officials give their thoughts on privacy, the law and government surveillance issues in particular how a new law on overseas cloud data store damage help law enforcement in criminal investigations. the international association of privacy professionals hosted. its an hour long global privacy event in washington. welcome to all of you. we are -- honored to be skroined by two senior doj officials andly have them introduce themselves in a moment. for the first 40 or 45 minutes i will be basically be questioning them and walking through some of the issues getting their

perspective and then we will leave the last 15, 20 minutes for folks in the audience to ask them whatever questions. the formatly keep pretty sim. let me start by asking them to introduce themselves. >> good afternoon. i work for the deputy attorney general. help over see cyber investigations prosecutions within the department. it's a great pleasure to be here today. >> my name is richard downing. i am -- i have a long and unfortunately long title. acting deputy assistant attorney general. i'm in the criminal department of justice. >> i'm up a partner at the law

firm. used to be senior director for cyber on the national security council staff at the white house. welcome to all of you and i think we will go ahead and dive in. where we will start, a many of you know there was the supreme court heard arguments in microsoft. events have over taken that a bit with congress having passed the cloud act. the cloud act being the overseas use of data act. that act has parts. one of which addresses the main issue that was presented in microsoft. before do i having into the cloud act, just to give us a little bit of concrete facts to be thinking about u -- might ask one of you of you to talk about the issue. >> the warrant was issued under the stored communications act by

a u.s. court. microsoft challenged the order saying that the evidence that was at issue here, the data in the account, the content of communications, was being stored at its ireland data center. it argued in the case that is arguing the case is not yet been -- fully completed that the store communications act should not apply to data that is stored outside of the united states arguing that the warrant is limited to the territory of the united states. >> government's position was the contrary. we believed and continue to assert that congress intended that these warrants cover such data. . >> i just was going to say, you can see why the decision this came out of the circuit was

deeply damaging to the government's interest because its a u.s. crime. u.s. perpetrator. because a u.s. proo vidor had chose p to stare the data abroad we were powerless to getting access to that evidence. again you can see the why of the implication of a ruling like that, so many data service providers split up data all around the world. that evidence just happens to have been stored abroad through a business decision that -- a company has chosen to make. it was having a very serious fact on our ability to prosecute these cases. the actual pornography, the -- the material we needed to prosecute the case -- we could not get our hands on it even though we had a lawful warrant because it happened to have been

stored outside the united states. it was a tremendous -- priority for us to get that decision reversed. that is why the government -- and the case was argue add few weeks ago. we can't comment on the pending case. it is still pending. this legislation at least going forward in our view has resolved that basic issue. >> how you think the cloud act resolved it? >> the cloud act has a provision in it that it argues clarify what's we always thought the case was. the. its very simple one paragraph which it says -- this is what we meant is what its crystal clear now. one thing i wanted to emphasize is the comment about a lawful warrant. what was not at issue in the case was whether we had met the constitutional standard whether the warrant was properly issued.

any of those issues and so -- this is not a question of privacy. we have had met all of the constitutional rules and had an independent magistrate examine that warrant. this was really more of a question of application of the law. the standard question of whether this statute applied to data stored outside the u.s. >> you eluded to the cloud act whether or not the provider has control, custody over the data. that is a standard that has some roots in u.s. law, right? describe where that comes from. >> the -- i'm shot sure -- not sure i can point you to the case. if you receive a subpoena from a grand jury, you are required to disclose documents if your possession if they are in your possession, custody or control.

it is not a defense to say i've chosen to store the data outside of the u.s. that is not a -- going to be -- sufficient to get you out of complying if you have possession, custody of control over that information, document or physical thing. >> there has been a long line of cases where banks might be foreign -- foreign chartered but have a presence in the united states. going back 30 years, there is very long established line of cases holding -- if we serve that entity with a u.s. subpoena, that enltty is required to -- entity is required to -- for us the second circuit's decision was quite shocking. at least from our perspective seemed to up end the traditional power that law enforcement had

with respect toing process. its another reason why this legislation is a game changer to the extent it restores things back to in our view where it should have been in the beginning. this legislation was bipartisan. had strong support from both sides of the aisle. the tech industry was very much on board. microsoft was very much our ally in this legislation. their reasons why we can talk about -- sort of going forward why -- why it brought together really kind of a unique cast characters. that is one of the reasons it passed. >> it does provide for -- it does allow for a provider to object or file a motion to object in certain circumstances. describe what are the circumstances or what's -- how does that happen? >> there is this larger question of cop flickeds of -- con flikts

