less forthcoming. they may be emboldened to destroy or not produce them. among the type of scams we investigate are ponzi and pump and dump market schemes. in these types of frauds, illegal acts are likely to be communicated through personal e-mail accounts. technology has evolved since ecpa was passed. there's no question the law should evolve to protect privacy interests, even when significant law enforcement interests are also implicated. as part of that balance, any ecpa reform can and should afford a party's information that is sought from an isp in a civil investigation notice and an opportunity to participate in judicial proceedings before the

isp is compelled to produce the information. indeed when seeking e-mail content from isps in the past, the division provided notice to e-mail account holders in keeping with long standing supreme court precedent. in the legislation was so structured, the individual would have the ability to raise with the court any privilege or concern before the communications are provided to an isp. while civil law enforcements may have a limited avenue. such a judicial proceeding would offer greater protection to subscribers than a criminal warrant in which subscribers receive no opportunity to be heard before communications are provided. thank you again for the opportunity to be here today. we look forward to working with the kbhcommittees on ways to modernize ecpa. i'm happy to answer any questions that you have. >> thank you, andrew. daniel? >> chairman grassley, ranking

member leahy, and members of the committee, thank you. let me begin by noting that my oral statements and responses to questions are my own and they don't necessarily reflect the views of the commission or any commissioner. having said that, i very much appreciate the opportunity to represent the ftc's testimony. the ftc supports the objectives of ecpa reform and understands the need to update it to account for technological advances. we rely heavily on our ability to conduct thorough investigations. recent proposals to update ecpa could impede our ability to

obtain certain information from ecpa service providers. to obtain content from a service provider, the government could need to obtain a criminal warrant. the proposals would require a warrant for all forms of content, even those in which a subscriber has no reasonable expectation to privacy. requiring a criminal warrant in three situations would impede effectiveness. we're talking about things like no longer running advertisements, previously sent spam, and ads on a mobile device. this content is critical to ftc investigatio investigatio investigations. we need to find the promotional material that contains the

representation. the scam artist change websites and electronic marketing materials frequently. when commission staff investigates complaints about a website, the website currently viewable to the public may be different from the one that the consumer complained about. we have not used the tool often. most of time our investigators are able to track down a target's old marketing materials without needing to seek the materials from the provider. but the increasingly fleeting nature of advertisements a, mak it kwiquite likely we will need do that more often. an exception from the criminal warrant requirement in proposed legislation from commercial content that promotes a product or service would enable to commission to obtain such commercial content. at the same time, such an exception would have no impact

on privacy rights because the materials would be purely commercial and have been affirmatively published by the target. as a result, they would not have a reasonable expectation to p f privacy. the second situation is content with a consent of the customer. as cloud computing becomes more widespread. it will be increasingly important for a civil law enforcement agency to compel an provider to expose content with a customer's consent. for example, a consumer victim who deleted a message from a scam may want the ftc to obtain that information from the service provider. even if the customer or subscriber has consented, we cannot compel the cloud

computing service to disclose that content. third, a criminal warrant should not be needed when the fdc has compelled a target to produce content that is held by a cloud service provider and the target has failed to comply with the fdc's command. we should be able to seek a court ordering directing the target's provider to produce the content. in conclusion, thank you for giving the commission the opportunity to discuss the importance of electronics communications. the fdc looks forward to working with the committee to address the committee's concerns. >> thank you all for your testimony. i'll start and then senator leahy will be next with our questions.

andrew, we're going to start with you. the fcc's ability to carry out enforcement responsibilities and conduct investigations has been significantly curtailed as a result of the decision, but we've been told the fcc has not provided any examples of cases where access to electronic communications have been cut off due to that decision or would be impacted if the pending reform bills were enacted. can you provide any examples of the types of cases or investigations that have been effected since that case decision due to providers requiring a warrant when the government seeks to collect electronic content in a civil investigation? >> yes, senator. obviously, i can't talk about the details of ongoing investigations, but i can say there are a number of investigations in which if we were exercising our authority under ecpa to obtain e-mails through isps, we would do that

in furns of the investigation for example, manipulation schemes where if we had the authority, we would certainly do that. i can't necessarily say it would produce e-mails that would dramatically further the investigation because right now i'm not able to know what e-mails we would obtain through that kind of process, but i can say there are investigations that are ongoing and there were investigations prior to the warshack case where we were exercising the authority that were significantly advanced by obtaining isp e-mails. >> you suggest that a warrant only requirement for obtaining electronic communications from an internet service provider could create obstacles in civil cases. can you provide examples in

which the fdc is concerned about that would create obstacles to civil law enforcement cases? >> of course, senator. the types of cases we're talking about are those instances where the target or the defendant is trying to be evasive, is not responding to discovery or to our civil investigative demands, so that's one classification. we can't get the information directly from the target. the other class of cases are where the target is an outright fraud, a fly by night scam, and we don't want to contact them directly. if we contact them directly, they may flee. they may destroy evidence, hide assets. >> this would be to any or all of you. there's a perception from the privacy and tech community that

what you're really asking for a mechanism that lacks judicial oversight and sidesteps the target of a civil investigation without any notice or hearing. in fact, the written testimony provided to us from google states that you're proposing to, quote, amendment ecpa so agencies can bypass the target of or even potential witnesses in civil investigations, end of quote. is this a fair characteristic of what you're really proposing? >> senator, no, it is not. we are asking for a mechanism to allow courts to compel this information from providers where necessary and has been mentioned, this is information that we try to get from subscribers where we can't get it from subscribers, we really do need it.

