marriage, much like john and abigail, and so she would lobby in the halls of congress. she was always very careful to say "my husband believes this" and "by has been advocates that," but she herself was doing the pitch. one of her husband's opponents said he hoped that if james were ever elected president, she would take up housekeeping like a normal woman, and she said, "if james and i are ever elected, i will neither keep house nor make butter." >> monday night, one of the most politically active and influential first ladies, sarah polka. we will also look at her successors. we will take your questions and comments by phone, facebook, and twitter. live monday night on twitter on c-span and c-span 3, also sees band radio and c-span.org.

>> legislation introduced this month by senators patrick leahy and mike leigh would limit how law enforcement can access private e-mail. google and the constitution project hosted a discussion about this and other proposals to strengthen privacy for digital communications. it is an hour and 45 minutes. going tothink we are get started. i am sharon bradford franklin, senior counsel with the constitution project. i want to welcome you all and thank you for joining us for this program -- "is privacy a thing of the past: how government has outpaced the law on privacy in electronic communications." i want to thank google for providing this space and a wonderful lunch and again, thank you for joining us. the constitution project, for those of you who are not familiar with us, is a constitutional watchdog base here in washington, d.c., and we

bring people together from across the political spectrum and work with them to develop recommendations for policies that promote constitutional safeguards. we have a criminal justice program that works on a variety of criminal justice issues and our rule of law program, which includes the work of our liberty and security committee. that committee was formed shortly after september 11, and its mission is to make sure that we as a nation safeguard not only our national security but also our civil liberties. comprised of people from all across the political spectrum, representatives from all three branches of government, academics, and other experts and work together on a variety of issues. in recent years, and number of issues that the committee has taken on involve areas where technology is really getting out ahead of the law, and we want to make sure that our fourth

amendment safeguards and really all constitutional safeguards continue to apply in the digital age. one of the topics we have looked at and the topic of today's panel is the electronic communications privacy act or ecpa. as a sure most of you are already aware, it regulates the circumstances under which the government can gain access to private online communication including e-mail, the documents stored in the cloud, things like cell phone location information. the law was passed in 1986, it is now over 26 years old. for people -- at least from my perspective -- that is really quite young, but for technology, that is really an eternity. when you look at what the state of play was in 1986 and what the technology was that congress was seeking to regulate, we did not use e-mail the way we do today. there was no such thing as cloud

computing for storing a document in the cloud. we had some cell phones, but they were huge, cumbersome, and most people did not own one. today, fortunately, we have pretty broad recognition that the act needs to be updated for the digital world and that need to be made, and we are starting to develop some consensus on what those reforms need to look like, but exactly where they need to go and what the nature of changes needs to be is a work in progress. that is what we want to talk about today. part of the effort to reform the electronic communications privacy act has come from the work of the digital due process coalition, which now has over 75 members. it is organized by the center , but basically, it includes a wide array of privacy

advocacy groups, including the constitution project and a wide array of technology companies, including google. the coalition has come together over four principles for reforming ecpa. we will focus on two, which are probably the broadest and the easiest to get a handle on. one says that law enforcement should get a warrant before it gets access to the contents of electronic communication, and the other we will focus on calls for a warrant before law enforcement can get access to cell phone location information. we are starting to see some movement on these issues in the courts and congress toward changing the law. in the courts, most notably, we have the decision at the end of 2010 coming from the sixth circuit. the court held that law enforcement needed a warrant in order to obtain access to the contents of e-mail and held that

the provision of ecpa that allows access with just a subpoena was unconstitutional. we will turn to today's panel -- we have a great panel here today -- to talk more about these issues and more about where this is going. you have full bios in your program, so i will not give lengthy introductions. i would just highlight what they are doing now or their purposes for today's panel. we also will not have the traditional opening statements. i will direct a series of questions toward each of the panelists, going back and forth and through the panel for a while, and toward the end, we'll open it up for your questions from the audience. i will start the conversation with greg nojeim, senior counsel at the center for democracy and technology. as i mentioned, cdt has digital process

coalition. if you could explain a little bit more in detail about the principles calling for a warrant for location information. >> thank you very much. thank you, constitution project, and thank you, google, for making this event possible. and i ams greg nojeim with cdt. update our agenda is to the electronic communications privacy act. gosh, it was about six years ago that a group of ecpa aficionado's came together at cdt to try to figure out what should be the reform agenda for this now 27-year-old law. we started out with about -- i think about 15 proposals. there were maybe six groups and companies represented.

over a three-year process, we whittled down that 15 or so proposals into four, and our numbers -- numbers of groups that supported those proposals grew exponentially. right now, digital due process includes companies and organizations as diverse as apple, at&t, ebay, facebook, , ande, microsoft, twitter among the groups -- i mean, you never see these two together -- aclu and americans for tax and thefreedom works american library association, electronic frontier foundation, and the chamber of commerce. it has grown to be quite a large coalition reflecting, i think, a very broad consensus.

recently, heritage action center signed on to an effort called digital fourth, which is kind of the lobbying branch if you will reform movement. i came up with four proposals. the first is that law enforcement ought to have a warrant in order to access content. right now, the law says that if the content is more than 180 days old and is held by an electronic communications service provider, law enforcement does not need a warrant. it can get it with a subpoena. information that you store tootely so you can come back it from wherever you are -- that, too, is available only a subpoena. we said there should be a straight warrant requirement for all of this. we also said there should be a requirement for location information generated by the operation of a cell phone or mobile device.

i will talk about that more in a minute. there are two other recommendations, but i think we are going to focus on the two i just mentioned. on cell phone location, every few seconds, your cell phone as telling a tower or towers, "here i am. if a call comes through to this number, send it through to this phone." providers of the service record your proximity or the phone's proximity to those towers. law enforcement is interested in the location of people who are subjects of investigation. one of the issues that was not resolved when ecpa was first adopted because so few people had cell phones was the standard for law enforcement access to that information. in the absence of standard and the law, the courts which are

getting these cases now pretty regularly have been charged with coming up with what the standard ought to be, and they are not consistent. some courts think that the standard ought to be a warrant for location information generated by gps. others think the warrant requirement ought to apply for real-time but not stored .ocation information from our perspective, the standard ought to be a warrant, no matter how the information was generated, by sell tower or of, and a warrant regardless if it was accessed in real time or from storage. thank you. thanks, greg. i want to turn next to david lieber, privacy policy council for google.

