guest: each one only has a certain capacity. one of the more interesting questions during our conference call, what are they going to do their answer was they were moving the second health care worker to emory university isolation unit. there is one at nih. i do not know how big those are. what are the capacities for those institutions? that theyge question are very expensive, take a wild to put together, are we ready to handle widespread epidemics where you isolate people? there is no way to isolate these patients. part of the

discussion that will happen on capitol hill today. host: good morning, democrats' line. caller: thank you for taking my culprit i wanted to know how you figured that the cdc dropped the ball when they tell you the health care workers taking care of that man in texas they were going to watch every day and take their temperatures everyday and the woman was allowed to leave the state and get him a plane. they did not know she was leaving the state, and that is a critical call to keep her, watching her every day. if they are lying to you about that, they are lying about the way the disease is spread. they're dressed up like the michelin man and they still caught the disease. now you are on an airplane, sitting on a seat that should be contaminated that she was in. thank you. guest: the cdc has initially declared the health care

workers, 75 or so that had ncan,t contact with hidu they were going to do self my-monitoring. -- self-monitoring. we learned that the patient still had contacts with others, and one got on an airplane with a temperature of 99.5 degrees. technically a fever. we now have the cdc saying they are taking a tougher stance on that and prohibiting public people theyy of the are monitoring for this right now. the cdc has gotten incrementally tougher as the days have gone by , and this thing has spread a little bit. so that was the question you asked is a question and a lot of people ask. nurses were wearing protective gear, but there is a question about whether they put the gear on the wrong way and too much gear on, and when they

took it off it was easier to transmit virus, too many layers of gloves. we heard nurses talk about lack of training and oversight, shortages and how they were monitoring this. the cdc responded to this yesterday by saying we are putting our people there to monitor every step of the way so there are not any questions or people are protected somehow the health care workers are protected. going forward, now we should see this thing not spreading to new health care workers because the going tothere are not be gaps, because there will be experts making sure people are putting gear on and off properly and handling patients properly. host: is there a single person at the white house overseeing these agencies? caller: that would be sylvia

burwell, thae secretary of the health and human services. she was on a conference call with reporters yesterday and said little, other than they were coordinating with homeland security on ensuring that the nation was kept safe from the spread of ebola. ed overtty much hand to the cdc director on how they were trying to control the spread of the disease. there have been comments by lawmakers and other saying let's create a position, have somebody overseeing all of this, and there has been discussion of that. so far we have not appointed anyone to that position. that could change. bonita,eveland, ohio, hello. caller: good morning. i think we need to close our borders frick we cannot just ban

people from west africa because could have gone to another country and taken a plane to the united states. we already had an incident in ohio. all of us are wary here, in the not going to put them down and i do not think really think -- i we need to close our borders. we cannot let nobody over here, just like this man came over here, the first place he went over to west africa to visit, and then he came back, and, boom. have a good day. host: are you still there? caller: yeah. concern?t is your caller: you got a lot of people-- >> good morning, everyone,

lakota brookings. -- welcome to brookings. this event will set a brookings record for the height differential between guests and host. i'm kidding. the director is actually not that short. very recentg to be because we have limited time, and the more of it i use the less that we can use for dialogue between you guys and the director. director comey is here to talk about encryption and the problems it creates for law enforcement. this is a subject that a number of people here testified to the amount of interest in the subject all over the place right post a lot ofden, debates about surveillance

reform. differenthas a respect of is about the impact related to the federal and state law-enforcement. the format will be simple. he is going to give a relatively brief set of remarks. i'm going to ask. -- we areing to ask going to move to a conversational format, ask a few questions, and then we will go to you and use as much of the time as possible for questions from the audience. when i do that, we are going to do that, you know, as trying to formatn as uninterrupted as possible. please signal to me if you want to get in, and wait for the mike to come around, and introduce name andby your

organizational affiliation. keep your questions brief so we can have as significant a discussion as possible. i will turn it over to the director, who needs no introduction to this audience. i'll come back to brookings -- welcome back to brookings. a small difference. i will adjust that mike. good morning, everybody. it is great to be here at brookings. i'm told also i am going to be the subject of a recorded podcast. what i would like to do you share thoughts with you and for me, the most important part will be our conversation together. i thank you in advice for asking whatever is on your mind. i have been on this job now for one year and one month. myetimes i joke and express tenure in months remaining as if i am incarcerated or something.