there are ways of protecting privacy and ensuring there is a appropriate safeguard for civil liberties and privacy. >> we would give notice to the subscriber and allow them to come in and offer objections. from our perspective, that's more protection than a warrant proceeding where it's ex parte where the subscriber is not present. >> do you have anything to add? >> i would agree the judicial mechanism we're proposing would require two things. one, we would have to go to the subscriber first. only when we're unable to get the information could we then seek a court order. it's two additional protections. first there would be the subscriber and then the judicial intervention. >> thank you, mr. chairman. we are putting things on the

record. a great deal of consensus on the need to update ecpa. can these letters be placed in the record? >> yes. >> thank you. ms. tyrangiel, the fbi uses warrants when it seeks the contents of e-mail in criminal investigations regardless of the age of the e-mail. is that correct? >> that is correct. >> so this bill would not change the fbi procedure in that regard. >> the bill would not change the procedure for criminal -- obtaining disclosure through a third party or public provider

soph store e regardless of age. >> privacy protection is afforded to e-mail or text messages, should that change if they're older than six months or if they've been opened? >> no. we don't think there's a principled reason to treat e-mail differently. we don't think there's a reason to treat e-mail differently dependent on the age. >> no, i don't think we see any distinction there. >> salsburg? >> we agree with that. >> thank you. five years ago, we talked about the united states versus warshack. i'll ask the same question of both mr. ceresney and mr. salsburg. since that ruling, has the fcc or the ftc obtained e-mail content through a subpoena

issued to a third-party provider? >> we have not, senator leahy, but we've done so in an excess of caution and in deference to the reform discussions that have been ongoing in congress. >> and in deference to five-year-old six circuit case which has not been overturned? >> our view is warshack does not deny us the authority to obtain e-mails through an administrative subpoena. we have always given notice to subscribers. there's a long line of supreme court and other circuit cases that says an administrative subpoena complies with the fourth amendment. >> we have not sought e-mail content after the warshack decision or since.

>> you have sought a legislative solution from congress in the past five years? >> no, we have not sought a solution until now. >> we have obviously offered over the last few years to have ongoing discussions, and we have had discussions. >> have you made a proposal? >> we have. >> have you given me a copy of the proposal you made? i don't seem to recall that. >> we've had discussions with staff about this issue over time. >> beginning five years ago or just since it looks like me might get something passed here? >> i can only speak to the two and a half years i've been director of enforcement. >> you set up a concrete proposal? >> we've been discussing proposals -- >> you've set up a concrete proposal for your agency? >> our view is we want to be

responsive to proposals that congress is providing. to the extent that staff or particular senators or congressman have offered us what they're thinking about, we have offered them our thoughts on those proposals. >> are you seeking wiretap authority for your civil investigations? >> no, we're not. >> you do want to be able to read e-mails without a warrant? >> what we're proposing, senator, is some sort of judicial proceeding that would find some sort of standard whether it be a standard that would allow us then to obtain e-mails with notice to the subscriber as part of the proceedings so that the subscriber can raise any concerns that they have. >> what about listening to your targets phone calls? >> no, we're not proposing that. >> wouldn't that be more efficient and more effective? >> senator, we are not seeking

wiretap authority. that is something that the criminal authorities have that we do not. that is not something we're seeking. >> all right. how many federal, state, and local agencies have civil regulatory authority that allows them to issue subpoenas for records? >> thank you for that question. certainly, the department of justice there are a number of civil enforcement functions, including anti-trust, tax, environment, civil rights. since warshack, they've been unable to get stored content from providers, and this has hurt their investigations and made it difficult in instances where they couldn't obtain information from subscribers. >> my time is up. i'm going to have a couple of questions for the record on that. thank you.

>> let me read here -- then it would be perdue and then i assume it would go to the democrat, senator franken. that's the way it'll end up being. >> ms. tyrangiel, am i pronouncing your name right? >> tyrangiel. >> you stated that the department had concerns about legislative proposals and safeguarding data stored abroad from improper government access. the electronic communications privacy act is silent on the privacy standard u.s. officials must satisfy in order to access data stored abroad. and yet the federal government has taken advantage of the statutory silence to apply its

own standard. >> thank you for that question, senator. there is long standing legal framework that allows the government to serve compulsory league process on united states companies to require them to bring back information that is stored abroad, and the concern with proposals that would change that framework is that it would take away an option that has long been available under that framework and would replace it with international cooperation, which is not an adequate solution because those agreements that that kind of cooperation doesn't exist everywhere. only half of the countries we have agreements with. and because even when we can use those agreements, it takes a really long time and can delay investigations in times when we

really need it to be fast. >> i don't agree with you on that point. that's why i introduced the leeds act to establish a legal framework for law enforcement to access data stored establishment a legal framework for law enforcement to access data abroad or overseas. i'd appreciate any suggestions you have that might make a more workable bill or that might approve it or help you in your work. >> we look forward to working with you. >> thank you. the federal officials can obtain e-mails anywhere in the world simply by providing a warrant on a provider subject to u.s. process. nothing stops governments in other countries, including china and russia from seeking e-mails of americans stored in the u.s. from providers subject to chinese and russian process. in fact, the lawyer who is litigating the microsoft case on behalf of the government acknowledged last week that the ability for a foreign government

to require disclosures of a u.s. provider, quote, should be of some concern, unquote. are you concerned about the far reaching or reciprocal consequences of government's current position on the extra territorial reach of u.s. warrants? >> thank you for that question. this is a challenging issue, one that the department is actively considering. whatever the solution is, we don't think that the solution should involve deciding conflicts of laws in a way that always works against the united states. historically courts have been able to weigh sovereignty interest, the interest of u.s. victim, governmental issues and other factors in decisions oncoming to the issues and any concern that would resolve all matters of conflicts of law in matters of every case. >> the treaty process

facilitates formal agreements for sharing evidence between the united states and foreign countries. do you agree the process has proven slow and cumbersome to use in. >> it certainly is slow and cumbersome for us to get information from other countries, which is part of our concern in the incoming process. we agree that there needs sob progress made and we're working on process technological and otherwise. i know that the administration requested resources in aid of that effort to improve things better. >> what can congress do to improve the process and how does another country access data stored here in the united states? >> so, again, these are really challenging issues and we look forward to working with you on them. one thing that is clear with the process is it is not a one size fits all kind of issue and people work differently all around the world. because it is so complicated, it

requires an approach that takes into account the way that is operating now. and we very much look forward to working with you to streamline the process. >> i look forward to working with you as well and i hope we can streamline the process and make it work not only for you but for businesses and others as well. thank you. >> senator whitehouse. >> thank you, chairman. in evaluating this question of civil access to content maintained by the service provider, i take a step back to the question of a criminal warrant. a criminal warrant is obtained by a government official going before a federal judge on an ex parte basis and getting the judge's consent to get access to the material involved. that protection is there, as i

understand it, because of the immense power that criminal law enforcement gives to the government, hower of, for instance, incarceration. we have a federal death penalty. so from the very beginning, the founders constructed a process that limited arbitrary access to information on the part of the government when it had those terrible powers in its hands. ms. tearian geel, does that have anything in regard to civil enforcement. >> it does not. >> the warrant would have to go before a federal judge to get access to the data for civil ebb forcement purposes? >> there are a number of way to do it. but having a court compel that evidence -- >> a court order would satisfy you? >> yes. >> in a number of circumstances your colleagues here on the