i want to ask you to elaborate further on the principle calling for a warrant for content in terms of what that means and how it would change existing law. >> sure, thank you. and i do want to thank the constitution project for sponsoring the even today. i cannot speak for the other panelists, but i am particularly grateful for the 25-foot commute over here. it was awesome. the ddt members and google certainly believe there should be a bright line, warrant for of the agerespective of the communications, the means our status of their storage, and access used by the developer in the normal course of business. as many of you probably know and what greg was alluding to, under current law, ecpa makes distinctions that truly do not comport with users reasonable expectations of privacy in 2013. greg was alluding to the 180-day

rule. communications that are under 180 days, law enforcement needs a warrant to obtain the content of those regular communications. on the 181st day, law enforcement theoretically only needs a subpoena. in the past, the department of justice has also taken a position for communications that were less than 180 days old with the recipient has opened the communication, it is no longer subject to the higher procedural protections that ecpa affords, so there would not necessarily be a warrant requirement. that sort of e-mail contact could be got at by a subpoena. no other e-mail services are thinking about these types of distinctions when they use our products or services. just last month in testimony before the house judiciary and subcommittee on crime, the departments of committee on justice acknowledged for the first time that there is the principal basis for making some of the distinctions that ecpa currently makes including the

180-day rule and the distinction made between a opened and unopened e-mail. i do think it was a pretty significant and pivotal moment for ecpa reform. this is a very important principle for those of us who have supported updating ecpa, but there is now an emerging consensus if not a consensus, on the notion that the distinctions that ecpa currently makes simply do not comport with users reasonable expectations of privacy. going forward, the question is -- what do we do with that? that we should codify that consensus. i would submit that it would be a mistake at this point once the consensus has been reached to start with lynn away at that warrant for content at potentially reenforcing distinctions under current laws that do not make sense and/or

introducing new ones that would similarly confuse users and leave us some of the same problems in terms of administrative feasibility under ecpa. it will certainly be interesting going forward to see how that transpires. >> thank you. . want to turn out to lisa kohn those of you who signed up may have noticed that we originally were going to have had a seller, who unfortunately is -- unfortunately for our purposes -- is in the middle of an investigation and found herself with a deposition she could not get out of, and lisa thankfully agreed to step in. her boss, as she will tell us, is one of the lead sponsors on the bills to reform ecpa. my question to you is if you could give us a little bit of the overview of the state of play, particularly focusing on the house. >> thanks for that kind introduction. i am a new rival for the hill,

which makes me a little bit newer to the conversation than heather has been working in the am a new ouri arrival.- i am ua new my boss has a background in the private sector. she has been involved in start up companies. she worked at microsoft. her interest is really looking at tech issues and how we can do our part as policymakers to keep the law up to date and to do our best not to do any harm by creating standards that will not be able to evolve because of what we may pass in 2013 or 2014 needs to make sure that we can anticipate what technologies we are not thinking about today. when faced with kind of the growing coalition of folks that have brought attention to the issue and privacy rights and needs that are not addressed in the current law, it was really

kind of an easy answer to say that the current framework is not justifiable, and there is really no reason to not have a warrant standard here. not just for stored content and e-mail but as well for the location information, so she became the co-sponsor of a bill -- the online communications ngo location protection act -- the online communications and geo- location protection act. i expect there are other pieces of legislation that have been introduced on the house and senate side. the gps act that representative chase introduced last month has a good number of bipartisan co- sponsors. they are also available on the senate side. i can speak a little bit more to the house developments. i know david already spoke to last month's hearing, but i think it gave us reason to have a lot of optimism. the committee chairman expressed interest in convening a series of hearings on ecpa, so there

will be a lot of consultation with stakeholders in the course of these hearings. it was positive to have the department of justice testifying to say there is merit to the idea that we need a warrant standard for stored e-mail content. that was really helpful. i think there remains to be seen concerns remain. law enforcement will present some issues that we really need to look at, and by no means is the legislation that my boss has co-sponsored not open for conversation and consultation with those stakeholders, so i am really pleased to be here today and continue that conversation. >> i want to bring a final panelist, jason weinstein, into the conversation. he cannot be our official current day justice department spokesperson, but i want to ask you to give us a bit of the law enforcement perspective and the

reasons why, from a law enforcement perspective, you would agree with or have concerns about both the requirement -- proposed requirement for a warrant for content and a warrant for location information. >> do you want me to do both now or just content? >> we will get more in detail as we go forward, but if you could give a little overview to both now. >> david and greg, i think, did a good job of alluding to what some of the distinctions are in ecpa that i think the department has not acknowledged do not make a lot of sense. the landscape of the rules as they exist now is even more complicated than they alluded to. not only is there a distinction based on the age of the e-mail and if it has been opened or not, but there is also a distinction between weather the provider is a provided to the public or not. the charts the department uses to try to explain to people what process applies given request

for e-mail is multicolored and has more boxes than you can count. if your statue needs a chart to explain it, it is probably not the model of draftsmanship that you would want it to be. the court's made that more complicated because the distinction the statute makes between open and unopened e-mail applies everywhere except in california where they decided to treat opened e-mails the same as an open e-mail. in 2010, the sixth circuit changed the landscape dramatically by declaring that with certain limited exceptions, a provision that allows for a process of less than a warrant is unconstitutional. effectively because major appliance at applying a general rule, the rule in the country effectively has been, notwithstanding what the statute .ays, a warrant for content it was, as david alluded to, a

very significant thing for the department to make the acknowledgement that it did that the 180-day rule and the distinction between a opened and unopened e-mail is not a meaningful one, but the department did not have to go as far as it did. the department went one step further and said that not only are the distinctions no longer of any vitality, but we could live with a requirement for content for public providers, and that distinction is important for reasons i will get to in a moment. when i left, there was a consensus emerging that the 180- day rule really had to go, but there was strong support for trying to preserve sort of a two-tiered system of process. we now have the three-tiered system of process, and there was some support for trying to preserve at least one option where you would have to give notice to the user so that the

user had an opportunity to challenge that process. i think it was last spring or last summer, greg and some of his folks at cdt and i spend hours trying to have together if there was any viability of preserving this search order with no notice option, and it has become increasingly obvious over time that it is harder and harder for the department to argue against a warrant for all content rule when we have effectively been living with one for almost two years. it was a very significant thing. the department went one step further. beyond saying distinctions need to go but saying at least public providers, a warrant requirement is appropriate. as i alluded to, i think that is a reflection of the reality in the court and the political landscape, the political reality as well. it changed the judicial landscape, and you do not have to be a really astute reader of politics to see that there is a great deal of momentum on the