i do not mean that. i have i believe the best job in the world, because i get to come to work at the fbi every day. over the last year have confirmed what i have long believed that the fbi is remarkable place, filled with amazing people, doing amazing work all over the country and the world every day. i have confirmed what i have long known, that a commitment to the rule of law and civil liberties is at the core of the fbi. i believe it is the organization's spine. ,e confront serious threats threats that are changing every single day, and i want to make sure i have every lawful tool available to make sure i am addressing those trips. i see this as an opportunity to begin a conversation about something that is affecting in a serious way the investigative work we do. i want to talk to you about the impacts of emerging technology on law enforcement, and within that context it is important to talk about the work we do at the fbi, what we need to do the work

that we have been entrusted to do. i believe there are a fair number of misconceptions in the public discussion of all what we in government collect, especially we at the fbi, and the capabilities we have for collecting information. as fast as ib is can to explain and clarify as i can the work of the fbi, but i want to get a better handle on your thoughts, because those of us in law enforcement cannot do with what we need to do without your trust and support, and we have no monopoly on wisdom. my goal is not to tell people what to do. fellow is to urge our citizens to participate in a conversation as a country about where we are, where we want to to especially with respect law enforcement authorities. let me start by talking about the challenge of what we call going dark. technology has forever changed the world we live in. all of you notice every single day. we are online, in one way or

another, all day long. many of us are online at night when we should be sitting. our phones and computers have become perfections of our personalities, that reflect interests and identities, hold much of what is important to us in life. if that comes a desire to protect privacy and our data. we want to be able to share our lives with the people we choose to share our lives with. i very much feel that way. the fbi also has a sworn duty to try to keep every american safe from crime and from terrorism, and technology has become a tool of choice for some very dangerous people. unfortunately, the law has not kept pace with technology, and this this connect has created significant public safety problems that we have long described as going dark. what it means is this -- those charged with protecting our people are not always able to access the evidence we need to prosecute crime and prevent

terrorism even with lawful authority. we have the legal authority to intercept and access to vacations pursuant to a court -- to access communications per cert -- personally to a court order. we face two priorities. the first involves real-time data in motion, such as phone calls or e-mails or live text or chat sessions. concernsd challenge court ordered access to data stored on our devices. such as e-mail or text messages or photos or videos, what we call data at rest. and both real-time syndication, data and motion, and store data, data at rest, are increasingly encrypted. let me talk about court-ordered interception and about the challenges posed by the proliferation of different means of communication and encryption. doing electronic surveillance was

straightforward. we identified a target phone, used by a bad guy, with a single -- without a court order for a wiretap, and under the supervision of a judge, we collected the evidence we needed for prosecution. today there are countless countless networks, countless means of communicating. we have laptops, smartphones, tablets, we take them to work, school, we take them the soccer field to the starbucks, over many different networks, using many different apps. conspiring toe harm us. they use the same devices come the same networks, the same apps to make plans to target victims and cover up what they are doing, and that makes it tough for us to keep up. if a suspected criminal is in the car, and he switches from cellular coverage to wi-fi, we may be out of luck. if he switches from one app to another or from cellular voice service to a messaging app, we may lose them. we may not have the ability to

switch lawful surveillance between devices, methods, and networks. the bad guys know this. they are taking advantage of this every day. in the wake of the snowden disclosures, the prevailing view is that the government is sweeping up all of our communications. that is not true. idea thetely, the government has access to all communications at all times has extended even more unfairly to law enforcement, that is working to obtain individual warrants approved by judges, intercept indications of suspected criminals. some believe that law enforcement and the fbi has these phenomenal capabilities to access any information at any time. we can get what we want by flipping a switch. that is the project too much television. it frustrates me because i want people to understand that law enforcement needs to be able to access communications and information in a lawful way to bring people to justice. we do that pursuant to the rule

