just walk in and take it, which is the general rule. motivationt of the in demanding that there be more vocalization -- localization of the cloud. >> if i might add to that, in some instances we agree on this, stu, several of the trends we're sending now preexisted the stoweden revelations but the revelations hastonned them, given am nickses to them. on the issue of data localization. prior to snowden, there were certain governments very focused trying to get american companies to locally both private data and data youtube videos and the like so local governments could exert greater control over content and have easier access to data. snowden revelations have much strengthened the hand of governments that are pushing for that kind of data localization.

in a way that i think impacts human rights. one of our biggest concerns about data localization presnowden is many of these countries were doing this not because they were trying to protect themselves against the big, bad americans but because they wanted to exert greater control over internet data and internet speech. we have now given them a great deal of ammunition on that. similarly, even prior to the snowden revelations, there was a big debate over the role of the u.s. in internet governments. and what should the future of internet governance be? should it be to be multistakeholder model that involves governments and civil society but many are concerned is dominated by the u.s.? or should it be the realm of governments and intergovernmental process? we had countries like china and russia and zarb pushing very hard to increase the -- saudi arabia pushing hard to increase the role of governments in the global internetization of the internet. that trend consistented

pre-snowden. however, the snowden revelations significantly changed the contours of that debate, giving ammunition to people we don't necessarily want to have more control over the internet. but they can say we're doing it to ensure the u.s. doesn't get up to its shenanigans or because we want to get up to shenanigans like the u.s. >> or if i can put it on a bumper sticker kevin probably won't put on his car, it would be snowden, bet are for russia than for privacy. [laughter] >> taking a slightly different point of view on that, from the idea of encrypting your e-mail from end to end, is that actually a healthy think from a cyber per spec sniv is that a potential side benefit to the individual user? >> i would say enormous benefit. it is also costly. the think the companies have had to expend a great deal of resources to do this. if we are talking about costs of the n.s.a. programs, that is one. google and yahoo! should have

been encrypting their data links. we want more data being encrypted. we more want websites to turn on s.s.l. so that you see that little lock when you're browsing and we want to see more encryption between e-mail servers. this is something google recently published a transparency reports showing all of the different companies that were not encrypting e-mail between servers. all of this goes to the good. all of this goes to the hardening information security of the internet against unauthorized access -- >> whether it is unauthorized, this is the problem. every country has criminals, loathsome criminals that they are quite entitled to investigate. when you encrypt everything end to end, their investigations will end up in multilateral assistance treaty, requests for assistance to the u.s. government if they don't have a treaty and most of the authoritarian governments don't have treaty we're willing to cooperate under, they have no

way of getting information even against the criminals that their investigating if they're using gee mail or yahoo! mail and the like. -- g-mail or yahoo! mail and the like. that's going to create enormous tension between the companies and governments. it will pursue them hacking into people's computers as a second-belt alternative. distinctly second best. if, frankly, for most of us, your biggest worry is the police or the national security agency, encrypting end to end has a pretty significant effect. if you think the people's liberation army is more likely to break into your system, believe me, if you're in the united states, that is the case, encrypting end to end doesn't solve the problem. want to encrypt data at rest. all of the solutions we have been spending boatloads of money on are aimed at the wrong target, in my view. >> so i would just say, i think that it's pretty obvious from the actions of the companies

increasing encryption both in transit and rest, it's obvious that the goal here is ensuring the confidence of the consumers of the end users. that their data is secure. and stuart quite rightly notes the existence of criminals, importance of being able to pursue proper investigations and ultimately does that increase state hacking? possibly. i think what we would suggest and what we would propose is we see the real alternative and the real message that we should be driving is the importance of international cooperation and conversations about this. this is a place at this point we feel governments need to be coming together to talk about how to govern access to data. and to create a framework that works around the world. >> i would agrow and simply add much of the focus is in technically hardening the

internet against all unauthorized access either by governments or criminals or chinese hackers or russian mafia. and much of that focus when it comes to be government access is to ensure if the government does need data, which it often does, no one questions that, that they come through the front door with appropriate legal process rather than the backdoor. >> move the front door to brazil and germany and romania and russia and china. they're going to insist the data be stored there, including americans' data. and we will completely lose control of any privacy standards with respect to the foreign government access to the data. >> it's interesting, i feel like we're arguing past each other. i share that same concern but i think we have a different idea what are the root causes of that. i think that the snowden revelations have given a great deal of ammunition to the countries that want to do that. i think that -- but i'm not

going to accept that threat as reason why we should not also secure our data. >> can we impact a little bit, i think that's really an interesting point. let's just pick a country to make it -- let's use brazil. so if i have data as an american citizen now in brazil, stewart, what do you think my concern is? >> i'm willing to bet i know more about the european standard -- >> i pick the wrong country? we can go to germany if you wish. >> safe bet brazilians don't have higher standard for access than germans and dutch and french. the fact is that in practically every country, law enforcement can walk in and just say, would you like to give us that information? thank you. and by the way, it's understood you're not going to tell anybody you provided us with that information. >> for clarity, the law enforcement person and they in that sentence is the local -- >> they -- >> i.p.?