hill for changing ecpa in such a in pursuit of a warrant for all content requirements. it reflects the reality that the department and prosecutors are facing. caveatre two important to the position the department took at the hearing. the department put the position, as i understand it, is that the department can live with a warrant for all content requirement for public providers -- the department's position, as i understand it. with two cats -- one, there are a bunch of civil regulatory agencies that conduct investigations for which e-mail is just as important as it is in a criminal case, but based on the way the statutory authority is constructed, they do not have the ability to get search warrants. the ftc is one example. i think it also applies to some congressional committees. the department has suggested that if congress were to adopt a warrant for all content

requirement, it is important to carve out or create some warrant equivalent for the civil investigative and regulatory agencies that cannot get a rule 41 warrant but still need access to e-mail to do their work. the second caveat is the distinction between public and non-public providers. the department's position is is appropriatent for public providers, but the department has suggested that congress should consider making the statute only apply to public providers and not apply to private providers like private employers who provide e-mail to their employees. the statute in some important way is including in the provision that governs voluntary disclosure of the content, making a distinction between your employer who can provide content of your e-mails to law enforcement or anybody else, for that matter, voluntarily and google and yahoo and microsoft, who cannot. the department suggested that corporate employers who provide internal e-mail networks for their employees, to require a

warrant for that content as well for these clothes networks, it would create an anomalous situation where if a corporation is being investigated for some sort of criminal activity, a paper trail or e-mail that had been printed out, the department would be able to get with a subpoena, but if it were not printed out, the department would need a warrant for it. or if it was sitting in a file cabinet, it would be obtainable by subpoena, but if it were attached to an e-mail, the department would need a warrant. very significant position for the department to take. >> thank you. gregg, we are going to come back in more detail a little bit later to areas of agreement and disagreement and department of testimony, but first, i want to follow-up on some of the things we did touch on in the first round.

>> i think he does a very good

job of drawing that line and i think it works out pretty well in that legislation. senate side, there are counterparse -- counter parts to the g.p.s. act. it is the widen-kirk act. the same legislation as 639. >> if you could explain a little bit why is google a part of

d.d.p., why do you find them in sync with the frifesy advocates? >> i think this underscores what we have been alluding to, which is there is a broad spectrum of support on the right and left for the principals we're espousing. there may be a difference among consumer groups and trade associations and companies like google about striking the right balance, but all of us recognize the gaps that exist under commercial law. all of us believe in the fundamental prescriptions that we need to make to close the gaps that exist between where the law is and where consumers' reasonable expectations and privacy lies. in the last few months, there have been a significant number of trade associations that have grown. there has been the digital

support group, which is an interesting group of strange bed fellows that might not coalesce around different privacy issues normally. but whether you look at who is sponsoring bills in the house, you look at who is sponsoring bills in the senate, it is different than it was maybe five years ago. that is something that is great. we were original members of the d.d.p., but remember that d.d.p. is focused on broadening the coalition, because the ones we think enjoy widespread pipe support. >> so lisa, hr-583, it pairs both of these issues, even though some of the other legislative approaches separate them out. i think you had mentioned, speaking after the fact, something that was important to

your company. can you speak about that approach? >> i think the view is that type of prack cal application, we are looking at data owned by third-party participateors. and whether it has gotten to a location on a e-mail service provider, data, so i think there actually is a little -- i think there is a uniformity. it seems as though there is more discord and the case law is not uniform. the standards say these are

identical, these are data that third parties have and we are going to apply the standard so full disclosure for both. >> i want to get the folks a little more information.

>> we had five justices that explords and determined that under their analysis for this use of very powerful electronic surveillance that could track location even in a public place, that that has been carried forward, as far as we know, to the justice department's department's practice on location information when we are talking about cell phone information. if you could explain that. >> this is a mess when it comes to location information. as a matter, i think everyone would agree that clear rules are

good for everybody. they are good for members of the public and law enforcement, and we don't have that at all when it comes to location. the department makes distinctions between cell tower information and more precise g.p.s. information, and within that and other distinctions. cell tower information is good because the information is generated for the providers so they can connect your call or complete the transmission for every text message. those are only created when the call takes place or when the text message is being transmitted. that is when the phone is in use. they maintain those records in the ordinary course of business so they can provide you with cellular service. they are not as precise as g.p. s. they provide the physical location of the antenna and which space is closest to where you are. the range of the antenna varies. depending on call volume, the call tower search may not be the tower closest to you.

and not like g.p.s., they can't place you within a building or a house or certainly within a room. within cell tower information, there are two types. what cell towers your phone is hitting off. back in january on a given day or week, or what cell tower your phone will be hitting off in the next 48 hours. generally speaking, the closest thing we have in the country regarding historical cell tower information, generally in the courts, for cell tower information, sort of the functional equivalent of reasonable suspicion. there is twun circuit that tells us that the floor -- for the most part, you have to show this. there is a split over what to do about perspective cell locations. there is no legislative authority for the court to gell

perspective cell tower information. we have used for years what's been called the hybrid order. back in 2005 or so, a couple magistrates wrote opinions in which they wrote that legislation was unclear. in the absence of clear legislative authority supporting the use of this reasonable suspicion-like standard, they were going to require a warrant based on probable cause. those opinions spread like wildfire. almost overnight, you went from getting information to not being able to get it without a warrant. so i will explain why that is important in a molet. -- moment. using the g.p.s. knowledge in your phone, as far as i can remember, and i was a prosecutor for 15 years, starting in 1999, as far as i can remember, we have been required to use a

warrant. that may be a surprise if you watch any show that's ever aired on c.b.s., but that's the rule. you can't just get it by being jack bauer and punching something on your smart phone. have you to get a warrant to get g.p.s. information from someone's phone. that has been the rule prejones, and that is within the department's guidance. even if you are slapping it on and it is going to be monitored on a public road, if the car goes in a private space, you don't want to have to turn the device off. you want to be able to monitor the signals. whether or not they have an expectation of reasonable privacy. the only way you can ensure that reasonably is to get a warrant.