of law. ukts of law -- conflicts of law. there's a foreign law which bars them from disclosing that legislation. this is the idea that he was referring to respects to abandoning records. how do we resolve that question. here the conflicts of law question is raised in the -- in the -- legislation and created is a new section that -- addresses -- a fairly narrow set of situations. but never the less is the -- is clearly set out in the legislation. its sometimes called an analysis because its evaluating the a -- that one count are you offerings to another. in a narrow set of cases where there is an executive agreement

between the united states and that foreign country whose law might be violated, where that other country offers rights to for the provider to challenge and where there is an actual conflict that set of rules would be triggered. if that is the case the provider is empowered to come to court and say i shouldn't have to comply with this u.s. warrant because it violates the law and then the court would have a balancing fact. its an idea of an escape valve to address the possibility of the conflict of law happening. we have never seen a u.s. provider come forward and allege it. its an interesting thing when the european commission filed the brief in the supreme court

in the case. my reading of it is that they did not feel that gdpr was going to create such a conflict in the future either. this is -- to some degree a bit of a hypothetical. hopefully that will be a strong force against creating these conflicts as well. >> you eluded when you talked about the microsoft case that in that case there was a u.s. subscriber. does the act deal with them in. >> one very important aspect of this is how it deals with u.s. persons. so, one very important point to keep in mind is we have made it very clear that -- u.s. persons cannot be targeted as part of this legislation. in other words if we negotiate an executive agreement with a torn country, they can't use

that agreement to essentially seek process on u.s. persons. that's something that is very important to keep in mind as we go forward. there are interesting implications for how the statute applies tows persons or persons residing in the united states. i don't know if you want to talk more about the contours of that. >> so one thing that -- this analysis would not be available if the subscriber is a u.s. person. that is u.s. process against u.s. companies inning u.s. account holders that should about be an issue even that would come up in that situation and so having a conflict of law analysis apply doesn't make any sense. other than that i think that's the only one i can think of in this context. >> and i now let's only been a few days since the act has

passed. just as you thinking through the practical kt implications, to what degree will these kind of factor you have been talking about sort of shape when you will use the process under the cloud act versus try to negotiate with the provider versus asking them to litigate? how are the factors going to figure in? >> we would serve process in the way we always have and that traditionally have always done with respect to crimes that we are investigating under violations of u.s. law. where things get interesting and this is the second half of the statute is the bilateral agreement we can negotiate. what we were hearing is was that there is this potential for a conflict of law where if they were to be served by a foreign

government, they wouldn't be able to produce because of u.s. law. u.s. law has a block statute that doesn't permit foreign providers to provide information to foreign governments. there is -- it's a violation of the act. what this statute does is essentially allow the lifting of that statute inappropriate cases. i guess the point is it helps our partners, those foreign governments that meet very rigorous standards that as long as the attorney general certifies that they meet certain criteria, those governments can now going forward -- once we negotiated these agreements be in a position to search pro ever

e -- serve providers directly. when the britts wanted to get information from g-mail they were running into the u.s. block statute because google was barred from producing that information under u.s. law. what this legislation does is allow for foreign governments -- that meet very rigorous criteria. have far we have not negotiated any such agreement. going forward, it creates a frame work for those governments to be able to getting access to the information that they need. again, pursue very rigorous chris tier -- criteria. the real shot for our foreign partners is they now have access to the evidence that they need again so long as they meet certain criteria. the broader point is to avoid

it. if we weren't able to negotiate this type of frame work what would happen is foreign governments would require u.s. providers to store data concerning their citizens in their countries so that they would have territorial access to it. that is not good from a foreign policy perspective, from a business perspective. it's not really in the american national interest for data localization to occur. part of what is motivating all of us we think about this -- is enshurg suring we have a free -- ensuring we have a free and open internet. >> sort of underlying both sides of the cloud act and the question -- and whether or not they could -- one of the arguments they made -- what is the role -- why weren't they --