>> anyone who stores data, subject to having police come in and ask for the -- their subscriber's information. voluntarily, in quotes. and without disclosing, because it would be embarrassing, the fact of having provided that information. and if you are an american who just happens to be taking a visit to the world cup and you e-mails from bra brazill, there's a decent chance that under the standards as they're evolving, all of that stuff will be stored in brazil and not anywhere else. and your data will be looked at by the authorities in brazil for whatever purpose they want to e it for whatever any of the protections we are now arguing about how to improve. >> i think the more atp

discussion to be -- apt discussion to be having is what what do others think is going to happen to their data if they store it in the united states? right now what people believe is going to happen if they store it in the united states the n.s.a. will have relatively unchecked access to it and that's causing people to choose not to do business with american companies and causing governments to propose new infrastructure for the internet to limit the amount of dwrate that travels directly or incidentally through the united states. >> i don't disagree there are people and media with strong interests in keeping that issue alive in foreign countries and it is being used in some kates in good faith, in some cases in bad faith to get localization of data. i'm not sure that's a completely successful move in every respect. the more we prevent governments from getting any access except through the more or less broken process, the more likely we are

to nspire a determination localize that data, where we will completely lose privacy protections for any americans who happened to be caught up in that web. i think we more or less agree, what would you suggest, an apology, world apology tour? this is something that's being misused by governments. most of the public policy proposals that are currently before congress, you know, let's get rid of the 215 program. let's do something about back end data searches for americans. will have zero impacts on the campaign being put forward. if what you would like is an international agreement we will t do espionage, that's about as applauseable as agreeing we won't have exmarital sex in the future. it is something that is going to

happen and we're not going to be able to regulate it. if we signed up for that, we would be the only piece to try to enforce it on our own government. >> sirnly agree the current legislative proposals are very focused on the rights of americans and don't necessarily hit the programs that are going to impact people outside of the united states, including section 702. i think that is a deficiency of the proposals. as far as things we can do, you can look at the very back page of the paper we handed out that has a number of recommendations about how we can start addressing this issue. i think one is 702 reform, limiting scope of dwrate that can be collected and range of purposes for which it can be collected and used. greater transparency, something we have been working very hard to try to obtain. variety of confidence-building measures in regard to u.s. government encryption standards and you mentioned the m-lab progress as well. this is not actually in our

recommendations but i think our answer to the issue of, how do we address -- if we encrypt the data, other governments won't be able to get it on their territory. what do we do about that? i think what we do about that and certainly position of the reform government surveillance coalition, major internet companies, we focus on fixing the m-lab processes we need for the 21st century a modern, quick-responding way for governments to internationally make requests between each other for data that's stored in their jurisdictions. >> i agree with kevin. i think to stewart's analogy, we don't need world apology tour but it's pretty clear that doing nothing isn't getting us anywhere at all. there are a lot of exmarital sex still going on. >> ok. >> whatever we do, the fact is billions of dollars are beginning to be lost and there's going to be more to come. and what we are seeing is -- i use the word ammunition before. we are seeing a lot of energy

now being put behind things that could fundamentally fragment the internet. ould fundamentally shift the locust technically away from the united states and right now we have to actively try to prevent that. >> kevin is right. there's a large focus what is the dollar impact on this? what is the impact on the companies? what has happened? the problem with looking at the numbers of what has happened is by the time you have a dollar -- a real dollar impact, that business is lost. and it's not coming back to u.s. companies. and i think that is the danger of sitting and waiting to see how this plays out. it's hurting u.s. companies. -- hurt our orse surveillance capabilities worse if we let that path play out and continue doing nothing. >> that is a great point, not

that i'm necessarily -- i mean to those -- i'm a civil libertarian, primarily focused on protecting civil liberties. to the extent you chill people storing in and communicating data through the united states, that distinctly impacts our intelligence capability. regardless of what you think the argument is and should be in terms of legal standards or prophecies for accessing that data, if less of that data is here, we will have less of the data for intelligence purposes as well. that way the economic impact and the impact on the internet itself is also going to have a security impact for us. >> should we be concerned there's a reason report saying mathematicians are turning away potential work from the n.s.a. because they don't agree with the surveillance activities. does that mean we may have a different level of harm we're not considering in this particular dialogue, which isn't necessarily a trade issue but a

