>> on thursday, talking about the impact of changing technologies on law enforcement and how new features hinder the ability to access things that could be used against criminals. this is about an hour. >> good morning, everyone. welcome to brookings. this event will set a brookings record for the height differential between guests and host. i'm kidding. the director is actually not that short. so i am going to be very recent ecause we have limited time,

and the more of it i use the less that we can use for dialogue between you guys and the director. director comey is here to talk about encryption and the problems it creates for law enforcement. this is a subject that a number of people here testified to the amount of interest in the subject all over the place right now, post-snowden, post a lot of debates about surveillance reform. mr. comey has a different perspective about the impact related to the federal and state law enforcement. the format will be simple. he is going to give a relatively brief set of remarks. i am going to ask -- we are going to move to a conversational format, ask a few questions, and then we will

go to you and use as much of the time as possible for questions from the udience. when i do that, we are going to do that, you know, as trying to do it in as uninterrupted format as possible. please signal to me if you want to get in, and wait for the mike to come around, and introduce yourself by your name and organizational affiliation. keep your questions brief so we can have as significant a discussion as possible. i will turn it over to the director, who needs no introduction to this audience. welcome back to brookings.

>> a small difference. i will adjust that mike. good morning, everybody. it is great to be here at brookings. i'm told also i am going to be the subject of a recorded podcast. what i would like to do you share thoughts with you and for me, the most important part will be our conversation together. i thank you in advance for asking whatever is on your mind. i have been on this job now for one year and one month. sometimes i joke and express my tenure in months remaining as if i am incarcerated or something. i do not mean that. i have i believe the best job in the world, because i get to come to work at the fbi every day. over the last year have confirmed what i have long believed that the fbi is remarkable place, filled with amazing people, doing amazing work all over the country and the world every day. i have confirmed what i have long known, that a commitment to the rule of law and civil liberties is at the core of the fbi.

i believe it is the rganization's spine. we confront serious threats, threats that are changing every single day, and i want to make sure i have every lawful tool available to make sure i am addressing those trips. i see this as an opportunity to begin a conversation about something that is affecting in a serious way the investigative work we do. i want to talk to you about the impacts of emerging technology on law enforcement, and within that context it is important to talk about the work we do at the fbi, what we need to do the work that we have been entrusted to do. i believe there are a fair number of misconceptions in the public discussion of all what we in government collect, especially we at the fbi, and the capabilities we have for collecting information. i think my job is as fast as i can to explain and clarify as i can the work of the fbi, but i want to get a better handle on

your thoughts, because those of us in law enforcement cannot do with what we need to do without your trust and support, and we have no monopoly on wisdom. my goal is not to tell people what to do. my goal is to urge our fellow citizens to participate in a conversation as a country about where we are, where we want to be, especially with respect to law enforcement authorities. et me start by talking about he challenge of what we call going dark. technology has forever changed the world we live in. all of you notice every single day. we are online, in one way or another, all day long. many of us are online at night when we should be sitting. our phones and computers have become perfections of our personalities that reflect interests and identities, hold much of what is important to us in life. with that comes a desire to protect privacy and our data.

we want to be able to share our lives with the people we choose to share our lives with. i very much feel that way. the fbi also has a sworn duty to try to keep every american safe from crime and from terrorism, and technology has become a tool of choice for some very dangerous people. unfortunately, the law has not kept pace with technology, and this disconnect has created significant public safety problems that we have long described as going dark. what it means is this -- those charged with protecting our people are not always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. we have the legal authority to intercept and access communications personally through a court order. we face two challenges. the first involves real-time data in motion, such as phone calls or e-mails or live text or chat sessions.