jones left open the question, albeit a little sloppy, definition of sloppy by me and not you, the search represented by the placement of the tracker on the car is one that requires a warrant? or there are other categories of fourth amendment searches. you have probably heard a stop where an officer can pat you down if they have reasonable suspicion if you are engaging in criminal activity or you may have a weapon. it is a search the courts have held that reasonable suspicion is enough and you don't need a warrant for that. by the same token, for 20 or 0 years, there has been an exception to the warrant requirement because of cars. because of the inherent mobility of cars, if law enforcement officials have reason to believe the car contains evidence of a

crime, they don't need to go to a judge and get a warrant, they can search the car based on probable cause. if they are wrong, that evidence will probably be put out later. based on facts that would support a warrant, they can search the car without a warrant. so in third circuit cases, the standard has been jones. it is intuitive that you can search a car without a warrant, one should argue you should be able to butt the tracking on a car. the post jones tracker are in flux because it was so unclear. now, why is the department much more resistant to a warrant for

location than for content? it really boils down to the notion of building blocks. prosecutors don't start their cases with probable cause. prosecutors build up to probable cause by using less intrucive versions of lower burdens of proof. they collect that evidence, and stismse that evidence -- sometimes that evidence allows them to rule out people that are innocent. it thren allows them to go to the courts and say now i have reason too get a wiretap or do something more intrucive. before i came to the department and oversaw the department section, i was a prosecutor in baltimore which is a city that has had its share of violent crime. i can tell you cell tower information is critically important not just to cyber-drime crime but to murder cases and kidnapping cases. the kind of thing that was my

bread and butter. i was in an area where it went from reasonable suspicion to probable cause, and it shut down my ability to get information and use that as a building block. in our view and in the department's view, and i think it has been the department's view for a long period of time, and i think it will continue to be, families distinguish between historical and perspective, between cell tower and precise, and requiring a warrant for everything without distinction would impair the government's ability to bring many different types of cases successfully from identity theft in cyber-cases to murder cases and cases that affect people's physical safety. and it is also important to recognize that there are plenty of situations, including emergency situations, where location information, the government is paying for location information without a search warrant where there is no reason to think a crime has been

committed, missing children or kids who are missing and there is not necessarily probable 0 cause to bleve a crime has been committed, and the government gets that information. so a warrant for all regimes it is important to preserve emergency exceptions as well. the last thing i would say, the third party doctrine, which leaves one of the justices, i believe it was sotomayor -- i don't want to create the question -- >> no, i want to go there. perfect seguay. i want to talk about third-party -- >> but wait. >> go ahead. then i'll get to my third-party discussion with all of you. >> let the issue be joined. is your location over a 60-day period perspectively or

retrospectively, is that just a building block of an investigation, or is it something more? we think it is something more. that you have a privacy interest in your location over such lengthy periods of time that the justice department just doesn't recognize this? here's what i think of a building block. a building block is who belonged to this i.t. address at this time? where did they live live? how do they pay their bill? those are kind of subscriber information that's a building block. here's another building block under the sfatute. who did this person e-mail and who e-mailed them? that's also a building block. but when it comes to something like your location over time, that is a different matter to my mind, and i think to the digital due process group. and one other point p location, it is not the case, it is not the case that g.p.s. is always

more precise than cell tower location. nowadays cells can be one floor of win building. these cells now out-number the larger cells, the ones that you see when you are driving down the highway to see these big fours standing out. there are increasingly smaller cells that will locate you. >> i think some of what we're getting at in this debate is also what was going on in jones, getting our heads around what is the reasonable expectation of

privacy mean in the digital age? historically there was this notion that you had no privacy in a public place. so if you are being followed, i think the location is -- the panel may want to comment on this -- so it is harder for some people to get there that this is really an expectation of privacy. but when you are talking about these powerful electric tehran tronic sur -- electronic surveillance tools, does that get us to a situation where even in the public place you are fully violating someone's privacy? it is reasonable to understand you might have an expectation of privacy in that. is that some of what you have going on? >> i think the way i would respond to that, first of all, neither much us is as much of a techy as i think which wish we were. so i think we long ago agree to

disagree -- i don't think the government has ever thought there was a privacy -- right now the standard is articulable facts. in some districts, just as important as the standards congress writes are the ways the standards are applied of in two different districts, and i won't name thefment you can read my bio and find out which i am criticizing and which i am praising. the standard is relevant criminal information. one of the districts i was in says all you have to do is submit a two-page pro forma

application to the court in which you verify that it is necessary. in the other district, you had to submit the equivalent of a doctoral dissertation, 60 pages long, only to say -- to have a judge say, it is not sufficient. there is no justice in that. so just as important is the standard fob wrong is the way those standards are applied. in my experience, this is a rigorously applied standard. back when that standard was raised to significant and articulable facts, the private community embraced those facts from a subpoena standard to reasonable suspicion to protection of privacy. provided that that standard is

executed, it is basically a rubber stamp. basically a privacy issue, the question is, is that something that is such of a constitutional dimension such that the amend the protects it and some exteppings of the warrant requirement applies? or is it something still significant, or is it less significant that the fourth amendment territory such that congress could proticket with a lower standard? >> now i'm going to turn first on this and give you all a chance to dalk about that. so for those of you that are not necessarily familiar with these doctrines, the third-party doctrine is from the case of united states against miller, 1976. it came up in the context of banking. but the basic notion is, if you as an individual turn over your private data, in that case,

financial stuff to a bank, then you are basically using your fourth amendment privacy interest in that process. you have consented to give it to the bank. it is no longer your private information. the government can go and seek it from that third party without your having the same traditional fourth amendment standards in place. that doctrine has been criticized in more recent times in the digital age. because in today's -- the notion being, that in today's world, you are turning over your information con stanltly to all sorts of third parties to have your phone, your e-mail, and so forth. in fact, in the decision we mentioned from the sixth circuit, the sixth circuit distinguished the case of e-mail from banks. but i want to get the panel to weigh in a little on this. because it can raise issues in this if you were going to go

into the court. because we're talking about the government getting the information from third parties, from the providers. that's what the whole debate is about. so lisa, i wanted to bring up with you, with this doctrine out there, the obvious question is, does that change the strategy and does that put more of an ownous on working with congress and more because you are not burdened necessarily in the same way that you would be going to the courts. how did you that affect you? >> that's a good question. i think the job of the courts versus the job of congress are different in that respect, and it is to the benefit, i think, of the assessment that i think congress can adjust to having these hearings. you know, the demand of the constitution is something that the court will work out on a case-by-case basis. they are going to look at a unique set of facts. one g.p.s. put on one car in one situation and what the probable