-- how do we move forward out of this? maybe not an apology tour but say young engineers going forward we still have an interest in knowing what's going on with the surveillance perspective but -- do we put parameters around it? how do we manage this going forward? >> one of the things i would suggest, one, if this is what we're worried about, most of the reform proposals have nothing to do with this. and aren't going to -- as kevin more or less acknowledged, change anyone's view and indeed longer the fight goes on, the more attention gets paid to the snowden documents and the perception that n.s.a. is collecting everything. if this is what we're worried about, we should focus on things like m.i. reform and, frankly, rather than a world apology tour, we should be taking some of this fight to the people who their using it for

advantage. high on that list has to be european union. which is -- which has patented the business method of holding american companies hostage over their objections to some u.s. government policy that has nothing to do with those companies. they did that to airlines over p.n.r. swift over u.s. collection of terrorists' finance information. they're doing it now over safe harbor, trying to find a way to say we will threaten all of the u.s. companies that want to do business transatlantically with losing their protection under the safe harbor as a way of trying to extract concessions from the united states on unrelated topics. they want to regulate -- they have no authority to regulate any intelligence service in europe. the only intelligence service they think they have the authority to regulate is the united states. it's time to call their bluff

over this. one of the things that frankly for people here in congress, you ought to be thinking about, is the european parliament comes over here all the time. they constantly are thinking of ways to hurt u.s. companies putting them into law and saying, we're doing it to protect privacy and when they come here, they hear nothing from congress to suggest that anything is wrong with the positions that they're taking. congress here needs to be as aggressive about protecting u.s. interests as europeans are about protecting european economic interests. that means taking action to prevent and to specify consequences from any effort to screw around with the safe harbor over this issue, which really has nothing to do with the law of privacy in europe, which the safe harbor already fully vindicates. >> let's say there's an art

imitates life and a company decides to become the google braff zill. >> we call it orca. >> to do a sort of check the box exercise? i would like all of my data to avoid a u.s. server, can the zeros and ones really do that? i wonder, there's a certain element of this dialogue we're having which is very pragmatic from a policy perspective but i don't know that technically some of the things that we're dealing with are feasible. i realize i said this wouldn't be a technical discussion but just ponder. >> so i think i would rely on real tech knowledgist to answer -- technologist to answer the feasibility. you're seeing companies saying if you want to host your data in a particular market, we will host your dwrate in that market. the problem is only goliaths can do that. there's a huge swath of the technology industry that is not that big. and it's not built that way. b.s.a. cost to a lot of

member companies of trying to ensure by saying your data will be held in x locality is just impossible. you undermine not just the efficiency of the system and value that cloud computing and other things bring, but you undermine the costs. >> when putin said a couple weeks ago he wanted all twitter information to be -- if they were allowed to keep tweeting in russia, they would have to stay on a local exchange server. have to put a server locally. i don't mean to make this very specific to one company. but if you're a company at that point do you just say, good luck ? we'll do our best? i realize we had these challenges and iterations with yahoo! in the past f you're an edge provider that is very popular, especially via social network, how much credence do you have to put to some of these people? or just say great, russia, we wish you the best with that?

>> twitter is not a b.s.a. member and i think it's hard to answer some of those questions from a company perspective. especially when you are swerable to stockholders and some of the worst parties hoor are fairly large markets. >> it's a business call. have to decide how much is it going to cost me, not just in funds but in disappointment on the part of your customers. versus what it will cost you to et out of that market. when the chinese started censoring google, google said see you, this is not our market. when europeans decided to censor google, google said, what do we have to do? that's a decision they have to make. and you make it on a business

basis. >> i also have to add there's a layer technically and figuratively between edge providers as well. if you move up a layer and look at the i.s.p.'s and backbone providers, those who have the internet exchange points that we y all of this traffic, are moving into an age where there are not a whole lot of those and fewer and fewer entities controlling those peering points. you look at many of these emerging markets and especially countries less friendly to human rights, there are very few of these peering points and they're under pretty strict control by the government. such it's actually quite feasible to say we don't want this or that traffic coming in or out of the traffic or we don't want this service to be able to reach our people or vice versa. we want to keep it internal. it's worth being mindful of that. also worth noting to the extent major i.s.p.'s agree we want to

keep our bits on these particular links, that's feasible for them to do and we see this being discussed in the context of the european union and germany, talking about creating a zone routing arrangement where those bits are not going to leave europe. that is technically doable. it's not going to be very easily and it will be not very cheap. but such a thing is technically possible. the question is can we prevent it as a policy result? >> this is just like any other security decision. you have to decide what it's worth to you in money and in hassle. and it has to be worth it to everybody who has control of the decisions. it turns out, i suspect, it isn't worth it to all of the people who have to be persuaded to build a zone for the internet o do that. certainly it's worth it for governments to say if you're