the second challenge concerns court ordered access to data stored on our devices, such as e-mail or text messages or photos or videos, what we call data at rest. and both real-time communications, data in motion, and stored data, data at rest, are increasingly encrypted. let me talk about court-ordered interception and about the challenges posed by the proliferation of different means of communication and encryption. in the past, doing electronic surveillance was straightforward. we identified a target phone, used by a bad guy. without a court order or a wiretap, and under the supervision of a judge, we collected the evidence we needed for prosecution. today there are countless providers, countless networks, countless means of communicating. we have laptops, smartphones, tablets, we take them to work, school, we take them the soccer field to the starbucks, over many different networks, using

many different apps. and so do those conspiring to harm us. they use the same devices come the same networks, the same apps to make plans to target victims and cover up what they are doing, and that makes it tough for us to keep up. if a suspected criminal is in the car, and he switches from cellular coverage to wi-fi, we may be out of luck. if he switches from one app to another or from cellular voice service to a messaging app, we may lose them. we may not have the ability to switch lawful surveillance between devices, methods, and networks. the bad guys know this. they are taking advantage of this every day. in the wake of the snowden disclosures, the prevailing view is that the government is sweeping up all of our communications. that is not true. unfortunately, the idea the government has access to all communications at all times has extended even more unfairly to

law enforcement, that is working to obtain individual warrants approved by judges, ntercept communications of suspected criminals. some believe that law enforcement and the fbi has these phenomenal capabilities to access any information at any time. we can get what we want by flipping a switch. that is the product of too much television. it frustrates me because i want people to understand that law enforcement needs to be able to access communications and information in a lawful way to bring people to justice. we do that pursuant to the rule of law with clear lines and strict oversight. even with lawful authority, the going dark problem is we may not be able to access the evidence and information we need. current law governing the interception of communications requires that the communications carriers and broadband providers build interception capabilities into their networks for court-ordered surveillance.

but that law, the communications assistance to law enforcement act, was connected to the years ago, a lifetime in the internet age. it does not cover at all new means of communication. thousands of companies provide some form of communications service and most are not required by statute to provide lawful intercept capabilities o law enforcement. what that means is that an order from a judge to monitor communications may amount to nothing more than a piece of paper. some companies fail to comply with the order, and some companies cannot comply because they have not developed the apabilities. other providers want to provide assistance, but they have to take the time to build intersection capabilities which takes a lot of time. the issue is whether companies not subject currently to this law should be required to build lawful intercept capabilities for law enforcement. to be clear, we are not seeking to expand our authority to intercept negations.

we are struggling to keep up with changing technology and maintain our ability to actually collect communications we are authorized to collect. if the challenges of real time data interception threatened to leave us in the dark, encryption threatens to lead us all to a very dark place. here is what i mean by that. encryption is nothing new. but the challenge to law enforcement and national security officials is markedly worse with recent default encryption settings and encrypted devices and networks all in the name of increased security and privacy. for example, with apple's new operating system, the information stored on many phones and devices will be encrypted by default. shortly after the announcement, google announced plans to follow suit with its android operating system. this means the companies themselves will not be able to unlock phones, laptops, and tablets to reveal photos or

documents or e-mail for stored text and recordings in those instruments. both companies are run by good people who care deeply about public safety and national security. i know that. and they are responding to a market demand that they perceive. but the place that this is leading us is one that i suggest we should not go without careful thought and debate as a country. at the outset, the good folks at apple say something that is reasonable, which is not that big a deal, because law enforcement can still get the data from the clouds. folks are going to back up their devices to the cloud, and the fbi can access the cloud. here's the problem -- uploading to the cloud does not include all of the stored data on the bad guys' phones, which has the potential to create a black hole in and of itself, but, second, if the bad guys do not back up their phones routinely or if they opt out of uploading to the cloud, the data will

only be found on the encrypted devices themselves. it is the people who are worried about the device who are most likely to avoid the cloud and to make sure that law enforcement cannot access in creating data. encryption just is not a technical feature. it is part of a marketing strategy. it will have very serious consequences for law enforcement and national security agencies at all levels. sophisticated criminals will come to count on these means of evading detection. it is equivalent of opening a safe deposit that cannot be opened, a safe that cannot ever be cracked. my question to facilitators in this conversation is, at what cost? let me try to correct impressions. the first is folks say, good folks say, you still have access to metadata which includes photo records and location information stored with the telecommunication carriers, and that is