panel have suggested that the subject might actually be -- the subscriber might actually be notified first or that there might be notice to the subscriber so it would no the be an ex parte proceeding, it would be a proceeding where the person had ever right to appear, correct? >> that's correct. >> now what happens, mr. salsburg in the case that you talked about where for a variety of reasons you don't want to reveal to misbehaving party that this investigation is under way because they're likely to abscond or hide assets or whatever. do you want some form of exparty process like a warrant provides where the civil agency could say, look, these are extraordinary circumstances, this is why we need access ex parte to this information and try to convince the judge of that? >> we're not actually asking for that authority. >> why are you talking about

the -- why did you use that example of the importance of it? >> well, i suppose i conflated the previously public content argument that we have where we would still want to get the content from a provider when talking about content where there's no reasonable expectation of privacy. >> do any of you seek a proposal under which the government would be able to make a showing that an ex parte provision is necessary and go forward without notice to the subscriber? >> we are not. from our perspective, in fact we're seek the e-mails from the subscriber first. and if we're not able to obtain or don't believe we've received them, then we'll go to the isp. >> one requirement that we're r relying on so much to be ex parte, you're not requesting that? >> we're not. we're looking for a limited

availability to obtain -- >> through a court order. >> through a -- >> through perhaps the same judge you may have to go through to get the warrant? >> the same judge. >> in this case they would be there to -- >> that's more protection than a warrant provides, yes. >> sure is. thank you very much, plrmr. chairman. i have a minute left before i yield back my time. i think chairman grassley asked you this. but just in case it doesn't come through as clearly to you as it did to me, i would be interested in looking back to cases that have come to a conclusion and where there is a public disclosure of the case where you can take a look at the case and say, this piece of evidence actually helped make that case and we got it because we were able to have access through the service provider to that information, not an on going

case which i know is a very delicate circumstance for all of you. but closed cases looking back just so we can see whether or not this has made a difference in real life in the past. and with that i yield back my time, mr. chairman. thank you for holding this hearing. >> thank you. now senator -- >> thank you, mr. chairman. thanks to all of you for being here. updating the electronics privacy angt has been a priority of mine ever since i arrived in the senate a. and now that i've been here four and a half years, i appreciate more fully how difficult it can be to bring about a change of law that basically everyone agrees on. the overwhelming majority of the american people -- and by that i mean 99.9% of anyone you can ask agree that a government ought to have a warrant before it goes after your e-mail, the content of your e-mails. number two, the same number of people would agree, i think by about the same ratio, that it

ought not make any difference with whether that e-mail is 179 days old or 181 days old. whether or not the government has to get a warrant. and so, you know, this is a very simple principle that ought not be all that difficult to legislate. but i've been honored to work on that legislation and i introduced senate bill 356, along with ranking member lay hooe in what seems to be a widely followed practice today. to start out with, i want to ask each of you a simple yes or no question. does your agency believe that it should, under normal circumstances, meaning in the absence of a generally applicable widely recognized exception of a warrant requirement, should it be required to get a warrant in

order to get the content of people's e-mails regardless of the age of the e-mail? we'll start with you, mr. teern gill. >> we do not impose a criminal warrant for our criminal entities when they're obtaining information from a third party provider to the public but notes concerns about that rule where there is no warrant authority available, like in our civil investigations. >> the answer is no. it allows the subject to object is an appropriate mechanism for obtaining e-mails. >> do we agree with the s.e.c. position? >> we do agree with the s.e.c.'s position. >> why there are a few people in washington, d.c. who can understand what you're saying, i think the overwhelming majority

of the american people would be disturbed to hear that that question can't be answered with a simple no, that the government should not be able to get at people's e-mails. the content of their e-mail without a warrant. now, let me direct a question your way, mrs. tyrangiel. i'm concerned that the department of justice, once it's obtained e-mails, it may use those e-mails for any investigation related to the initial reason for the acquisition or not. so if you obtained e-mails on a mrsa pena in a civil investigation, what if anything would prevent those same e-mails that you obtained without a warrant in the context of a civil investigation with the subpoena, what would prevent the department from using that in a criminal prosecution? >> so, certainly it would not be acceptable for things to be

obtained on the civil side for the purposes of trying to use it on the criminal side. when things are in use, they should be done according to the authorities that are available. however, when criminal evidence becomes apparent, that information can be shared and we are not proposing a way to get around the warrant requirement without any privacy protections. and there are ways of protecting privacy both by standard and process. what we're talking about on the civil side is a process protection. >> what kinds of safeguards would the d.o.j. propose in order to prevent a civil agency carve out from being used to avoid the warrant requirement? you can understand how that could easily be manipulated in order to avoid the warrant requirement. >> thank you for that question. i don't believe this instance is really any different than the

other sorts of evidence that can be obtained in other ways. these are issues that exist as to all investigations, prosecutors and civil litigators and investigators are held to a standard, obey the rules, hold to the rules and follow the process that the law requires. i'm happy to get back to you if there are further questions, to answer further questions. >> okay. thank you. i see my time has expired, mr. chairman. [ inaudible ] >> since senator lay hooe asked me to be here as ranking member, i have to be here. can senator blumenthal go next? because i'm forced to be here. next to you i am required. >> go ahead. >> yeah, okay. >> thank you. i want to thank senator franken

for his courtesy. i am curious, mr. salsburg, in your testimony you express concern about what would happen if a customer consents to having her service provider turn over e-mails but the service provider nonetheless refuses. can you give us some examples of how and when that might occur, if a customer says okay but the service provider says no. when and how would that occur? >> sure. let me give you two examples. the first is we're investigating a business and the business is readily willing to turn over information to us. but it maintains it all in the cloud. and the cost of that customer -- of that target, getting the information from the cloud provider is significant. where if they were to authorize us to go to the cloud service provider and use it and use our litigation support folks, they would rather have that happen.