going to host our data, we want our data hosted in our country. frankly, that's the u.s. decision. so it's not a surprise. on some things they have leverage and can do it relatively inexpensively and do it pretty much no matter what we do for the next year on snowden response. and for the rest, they won't because it isn't worth all of the hassle. just as it sometimes isn't worth ll of the hassle to have a 20-character password. we know we should. we mean to on january 1. but by january 30, we've decided it's too hard to remember. >> certainly worth it to some governments and certainly worth it to foreign competitors. deutsche telecom would love to have that kind of area and have been outward about talking down u.s. competitors. >> they have been. but everybody -- all of their customers are also quite cynical

about that. and they are quite prepared to say, ok, if you're 2% more expensive, we might take that hit in order to get what you're selling. but if you're 20%, to hell with you. we're going with amazon. >> if i may to jump back to another point, i do want to make clear whatever stew said you conceded a point, you need to rethink what you said and he makes a good point. i raised a point the current legislative proposals, specifically u.s.a. freedom, doesn't do enough on this score to reassure the foreign markets because its primary focus is ending bulk telephone records collections program that primarily affects us. but i do want to be clear it does do a number of things i think would help address this problem. first off, it would prevent bulk collection of any and all kinds of records if it's done right. we're working on it in the senate, which i think should be reassuring to anyone who stores data or has records kept about them in the united states. it also would do an enormous

amount -- this ties into a key recommendation in our short paper and longer paper coming is transparency. both transparency in terms of allowing the companies to report more about the process that they're receiving and how they are or are not responding to it. reports from the government about what type of process it is issuing and how much information it's injecting. more transparency about what the fisa court is deciding and thinks that the government is allowed to do. it's also worth noting u.s.a. freedom isn't the whole world on the legislative proposals right now. there are actually a really incredible vote last month in the house where almost 3-1 the house approved an amendment that in addition to protecting the rights of americans saying the n.s.a. needs a court order if it wants to search data from the 702 surveillance program from americans identifiers, it also said no n.s.a. and cia, could

not attempt to mandate or request that a u.s. provider of a communications service or technology that they have to build in a backdoor into their product. i think that speaks directly to the type of economic and security concerns we're speaking about today. as does representative grayson's amendment, also approved by the house, which would prevent the n.s.a. from using its relationship with nist to undermine the standards they establish. i think there are things on the table that do impact the debate. passage of u.s.a. freedom i think would impact of -- this debate. but much more that could and should be done especially on the 702 front. >> i agree with kevin. i think there absolutely is action that can be taken that would have a very real impact on this debate. i think passage of an amended

u.s.a. freedom act would be a huge step, greater transparency, greater accountability. reform we have been working for, for years would be a huge step to ensuring customers that their content is safe from law enforcement's reach without -- unless government gets a warrant. safe harbor negotiations have been going on for a certain amount of time and regardless of how you feel about the substance of what is going on there. there have been positive statements coming out of european commission officials. i think there are really -- >> like i'm positive i'm going to take this away from you? >> so they said things are 90% baked. at this point to get positive statements out of the european commissions to cool some of the rhetoric, to let things lie because who knows what else the guardian has? who knows what else the post has? who knows what the next revelation is? to clear some of the rhetoric

around this would be hugely helpful to industry. >> glen greenwald said he was doing his finale on americans spied on. it may be that they're largely done, though you never know. one of the things that's been missing from this discussion and really needs to be part of it is there's a cost to all of these things and to the campaign of recrimination against the national security agency. it produces less intelligence. we know less about the world and it's a very dangerous world in which a risk averse intelligence agency responding to all of these things produces less warning about things that are going to get americans killed. this is an enormous problem. i believe this. the last time we had this kind

of climate was, not surprisingly, the second term of the last democratic president we had when -- a time when republicans discovered their inner civil libertarians. and there was a dramatic campaign against the fisa court and against the intelligence community and against the f.d.i. at the time over civil liberties issues. and at the very time that happened, the fisa court imposed a wall between parts of the f.b.i. that did intelligence and parts that did law enforcement. and the result of that was that we could not use those law enforcement assets to try to find the hijackers, even after we knew -- the f.b.i. knew they were in the country and the people who had the resources on the law enforcement side were chomping at the bit to go find them and they were told to stand down because of a civil liberties doctrine that had been imposed by the fisa court responding to a public climate that is very much like the public climate we have today. two weeks after that happened,