absolutely true. metadata does not provide the content of any communication, it is incomplete information, and even that is developed access and when time is of the efforts. i wish we had time, especially when lives are on the line. we usually do not. there is a misconception is that is building a back door. that also is not true. we are not seeking a backdoor approach. we want to use the front door with transparency. we want clear guidance provided by law. we are completely comfortable with court orders and legal process, front doors that provide us the evidence and information we need to investigate crime and prevent attacks. cyber adversaries are going to try to exploit vulnerabilities they find, but we think it makes more sense to address any security risks by developing

interception solutions at the front and in the design phase rather than resorting to patchwork solutions when law enforcement comes knocking after the fact. with the sophisticated encryption there may be no solution at all, even the government at a dead end, all in the name of privacy and network security. folks sometimes say you could guess the password or break it with a so-called brute force attack. here's the truth -- even with a supercomputer, we would have difficulty with today's high-level encryption, and some users have a setting where the encryption key is raised after too many attempts to break the password, meaning no one can access the data. sometimes i have also heard folks ask this question, can't you to compel the owners of the device to provide you the password? the answer that is a reasonable question, but unfortunately, no. even if we could compel them as a legal matter, it is about the

choice that that bad guy has to make. imagine a child predator refusing to comply with a direction from the court to hand over a password, or a sentence for the charge of distribution of child pornography? hink about your life without smart phones or internet access r texting or e-mailing every day? i am told people much cooler than i call this a fear of missing out. with going dark those of us in law enforcement and public safety has a major fear of missing out -- missing out on predators who exploit the most

vulnerable among us, on violent criminals, on terror cells, and a lot of other bad people. the more we as a society rely on these devices, the more important they are to law enforcement and public officials for reasons i think -- guessing case after case from homicides and car crashes to drug trafficking, child abuse, child exploitation, and exoneration where critical evidence came from smartphones, hard drives, and online communication. let me give you some example some cases that involve the content of smartphones. in louisiana, a known sex offender posed recently as a teenage girl to entice a 12-year-old boy to stay out of his house to meet this supposed young girl. the predator posed as a taxi driver. he took this young boy, murdered him, and then tried to alter and delete evidence on his and the victim's cell phones to cover up the crime. both phones were instrumental in showing that the suspect enticed the victim into his taxi.

in louisiana -- in los angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head, and there were no witnesses. text messages stored on her parents' cell phones, between the two of them and other family members, proved the mother had caused the young girl's death. the text messages stored on devices also could they fail to see that eagle attention for the little girl four hours after she convulsed, and they went so far as to paint her with blue paint to cover her bruises before calling 911. confronted with evidence from the phones, both parents pled guilty. in kansas city, dea got warrants for smartphones, and they found on the phones nformation that tied a group

to deaths in a high school rea. in sacramento, a couple were walking when a car ran a red light and struck them, killing four dogs and severing the young man's leg. leaving the young woman in critical condition. the driver fled. the young guy died several days later. using red light camera, a suspect was arrested. the data on a phone-based the suspect at the scene of the accident. and showed he fled california right after wards. he was convicted and is serving a 25-years-to-life term. for second-degree murder. lastly, i have used it in ways that has been used to exonerate innocent people. in kansas, data from a cell phone was used to prove the innocence of several teens accused of rape.

without access to the phone or the ability read to recover video from that phone, several innocent young men could have been wrongly convicted. these are cases that i pulled together and which we have access to the evidence we need. but we are seeing more and more where we believe significant evidence is on the phone or on that laptop and we cannot crack the password. if this becomes the norm, i suggest to you that homicide cases could be stalled, suspects walk free, child exploitation not discovered and prosecuted. justice can be denied. because of a locked phone or encrypted device. here are my thoughts about this. i am deeply concerned about it as both a law enforcement officer and citizen. i understand some of the thinking in a post-snowden world, but i believe it is based on a failure to understand why we in law enforcement do what we do and how we do it. i hope you know i'm a huge believer in the rule of law,