>> they are a very useful tool but they are what i -- tend to think of as a 20th century tool. they are slow and -- difficult to use especially in an age when we have so much crime that so rapidly crosses our borders. so -- what i see of -- the problems we -- have had with m-lapse are a range of things. we don't have mutual legal assistant treaties with every country in the world. need are only with something like half of the countries of the world. even when we do have a -- mutual legal system treaty with other country, they are often times slow. when uh say slow, really slow for purposes of investigations. ireland for example told us they generally have a turn around time for request for evidence from the united states of 14 to 18 months. if you think about the situation where we have lets say --

evidence to believe that -- american children are being -- abused as part of a sexual exploitation ring and we go to ireland and say we need though evidence because we need to figure out who the other players and and identify the children and they saw no problem we will get right back to you and then 14 months later we get some answer from them -- >> there are no emergency provisions? >> there are there is the possibility of them moving it up in the cue if we pound the table and get -- angry. this is not the -- and many, many cases it's not emergency. its real serious but there is no imminent loss of life available. so -- the basic thing i want -- to cap it is that there are some providers such as google that move their data around. in fact take a single account and split it up between different countries. in fact don't make that data

access to believe anyone in the foreign country. its absolutely impossible to chase it around where we go to malaysia and they say -- three months later, yeah, the data is not here anymore, its been moved to ireland. we will go to ireland, okay its not here anymore. that is not going to work. let me conclude by saying i'm not saying that its -- completely out the door. i think we are going to continue to have to rely on it in many types of situations. it sort of is a fact of life. what the -- legislation though is trying to do is to reduce the number of situations where it applies because -- borders with be served more directly. and to assure that we have the aught toy to come -- authority to compel companies like google. >> so returning to the executive

agreement, the really requirements on two levels for executive agreements. there is some general requirements a about what the law should do in that country and then there are some requirements about the chris -- criteria of which borders are issued. sort of break that down. >> there is a form that a country must meet in order to be eligible for an agreement under the cloud act. the rules are set out to indicate that that other legal system is a sort of like minded law -- abiding protective type of legal system. the criteria are that the legal system -- protects from arbitrary and unlawful interfere once privacy.

assures fair trial right, assures peaceful assembly. the kinds of things that we would expect for -- rights and law -- rights respecting law-abiding countries. in order to meet those rules then, the -- the -- attorney general would be able to -- enter into that agreement assuring that each has access to the other countries providers when in the appropriate circumstances which we can also address now. >> if i would just -- follow up on that, the attorney general essentially has to certify and provide a public exmr mr. nation for the fact that this foreign government, this foreign country meets these standards. -- and that a number

of factors that we have to certify that the foreign governments own legal system meets. so its very significant to understand that -- we won't be lowing u.s. providers to turnover data to regimes. to even qualify for this frame work you have to be certified for meet these very high standards and the reality is, our closest partners, the british, have themselves -- they have adjusted their own domestic legislation in preparation for these kinds of agreements. this is privacy lifting. this is privacy protecting. the whole point of this legislation is if foreign governments want access to data that is stored or owned by u.s. providers, they have to meet

very rigorous standards. this is one way for us to ensure that rule of law principle, that privacy principles are extended beyond our borders. >> do you have a sense of what countries might be next? >> the u.k. was the one that approached us with this idea and -- so they will -- very likely be the first in line and we have already begun to explore what a text might look like. we are very interested in this frame work. we have begun to see interest by other governments. we don't have a roll out schedule nor do we have a list of whose second and third. these are all questions that are under consideration and will be

considered -- thinking about them and finding our way forward. >> any such agreement would be subject to rigorous congressional review. obviously the public would have a right to see these -- there is a whole process here that -- ensures that -- countries that qualify -- its a sober and rational and process that nobody will be rushing into any kind of agreements. >> there are certain criteria about the orders that are issued. >> the idea behind the -- listing of criteria is to make sure that orders under foreign law meet really robust criteria. the words probable cause do not appear in the agreement. that's a very american concept or at least american phrasing of an idea but the basic notion though is to emulate these kinds

of ideas. so amongst the rules that are listed, it talked about the foreign court has to have facts -- legality and -- for example and review and over sight by a judge. some people said it sounds like what you need to get a warrant. okay, its -- probably pretty equivalent but its written in a way to make sure that other countries, legal systems, its flexible enough they can take into account their ideas and safe guards the way they do business at least to a fair degree. if we insisted that everybody exactly the way we do it, i suspect we will have zero partners able to -- enter into an agreement with us. i think we -- what we are trying

to do is hit a sweet spot that is quite strong and privacy protecting and -- hopefully -- but flexible enough we will be able to extend this frame work to number of our close allies and partners who view these protections in a way we do. >> so -- in theory a foreign government could force a provider to engage in an interception here under criteria -- >> sure. there are by the way additional rules in the provision for foreign wiretaps. its sort of an interesting question because there are -- commentators or academics who saw why should u.s. law apply at