9/11 happened. these -- there are very real costs to saying how much more privacy can we do? you never know what will be the biggest problem. but just saying can we do more? can we provide more assurances of this or more assurances of that? can we find new ways to shackle our intelligence agencies? are going to have real consequences we're not going to like. >> i want to respond to that. i think you're falling into exactly the trap i spoke about at the front end, which is this -- frankly smums i think false debate between the civil libertarians or snowden-istas versus national security. and for this vague privacy concern, you're going to have blood on your hands. first off, i think it's personally insulting. we're all concerned about terrorism. i was in lower manhattan on 9/11. i take this very seriously on a very personal level. >> name one thing you suggested in the last five years to make our intelligence agencies more

effective at a cost, even a small one, to privacy? one thing. >> that's not my job. >> your job is advocate against the national security side and for more privacy and i'm pointing out there's a big cost to that. >> verizon -- i'm sorry. >> we have to remember -- >> we have people in the room here. >> of course. >> part of their job is find the balance between the dialogue you two are having. >> and this is why i'm glad i'm not in the middle of the two of you. i think that's the important thing here, we talk about that balance. months ago when industry was in knocking on the door saying please let us be more transparent about the number of requests we've gotten, the response from many was, you don't want to report these numbers. people will be scared by these numbers. these numbers will be so big people will go running. and what we have seen is more

hunger for the kind of transparency reports that companies are putting out. people want more granulearty. i think what we need to do is strike that balance shane mentioned. find a way to talk about what's going on here in a way that does not hurt our surveillance capabilities. >> can i ask a question? all of the companies that we are suing to get more transparency dropped their lawsuit when the government actually agreed to allow greater gran larty in reporting. are those same companies having dropped their lawsuits just lobbying to get what they agreed not to litigate for? >> so i think there was a pretty small group of companies that , and i thinkrnment they got a deal at the time on paper and have been using that. a whole lot of other companies that were not involved in that lawsuit that also want to be able to report.

>> so they didn't feelly strongly enough about it to sue but -- >> i think there are a lot of companies that are covered. if you're a company and going to report the number of law enforcement requests for data you have gotten, you have to start with zero. what you do if your number is zero? zero to 1,000. so you're essentially going in, the implication there is that i got 1,000. >> you can understand why the u.s. government might be uneasy about someone who reports 0, 0, 0, 0, 0 and has like 300 customers and suddenly reports 1 to 1,000. all of the customers are going to say, i wonder who's being wire tapped among us? >> understood, sir. and that's why it's important to talk about the balance. because there are some small companies that would be like that, that got 300 customers. there are also huge companies customers.ousands of

they might want to report a zero. >> i might add when that happened, when that deal was made, first off, it wasn't a settlement technically. they agreed to withdraw the suit in exchange for a commitment from the d.o.j. they preserved their right to sue again. preserved their right to sue elsewhere. and they made clear when they made that deal their intent to continue to press for aer and better deal through the legislative process. i don't think there was any misleading of anyone's intentions there. i think they made -- some might have made a different strategic decision that was only a handful of companies that was the best deal for them to get on a quick time line to start publishing at least some information which they needed to do in order to stem the continuing rapid loss of trust in the u.s. internet industry. >> absolutely. at this point they're legislating some of them not to change the deal but lock the deal down. it's a settlement. it could be revoked. that explains a certain amount of the lobbying.

>> we have a couple minutes left soly go to the audience. do we have a microphone? ok. great. n the very back, it's frank. there is a microphone. can you identify yourself as well. do you mind standing up so we can see you? you're really tall. >> the point i wanted to make is we're focused on the impact and u.s. industry and i guess hearing that you go ooh he's heard it, i achieved my objective. but i think the big picture that they're missing is that they're hurting themselves as least as much as they're hurting us in two ways. first, one of their objectives is to say they want to increase the take up of cloud and technologies in their economies and they're doing exactly the opposite.

they're not just pretending american companies like mine, oracle, to prohibit the ability to provide services in their market but creating barriers to not just geographic but hurting the model of the next german or french or singaporean start-up. it will make it heart for a local company over there to start. all of the regulations and quite are not you can't buy american. it's i have to do all of these things to set up my business. i guess i'm going to do something else. so the , they are not users of cloud computing don't have easy access to american services. they don't have easy access to the german cloud computing start-up. so all of the efficiency are supposed to come from that are not there. you're throwing inefficiencies into supposedly inefficiency machines. last time i looked at the european economic picture, it wasn't that great.