of law with clear lines and strict oversight. even with lawful authority, the going dark problem is we may not be able to access the evidence and information we need. current law governing the interception of two medications requires that the communications carriers and broadband providers build interception capabilities into their networks for court ordered surveillance. but that law, the communications assistance to law-enforcement act, was connected to the years ago, a lifetime in the internet age. it does not cover at all new means of communication. thousands of companies provide some form of syndication service and most are not required by statute to provide lawful intercept capabilities to law enforcement. what that means is that in order -- an order from a judge to monitor taken vacation may amount to nothing more than a piece of paper. some companies fail to comply with the order, and some

companies cannot comply because they have not developed the capabilities. other providers want to provide assistance, but they have to take the time to build intersection capabilities which takes a lot of time. the issue is whether companies not subject currently to this law should be required to build lawful intercept capabilities for law enforcement. to be clear, we are not seeking authority to intercept negations. we are struggling to keep up with changing technology and maintain our ability to actually collect vacations we are authorized to collect. if the challenges of real time data interception threatened to leave us in the dark, encryption threatens to lead us all to a very dark place. here is what i mean by that. encryption is nothing new. but the challenge to law enforcement and national security officials is markedly worse with recent default encryption settings and

encrypted devices and networks all in the name of increased security and privacy. for example, with apple's new operating system, the information stored on many phones and devices will be encrypted by default. shortly after the announcement, google announced lands to follow suit with its android operating system. this means the companies themselves will not be able to andck phones, laptops tablets to reveal photos or documents or e-mail for stored text and recordings in those instruments. both companies are run by good people who care deeply about public safety and national security. i know that. and they are responding to a market demand that they perceive. but the place that this is leading us is one that i suggest we should not go without careful thought and debate as a country. at the outset, the good folks at apple say something that is reasonable, which is is not that big a deal, because law enforcement can still get the data from the clouds.

folks are going to back up their devices to the cloud, and the fbi can access the cloud. here's the problem -- uploading to the cloud does not include all of the stored data on the , which has thes potential to create a blackhole in and of itself, but, second, if the bad guys do not that up their phones routinely or if they opt out of uploading to the cloud, the data will only be found on the encrypted devices himself. it is -- themselves. it is the people who are worried about the device who are most likely to avoid the clout and to make sure that law enforcement cannot access in creating data. encryption just is not a technical feature. it is part of a marketing strategy. it will have very serious consequences for law enforcement and national security agencies at all levels. sophisticated criminals will come to count on these means of eve eating detection. detection.ading

it is equivalent of opening a safe deposit that cannot be opened, a safe that cannot ever be cracked. my question to facilitators in this conversation is, at what cost? to correct impressions that are connected to the spirit the first is folks say, good folk say, you still have access to metadata which includes photo records and location information stored with the telecommunication carriers, and that is absolutely true. metadata does not provide the content of any communication, it is incomplete information, and even that is developed access and when time is of the efforts. i wish we had time and armor, especially when lives are on the line. we usually do not. there is a misconception is that is building a back door. that also is not true. we are not seeking a backdoor approach. we want to use the front door

with transparency. we want clear guidance provided by law. we are completely comfortable with court orders and legal process, front doors that provide us the evidence and information we need to investigate crime and prevent attacks. are goingrsaries to try to exploit vulnerabilities they find, but we think it makes more sense to address any security risks by developing interception solutions at the front and in the design phase rather than resorting to patchwork solutions when law enforcement comes knocking after the fact. with the sophisticated encryption there may be no solution at all, even the government at a dead end, all in the name of privacy and network security. folks sometimes say you could guess the password or break it with a so-called brute force attack. here's the truth -- even with a supercomputer, we would have difficulty with today's high-level encryption, and some users have a setting

where the encryption key is raised after too many attempts to break the password, meaning no one can access the data. sometimes i have also heard folks ask this question, can't you to compel the owners of the device to provide you the password? the answer that is a reasonable question, but unfortunately, no. even if we could compel them, as a legal matter, and about the choice that that bad guy has to make. imagine a child predator infested a refusing to comply with a direction from the court to hand over a password, or a sentence for the charge of distribution of chopper in order for -- of child pornography? think about your life without smart phones or internet access or texting or e-mailing every day?