is that going to happen owl of the time that a target is willing to turn over its information en masse to the government? no. but if that so scenario arises, we should be able to use the compulsory process to get the information from the provider. the second scenario is the customer is a victim and a victim no longer has access to the content of the claim that's been made to them and they want the government to go get >> it have those two scenarios actually occurred? >> there have been a couple of instances where this has occurred. but it's not common. and what we're, what we're concerned about is as the move to cloud computing gets more ingrained and further along, these scenarios may happen for frequently. >> does the ftc have any recourse against the target of a subpoena if that target fails to do everything in his or her

power to get e-mails from his service provider and get the provider to turn them over? >> it does. we can file -- if we're talking about an investigative demand, we can file enforcement actions. but at the end of the day, if the customer refuses to turn the information over, we would have no ability under the pending legislation to get that information. >> under the pending legislation. >> right. >> under which -- >> under the -- >> 356? >> 356, yes. >> that's a suggestion you have for improving it? >> yes. interestingly, the provision that authorizes a provider to voluntarily provide information authorizes it to turn over the content with consent voluntarily to the government. and we want to make sure this's a provision that allows the government to compel it in those circumstances. >> if the target investigation has intentionally used an internet provider that won't

cooperate with the ftc, so that target can pretend to consent but then in effect use the refusal of the internet provider as the barrier. is there anything the ftc can do to penalize the target? if you understand my question. >> yes. you know, we can seek -- we can seek to compel if we're talking about an investigative demand. but ultimately we don't have the authority to penalize anybody. >> well, i welcome your suggestions for improving this legislation. as you know, i'm one of the original co-sponsors of s 356. i think it's important to strike the balance between privacy and law enforcement having been in law enforcement myself, having been a strong support are of the work that all three of your agencies do. and very much welcome your

suggestions here and any other thoughts that you may have. thank you, mr. chairman. [ inaudible ] >> thank you, mr. chairman and thanks to the witnesses for you time today. obviously this is -- we've had similar conversations where we're trying to balance privacy and enforcement. it's ongoing. i applaud your effort and your leadership in that. i look forward to debating both and i want to applaud the ranking member and senator lee for their hard work on these bills. ms. tyrangiel, i have a quick question relatesed to l.e.a.d.s. as we know, that would create a rule that government may use the warrants to obtain content data stored outside the u.s. but only if the account holder is a u.s. person. in all of the cases involved content data stored abroad, i could require the government to utilize the process as i understand it. i know that the doj has

concerned about the act. what's your procedures for the bill that are going to improve and streamline the process? thank you for that question. improving the process on an incoming basis, which is what the proposal is talking about, is difficult and complicated and we very much look forward to working with the committee on that. we do think it's not a one size fits all kind of solution. and having provisions that apply, for instance, to require sort of online intake when not all countries actually use government e-mail to send in their requests is the sort of thing that makes this hard. and so we very much look forward to working with you to address those issues. >> can you explain the doj's concerns with that i think they've expressed regarding the effect on nick investigations, particularly those involving

nonu.s. citizens in the u.s. >> the department would be concerned with any proposal that would unilaterally take away a tool that we have in order to obtain information about a u.s. crime affecting u.s. victims that historically has been in place for a long time. and replace it with something that would take a really long time through international cooperation alone. and it could -- proposals that would also make it more difficult to get information about non-u.s. persons committing crimes in the u.s. than it would u.s. persons is also a concern for us. >> i see. mr. ceresney and mr. salsburg, one quick question. i want to go to the so peen that request she that was raised a moment ago. your agency's ability to enforce subpoenas directly on the target of a civil enforcement action. i z that particularly because of

the federal court decisions hold that an individual can be compelled to comply with a subpoena to produce the content data. can you give me your views and let's clarify that a little better. >> our subpoenas are not self-executing. if somebody object to the subpoena, we need to go to court and compelling production of the materials. that person can raise whatever objections they have. and the case law says that if we show a proper purpose and if the subpoena is properly tailored that it would be upheld. in those circumstances we can obtain the e-mail from the subscriber. but the problem obviously, as we've, talking about, is the subscriber will often not provide you with full e-mail and if they know we can't obtain the e-mail through the isp, that causes them toto provide them.

>> the ones that provide versus the ones you to get the warrant. >> get the warrant? >> when you to go to the second step in order to get the information. >> we have frequently brought subpoena enforcement actions. if many cases we make a judgment. there are resource constraints about bringing subpoena enforcement actions and we make a judgment about whether to compel in a particular case. i will say that our experience is in certain cases subscribers provide full e-mails and others don't. that becomes clear. as you subpoena others who are involved in the misconduct yb find that the others supply you with e-mails that the original subscriber did not. and that tells you that the original production was not sufficient. >> mr. salsburg. >> we have a similar process to s.e.c. where they're not self-executing. we do need to go to a court to enforce them as well. in our experience, i think most targets usually comply with our

cids. if they don't, we have to make a resource judgment call. is it worthwhile to pursue an enforcement action which is pretty lengthy and may not result in us trying to get it quickly or do we forgo the information and try to find the necessary information in another way. >> thank you. thank you, mr. chairman. [ inaudible ] >> thank you, mr. chairman. mr. salsburg, the ftc plays a key role in protecting americans' privacy and americans care deeply about the privacy of their e-mails and other online documents. since the warshack decision, their expectations have largely been met in the ecma amendments

act. make sure that they continue to be met. and i applaud the senators for their efforts. i guess more senator leheay because he's my ranking member. i do find, mr. salsburg, that the final portion of your testimony, a little surprising, i did not expect to hear the ftc's bureau of consumer protections suggesting that the amendments act be significantly rewritten to give ftc broad authority to obtain via simple court order americans' e-mail content from third-party service providers. and then this morning we received commissioner bril's statement expressing her concern about this proposal. commissioner brill notes quote

it is exceedingly rare that it would be useful for the ftc to seek content through ecma and she highlights the cost for americans' privacy and the question of constitutionality, or potential unconstitutionality of obtaining content with just such a court order or with just a court order. i realize your oral presentation today reflects only your views. but i'm interested in your, in your views and data that you may have, setting aside potential constitutional concerns for the moment. do you have any data, any case statistics to support your claim that a new expansion of ftc authority to obtain mail content is needed? >> let me first note that we

have not sought e-mail content in the past. and the question is whether the economy is changing in a way, with data moving to the cloud computing, that we can see it being foreseeable in the future. i don't have any empirical evidence of this. but i think one of the major drivers of the reform is the notion that data is being kept in the cloud with third-party service providers and no longer being maintained locally on people's computers. >> thank you. i'm sorry. i wasn't here for the beginning. is it so res any? >> it's ceresney, yes. >> very good to me. under ecma as it was written in 1986, subpoenas could be used to compel a third-party provider to disclose the contents of a providers e-mails if the e-mails were relatively old, about 180

days old. the courts have taken issue with that and that's not what the american people expect when it comes to the privacy of their e-mails. we've been discussing that. but if i'm understanding your testimony correctly, you're not satisfied with this standard. you're looking for new and broad authority for federal regulatory agencies like irs to be able to obtain content without a warrant, without regard to the age of the information. in the last five years, has the s.e.c. sought to challenge warshack or to take action against providers who refuse to comply with requests because of warshack? >> senator, we have not in deference to the ongoing discussions in congress. but what i would say is we are seeking more protections than the current one.