but i also believe that no one in this country should be beyond the law. there should be no law-free zones in this country. i believe we need to follow the letter of the law to examine the contents of someone's closet or the contents of their cell phone. the notion that the marketplace could create something that would prevent the closet from ever being opened, even when they properly obtained a court order, makes no sense. i think it is time to ask, where are we as a society? are we no longer a country that is passionate both about the ule of law and about there being no zones in this country that are beyond the reach of that rule of law? have we become so distrustful of government and law enforcement in particular that that we are willing to let bad guys walk away? in search of privacy? i know there will come a day where it will matter a great

deal to innocent people that we in law enforcement cannot access certain types of data or information even with court authority. we have to have discussions about this. before those days come. i believe people should be skeptical of government power. i am. i think this country was founded by people who were, who knew you could not trust people in power, and so they divided the power among three branches to set interest against interest, then they wrote a bill of rights to ensure the papers and effects of people are secure from unreasonable searches. but the way i see it, the means the by whitch we conduct surveillance, two carriers or isp's who have developed lawful intercept solutions is an example of the government operating the way the founders designed it, with the executive, legislative, and judicial branches opposing and overseeing legislation pursuant to the rule of law. i suggest it is time that the post-snowden pendulum be seen

as having swung too far in one direction, in a direction of fear. and mistrust. i think it is time to have a debate about liberty and security. some have suggested there's a conflict between liberty and security that you have to give up a little of one to receive some of the other. i reject that framework. i think when we are at our best in law enforcement, we are looking to enhance security and liberty. when a city posts police officers on a dangerous playground, liberty has been promoted. promoted liberty. the freedom to let a childplay without fear. people in the f.b.i. are stworn provide both. it is not a question for us of conflict. we care deeply about protecting liberty through due process, while also safeguarding citizens we're are here to protect. where do we go? these are tough issues. finding the space and time in our lives is hard, so i'm grateful to brookings for carving out some space for us.

intelligent people can disagree, and that is also what is great about american life, smart people disagreeing to come to the best answer. i have never been any one who is a scaremonger, but i am in a dangerous business. i want to ensure we discuss the impact of limiting the court-authorized law enforcement tools we use and we talk about what are the losses associated with our inability to collect them with permission to pursue the law. we will continue to throw everything we have at this challenge. it is costly, inefficient, takes time, but we will work to make sure that whenever we can we are able to execute court authority, but we need to fix this problem. it is long past time. we need assistance and cooperation from companies to comply with lawful court orders. so that criminals around the world cannot seek safe haven. we need to find common ground

where we care about the same things. i said it because i meant it. the companies we have talked about that we have talked to are run by good people care about the same things. we know an adversarial posture will not help us here. we understand the private sector's need to remain competitive. it is not our intent to stifle innovation or undermine u.s. companies, but we have to find a way to help these companies understand what we need, why we need it, and how they can help while protecting privacy rights and network security. we need our private sector partners to take a step back, to pause to consider a change of course, but we also need a regulatory and legislative fix here to create a level playing field so that all communication service providers are held to the same standard. so that those of us in law enforcement and public safety can continue to do the job you have entrusted us to do in the way you want us to do it. perhaps most importantly, we need to make sure the american

public understands the work we do and the means by which we do it. i really believe we can get there. i believe we can find a reasoned and practical approach, and that we can do it together. i do not have a perfect solution to suggest to you, but it is important to start the discussion. i'm happy and eager to work with congress, with partners in the private sector, law enforcement, and national security counterparts to find the right answer, to find the balance we need to, to find both liberty and security. so thank you for being here today to participate in this conversation. thank you for caring about these issues. i look forward to your questions. [applause] >> i will ask a couple questions, and then i will kick it to you guys. want to start, why now?