people much cooler than i call this a fear of missing out. of us ing dark those law enforcement and public safety has a major fear of missing out. missing out on predators who exploit the most vulnerable among us, on violent criminals, on terror cells, and a lot of other bad people. on more we as a society rely these devices, the more important they are to law enforcement and public fatal officials for reasons i think aches and steve. guessing case after case from homicides and car crashes to child abuse,ing, child exploitation, and exoneration where critical evidence came from smartphones, hard drives, and online communication. let me give you some example some cases that involve the content of smartphones. in louisiana, a known sex offender posed recently as a

teenage girl to entice a 12-year-old boy to stay out of his house to meet this supposed young girl. the predator posed as a taxi driver. he took this young boy, murdered him, and then try to alter and delete evidence on his and the victim's cell phones to cover up the crime. both phones were instrumental in suspectthat this e enticed the victim into his taxi. in louisiana, -- in los angeles, police investigated the death of a girl from blunt force trauma to her head, and there were no witnesses. text messages stored on her between cell phones, the two of them and other family members, proved the mother had caused the young girl's --. the text messages stored on devices also could they fail to see that eagle attention for the little girl four hours after she convulsed, and they went so far as to paint her with blue paint

to cover her bruises before calling 911. confronted with evidence from the phones, both parents played guilty. got warrantsy, dea for smartphones, and they found on the phones information that tied a group to deaths in the high school area. werecramento, a couple walking when a car ran a red light and struck them, killing four dogs and severing the young man's leg. several days died later. using red light camera, a suspect was arrested. the data on a phone-based the

suspect at the scene of the accident. he was convicted and is serving ife term.s to l lastly i have used it in ways that has been used to exonerate innocent people. in kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. without access to the phone or the ability read to recover video from that phone, several innocent young men could have been wrongly convicted. these are cases that i pulled together and which we have access to the evidence we need. but we are seeing more and more where we believe significant evidence is on the phone or on that laptop and we cannot crack the password. if this becomes the norm, i suggest to you that homicide cases could be stalled, suspects walk free, strauss exportation of this ash child exploitation not prosecuted.

justice can be denied. here are my thoughts about this. i am deeply concerned about it as both a law-enforcement officer and citizen. i understand some of the thinking in a post snowden world, but i believe it is based on a failure to understand why we in law enforcement do what we do and how we do it. i hope you know i'm a huge believer in the rule of law, but i also believe that no one in this country should be beyond the law. there should be no law free zones in this country. i believe we need to follow the letter of the law to examine the contents of someone's closet or the contents of their cell phone. the notion that the marketplace could create something that would prevent the closet from even when opened, they properly obtained a court order, makes a sense. i think it is time to ask, where are we as a society? are we no longer a country that is passionate both about the rule of law and about there

being no sense in this country beyond the reach of that rule of law? have we become so distrustful of government and law enforcement in particular that that we are willing to let bad guys walk away? i know there will come a day where it will matter a great deal to innocent people that we in law enforcement cannot access certain types of data or information even with court authority. we have to have discussions about this. i believe people should be skeptical of government power. i am. i think this country was founded by people who were, who knew you could not trust people in power, and so they divided the power among three branches to set interest against interest rate then they wrote a bill of rights to ensure the papers and effects of people are secure from unreasonable searches. in the way i see it, the means in which we conduct surveillance, two carriers or

isp's who have developed lawful intercept solutions is an example of the government operating the way the founders designed it, with the executive, legislative, and judicial branches opposing and overseeing legislation pursuant to the rule of law. i suggest it is time that the post snowden pendulum be seen as in one swung too far direction, in a direction of fear. i think it is time to have a debate about liberty and security. some have suggested there's a conflict between liberty and security, and i reject that framework. bestnk when we are at our in law enforcement, and we are looking to enhance security and liberty. policecity posts officers on a dangerous libertynd,