the current one allows an administrative proceeding with notice. we're suggesting where we obtain a court order. but a court order is essentially what a warrant is, a judge signing off on an order that allows us to obtain the e-mail. and in our case we're proposing with notice to the subscriber, so that the subscriber, unlike a warrant, ex parte, the subscriber could come in and insert their objections. they're proposing more protections first of all in the current statute and second in a warrant. >> so you take issue with my saying just a court order. >>? >> yes, i do, with rule due respect. >> i appreciate the respect. thank you. >> thank you, senator franken. senator tillis? >> thank you, mr. chair and mr. acting ranking member. mr. chair, i want to wish a happy birthday in advance. i think you're celebrating maybe

the 32nd anniversary of your 50th birthday tomorrow. >> that would make you 8 2, i think. >> now that i'm 55, i started celebrating anniversaries about five years ago. i want to ask a question that may also be appropriate for the second panel. i've got to go back to an armed services committee so i'll start the discussion here. i'm concerned with your efforts when it involves an isp that's not within u.s. jurisdiction. and efforts that we would have here to strengthen our ability to get to information for u.s. domiciled is ps. and the potential risk that could have for people who may intend to use this for the kinds of purposes you're going after. so may or may not be. what risk do we have going beyond just the 180-day retention requirement, dealing

with that and clarifying the obligations of the isps with respect to their warrant requirements? what risk do we have of just having the snakes go to another pasture and still be able to do what they want to accomplish or still be able to fall under that veil and then put our isps at risk. i'll open that up to the panel. we'll start down there. >> thank you for that question. when there are provides rs doin business in the u.s., historically the courts have exercised jurisdiction over those individuals. >> what's the variability if you go outside or what has your experience been? >> well, in order to be able to get something, there needs to be a basis for jurisdiction. and so one of the things that concerns us about proposals that talk about data stored abroad is making that data, where there are people in the u.s. unable to use traditional legal process to compel that information that they may store elsewhere to come

back to the united states. >> this is a very challenging question. and the commission hasn't taken any position on the leads act. and i think it's fair to say that we would have difficulties on the civil side as the law is now if we were trying to compel information from a foreign isp that did not have a presence in the united states. >> so again, that concern that i have is making sure that whatever we do, as long as there's some other place in the globe, you know, the internet infrastructure is a global infrastructure subject to several jurisdictions. how we balance policy to make sure that we're not just tying the hands of businesses here to the benefit and to your detriment to isps abroad.

mr. ceresney, i'll let you comment. >> we share some of the same concerns as the department of justice has about the act. and it's an authority issue and one that needs to be worked carefully. >> mr. ceresney, i think you mentioned, it may have been in your opening comments. apologize for not being here. that subpoenas fall short of getting the evidence they want because ouchb times the target deleted the information or they abscond it. what's at least working through congress right now that you think helps you address that issue or what kinds of things do we have to look at to help you have that tool available? >> we're seeking some limited authority to obtain under the circumstances like you one you just cited, where the individuals deleted e-mails or not produced to us, some ability to obtain the e-mails from the isp. what we proposed is a court order under some standard that we have to meet to the

subscriber so they can come in and object. that's the limit authority that we're seeking here. and the idea is in circumstances like the one you've suggested where the individual has deleted the e-mails, we're able to obtain it. and what that uld would do is incentivize people who are producing the e-mails pursuant to our subpoenas to comply fully. if they know we can go to isp, it further incentivizes them to provide us with their e-mail. >> since i've only got 25 seconds, i'll just make a comment. i know on the one hand we want to provide you and all the next panel, which is law enforcement, to have all of the tools you need to get after people that may be doing thing we don't want them to do. on the other hand we're talking about extending these capabilities to agencies that right now, such as the irs, i don't think that was mentioned, but it think it would extend to agencies like the irs, they give us some pause to give them more capabilities than they already have. so we've got to work on making sure that we've got the right

controls in place as we move forward with the policy. thank you for being here. thank you, mr. chair. [ inaudible ] >> thank you chairman grassley, and for your leadership on this and for asking the appropriate questions and having an opportunity to discuss it. it's a very big issue. those obviously who have been involved in law enforcement for a long time are very well aware of what sounds like some good theoretical idea can have a major and detrimental impact on the ability of the people of the united states to have order, to avoid multiple frauds and thefts and computer abuses and violations of their privacies and things of that kind. and i ordered a publication not long ago and within a few weeks i get, i don't know how many more, selling me different kinds of publications of a similar

nature. so somebody is sharing information all over. president obama was widely congratulated for his brilliant ability to target voters because they knew all kinds of things about them, whether they went fishing, all of these things somehow is available to private sectors, political candidates. and we have to be sure that we're not placing too much of a burden on law enforcement as they try do their duty to protect us from fraudsteres and sex abuse and child kidnappers and tearrorists. we have to be careful about it. i'm glad that the chairman is looking at this and we're asking it. the law enforcement that i've talked to indicate that they have certain problems that we ought to deal with in the legislation. one is there's often very long delays between the issue of a request, so peen that or an order to the actual production of the documents. two, we ought to consider what

happens if you have erase sure of these documents within hours, a few days. is that appropriate? we don't allow that in phone company records, as i understand it. and third, i think it's critical, anybody who has been involved in law enforcement, i can imagine in a terrorist investigation, particularly, you've got to be able to atech fek tifty not tell the suspect that you're on the to them, have somebody tell them that the fbi just got their records and they flee the country. those are law enforcement requests that need to be considered. ms. is it tyrangiel? >> tyrangiel. >> tyrangiel. so you can issue a subpoena for

a telephone toll record that has the person's name, address, the length of their phone calls, the numbers that they called without any content. you can get that with a subpoena, is that correct?? >> yes, that's correct. >> and actually dea can get it with an administrative subpoena and so can the irs, without even asking a prosecutor's approval. prosecutors issue them routinely also. well, what about getting an e-mail address? it seems to me that's quite a lot -- a huge difference between just getting who the person has been e-mailing, just like you want to know who they called on the telephone, as opposed to the content of the e-mail. can that be obtained? and why should we enhance significantly the ability to get that information? >> thank you for that question. the standard is currently different, as i note in my sfr.