all to this activity. the offender is believed to be british and the victim is british and everything is going on in england. why should u.s. law have anything to say about that just because -- the provider or the place where one can do an intercept is in the united states. we -- interesting point one could debate. we saw we are not sure we are quite comfortable to move all that way. i think we need to make sure that there are reasonable rules place to make sure other countries are following robust and appropriate rules. but i think that -- understanding that kind of -- way of looking at the world, they are not targeting u.s. persons. that is a requirement in the -- agreement. and so u.s. persons i think would give the united states much higher sovereignty interest in protect our own citizens from wiretaps that don't perhaps meet the same set of rules we have. if there is no u.s. person involved, well then why

shouldn't we at least reduce the level of -- our sovereignty interest. >> a u.s. person be could be -- person could bein -- -- be involved. >> there are rules about if they end up targeting a u.s. person in in -- inadvertently. . there are also rules about how whether they can sends information back to the united states about a u.s. person. even there a little bit of a balance. if the u.k.

is looking at a group of terrorists, you better believe we are going to need to know that information in order to protect people. there is an effort to balance all the different interests here involved knowing there will be indeed some circumstances under which u.s. person could be intercepted or whose data could be obtained. let me also say that there is a provision in there for a audit of the foreign government's activities. we are intent to be making efforts to check to make sure that they are following through and that there is a required five year review of the agreement to make sure that they are doing their thing. there is always going to be hiding in the back there if they are not following through on their obligations, we will cut off our agreement with them. i through there are -- a number of steps that are tied to built in to address these very concerns and to make sure we are

not -- unfairly targeted or disclose willingly. >> i think we could spend a whole session on the cloud act. our time is limited. i do want to move to come of other topics. one that's been -- in the news for a number of years. this weekend is encryption. lets start from the beginning. what is the going dark problem? >> i think going dark transcends a number of different categories. in basic terms it related to the government's inability even despite having lawful process, to getting access to electronic evidence. for various reasons. whether its -- as -- in the microsoft situation because it was stored abroad, whether its because providers have chosen not to retain certain kinds of data so -- even though it was created at some point by the time we served the process, its no longer there or in the

context a lot of people think about it, is in the context of encryption technologies. in other words, criminals who are communicating in a way that is either end to end encrypted or is somehow scrambled in a way that we can't decrypt or have access to the plain text. basic terms, data at rest is information that is found on your device. the device it self is encrypted. data in motion would be communications between two people. if i am sending an i message to my friend, under sort of traditional wiretap principles, as long as we meet the very rigorous requirements of the act, we should have the ability to intercept those communications. increasingly the way the technologies have evolved, that capability has been engineered away so that even if you have a valid wiretap order and you have

got evidence that -- a particular person is using a particular technology, and there is probable cause that that technology is furthering criminal activity, we are not able to intercept because of the way that the technology has been created. so -- there are sort of two sides of a common problem. they do oppose different technological challenges but they are all part of a broader -- concern that we have that even with lawful process, even having satisfied all of the requirements of the fourth amendment, investigators are still not able to getting access to the evidence that they need. lets talk a little bit about the scope of the problem. there are alternatives in some cases the data may be

backed up and for example icloud or there is data available that you can use non-electronic evidence. how many investigations were really -- [ indiscernible ] >> so -- the effort to try to answer that question is on going. we -- in the law enforcement community have been trying to do a better job of figuring out how many devices and how many cases are affected. it is certainly true that -- when police officers are or special agents encounter an encryption roadblock they will do their best to find some other way around it and solve the case cause that is what they do. they are also not very good about making notes about the cases that they weren't able to solve or to -- try to take keep statistics about the situations where that was a problem

specially in those situations where some other solution was there. so -- 7800 should be taken as a rough number to give a sense of scale. its but no means definitive. it only represents some of the devices that law enforcement encounters. its important to understand and -- there are of course antidotes and they are not the same thing as statistics. its important to understand that this problem does affect all sorts of different kinds of cases across the investigations that we do. it affects child exploitation crimes, it affects computer hacking, it affects cases involving weapons of mass destruction. if you talk to -- police