has been promoted. it is not a question for us of conflict. we care deeply about protecting liberty through due process, while also safeguarding citizens we're are here to protect. where do we go? these are tough issues. finding the space and time in so i'mes is hard, grateful to brookings for carving out some space for us. intelligent people can disagree, and that is also what is great about american life, smart people disagreeing to come to the best answer. i have never been any one who is a scaremonger, but i am in a dangerous business. i want to ensure we discuss the impact of limiting the court authorized law enforcement tools we use and we talk about what are the losses associated with our inability to collect them permission to pursue the law. we will continue to throw

everything we have at this challenge. it is costly, inefficient, takes time, but we will work to make sure that whenever we can we are able to execute court authority, but we need to fix this problem. it is long past time. we need assistance and cooperation from companies to comply with lawful court orders. so that criminals around the world cannot seek safe haven. we need to find common ground where we care about the same things. i said it because i meant it. the companies we have talked about that we have talked to are run by good people care about the same things. we know an adversarial posture will not help us here. we understand the private sector's need to remain competitive. it is not our intent to stifle innovation or undermine u.s. companies, but we have to find a way to help these companies understand what we need, why we need it, and how they can help out protecting privacy rights and network security. we need our private sector partners to take a step back, to

pause to consider a change of need a but we also regulatory and legislative fix here to create a level playing field so that all can vacation service provides are held to the same standard. so that those of us in law enforcement and public safety can continue to do the job you have entrusted us to do. in the way you want us to do it. wehaps most importantly, need to make sure the american public understands the work we do and the means by which we do it. i really believe we can get there. i believe we can find a reasoned approach. i do not have a perfect solution to suggest to you, but it is important to start the discussion. i'm happy and eager to work with congress, with partners in the private sector, law enforcement and national security counterparts, to find the right answer, to find the balance we need to, to find both liberty and security rate so thank you

for being here today to participate in this conversation. thank you for caring about these issues. i look forward to your questions. [applause] >> i will ask a couple questions, and then i will kick it to you guys. i want to start, why now why now?mark -- they do not seem appreciably different than they were a year ago, and this thing has been reignited. why? >> a great question. i think it is an accumulation, another brick in the load, of going dark that hit me when i took this job a year ago. catalyst was the announcement of the default

encryption on the de vices. these are good folks, responding to a market imperative, but where are we going? we need to have a conversation about this. >> you left government last in 2003 -- 2005. you were not on the investigative side, but you had a sense of how light and dark things were. how different is it today than it was when you came back into government, how much darker is the world than before you left? >> license is dramatically darker, -- my sense is to medically dark, especially with the proliferation of onto medication means, the proliferations of different apps, the outside can vacation channels -- outside communication channels.

>> so you describe in your remarks that you wanted not a back door, but a front door, and i am trying to understand what to haves technically an ability todecrypt with an order that does not create technical vulnerabilities that others could exploit, either foreign intelligence services or and a lot of people believe our own intelligence services. are you envisioning when you talk about building in a front door lawful interception decryption capability? >> i am not smart enough to give you a highly reliable answer. what i am told is any time there is a dork is a risk that someone riskdoor is there is a that someone will get into the door. if a door is felt transparently in the front end, designed into

the product, the chances of a vulnerability being unseen are lower than it is kabul on to the end.- cobbled on to the to build one is a risky thing today, and the smart people told me the best way to do it is to build it at the front end./ >> you're not talking about a revival of the sort of idea from you are speaking more thematically than that? >> correct. i would like to see colia written so a communications writer has an obligation to but a lawful intercept capability into the product that they provide. not that we hold some universal key. >> gotcha. minutes"st recent "60