cause or what the level of articulable facts is and what the relevant is in those situations. but i think when you have congress reviewing the broader issue, you can look at how the courts are interpreting what the constitution demands and look at that, but you can also look at how this impacts our nation's competitiveness and the third party providers, and we turn to the googles and the wireless carriers that would be able to speak more to that issue. but i do think we want to be thinking about other affected issues that maybe don't come into play. so being able to be in congress and be able to take a broader assessment of the state of play and how often location data is being disclosed, that is not something necessarily that a court can review in a constitutional analysis on a specific case. so to the benefit of congress, we can take the broad view. i think it will be important for us to hold hearings and figure out -- i think there are a lot more data for providing

transparancy and public e-mail. i think it will be great to have hour view and figure out how location data is being disclosed and what the standards are across the spectrum. it is one thing that really differs based on where you are. i look forward to -- it is a different analysis. i think the courts may take a different tact. congress is looking for the constitutional requirements of how courts are reviewing. but also what other factors play into that. >> i want to ask you from google 's perspective. leading from the third party doctrine was this notion that you shared it from a bank, you must not consider it that private, so you are giving up that interest. from the perspective of thinking about your users, is it your expectation that users feel once users have access to your information they are giving up access to if? does that third party

information make sense? >> we don't believe that the third party doctrine demirns our users' fourth amendment interests in the content of their communication. that is critical to the distinction you were alluding to. it is something we should hone in on. you cited the case of united states vs. miller. in smith vs. maryland it dealt with pen registers. in both cases it talked about the sanctity of communication, content, and we are careful to distinguish these two cases. this was something expounded bon in the first -- in the first warshack zpigs when the court was focusing specifically on e-mail service providers. i think the court was echoing

what the supreme court said about this in that content is different. i think that is because service providers have access to communication. that does not diminish the privacy interest that users have under the fourth amendment in terms of the privacy of their communication. the court also focused on viruses and even child pornography is an argument raised. these people are providing these services. their content is not sacrosanct therefore their privacy is diminished. the court rejected that argument. the court did say there might be circumstances if there is a policy of monitoring or infecting the content of communications that's performed not in an automated way but by human beingings or

administrators. those were circumstances where people were on notice. our users have significant important interest in the content of their privacy. >> the court distinguished third-party doctrine in that case with e-mails. do you feel that the existence of this doctrine means that it is better, more productive to change standards through congress or in through the scourts? may be able to -- >> pick up the phone, make a phone call. to make the call, you have to entrust your communication to the phone company. yet, there is a warrant

requirement to intercept that phone call. write a letter. put it in the envelope. send it through the male -- mail. you have entrusted your communication to the postal service. law enforcement needs a warrant for that. it makes sense in the digital age that when you entrust your e-mail to the provider, there ought to be a warrant requirement for that as well. there is a significant advantage, though, in having congress erase any doubts about whether there is a warrant requirement or ven. first, it raises the doubt, which is a good thing, instead of having the courts go through it. -- first, it erases the doubt. it also gives congress a chance to think about what jason was saying earlier. to think about what are the exceptions we will have to the warrant requirement?

current law includes exceptions like for emergencies. and g.p.s. and other location based bills include exceptions for missing children. and there are going to need to be other exceptions, because there are times when you will want law enforcement to be able to locate a person without meeting a warrant standard. the advantage of having congress do that is to think about those exceptions and legislate that after debate rather than having to go through decades of lit -- litigation to get to the right place. >> would you support revisiting the thished-party doctrine?

-- third-party doctrine? >> just as if you store your personal belongings in a storming center, you maintain a reasonable expectation of privacy in the content of your belongings, even though they are containeded by a third party. i think those that send their information through google or microsoft believe they minute tain the -- maintain the expectation of privacy. there is a great line i will not come close to doing justice, this kind of balancing between public and private safety is best determined by the legislative branch and not the courts. i think when it comes to cell

location and content, this kind of line drawing and these kinds of trade-offs we have to make in our society between an individual's privacy and public safety and the needs of industry to have an innovative dynamic and free internet, those lines the courts are not equipped to draw. it results in a landscape -- the examples of everyday transmation of content. let me give you an example of every day noncontent. before you got here today, maybe you made a phone call from the landline of your house, which is your most protected space. you went to the bank and got some money. you went to the store and wrote a check. you went to starbucks.

you had a security camera where you parked and then you signed in two or three times when you came into this building. all of that information -- i'm not suggesting it is nearly as complete a picture in real time that you might get from g.p.s. and cell phone, but all that information is information about your movements today, and all of that information is noncontent held by third party providers that the government can get with a subpoena. not reasonable suspicion, but just a subpoena. that has been the case for decades. but to get the location of a cell tower and the general location of a car you parked three months ago, the government needs a search warrant. the take-away from all that is that non-content location information when it comes from your cell phone is already more protected than all these other types of non-content information that you give up when you live

on the grid, as we all do. that is not to say the standard is adequate. the most important thing is that the standard be applied consistently, as i said before. but the third-party doctrine is so ensconsed in our framework of laws, in our privacy laws, that we already have a situation where electronic information, the government has to meet meet a higher standard. it made sense, though, for you to know that the government can send a subpoena to your bank and find out any financial transition you have ingauged in in the last years, but they can't -- if you aren't committing tax fraud, you probably aren't worried about

that. but it may surprise you to know that that information is obtainable by a third party. let me get back to the pablet ability to -- the ability to investigate crimes. we commune cage indicate where we are and where we go and how we do it from the moment we leave our house to when we return home. i agree that the electronic information from our phones is more inadvicive and should be subject to a higher standard, they are still not cob content. content deserves the higher degree of protection. this is absolutely deserving of higher protection than the credit card transaction at starbucks this morning but it is not deserving of the same content truly the most protected area. what we say, what we write, what

we communicate, that is certainly worthy of the highest degree of protection. >> i want to go back to the panel one more time and then open it up to questions from the audience. turning back out here to greg, i did want to ask you a bit, we talked a little about the d.o.j. testimony last month at the office of legal policy talking about the possibility of a warrant for content standard. i want to ask you if you would highlight from the key areas of agreement that you thought the d.o.j. had with what they are seeking and some of the key remaining areas of this agreement. >> where we agree is that the distinctions in current law that make it so that e-mail older than 180 days is subject only to a subpoena, that the d.o.j. leaves a distinction between unopened e-mail less than 180