by the own admission of the european authority. arrying two, they would hurt the small business and start negotiating. >> it may help part of their industry and hurt everybody down stream of that industry. it may help their cloud providers and hurt every start-up. i don't know any start-ups that buy equipment anymore. they all set up on a web server, a web service like google or amazon. it will be harder. if it costs more to have an all-german cloud than german start-ups will have more trouble starting up without buying equipment. >> and we started a marketing campaign for them though. do you have a question or comment? >> hi, i'm laura ballard, career civil servant at the state department. i have to say one of my first

reactions to learning who mr. snowden was and what he had done was ask myself, why are we outsourcing core government functions to i.t. support contractors? and i'm curious why none of you guys are ever talking about that. that would seem to be a potential point of commonality between the three of you. to have the n.s.a. contracting out apparently 500 or close to it i.t. support contractors for the collection of signal intelligence, it can't be great for privacy and civil lib itties and can't be that great for security. if you have that much outsourcing and people cutting corners with security background checks, it's only a matter of time before you end up with someone like snowden. short-term contract or not a great deal of loyalty towards the organization. i wonder if you can comment on that and whether you see that as a point -- perhaps also in need of reform. thank you. >> i will try. i'm unaccustomly nuanced on this

question. the n.s.a. has built its culture around the assumption you start there and you're in for life. and that has allowed them to make certain assumptions about their workforce which are undermined when they bring in contractors. they have not found a way to deal with that. at the same time the fact is that the skills that n.s.a. needs, just like the skills microsoft needs, changed dramatically every five years. you can't expect to retrain your workforce every five years for 30 years and have people who are as good as the folks you find in the market. so they have to find a way to go to the market to get to skills and they have done that by going to contractors. i do think they need to watch those employees much more carefully. maybe there's a basis for agreement on that. we should audit the people who

work for our intelligence services and our law enforcement agencies more carefully for sure. but i don't think just saying you can't outsource, you can't contract for this is going to be necessarily good because then you're going to get somebody who learned how to do a new task just by taking courses in maryland after work, which may not be best way to do it. >> i will just add -- thank you for that nuanced take. i have less to say about whether that's a good idea or bad idea or what should be done about it. but in how to respond to the fact to the extent when you have an intelligence community that is moving toward not only more of a contractor culture but necessarily more of a digital culture, where it is much easier to exfill trait a lot of data, the government needs to respond. part of the response to that needs to be the government anticipating the fact that such leaks are going to occur.

one of the great failures of the government in this whole affair is not -- clearly not having a strong game plan for if and when some of this stuff leaked. for example, by over-focusing initially on the issue of oh, don't worry, this isn't -- this is not impacting american citizens' content, response to that from mark zuckerberg was like hey, man, most of my countries are outside the country. you're kind of throwing me under the bus here. you're not helping. you're making it worse by harping on that. they actually need to think about how are they going to deal with the political and economic and messaging impact if and when these leaks do occur, which i think they are going to continue , despite our best efforts. >> i would pick up on what kevin said and say that narrative was incredibly unhelpful and i understand as some members of congress said no european ever voted for me, but the --

>> it paid for our products. >> a lot of europeans buy services and buy products from the people who did vote for you. >> questions over here? >> lady there. >> name laura. i'm an adjunct with kevin. my question relates to a comment i heard on personal democracy forum last month is the technical market is largely driven by convenience and fear. as someone who worked on the hill for 10 years, one of the ways i look at that n.s.a. debacle right now is the continual sort of migration of complex problem solving to the military in general because that's where the capacity and expertise is. process competence is often in uniform. it happens here on the hill. that's why so much technology has a cyber security label on it. something i have noticed in the last couple years though is this

willingness of the technology community to invest more in the long game of policy with policy shots that are not just self-interest to lobbying shots. just in the last year, and i'm hoping that engages the civic piece of technology and start to build capacity. this question about privatization and contracting out, recovering from a debacle like n.s.a. over collection surveillance is different than engagement for capacity building in the public sector. and as someone who worked inside congress for 10 years is desperately needed. we don't have the technical chops inside government for the long game. that seems to be changing. could you comment on that? >> i would like to think -- >> your microphone is off. >> as a representative of b.s.a., i would like to think we have been focusing on the long game for a long time, looking internationally, looking at how markets are going to change and

grow. i think many of our companies are activety engaged in c.b.t., kevin's group, a lot of other groups. as this process has unfolded, i think you see an increasing awareness and increasing appreciation for those points. and more attention, obviously, will have to be paid. >> i think on the horizon, one of the things we should think about is the ability to share data. and that it goes to transparency but one of the challenges of, noaa has interesting stuff that could be very useable both to the public and private sector. we have a lot of data, we need to figure out how we use that in an appropriate fashion. that will be probably a future forum here. question on this side, i have kind of ignored you guys over here, sorry. in the back. >> hello, thank you. brandon with the office of congresswoman susan davis.