-- >> it's on every sunday night. >> you were asked whether all these interceptions take place with a warrant. i was surprised at your answer. use a category the fbi does not do interceptions without a warrant. i was puzzled by that because i can think of at least a few in which you guys are authorized to do interceptions without a walrus. i was wondering it -- without a warrant. is there some policy that you have adopted that you do not do surveillance without a warrant, or were you incorporating various exceptions into remarks? >> a fair question. i thought i gave a fair and accurate answer, the people gave me feedback that said it was insufficient, should have been longer, and what about the exceptions?

i wish i had thought about it in the moment. mingins true in the overwhel number of our cases, we have courts authority to collect the content of e-mails or telephones, but there are exceptions to the warrant requirement. is consent, where someone gives us content to monitor, we can read the content of e-mails and calls a two consent of parties, and, second, where there is collection on a non-us person overseas, under section 702 authorized by the court, if an american is communicating with that person, that indication will sit in the databases, and my agents doing the investigation will query the database and may see that e-mail and read it. they do not go back to the court and get authority for their look at it. our view that it was collected lawfully in the first place.

that is an exception that if i thought about it in the moment i would have mentioned it. we had thisll say fight in the 1990's. the idea lost because building in security is inherently a bad idea. things tof you want be secure, you have got to the old security not build other ways in. in the same "60 minutes" episode, you said there were two types of american companies, countries that are being hacked by chinese and companies they do not know their being hacked by chinese. hereere not a tension between on the concerns for cyber security and on the other hand the insistence that we have a certain layers of insecurity for one particular set of actors?

i would ultimately facing a choice here between a secure internet and an insecure internet? >> i do not think so. i think this comes back to the response of the first or second question, that it is about relative risk. there's much more risk associated with the after-the-fact intercept it ability being built in. there is a nonzero risk associated with the building built in the first place. there's also a risk by society with the ability of collecting that information with lawful authority. other people may disagree that the risk mitigation welding at the -- building at the front end makes sense. >> let's go to all of you. we have a lot of questions here let's start with chris. when i call on you, please wait for the mike, and please keep

questions short, and let's frame it in the form of aggression. >> i work for the aclu. over the last few years, we have learned the lawful intercept systems in google and microsoft have been hacked by foreign governments. they were both hacked by chinese, and microsoft's team was asked by the syrian army. probably the leading companies on the security front. whether you want to call it a front door or a back door or a backdoor, if these companies are delivering encrypted communications, the only logical in to provide law force access is to provide a key. if the keys are there, whether in law-enforcement hands, when the companies' hands, people will try to steal them. laster foreign policy ran an article in which they described a team of fbi agents backing a trash truck into the czech

embassy's facility and stealing keys. we thought many people do not understand the fbi is in the business of stealing encryption keys in its capacity as a foreign intelligence organization. given you know that keys can be stolen, given these bodies are constantly having sophisticated adversaries trying to steal their private information, and given we have multiple examples of lawful interception systems being successfully compromised, what gives you confidence that some small silicon valley company and mandated to do so can build a security interception system? >> thank you for the question. i do not think anybody can build an interception proof system. that is what i meant when i said the risk is non-zero. i think when you aggregate the risks and trade-offs the alternative does not make sense to me, saying that while it is hard, we cannot limit risk, therefore a universal encryption

and not just a going dark, but a complete darkness for law enforcement is a place we want to know. i think there is risk associated with what i'm suggesting. i think given the other risks involved it makes sense. >> david sanger? you.ank you talked about the enforcement side of this, and you mentioned the pendulum swing from the snowden disclosures, but you did not talk about the nsa and others. one of the things we have learned from the snowden disclosures is the nsa found ways around encryption at ogle and other places by going in to the communications of servers. when apple and google make these announcements, clearly they are trying to demonstrate to the germans or brazilians or

anyone who is outraged by these disclosures that there is no they have deliberately thrown away the key so that the nsa cannot do that in their systems. as he sensibly was going on here. i have not heard yet from the administration any guarantee that created the kind of portal that you have described, front or back your, that there would then be assurances that the nsa would not do again what was disclosed to have been done before. tell us about the discussion inside the administration about how you provide those assurances. >> go ahead. >> a good question. i do not think i am in a position to talk about discussions inside the administration. it has not been extensive, because there are a lot of other things going on, and i would not tell you anyway, david, what is going on inside

the administration. [laughter] i understand totally, and i'm not trying to jump on companies. i understand totally the market imperative. i work for two companies before coming back to government. i get it. but i think that we can address their concerns by being transparent as a country about here are the lawful authorities by which the government can enter through google's door or apple's door so they can assure their customers no one is getting in here except you clearly understood channels. thanks. garrettet mitchell -- mitchell.