officers or prosecutors, that they see more and more and across the board again all different types of -- investigations. one of the sections i prosecuted investigated a case involving two young men who decided that they were going to rape their -- teen of their acquaintance and they used a messaging service back and forth where they laid out the plan for the crime where they were going to get her drunk till she passed out and they did indeed rape her in the back of one of their cars. what would we have if we did no have the content of those communications? we would have two people -- the victim of course would have a lard time -- would be describing what

happened because she of course was intoxicated at the hands of these two people and doesn't remember what happen in the back of the car. so -- i don't mean to spring the scary case on you. there is just endless cases where this -- type of situation is going to come up. its going affect all sorts of things but sometimes giving a real example helps us think through the question in a much less academic way. if it were to happen to someone you know, its very different feeling you get than to talk about this in terms of well -- do i like the fact that the government can survey me? its kind of like -- a little bit like -- question of do you like taxes. no, i don't like taxes. i don't want to pay taxes but do we like idea of taxes? of course. taxes provide for the schools and the roads and the national defense. these are important things. how you ask the question and how you think about the issue is

very important in trying to come up with a good and fair policy solution. >> one of the push backs is that -- even if u.s. were to pass along mandating access that any criminal could download an application that was made overseas -- so that with all the disadvantages which we can talk about that mandatory access wouldn't even solve n -- necessarily solve the problem. what is the response on that point? >> there are a couple of different points. your point about international law is interesting. we have started to see some of our foreign -- partners and -- some not foreign partners start moving in this area. the united doing come has already enacted legislation in this area. australia has announced they are thinking very seriously and there will problem through be

some movement over the next few months. the chinese government has asserted authorities in this area. i don't think its a fair characterization to say that we are kind of -- at the cutting edge of this. in countries have already started moving in this area. we are in danger of falling behind because of some of the developments we have seen around the world. the other point is -- just the reality of sort of network effects. people tend to use communications platforms that their friends use that their -- colleagues use. so -- the reality is people tend to work -- people tend to use the systems that other people are using and that's what primarily we are most interested in. we are not really interested this anyway in shutting down innovation. people who are working out of their garage, that is not what we are focused on. we are focused on the people who are using mass mass market devices that encrypt by default. that's what most people are using. no president the kinds of --

that's the kind of devices we need access to. we are very much focused on ensuring american businesses stay competitive. we also have a duty to public safety. we certainly want to avoid a situation where we are sort of sacrificing -- corporate dollars for -- people being safe. for people -- for us to be able to investigate crimes and ensure that -- the -- individuals that richard described are brought to justice. it's a fine balancing act. >> on the public safety rational i think a lot of critics would say -- that mandatory access provision undermines safety because it won't decrease the security of encryption. >> i think department leadership -- the department of justice has been very vocal

about this. my boss and that is the attorney general has made a number of peaches about this. i think he has emphasized we don't want to any way want to hurt cyber security. we are content for the providers to come up with our own solutions for this problem. the government doesn't want the keys. we don't want to be the ones managing this whole process. we just want to ensure we have access to the information. i think that argument is the fact that even if its the providers doing it, it would result in a weakened security. >> i think its fair to say that absolute secrecy is not a value we would uphold there has to be some sort of balance.

if there are some marginal trade offs to be made, that's a policy decision. we have certainly in our society never had a situation where absolute privacy or absolute sec resty has trumped every other value. >> what to you see it has next step? this has been a discussion -- that has been on going. >> i think raising public consciousness is a very important part of this. that is why we have been very vocal. our leadership has been out front on this. the fbi has been out up front on this. making sure the public is aware of the stakes here. that is one of the reasons why

the statistics are important. as time goes on, my hunch is we are going to see a greater number of devices we can't access. at least that is the way the trend is going. people need to be aware of that. ultimately -- if as a society we make the decision that we are able and willing to put one that kind of -- that kind of situation, then that is where we are. that public cautiousness is very important. that is why the department is certainly going to keep on top of this issue because its something that for those of us who have sworn an oath to uphold the constitution p make sure that -- society remains as safe as we can keep it. we van obligation to make sure that -- people are aware of what is potentially at stake. >> i -- describe

what is terrorism carpenter about. >> is -- is carpenter about in in it is a case that deals with historical sell location information. many of you are probably familiar with the fact that every time you make a phone call, every time you send a text message, your provider will maintain a record of that. they want to make sure they are giving you the best service. it can make sure that -- sort of routes resources to where cell towers are. there are business reasons why providers maintain that information. now under the store communications act and richard is the expert so he will correct me if i'm wrong. under traditional principles, this historical information that's maintained by a third

