanks, jeff. having heard the hypothetical and responding to it now in realtime, it strikes me if you start with sort of fundamental principles around the fourth amendment and the doctrine that has come -- and the fourth amendment protects people and not places. if you're going to have that

type of 24-hour, 7-day a week surveillance, that's ubiquitous and suspicionless that would implicate the strictures of the fourth amendment. there would be real problems with that kind of surveillance, even if it's happening in areas that traditionally have maybe been subject to lesser fourth amendment protections. >> let me just ask you to push the mike, which i forgot to do, as well. it's this little green button there. you've got it. you think under the case which we'll talk more about, it probably would implicate the fourth amendment. what are some of the pressure points you want us to delve into? >> so there have been a lot of interesting discussions today about the evolution of the fourth amendment, particularly with respect to the internet. i think if the recent past is prologued or there are a lot of reasons to be sanguine about the development of case law with respect to cases and controversies around the fourth amendment. i think as pointed out earlier, though, that presupposes there will be cases and controversies to litigate. and even in the aftermath of the snowden revelations, there are still significant barriers to standing that may prevent a lot of these cases and controversies from ultimately being heard by the courts. there is another form. congress is addressing a lot of

these issues. one of the benefits of addressing some of these fourth amendment issues before they come to the courts and even as the courts are seeking to litigate and address these issues is we are in some ways unencumbered by antiquated and constitutional doctrines like the third party doctrine and fourth amendment case law. and delineating and creating the right policy prescriptions to fourth amendment issues in the digital age. so i want to talk really briefly about a few things that have been happening. two, actually two things that have been happening. and one, i think, that is going to happen in the future that's going to be pretty important for the development. we are part of the due process coalition. we are still dealing in some respects with the embryonic