days, that those distinctions make no sense today. we agree on that. i think where the one major disagreement -- i'm sorry. we also agree on what i described earlier as the corporate e-mail issue, when the investigators go directly to a targeted information seeking its records for a civil investigation, they should be able to go with a subpoena, subpoena the corporation. where we disagree is when we the civil investigative body is conducting their civil investigation and they want to go to the provider, to the third party provider with the subpoena to get your records or the records about a corporation under investigation, what d.o.j. testified was that they wanted a huge new exception for the civil investigates so that they could go to these third party providers and get your

information from that. that i think is going to be a nonstarter. think that one through. first it creates all those issues about the provider not knowing what's relevant to the investigation and turning over everything. turn over all the employees' personal e-mails in response to that request. it is a huge privacy problem, and it is a huge business trade secret problem, too. you don't want your secrets -- hopefully you are not sharing them with a third party, but you don't want them turned over to another investigative body. and it creates one more problem the d.o.j. witness was not able to answer when she was investigated. strimes cases can be criminal and civil at the same time.

they can get all that information from a civil trial, and then just dump to criminal without a warrant or subpoena. >> the office of legal policy says that ecpa should require a warrant to compel disclosure of e-mail and stored content information from a service provider. my question is, this phrase "similar stored content information" should we understand from that "the cloud"? i know you are not speaking on behalf of the justice department

specifically? >> i took that to mean from all electronic forms. text messages, e-mail, that all things should be subject to the same degree of protection. that's how i interpreted that. >> the warrant for content standard. >> yes. >> so i want to ask david a little more about transparancy, which is a topic someone alluded to earlier. i believe google released most recent version of its transparancy report. they have been doing this since 2010. microsoft published a similar type of report. if you could talk more about what these transparancy reports show, why google is making a point of doing this. >> sure. we released the first iteration of our transparancy report in 2010. we are gratified to see other companies like microsoft linked

in. twitter. sonic net. all issuing their own versions of their transparancy reports and building upon some of the work that we've done. over the three-plus years since we first released our transparancy report, government request for user data issues to google in the criminal context has increased 136%. we recognize governments have legitimate needs for this data. we also think it is important for our customers to have information about the volume and types of requests we receive and the circumstances upon which we might push back on some of these requests. how posture and how we respond when we get these sorts of requests. we are hopeful our transparentsy report will inform the broader debate about ecpa by providing real data behind it. so you were alluding to in 2013

we are learning how to make this better. some of the things we have done are in response to issues we have raised. we are always interested in hearing about our users in the broader public to we can issue transparancy. so january 23, for the first time, we provided data about the types of requests we are receiving under ecpa and the various legal processes under governmental entities. we disclosed 68% of the requests that we received under ecpa were through subpoenas, 22% were through search warrants, and the remaining 10% were court orders that included other legal processes that were a little more difficult to categorize. then on the 28th of january we issued a detailed report so users can understand, what type of data does google provide?

what are the circumstances under which they provide data? and then providing gran ewe lar -- granular data that relates to e-mail or a search warrant or a court order. then march 5 we disclosed in broad strokes the number of national security letters we received and the number of users accounts. that's something we la be publishing on a national basis. going forward, we are looking forward to ways to communicate to our users about this issue, and to give an understanding to the broader public about, you know, what this issue means and its implications for updating ecpa. >> one thing i want to ask you, too, to what extent can congs play a role, maybe with more reporting, getting a better handle on how the tools are being used under current law?

>> i think it will be an important issue for the hearings to see what the prack cal application is for the current framework. it is not so clear from the text of the statute how it is being applied right now. it really will be important to assess that. so i think that that's something that is naturally ripe for hearings. and i think, you know, this is a careful balance of what we are asking industry, and third-party content providers and we will have to have that information about what elements will be important for requiring government when they are seeking disclosures on businesses? and i think it is important there is a bipartisan interest in having that conversation, and i think this hearing and hearings we will see in the house and senate will be fruitful to explain that. >> i would like to piggyback on something. i think the reports are great.

i think it is great that other companies will follow google's lead. if you look at the data from those reports, though, i think they are useful in ways in informing the debate. another way is to help put in perspective, in microsoft puts out last month, reflects, among other thifpks things, that lorte requests that state, local, and federal involved exactly .02% of all microsoft users services. and the last data i looked at for google, 2011, at approximately .0058% of all registered google users had their accounts affected by a law enforcement request from any u.s. law enforcement agency, local, state or federal. by contrast, 100% of american and overseas internet users are at risk from identity thieves and criminals that threaten their privacy every time they turn on their computers.

so as lisa said, there are no absolutes here. any decisions we make, any standard required, will have some constitutional amendmenting trade-off. if the standards are high, so they are very protective of privacy, or seem protective, they will have an affect on public safety in some level. in some cases, there will be cases against privacy-related criminals. you know, people that steal eye identities -- there will be arrests against people that steal identities that won't be able to be made. so when congress draws these lines, they draw them in a way that is protect yiver of privacy but also protective of public safety authorities to get the criminals who invade privacy. there is data that says the

majority of americans do not want to be tracked on the internet. but a significant number of americans like getting ads relevant to them on their smart phone. and they like getting information about google that is similar to the way they live. so even in the consumer privacy space, lipes that we draw rules that we create that govern privacy and computers will have an effect on the internet. so this is valuable information that everyone shares. everyone wants privacy, and there are no easy solutions.