party, typically requires irrelevant standards. when congress enacted the act, it actually raised the bar such that -- it wasn't enough just under a general relevant standard but the government had to show -- facts to show that this data is relevant to an ongoing criminal investigation. again, it raised the bar from just a very general subpoena to this higher standard and so long as an investigator could swear out and say i need this data because it meets this standard, we could secure that information from a provider. the reason why this case is so interesting is -- the defendant in that case committed a number of armed robberies and -- the government in trying to re-create the steps and figure out how many robberies did this

guy commit, requested information going back a span of a anymore number numb -- a number of months. that's the issue before the supreme court right now. extremely important. we are not going to comment about the specific facts. the case is pending. it is a really important case. it goes to a third party doctrine. its been in affect since at least the 1970s. it says if a third party has -- control of the records, kind of like what we were talking about earlier, its their records. the individual has no privacy interest in a third party's records. so that's -- that's a key issue because the court -- rules differently, it could have tremendous implications on how

we conduct the investigations. >> particularly -- if the government collects the months or years of -- potentially of the location information, the fact is different in time in terms of the amount of information and privacy invasion that ouk occurs. >> the cell location information was not gran -- when you get information of where a particular phone -- what cell tower it was pinging off of, i forget the details. i was like within six square miles >> that may change with technology. >> could but we can only deal with the record that is in the case. think about your phone records. your land line records. this was litigated in the supreme court in the 1970s. your land line records are far more granular than your general historical cell location information. when i make a phone call from my house sitting in my bedroom, the person -- the investigator notes exactly where i was at that moment at that time and for how

long i was on the phone. everyone acknowledges there is no time limitation. so -- that'sy think some of the -- difficulties are. really some of the most interesting aspects of the case are is under traditional fourth amendment doctrine -- this is almost an easy case. what makes it very interesting is the -- physical nature of the evidence, the fact that there is location information involved, some of the issues that you have raised -- i think it makes the case more interesting. what is very interesting about that case is there was no circuit split. all of the circuit courts of awe peels had ruled in favor -- appeals had ruled in favor of the

government. >> [ inaudible question ] >> but there was collection about the communications of the few u.s. portions and the court turned out the be quite skeptical about that. can youive us -- you give us any sense about how you talk with the british about doing wiretaps in

the u.s. when -- they don't have the probable cause and federal warrant we have always had. >> i think -- this is an interesting question so thank you for raising it. one important question that in order for the fourth amendment to apply at all, of course is whether there has been state action. that is the u.s. government involved. so, i think the baseline against which we have to begin this analysis is that this is a crime outside the united states being investigated by someone who isn't the u.s. government getting orders in their courts against -- the -- they would pro vehicle code and indeed -- proceed. there would be zero -- to that situation. the other thing that is important to know is that the agreements are required to state

that the u.s. government may not ask the foreign government to do some wiretapping on our behalf. this is not intended to be a fire break against the idea that people will use this as an end around to get themselves to something they couldn't get themselves. it would be interesting to see whether it comes up. it would be a rare and odd situation i think for it to come up because it would have to -- well most reasonably come up in a criminal investigation and then used in the united states. i don't know how often that will happen. it might be quite rare indeed. >> next question. if you have these agreements -- and so you go

through this process where you have the erequirements and you get the agreement, but those are with countries that have pretty similar values. so my question is -- how affective is it going to be? a lot of the suber criminals are in countries that don't have those values. we are probably not going to be able to have an agreement with -- so do you -- how do you see this working there? a mean could you go ahead and use the cloud act and say to microsoft, so you have data stored in russia, in china for example, you still have it under your possession and custody and control so you have to produce it? what is the difference? >> so the -- i think its important to understand there are two pieces to the cloud act. one is if you like clarifying u.s. law for u.s. warrants that if you think of it as maybe being outbound the data stored outside of the united states. the second part -- somewhat

unrelated has to do with these executive agreement where we would be serving them on foreign providers or foreign countries would with serving their legal process on u.s. providers. i think your scenario -- that situation its the first of those two things. the executive agreement doesn't get involved. . >> do you see a situation where a foreign government would be able to use the cloud act to perhaps require u.s. company to turnover private keys or any hardware encryption in connection with that service? >> um -- the answer is -- the

cloud act does nothing to -- change the situation with respect to foreign legal process. in fact there is a very explicit provision that says these agreements may not enhance the authority or detract from the authority. its neutral. that was made explicit. and indeed i think that's important to understand that -- these executive agreements are designed to lower u.s. locking statutes in a -- that rare situation when its happening. it does not grant flu -- new authority to the united states government. it reduces our block statute in that -- situation where the agreement is in place and all the bells and whistles have been met. i think the cloud act also has a provision saying its not authorizing no -- >> it's part of the agreement.