i focus on trade issues so this is bringing it back to that discussion. for mr. baker, i want to make sure i understood your comment, which was that you suggested that if we were to call out the europeans when they come over with trade negotiations, somehow that when they invoke privacy and we realize it's actually for their own economic interests, that somehow advances the debate? i'm not quite sure how it does. europeans will come back and say ok, it's for my economic self-interest. so what? o me it seems like 256-bit encryption and end using encryption and more transparency goes a lot further in making end roads with american companies in europe than calling out europeans for being demeckly self-interested. -- economically self-interested. >> here's my concern. they are seeking to influence u.s. policy by threatening the u.s. companies with a loss of the safe harbor. the legal basis for that is not

existent. the whole theory of the safe harbor is you can sign up by contract to treat your european customers as though they were governed by european law even though the data is stored here. that is the assumption of the you harbor and the terms sign up to, do match european law. where is the european law on restriction of intelligence agency collection and storage of data? there is none. and that's why the safe harbor doesn't deal with it. to say we're going to take away safe harbor and conclude your law is not adequate because you have not adopted measures that we want, assuring us about how n.s.a. will function, how f.b.i. is going to function, how d.h.s. is going to function, is inconsistent with law. we shouldn't be apologizing. we shouldn't say it's privacy, maybe they're right and they're

european and that accent sounds so good when they say the protection. but the fact is what they're doing is purely self-interest and they're dressing it up in a dwrate -- data protection guise. the only thing i have ever discovered that they understand is the threat of retaliation if they go beyond the legal bounds they have set. that are set by international trade law. the u.s. and u.s. congress has been reluctant to stand up for companies and say if you get hit enforcement matter in the european union based on a theory that goes beyond international rule, we will allow you to file a lawsuit here and collect the money back. in fact, you can auction off the embassy of the country that sues you. we could do a lot to make it clear we're tired of this one-sided debate in which they

demand and we give a little and come back next year and demand more and give a little more. because they are threatening to hurt our industry. it's the wrong approach. we need to get much more tough minded. >> if i could add to that, i agree with the questioner but i also agree with stew in the sense there's a whole lot of -- oh, i'm shocked that there's gambling in this establishment going on. there's a lot of -- certainly hick pock rasy, some double standards and indeed a lot of the things n.s.a. doing in cooperation with some of these governments. i don't think that -- and also, again, i have conceded as much, sometimes this is being used as an excuse to justify positions that were already held. that doesn't mean we can ignore it and we don't to try and ameliorate that. i think what all of this points to is, and this goes back to addressing also the growing credibility gap for u.s. government on internet freedom is we need to begin to build the

processes to have a sustained major discussion, internationally, about what human rights means for surveillance and what, you know, modern democracies believe is acceptable and unacceptable in the 21st century when it comes to surveillance, whether inside or outside of the borders. there's a major report on this issue that just came out this week. i would say it was great if i had actually read it. i have not had a chance to read it. i'm told it's quite something. but we're talking about a number of issues where we are looking at i think not just the next few years, but decades of work and decades of implications. one of the biggest imimplications is it is time for modern democracies to talk very plainly about when say there's a capacity for government to sit on its country's domestic network and suck up everything and filter out the stuff it thinks is important, which is exactly what is happening here

now, when is that ok? how is that ok? what are the protections in place to make sure that it's -- that human rights and our constitutional rights are protected? how do we generalize that across the globe in a way that is fair and monitorable, and won't lead to hypocrisy on our side or theirs? >> i'm going to agree with both of you on this point and say i would like to see the u.s. come off its back heel a little bit, especially as relates to the safe harbor and europeans at this point blatant misrepresentations and mixing of the surveillance and consumer privacy issues. it's been an unfair burden from the start. and i'm happy with the way we're getting to on the safe harbor debate but we shouldn't have been there on a lot of this. >> last question is back here in the corner. gentleman in i think a green shirt.

>> hi. i wanted to comment for mr. baker, you seem eager to talk about everyone else's government but we're upset about our government. we're upset about our government because they work for us. i think the fundamental problem we're missing here is that you can try to scare me by telling me al qaeda will blow me up if i don't concede my constitutional rights but the problem is not only are we concerned about the balance we have between security and liberty but we feel the balance we already agreed to, government is not following those rules. so we set up little fights, of course, but one warrant can apply to thousands of people. the government is not even abiding by the rules we say we want to strike, balance we want to strike between liberty and is security. so i guess, i want to ask, don't you agree whatever balance we come to as a democracy, the government should follow those rules and accept and respect those rights they have agreed to? >> of course we are always focused on our own government.

that is human nature in this country and probably elsewhere. it is fair to ask since we get to set the rules for our government what rules we want for our government. but the fact is i know a fair amount about the intelligence operations of other countries. and we're the people, the country that came up with the idea that intelligence should be governed by law, you can set legal rules that will restrict how government gathers intelligence. we sold that idea to parts of the world. some parts of the world. and we have more transparency, more regulation, more oversight and more effective oversight of our intelligence agencies than any country in the world. if you want to talk about comparison between us and other countries, the reason i say -- talk about other countries is because they are nowhere near where we are.