>> we are talking what law enforcement standards should get the data. if you increase the efficiency by focusing on the bad guys, whether you are meeting some standard or showing that's the target for getting that information. so yes, there are trade-offs. but pushing back on the one-on-one smogse notion that you are -- the one-on-one notion that you need privacy. >> there will be cases where the standard is placed at such a high level that some of these building blocks you would normally use, other evidence or older content would allow you to build up to probable cause, you won't be able to get because you won't be able to get probable cause in the first place.

i'm not saying it is a bad thing, but there are cases that inevitably will not be made and criminals that will not be caught. there is no way around that. >> you won't have the microphone brought to you. when you get the microphone, please identify yourself and please actually ask a question. >> i'm bob gelman, i'm a privacy consultant. there is a constitutional that overturned the third-party doctrine after the miller case, and the reason very few people know about it is because it is a very weak law.

there is a low standard. there are exemptions for state and local governments, for the c.i.a., for the scc, so the law has very little content to it. so i want to ask questions of give different people. for jason, if congress was seriously considering changing the third-party doctrine, what other kinds of exemptions do you think the law enforcement community would ask for? to greg, i would ask, how can you argue to overturn the third-party doctrine when third parties are able to take information they have about individuals and sell it out the back door to anyone who wants it? >> third-party doctrine is a constitutional doctrine, and i think it is here for now. part of congress' rule is to fill the gaps that the third-party doctrine has created . and we see ecpa as one of those

gap killers -- fillers. it needs to be strengthened and it needs to be updated. as for the ability of companies to disclose your information without your permission, that is not part ft third-party doctrine. the third-party doctrine is a constitutional doctrine. but we are advocates of a baseline privacy law that would put ricks on that. we are under no illusions that those two things are easy to accomplish. we think they are both difficult and that they ought to be tackled separately. that's why d.d.p. is focused on the law enforcement issues. there is one kind of overlap that i wanted to discuss a little bit and david alluded to it a second ago.

one thing i did see in d.o.j. testimony two years ago that i did not see in the d.o.j.'s testimony this year was the idea that if a company is using your communication to figure out how to market to you, that that ought to be a reason to diminish the level of statchtri -- statu tofment tor -- statutory privacy that attaches to your communication. they have seemed to have dropped that argument this year and i think that's an important change also. because where it goes, you know, you are typing up your gmail and you get ads relevant to what you are typing in your gmail, where that rg. goes is to make it that the

communications are available to law enforcement for content. so i think another change we ought to focus on is the idea that that kind of business model does not defeat your constitutional or your statchtri privacy right. >> any other questions? >> i would like to use the storage unit facility there. the manager of the storage unit has a key and can get in, nt case of emergency, but that does not mean you give up the privacy of the stuff in your locker. your question is tough to answer. it is not just a question of exceptions. the kind of third party information, i rattled off a few examples of what a person might do in the ordinary course of a day. one is a financial transaction. one is parking at a place that has a security camera. all of those, broadly defined,

are records that, you know, that third parties main tavenlt they are not records, of course, that the user has any control over. these are private papers of the company, fedex, starbucks, they pertain to a transaction that that company is a party to, and they are a party's business records. the decision to retain them is not something you the party has access to. if congress were to try to legislate a new standard to govern the third-party doctrine, then the question sort of on the floor would be, do you make more distinctions than are currently made? right now there is a broad -- there is a limited universe related to internet usage that requires a higher showing. you make other distinctions between those two broad

distinctions? if congress were to abolish the third-party doctrine in some fashion and say all third-party records require a search warrant, i think it is not a question of carving out credit card records or bank records or fedex records, i don't think i am prone to high peshly -- hyperbole, i think that would shut down investigations of any type of crime i could imagine. from white collar crime to murders those records, not just because they establish location, but because they establish activity, who you are connected with, who you wired money to, who you were calling on your phone, those records are critical to establishing who is innocent of crimes and who is suspected of being a part of a crime, and mope hopefully you can prove they are. it is not a question of picking out piecemeal, i think the real question is, are the broad distinctions now between cell

phones, third-party internet and everything else, do we have a high enough standard for the cell phone and internet records as opposed to the subpoena and other standards? >> any other questions? here in the front. >> alan butler, electronic privacy and information center. i would be interested to hear your views on after jones if there is any principle reason to distinguish between perspective and historical records on privacy grounds, not statutory grounds? >> location? >> location. >> i'll let you start. >> so jones, the holding was, there is trespass. so that is not really relevant to your question. it is the five concurrences that sharon was talking about that are relevant. if you look at justice

sotomayor's concurrence, and she says i don't think this third-appeared -- third-party doctrine serves us well. she is a wise latina. i think she got it right because it is not serving us right in the digital age. olito kind of skirted what i think was the big question, if his concurrence was the majority opinion, which is how many days of tracking triggers the warrant requirement? well, what a lot of people don't know is when this case was moving up, the lower court called it the mosaic theory where you are pulling together different pieces of data to create a picture of this person's activities. i think when you look at it objectively, it shouldn't matter whether the tracking is perspective or retrospective.

when we were looking at this, what became the digital due processor coalition, i went to the advocates making -- one of the advocates of making a distinction came around when he thought about his own activities. he said, you know, i go running pretty much every day. i take pretty much the same route. if you look back on my 30 days of running activities, you would know where i was going to be for the next 30 days at that time when i go running, and ultimately came around and said two kinds of data are equally revealing and we ought to have a warrant for both. .

>> i'm curious. is that in your mind? >> it is tricky. it depends on the view and the privacy of phone detail records, which i do think is lower than location. i do not see exactly why the perspective has any basis based in the privacy interest. i think it is my practical distinction. >> the way this law has evolved

is that the higher degree of intrusion, the higher degree of evidence burdened the government has to meet. the lowest level is your calling records for your cell phone. the government can get a subpoena. but if they want to know who you are calling for the next three days, that requires more. if they want to do more than that, they want to get your cell phone location, they have got to do more. tothey want gps, they need do more. if they want to find out who you're talking to and what you are saying, that requires more. there are degrees that are made at various stages. the hardest question comes, when does the series of monitoring become so pervasive and invasive that it requires a

warrant? as a former law enforcement officer, that is calendaring -- challenging seeking to use these techniques. to get apractice is warrant as you did not have to worry about it. when you start out doing your tracking, they slap on trackers have a battery life of anywhere from 48 hours to seven days. then you have to replace them. you might start out with today's and the next thing you know, it is 22 weeks or three weeks or four weeks. at some point you crossed the line and into pervasive monitoring. it is a difficult doctrine to apply in practice. that means congress, they could legislate that answer rather than having the courts figure it out.

thejason was talking about phone records. interestingly, e-mails are the opposite. it does not make sense. , to and frommail information, they have to get an order -- it is the intermediate .evel and relevance in material but if they want real-time e- certifiedt just relevance, which is slower. it is kind of not accurate to say that the statute always requires a higher standard for real-time versus historic. >> excellent point. it is an anomaly, one that i think should be fixed as well.