the department does support equalizing those standards and bringing them in so you can actually use the same standard that we have been using for traditional communications like telephone records to obtain the to/from material as well. >> that's a huge ning a lot of investigations. they say i never met this person and they got 50 phone calls. this is a hugely important and actually protecting the american people from criminals. then you've got the standard for content. mr. ceresney mentioned that a court order isn't much different from a search warrant. so you have a little less standard to get the older e-mail contents. is that correct??

is that e-mail contents that you first get through the 120 days and older? >> under the current statute for more than 180 days we can obtain them through an administrative subpoena with notice to the subscriber. we would support a judicial proceeding with notice to the subscriber that allows us to obtain the e-mail contents. >> and you can request, you can request, ms. tyrangiel, the confidentiality and no notice? >> we're not seeking that authority to obtain them with no notice. our general practice is to first seek them from the subscriber and if we do not obtain the e-mail then to go to this mechanism. we recognize there are important privacy issues here and we're trying to preserve those.

but also trying to obtain the contents of the e-mail. >> i think we got to be careful about not having an ability to protect against disclosure to the person. because i don't -- that's not true in other areas that you can get a nondisclosure order. and i can be critical -- if you're investigating a terrorist, and they know you're on to them, this could be a life and death issue. thank you. >> thanks to this panel. i appreciate it very much and we'll probably be in touch with you with some follow-up questions. i'd like to call the second panel now. and while they're coming, if i can have your attention, i want to introduce them to be efficient. richard littlehale is assistant special agent in charge tennessee bureau of

investigations technical service unit, special agent littlehale is responsible for coordinating the use of a wide range of technology, support of law enforcement operations, including using communication records in support of criminal investigations. he testifies on behalf of the association of state criminal investigative agencies. he received his bachelor's degree from boden college and a law degree at vanderbilt. second is richard salgado. he serves as google's director of law enforcement and information security. before working at google, mr. salgado worked at yahoo!. and prior to that served as special consult in commuter crime and intellectual property section doj. he has also been a law professor at stanford, georgetown, george

mason. he received his undergraduate degree university of new mexico, law degree yale. next is chris sal calla breecy. he worked at the american civil liberties union. before that he was legal council massachusetts senate majority leader. mr. cala bx rese graduated from harvard and a law degree from georgetown. finally victoria espinel, president and ceo software alliance which advocates on software industry before governments. she has previously served for over a decade in the white house under both republican and

democrat administrations, including being nominated to be the first intellectual property enforcement coordinator. graduated from school of foreign service, has an llm from the london school of economics and a law degree from georgetown. i want to thank all of you for appearing. let's do it in the order that you're seated there, left to right, my left to right. >> chairman grassley, ranking member, senator franken and members of the committee thank you for inviting me to testify. i'm a technical investigator in tennessee and i serve on the association of state criminal invest day ty agencies. i'm pleased to speak on behalf of the state and local law enforcement officers and to share a criminal investigators perspective on the challenges that law enforcement faces when working today's digital crime scenes. the challenge of lawful access to electronic evidence is top of mind every day for those of nus the trenches. we agree the law should be

updated but any effort should reflect its two-fold aim of protecting privacy and assuring law enforcement's ability to obtain digital evidence when lawfully thords to do so. vi three points for you consideration. first we have some concerns about the pending legislation, senate 356. it might well be time to protect additional stored content, but this bill creates greater protection for the stored digital content. bringing it into balance should put them on the same plain, not favor digital evidence over physical evidence. the notice provisions also seem one-sided. it's hard for investigators to understand why there are no requirements for how quickly they must respond to our legal demands but we should notify the customers that their records have been retained for three to five days. carefully balance the need of notification. time spent complying with arbitrary time lines for notice

means less time investigating crime. we have grave concerns about challenges that we've been vocal about in which the legislation does not address. whatever legal standard congress decide to impose, the public has a powerful interest in law enforcement's ability to actually get the information once we comply with the law. the reality is that legal barriers aren't the only barriers. nontechnical barriers and lack of a consisting framework low our efforts as much or more. i urge you to ensure that whatever standard of proof you decide is appropriate, you ensure that law enforcement can access the evidence we need. there's no requirement before the committee today imposing on how is service provider respond to our legal demands. this is clearly problematic in emergencies and kit prevent us from officially processing large volumes of leads. consider a pool from the missing

and exploited children or pages and pages of online ads that could hide sex trafficking victims. u there may be an emergency in in but we can't know about it until we get response back from the service providers. speed is important in all investigations. not only would this help speed access to evidence, it can provide a great deal of transparency about government's access to records. third, governing law -- governing access to emergency records should be revised. everyone agrees that law enforcement should have rapid access to communications evidence in a life threatening emergency but that is not always the reality. the emergency provision is volunteer today, not mandatoham. even when it's granted, there's no promise that e we'll get the information. in some cases they decided never

to provide evidence, no matter the circumstances. in an effort to better inform the committee, i solicited feedback on these nontechnical barriers from a wide range of law enforcement agencies. the replies underscored the frustrations about the turn around times, the ability to speak to a human being and uneve access to records in emergencies. they staukd about service providers who routinely prelitigate the legal process or who return legal documents without complying because the demand refused to use the specific terms that the provider requires. we appreciate for you to look at those issues. these are the day-to-day realities of professionals working the crime scene. those of us who spend our day and nights gathering digital evidence to find criminals and investigate their crimes need congress to understand and think about the itch occasions and

possible solutions. i want to re-emphasize how important this is. we adepend on it as a critical tool and set of rules that guides how he obtain the digital evidence. we urge the committee to balance both of these goals as we all work to get the reform right for the 21st century. thank you for having me and i look forward to your question. >> chairman grassley, ranking member and members of the committee, thank you for the opportunity to appear before you today. my name is richard salgado. adds director for launch and information security for google, i oversee the company's compliance. in the past i have worked on these issues as senior council in the computer crime and intellectual property section in the department of justice.