it is interesting to hear you talk in the abstract about presumably the chief executive officers and memrs of the c-suite in the companies that are clearly at issue here. intentioned, patriotic, etc. yet they do not want to go where you want to go. i wonder if you could eharacterize for us than nature of the argumentation that logic him if you will, of their perspective, and, as you said, one of the wonderful things about a democracy is that people can do that. one of the not so wonderful things about a democracy is that people can do that. it gets us nowhere and i wonder

if you could characterize for us the point of view, the sort of internal logic that those some of the people you are dealing with, have and the soundness of that point of view even if you disagree with them. >> as a good question. i do not want to talk about particular conversations because i want to make sure that conversations are robust. maybe in general, i would trough from some of the questions here and remarks. they are responding to a market imperative where they are getting beat up around the world because the american government is reading the everything on your systems, so their competitors are using it against them all around the world, so they are trying to respond to that by saying that is not true, our stuff is protected. i get that. that makes sense for them to advocate that position. they are not responsible for the other risks we have talked about. they are advocating in good

faith a view that make sense to me from their perspective. what they are not able to advocate cannot because it is not something they own except as citizens in this great country, is the safety trade-off, the security trade-off. that is probably the best way to describe it. >> yes, right here in the front. >> thank you very much. i would like to ask the a question based on my previous experience. one is a federal law enforcement officer. in the past we had a lot of debates concerning civil liberties and protections in the activities of our intelligence service. there was a response with attorney general guidelines to put in place rules and regulations until the law was basically changed on caught up. i understand the problem with colia.

in the internet of things, it does not address the problems we have. just like aristotle said in his writings, and when he asked the question, should a city have walls, we have an obligation, one, to protect our busy. he also have an obligation to allow our law enforcement to do its job to protect our citizens. are you taking any steps short of a law change to try to put in uretems that will sure -- ass the american public that we will do it better job at protecting your privacy? >> that is a good question. and if i get ton, any complaints from my troops that we have an overwhelming amount of policy that governs their ability to obtain information in investigations of all kinds, then my response my folks, i get your first ration, but i like that. i like the restraint. i look at the researches on fbi agents to collect electronic

evidence, and they are pretty darn expensive, and no one has suggested to me and improvement. i'm focused on trying to get the law changed so those with whom we interact with lawful process are able to comply with it. joel margolis. what can you tell us about the bureau's plan to update the colia statute? >> not much more than i just told you, which is i am hoping we can now start a dialogue with congress on updating it. it has been an effort underway before i took this job that got blown away in the post snowden wind, which i understand, but now it is an opportunity to aybe stand in that wind little bit and had that conversation. the first thing is to talk to respond will people on the hill about what makes sense and how do we get that kicked

around. thank you. i am here at brookings is a visiting fellow. when i was at the commerce to thatnt, prior effort, went back and forth with your predecessor about some of the business journal -- some of the potential reforms. some of the issues today were part of that discussion, i and i want to ask about what other. the explosion of also there is phenomenon, and i think a widespread concern, that we are also going right.