that is a topic for next week. that is another illustration of how this law has been cobbled together in a way that needs to be fixed. >> do you want to weigh in on this question? >> we're done. >> other questions. over here. >> hi. i work at the raven group in d.c. i want to thank everyone further insight into this issue. my question is moving forward now that we have delved into a lot of different distinctions that are based on technology today. so it makesdate sense, but so we're not in the same position in 10 or 20 years? it is my understanding that when it was first enacted, i could

probably barely walk. but there was a congressional whatt to protect communications at that time should have been private. had a week make sure that happens with location whether you are tracked from a cell phone tower or from a gps. i feel like technology moves so quickly. that distinction makes sense today, but it could be even relevant in two years. i think it is a difficult question and one that comes the space of internet and technology. you think about the intellectual property issues of the day and and the challenges we face. in the next two

years and not even the next 25 years. it is something that many are very cautious to approach. i appreciate that. no one wants to design a new copyright law today that will be outdated five years from now. it will be incumbent on members of congress to make sure it remains somewhat broad enough and definitions are not too narrow edit rules out things and howe to track location differently. seems that there is a need for careful process. reality is key. cell phone tower locations are becoming more and more accurate.

language.ech neutral i would not make a distinction between gps and cell phone tower. >> i think there is an important role for congress to play in its oversight function. revisiting these issues on an annual asis and holding hearings so they can understand how technology is developing and any challenges that might be is updated tocpa understand how changes in technology may not be keeping pace with the law. we are hopeful that the changes we are looking to enact will be once that will stand this test of time. particularly in the location space, it is tricky and difficult. there will be a advances in technology. those advances i think will call for higher standards. >> ok.

i'm with the national association of criminal defense lawyers. i have a question about consent. in that location content, in a lot of bills we have seen, there has been exceptions for content to use information tracking information. the boj jason think would view this? we are all dealing with third hardee's that require some kind of contract. that requireies some kind of contract. , my car is missing, so i give them i consent to use gps to find my car. , i will talk about the law enforcement perspective. consent is a time honored,

warrant requirement. it could be to search your house or your car. to search your office are private property. you could consent to a wiretap on your phone. the critical issue from a legal point of view when prosecutors tried to introduce into our thatnce is that consent was given voluntarily. it has to be written in super clear language that it was witnessed and the getting up of the consent and it was explained and documented in a report. there is an extraordinary effort to make sure the consent was clear and it can be relied upon. it is an important feature of all of the different bills that they have retained as a critical assessment. >> with the justice say the

person could resenconsent to disclosure of the location to law enforcement? i think if it is under 60 screens -- [laughter] given how the painstaking efforts that law enforcement goes to when we rely on content to do searches, i think it would be some form much like what we do to do searches. it is clearly explain what you are consenting to. it is written in language that anyone can understand. in terms of -- but, i can't speak on that

issue. >> it is a difficult question to answer. there is implied and expressed consent. if you're using a website or a no sign-up there is process, but there is a link for the terms of privacy policy are implied consent, it is a little bit different when you're looking at examples where there is explicit consent where the issue has been put before you. i'm trying to think of an example off the top of my head. , like onion consent your phone, you can often in -- opt in. then it becomes a little bit more challenging. you can withdraw that consent. here islenging issue

because you consented to chairing that location with an entity does not necessarily mean are consenting to the information and its robustness being shared at some point later down the path with law- enforcement. it is a complicated issue. >> i think we have time for one more question. do we have any? maybe we don't. ok. one more over there. >> i'm with the urban institute. i want to follow-up up on an earlier question on how you keep provisions current when technology changes quickly? points and 180ny days. he is to be in agreement that not all of these are reflecting what we want the privacy protections right now. added to that, someone suggested how much privacy do you expect for different mediums and things at that? what are some of the more

concrete measures that you think would be helpful and updating e cpa? i know you mentioned that transparency reports and possibly some discussion of how location data is disclosed and how that varies across different agencies and providers. what are some other things like that that you could empirically measure to aid in the updating of ecpa? >> good question. one thing that ought to be there that we do not have that would really aid in the updating is data about how it is being used by law enforcement now. each year there is a wiretap report that gives out information about how many federal and by a they and law enforcement. -- state law enforcement.

it is quite granule. is no statutory requirement to that. i think congress will legislate, but they will be legislating based on partial that isst the data being disclosed voluntarily by companies like google, microsoft, and others that david mentioned. we need to have visibility about exactly what demands are being made by law enforcement and what give a investigations to better picture of the surveillance. >> on that point, there is a similar requirement, but nothing for other types. i think he is right. is ordered, the federal judge has to send a form to an agency to d.c.

they had to compile data from -- about which wiretaps are issued and under what circumstances. is magistratey judges who are typically finding search warrants and are signing registers.and the magistrates get a similar form by the judges use for wiretap. that data can be compiled. howe are differences in genin standards are applied. my experience in baltimore is that there is tremendous inconsistency in the way the standards are applied between the federal and state and local system.

there is an article a year or -- ago in which using data you wrote about their frequency lawhich state and local officers were getting information location on cell phones and other things covered by ecpa. the firster forget day a copy baltimore brought me gps data on a cell phone. he was getting pniiinging data. i asked him to show me the order. it was a one paragraph order. i asked them to shimmy the the application and it was two paragraphs. applicatione the and it was to . raphs.was two parag this is the law of the land. there are not different standards to apply.

there are plenty of authority and otherwise for congress to regulate this basic uniformly nationwide. my advice to congress would be have is explicit that applies to state and local as well. inon criminal testis general, in two weeks, the constitution project is having our annual awards ceremony april 17. we are salivating the 50th anniversary gideon. invitations are out on the table. 50th are celebrating their anniversary gideon. invitations are out on the table. thank you to our panelists for the wonderful conversation on e cpa. [applause] [captions copyright national cable satellite corp. 2013] [captioning performed by national captioning institute] >> this week on "newsmakers" we talk to larry pratt about universal background checks.

the main argument we are hearing with background checks in the gun debate is that it would create a register and that the registry would be used to confiscate guns. do you think the government is trying to take guns away from current lawful gun owners? >> the government has done it. they did after katrina. they went to gun stores throughout the new orleans area and the stores have to maintain records and they confiscated those guns. not very confident inspiring. the same government in fast and furious supplied firearms to the mexican cartel and what whistleblowers put into the congressional record, we know it was the purpose of advancing gun control on behalf of the administration. we are willing to get people killed in order to advance a political agenda