google strongly supports s-356, the amendments act of 2015 which currently has 23 co-spon whos, the house companion measure, e-mail privacy act has 292 co-sponsors were machine that any other bill pending in congress. it's undeniable, it's unsurprising that there is strong interest in aligning it with the fourth amendment. and user's reasonable expectations of privacy. the original disclosure rule set out in ecba back in 198 f were foresighted given the technology that existed at the time. in 2015 however, those rules no longer make any sense. users expect that the documents they store online has v the same fourth amendment protections as they do when the government wants to enter the home, seize the documents stored in a desk drawer. there's no compelling policy. there's no compelling legal

rationale for there to be different rules. in 2010 the sixth circuit opined that ecba violates the fourth amendment to the extent it does not require law enforcement to obtain a warrant in obtaining e-mail content. in doing sob it struck down the 180-day rule and the distinction between opened and unopened e-mails as ir reck siebl with protections of the fout amendment. google believed that the interpretation in warshack is correct and we require a search warrant in all instances when the law enforcement seek to compel us to disclose the contents of gmail accounts and other services. warshack underscores the purposes of updating ecba to ensure that a warrant is required when governmental agencies seek to compel service providers. warshack is effectively the law of the land today.

it's observed by governmental entities and companies along. in many ways want s 356 is a modest codification of the status quo and the sixth kir suit's conclusion. between the last time i testified in support of updating this in march of 2013 and now, the supreme court issued a landmark decision in riley versus california where it unanimously held that generally officers must obtain a warrant before searching the content of a cell phone incident to arrest. chief justice roberts noted that a radio jet stream with various exceptions contravenes our general preference to provide clear guidance to law enforcement through categorical rules. close quote. to reinforce this, chief justice roberts concluded his opinion with unam big jous direction to law enforcement. he wrote, the fact that technology now allows an

individual to carry such information in his hand does not make the information any less worthy of the protection for which which the founders fought. our answer to the question of what police must do before seizing a cell phone is simple, get a warrant. close quote. this committee is being asked by some to jettyson these rules. it would encroach upon the core privacy protections afforded by the fourth amendment. we urge the committee to reject such pleas and to codify the amendment that's reflected in the bill sponsored by senators lee and lay hooe. ecba no longer comports with the fourth amendment. s-356 represents an overdue update that woulz ensure that the content is treated in a manner commiserate.

it's long past time for congress to pass a clean version of s 356. thank you for your time and consideration and i'd be happy to answer any questions you have. >> thank you, chairman grassley, ranking member, ranking member franken, members of the committee. thank you for the opportunity to testify on behalf of the center for democracy entechnology. it's a nonpartisan nonprofit association dedicated to protecting civil liberties and human rights including privacy, free speech and access to information. we applaud the committee on holding a hearing on the electronics privacy act and urge the committee to speedily approve s 356. senator lee and lay hooe's electronic privacy act. every day people reach out to journalists and this committee, advocates plan protests against

injustice and ordinary citizens complain about their government. all of these activities are crucial to our democracy. they also rely on the long held constitutional guarantee of private communications secure from arbitrary access by the government. this is true whether the communication happens in the form of a letter, a phone call or increasingly an e-mail, text message or over a social network. but as the technology changed, the legal underpinnings that protect our privacy have not kept up. when it was enacted in 198, it relied on three policy pillars. changes in technology have eroded this balance. the e lines on trusted third parties for long term storage of our communications have left those communications with the limited statutory protection.

this void has created legal uncertainty for cloud computing, one of the major business innovations of the 2 ist century and one at which u.s. companies excel. at the same time, information accessible to the government has increased dramatically. e-mails and text messages provide invaluable leads, insight into criminal activities and plans and demonstrate motive and intent. most if not all of this information would not have been available in 1986. in combination with the vast new stores of metadata, it's clear that for law enforcement, this is a golden age of surveillance. in the face of an outdated statute, courts have acted, recognized in cases like warshack that people have a reasonable expectation of privacy in their e-mail and at the same time invalidating key parts of ecpa. but that is not enough on its own.

it continue to lag behind technological change and harm smaller businesses that lack an army of lawyers. it creates uncertainty about new technologies that rely on the use and storage of the contents of communication. reform efforts also face a concerted assault from civil agencies that seek to gain new powers and blow a huge privacy hole in the bill. agencies of blocked reform, in spite of the fact that the sechlt s.e.c. confessed to never using subpoena powers post warshack. in regard to ecpa, a change wouldn't have any effect on our practice. criminal investigators have also suggested that changing be enacted so that companies turn over the entire contents of user inboxes whenever an emergency is asserted. however it's not clear this is a problem. major companies report only a few hundred of these requests

every year. more troubling, approximately 20% of them must be rejected because they failed to meet the emergency standard. support for privacy reform is deep and abiding. more than so 0 technolo100 tech signed on the reform principles. it includes the entire tech industry, span the political spectrum and represent privacy rights, consumer interests and free market values. the companion bill in the house has more than 290 cosponsors, including a majority of republicans and democrats. the committee has consistently sought to solve these problems through strong reform measures passing nearly identical legislation to s 356 in both 2012 and 2013. post-warshack a warrant for content has become the status quo. nonetheless, it is critical for

the committee to approve s 356 in order to cure a constitutional defect in ecpa, protect individual privacy and ensure that new technologies continue to enjoy robust constitutional protections. thank you. >> thank you. good morning, chairman grassley and members of the committee. i want to change the chairman anne ranking member for having this hearing. my name is victoria espinel. i appreciate the opportunity to testify today on behalf of bsf. bsa members have a keen interest in today's data privacy hearing. we support efforts to update ecpa and we commend senators lee and lay hooe for their leadership. it would better protect the privacy in the 21st century. we long worked with the members

of the due process digital convention in support of this reform. our board of directors sent a letter to congressional leadership this week highlighting day that issues. and at the top of the list is ecpa reform. when it was enacted in 1986 most people have no con sengs of the e-mail or internet. congress gave law enforcement access to data while protecting privacy. for reasons that made since in 1986 but not today, the law makes it easier for the law enforcement to obtain access the your old e-mail than it is a letter in your desk. this reform would close that loophole. this is important to us because customer trust is important to us. ensuring that customers have faith in the security and privacy of their e-mail and other online data is vital to ensuring their trust in digital services. simply put, in consumers do not trust technology, they will not

use it. bsa supporting the amendments act because it will aid in restoring the balance and the trust equation. and to quote ranking member from earlier this morning, we believe this is a in addition to the inconsistent requirements of ecpa, the lass laup is unclear how to govern data requests that is cross international borders. the lack of clear rules creates unhelpful confusion and has opened the door to u.s. law enforcement demands that could undermine user trust around the world. argued last week in the second court of appeals could set a significant and damaging precedent. in that case, the department of justice is seeking to compel most to turn over the contents of one customer's inbox. the problem in the case is this, that the customer's e-mails are stored in ireland. and the same way that u.s. police can't simply fly to ireland and knock down a suspect's door to raid their home, law enforcement's jurisdiction online must be respectful of boarders, as well. barging into an irish data center however done would be an