there is a tremendous amount of digital information that is available to companies into governments. and one of the issues that we face in whatever we do in addressing public policies to deal with that data is the impact on international norms. and ituestion is, parallels some of the cyber security questions, if we go stepshis road and take that would break the encryption, what is the impact on more repressive countries around the world that will follow that example? a good question. i do not think -- it is

something i've thought about, but frankly not well enough to give you an intelligent answer at this point. i think that has got to be a part of the discussion, because i have heard people saying, ok, we can have transparency in the united states defined clearly, what access is given when, but that is a president for repressive genes getting anything they want. others have said the repressive regimes are getting anything they want anyway as a result of doing business there. i do not think i know enough at this point yet to give you a good enough answer. thank you for taking my question. i am an author. of surveillance and everything. i have a question about -- everything i do all day i can see, everything that i do. i missed the last part of that sentence-- >> everything that i do in the

whole day i can see is a dream. and for this kind of -- >> i have no idea. >> probably somebody at brookings. george washington university. book 20 years ago, and it seems like we are in the same movie again. i heard something you said, which is what is the cost? , backstion for you then we did not have a in my mind a serious cost-benefit analysis that people could say trade-offs.re the has your organization or any other organization you know of yet made some serious cost benefit analysis can not only

economic, which is important, but also social costs and law enforcement downsize and everything else? >> the answer is not to my knowledge. i have identified costs and benefits only in a rough order of magnitude, but not so far in any quantitative sense. i'm sure smart people have and it will be a useful part of the discussion. >> director, would you acknowledge perhaps some of that distress you just spoke about that comes from the government not being fully truthful about i amit was doing -- referring to clapper, and even the fbi's own issues with national security letters. partly that distress comes from that, and would you acknowledge maybe that is part of the problem here? >> before i give you a yes, i want to take apart your question is a little bit. i do not agree with the predicate that your characterization of jim clapper

in particular, but i think a lot of it comes from justifiable surprise on the part of the u.s. people as to the asked dent and nature of the surveillance being conducted in the name of the united states. i see the u.s. people. i believe very strongly that the elected representatives had a complete insight into it. when people talk about it, i can understand being freaked and surprised, but i also think i have yet to see their lawless conduct that folks talk about. i see the government operating with all three branches, but that does not mean that folks are not justifiably reacting saying, whoa, they're doing what? so i think that more than anything else has fed the post-snowden wind.

it can be breathtaking. >> ma'am? i really appreciate that the chief got to be here. you know all the stories. i smit all the documents and evidence that the department of justice and the agencies or lawmakers no longer give a response. say about three branches, and we are talking about a lot of surveillance, we are talking people's e-mail being hacked. identifyon is, can you people's e-mails and accounts -- >> i really do not think i am in

a position to answer that. >> i am from the center for democracy and technology. -- talk to us about the international implications. for example, if your apple or android, you cannot sell an f iphone in europe. go 3,ey going to have to 4, or six times when other countries follow our lead and impose the same kind of mandates you're talking about? and happens in the indias united kingdoms of the world? >> i would market this as an fbi- or nsa-ready phone.

we may have a better brand. gotten this out of my head completely. i can imagine them saying we as an american domiciled corporation will comply with pursuantocess, enacted to law -- pursuant to law and enacted by congress, we will comply with the government for lawful investigations. it would not be about marketing the phone. it would be about them at retaining some capability to be able to access the information. how thatwould forget would work, but something like that, but i think it is a serious conversation to have about how they would do it in particular. we may get is to a place where congress says, you need to

force this on american companies, and maybe they will take a hit. someone is some other country will say, we sell iphone even with lawful authority able cannot get into, but people as a society are willing to have american companies take that hit. that is why we have to have a conversation. >> time for a couple more questions. i will try to get a few people, and then let the director wrap up. sir? >> abc. you talked about the balance and cost-benefit, and you brought up the hypothetical example of a kid being kidnapped and tried to access information. do you know of specific cases where someone was in danger, was rescued, but would not have addressed. >> good question. i think i gave you four cases where the information on the phone, which would be blocked, it were incontradicted --

incrypted would not have been available to us? [inaudible] >> i don't think i know. canva. ed my folks to s state and local partners. i'm not looking -- here's the thing, when i was preparing the speech, one of the things i was inclined to talk about was to avoid those kind of edge cases, we're not looking to frighten people. logic tells me, there are going to be cases just like that. but the theory of the case is the main bulk of law enforcement ctivity. i don't know the answer. >> i'm from fox news.