correct. >> yeah. >> [ inaudible question ] >>

so -- it's a very interesting question i have not encountered before. thank you for raising it. i think -- the apps is fairly clear. that is that the -- answer is fairly clear. that is the executive agreement and the lowering of those barriers only police to the stored communications act. it's essential -- essentially a provision saying the rules that apply will be dropped. it doesn't say all rules everywhere will be dropped. if there were other restrictions that applied, i don't think this would lower those different things. i don't think this would affect that. >> in the back there. >> [ inaudible ]

whether it was for example android phones -- i was wondering if -- you can comment on which devices if proven more challenge to access whether its android phones or whether it apple phones. >> i would hesitate to break it down that way. i think the problem we are facing transcends all types of smartphones. >> [ inaudible ] i'm curious its not -- clearly specified in the act what countries standards of free expression would apply or how someone whose responding to a request coming through would judge a part -- [ indiscernible ] >> something that experts would

sort of analyze we would bring in people from all different walks of life who are -- experts. they are part of the certification process. i don't know if you have more to add to that. >> i think there is two ways that that comes up. the first one is what he was just mentioning. in addition -- a specific obligation in the agreement would be that you cannot use this to infringe freedom of speech. so that i think also goes to your question. as you may know, the united states i think is one spectrum of free speech from texts at the extreme end. and so i think -- it is interesting to think about how we will interact with foreign countries that maybe are quite protective of freedom of speech but not quite at the end of the spectrum as we are.

the way that i would see this particular provision working though in a particular case would be if -- opt one hand the provider believes that it is merely intended to violate freedom of speech and they could raise it with the united states government and say we think this is merely going after political -- and there is a provision in the agreement that's required where its sort of an escape involve. we the united states government reserve the right to veto any foreign law compliant -- foreign order if we believe it does not fit within the scope of the grope. i like the think those things would come up in that way. also would be a question we could be evaluating when we audit the foreign government's compliance. >> just to clarify, the u.s. government won't get serve these orders. it would take a provider to raise that kind of objection.

>> that is true. the idea would be to not have the u.s. government in the middle between the provider and the -- foreign government. >> i through its time to one more question all the way in the back. >> i have a bizarre question kind of backtracking to the discussion talking about the encryption. in the event the government is like manufacturers provide a deencryption key for your devices. i feel like its almost inevitable for other companies to create such technology themselves. --i foresee that's a coming kind of messy -- later on down the

road. >> the situation where one company is providing a decryption solution to law enforcement and other company is -- also in the same business and somehow gets ahold of the trade secret if you like that it was being used by the first company to conduct the decrypting of the devices. is that fair ? >> [ inaudible ] another company pops up and creates its own decryption mechanism. what would happen if they decide to exercise their ip rights against that second company? i foresee that getting a little hazy. >> it's an interesting question. i don't know if we have thought about all that. if we end up in that situation perhaps we're in a good place because we have solved the problem we have been seeking to solve. we can deal with it as we go

forward. it's a very good question. i don't think my thinking has gone that far. >> with that we thank them for sharing their perspectives.

scott pruitt answers -- he testifies at a sub xhuty -- sub committee hearing. the house expected to begin debate on the farm bill wednesday or thursday. it sets farm policy food programs and agricultural trade through 2023. a final vote planned for friday. you can watch live coverage of that debate and vote this week

on c-span. sunday on q&a, university of virginia history professor, america and the world in the 1950s. >> well i call it the disciplined presidency. eisenhower in the way he carried hills and the man he was was a disciplined man a great athlete when he was young. he was extremely organized. a lot of people, especially job kennedy, kind of criticized his dodginess for being so disciplined and organized and predictable. for eisenhower it meant when crisis came, he had a plan h. eknew d plan. he knew how to respond, he knew

who to turn to. he was very systematic in the way he governed. he chaired the national security koun sill every week. we believed -- council every week. he believed the government could work well if it was well led. the commission on security and cooperation in europe also known as the healthyings commission hosted a briefing about drug traffickers using the internet to smuggle opioids. this is 90 minutes.