obvious invasion of irish sovereignty and imagine the uproar if foreign police tried such a move in the united states. law enforcement agencies from different countries must and do work together to provide mutual assistance. the bipartisan leads act led by senators hatch, consequence and heller with 12 bipartisan coexperiences provides a way of addressing this issue. we commend them for their attention to these important questions. in sum, bsa supports the ecpa amendments act and the leads act because we believe it is critical to modernize u.s. privacy protections in order to address three important goals. first, protecting global privacy by setting strong consistent standards. we should require a warrant for all digital content and we needed to create a framework for international cross border requests. we'll be in a better position to protect the privacy of american citizens if we are not setting an example for foreign governments to reach back into the united states. second, increasing transparency

and predictability. for consumers, for companies, and for law enforcement. we should help bolster consumer prust by enabling companies to clearly communicate the rules around the privacy and the security of their data. and third, enhancing the ability of law enforcement to work together across international borders. we need a new forward looking framework to address these cross border requests and need to improve the em lat system. there is a misperception that u.s. law enforcement has unfettered access to data stored by u.s. companies. it is only in this perception but that misperception is doing real harm to user trust. the to fix that should begin here with the legislation pending before this committee. if i may, i would like to close by wishing an early happy birthday to the chairman, as well. thank you very much. i look forward to your questions. >> thank you very much. i'm going to ask my questions last because i want to accommodate senator sessions. then after that, it would be

whitehouse and then hatch and then senator from minnesota. >> i think i'll put mine on on the record, mr. chairman. but thank you. >> go ahead, senator sessions. >> thank you very much. i do have a commitment at lunch. well, you introduced a federal law enforcement offices association letter. which notes that law enforcement relies on electronic information "to generate leads, identify suspects, exonerate the innocent, obtain justice for the victims of crime who often suffer violations of their civil rights, and privacy by individuals and terrorists." so i would offer that and note that many others are sharing the same comments including the fbi agents association fraternal order of police, the national sheriff's association, the national district attorneys's association and the major cities

chiefs association to name a few. well, i do believe that if you obtain a subpoena to after individual file in a bank and there's a letter in that file from the customer, then you can obtain that i believe under current law based on a subpoena and that's been part of the history of the country. however, i will acknowledge that the ability to obtain all e-mail traffic as it goes to another level. so i think it's right for us to consider how to restrict that and to be consistent with the supreme court and the reality that people entitled to a degree of privacy and expectation of privacy in the contents of those e-mails. so i don't know that that's

required by the constitution. maybe the supreme court says it is, but as a practical matter, i can understand that and i think we can work with that. mr. littlehale, on this panel, you're i believe the only law enforcement strong advocate. but let me ask you, is there a problem, a realistic problem briefly with computer companies and so for the delaying answers to legitimate requests from law enforcement? and does that at time place people at risk? >> thank you for the question. yes, indeed. an example that mr. salgado offered was the riley decision requiring a search warrant for a cell phone. if i get it, i determine how quickly i execute it. once i have the warrant under the decision, i can execute the search right away. in the instance of a search warrant for a service provider, we are dependent on the service provider to process that warrant as they see fit under existing law and we suggest that that

should change. >> and you as a practical experience, you've had what you consider law enforcement what they consider inordinate delays and responses on occasions? >> that is the sense of us that do this every day for a living, senator, yes. >> you've worked with child exploitation experiences and the need oftentimes for the most swift response. are you concerned that we may be moving into a world where everything is erased very quickly from the time it's happening and what impact would that have? >> the concern that even when we get the process that's required, the rods rds are no longer there is a concern partially because of the limits of the technology and the absence of requirements that govern how long those records live on those servers. they may disappear. there's also in some instances now a commercial incentive for providers of service to remove those records in a timely fashionings to assure their

customers that the records are private. >> and so the legislation is as written has nothing on either one of those two issues to improve them? >> that's correct, senator. it doesn't. >> and briefly, are you concerned about the ramifications of customer notification and the dangers and problems that could pose for law enforcement? >> we are indeed, senator, both because of the dangers it may pose to our investigation and also because of the administrative burden that a scheme whereby we must go every 90 or 180 days and obtain delay and notification order after delay and notification order in a world where a unit like mine has tens or hundreds of legal demands outstanding at any different time. >> cases, some of them are life

and death investigations. finally,ing to what extent does this preempt state law and are we dealing just with federal law enforcement or are we impacting every police officer, sheriff and prosecutor in the america? >> you are indeed. federal law will set a bar. certainly states are free to offer more protection but we must conform with federal law where it supersedes state law. >> thank you all. it's an important issue we need to wrestle through it and try not to the do any damage because people should not treat lightly the difficulties of investigating criminal activity and how you prove a case. and the idea that you can just get it by more police officer shoe leather is always been false and some of these information so gathered could be critical in saving lives and stopping crime. thank you, mr. chairman.

>> senator whitehouse and then senator hatch. >> thank you. miss is pinnell, have you done a terrific job for the administration. you've always been a great witness before this committee. why a warrant requirement and not a court order requirement when a warrant such a court order? and it's actually a court order of a particularly pro government kind because it is ex parte and has quite a low standard revelcy standard likely to lead to the production of information? >> just to be clear, i assume your question is not about the 1 0 day distinction. >> no the access, wouldn't the companies can you represent if they're willing to comply with a warrant, why would they not be willing to comply with a court order? >> so i wouldn't want to imply that our companies are not willing to comply with any type of appropriate legal process.

>> from a legislative point of view, they're as opposed to being asked to apply with a court order. >> in this case we believe the civil agencies have other tools at their disposal and do not believe it is appropriate to extend ear an exemption to the warrant as you know or this type of court order to them. >> you realize that puts you in the position of saying that if the department of justice goes before a judge and in a very pro government ex parte proceeding gets a warrant, you're okay with that if the same doj goes before the same judge and in a contested proceeding where the subscriber actually has the right to be present and litigate the matter and then they obtain a court order, you're as opposed to that? that's the position you're left with you, you are not? >> i think our position is that the civil agencies have the tools that they have. we very much appreciate the job they do every day. i should be clear about saying that. >> except it makes civil