and we should recognize that they will not necessarily follow us in what we do. on the question of oversight, yes, we should have oversight just the powers that intelligence agencies have are extraordinary. data, it is -- it's not a question of whether we should gather data and go through it. the fact is it gets cheaper and easier to do that, thank your members, every year and that will happen. and if it isn't done by the united states government, it's going to be done by a host of tech companies and people's liberation army in the united states. and so we can only regulate what the u.s. government does. but we can't prevent technology from moving forward. on the question of oversight, yes, but we have built an oversight system that includes members of both parties institutionly. numerous executive agencies whose job it is and whose

careers be made if they find abuses. oversight committees of the house and the senate are both set up to love for abuses. and in many cases on a bipartisan basis. the courts are also involved in this. fisa court judges are just judges chosen from around the country. they're not some spooky guy who's brought in to do this. they are ordinary judges like everybody else. everything that has been disclosed here was done from the context of those oversight structures. they have been, in some cases, misrepresented by snowden-istas or by the press. and in some cases, people just are surprised to discover what can be done with technology. but the fact is, this is how we found most of the al qaeda terrorists that we found and killed. by aggressively pursuing this

data, parsing through the data until we could find a single person in a single car, in a single place in waziristan. and it was a major undertaking. and it required a lot of effort. i don't think we want to tell them to stop. i think we need to have people doing that because we live in a world where technology has also made it possible for people in waziristan to kill thousands of americans if we are not watching them. and so my view is yes, we should have oversight. i completely reject the notion this was unlawful. i completely reject the idea it was unconstitutional. there's been one judge out of about 15 or 20 who thought this was unconstitutional. his best reason was we now use cell phones instead of lighters at rock concerts to hold up. i don't think he's in the mainstream. you can believe it's unconstitutional but that's not what the courts have said n.s.a.

was entitled to listen to the courts that gave them the answers. i don't think that the oversight has failed. i think that we are in the middle of a kind of moral panic over n.s.a. and privacy. it's a kind of which hunt. wake up in three years or five years and say what were we thinking? that is crazy. >> closing thoughts on that one? >> wow. a lot of places i can go with that. i know we're short on time. i think that's fair to say that the oversight mechanisms did not fully in this instance. we had the fisa court judges themselves in newly declassified opinions clearly disappointed with the n.s.a. and in some places angry at the n.s.a. and decided things that the n.s.a. did were unconstitutional. the fisa court said what you're doing is unconstitutional and you need to stop, with regard to the 702 program felt it was

mislead in part because the n.s.a. claimed its systems were too complex for even it to understand and fully brief the court on, which is concerning. but i mean from my perspective one of the biggest issues here, and it's been one of the issues for me for a long time, because i was involved in litigation as e.f.f., suing the n.s.a. over some of these programs when they were first revealed, i mentioned earlier the n.s.a. is kit sitting on the key internet exchange points in our own country such that they have technical access to all of those communications and then based on procedures approved by fisa court, doing some sorting to pick out what they want. we have been saying that and that's been front-page news since 2005. and yet that fact was classified until earlier this year. members of congress were never that debate or discuss

basic basic, basic fact how our new modern 21st century surveillance april rat us is working when they were passing the law used now to authorize this conduct. we as society did not have a debate about whether it makes sense in a democracy for our intelligence apparatus to have that kind of access to our domestic network that carries all of our communications as well as communications of the bad guys. that is not effective oversight. that is not effective democracy. the fact we had to have a leak in order to begin to have that conversation signals a fundamental failure of the oversight process. >> chris, closing thoughts? >> i think stewart's coin of phrase that would get on bumper sticker he would never put on his car is, i'm a snowden-ista. i think it's important to consider where we are right now. we're at a point, one, where we are really kind of rebalancing on surveillance. and we can bicker about what has

happened. we did debate. and there are important conversations that need to be done. but we are also entering a new era of privacy where we need to think going forward about the decisions that we are making and the impact they're going to have both on privacy and on commerce. we need to be able to allow technology to continue to advance. we need to ensure the effectiveness of law enforcement and surveillance and we need to preserve the constitutional and legal freedoms not just here in the united states but people around the world in order to continue to lead both on technology and privacy. >> great, thank you. i want to thank you all for spending your friday lunch hour with internet caucus. pluse join me in thanking our panelist for a very vibrant discussion. [applause]

>> newsmakers is next. that, a debate between the republican candidates competing in the georgia senate race. then, chris christie in iowa. . there was a lawsuit aimed at the president. if the republicans are successful, is there worry that this could create an imbalance?