the crypt wars. i thought they were before. they do not seem appreciably different than they were a year ago, and this thing has been reignited. why? >> a great question. i think it is an accumulation, another brick in the load, of going dark that hit me when i ook this job a year ago. and got briefed on our capabilities and our limitations on them. i think a catalyst was the announcement of the default encryption on the devices. which are yoo pick we us to. these are good folks, responding to a market imperative, but where are we going? we need to have a conversation about this. >> you left government last in 2003 -- 2005. you were not on the investigative side, but you had

sense of how light and dark things were. how different is it today than it was when you came back into government, how much darker is the world than before you left? >> my sense is to dramatically arker, especially with the proliferation of the so-called non-proliferations means. different erations of apps, the outside communication channels. >> so you describe in your remarks that you wanted not a back door, but a front door, and i am trying to understand what that means technically to have an ability to decrypt with an order that does not create technical vulnerabilities that others could exploit, either foreign intelligence services

or and a lot of people believe our own intelligence services. what are you envisioning when you talk about building in a front door lawful interception decryption capability? >> i am not smart enough to give you a highly reliable answer. what i am told is any time there is a door is, there is a risk that someone will get into the door. f a door is felt transparently -- built trance apparently in the front end, designed into the product, the chances of a vulnerability being unseen, it's much lower than if it is cobbled on to the end. to build one is a risky thing today, and the smart people told me the best way to do it is to build it at the front end. >> you're not talking about a

revival of the sort of idea from the mid-1990's, you are speaking more thematically than that? >> correct. i would like to see colea written so a communications provider has an obligation to build a lawful intercept capability into the product that they provide. not that we hold some universal key. >> gotcha. on the most recent "60 minutes" -- >> it's on every sunday night. >> you were asked whether all these interceptions take place with a warrant. i was surprised at your answer. you said the fbi does not do interceptions without a warrant. i was puzzled by that because i can think of at least a few situations in which you guys

are authorized to do interceptions without a warrant. is there some policy that you have adopted that you do not do surveillance without a warrant, or were you incorporating various exceptions into remarks? >> a fair question. i thought i gave a fair and accurate answer, the people gave me feedback that said it was insufficient, should have been longer, and what about the exceptions? i wish i had thought about it in the moment. it remains true in the over, over, overwhelming number of our cases, we have courts' authority to collect the content of e-mails or telephones, but there are exceptions to the warrant requirement. one is consent, where someone gives us content to monitor, we

can read the content of e-mails and calls a two consent of parties, and, second, where there is collection on a non-u.s. person overseas, under section 702 authorized by the court, if an american is communicating with that person, that communication will sit in the databases, and my agents doing the investigation will query the database and may see that e-mail and read it. they do not go back to the court and get authority for their look at it. our view that it was collected lawfully in the first place. that is an exception that if i thought about it in the moment i would have mentioned it. >> people will say we had this fight in the 1990's. the key esgrow issue lost type e building in that of security is inherently a bad

idea. and that if you want things to be secure, you have got to the old security, not build other ways in. in the same "60 minutes" episode or maybe it was the other one, you said there was -- there were two types of american companies, countries that are being hacked by chinese and companies they do not know their being hacked by chinese. is there not a tension here between on the concerns for cyber security and on the other hand the insistence that we have got to build in a certain layers of insecurity for one particular set of actors? are we ultimately facing a choice here between a secure internet and an insecure internet? >> i do not think so. i think this comes back to the response of the first or second question, that it is about relative risk. there's much more risk associated with the after-the-fact intercept capability being built in.

there is a non-zero risk associated with the building built in the first place. there's also a risk by society with the ability of collecting that information with lawful authority. other people may disagree that the risk mitigation building at the front end makes sense. >> let's go to all of you. we have a lot of questions here let's start with chris. when i call on you, please wait for the mike, and please keep questions short, and let's frame it in the form of aggression. >> i work for the aclu. over the last few years, we have learned the lawful intercept systems in google and microsoft have been hacked by foreign governments. google and microsoft were both hacked by chinese, and microsoft's team was hacked by the syrian

army. probably the leading companies on the security front.whether y front door or a back door, if these companies are delivering encrypted communications, the only logical way to provide law enforcement access is to provide a key. if the keys are there, whether in law enforcement hands, , a third party or the company's hands, people will try and steal them. "foreign policy" ran an article in which they described a team of fbi agents backing a trash truck into the czech embassy's acility and stealing keys. an encrypt graphic machine and the keys to it. we thought many people do not understand the fbi is in the business of stealing encryption keys in its capacity as a foreign intelligence organization. given you know that keys can be stolen, given these bodies are constantly having sophisticated adversaries trying to steal their private information, and given we have multiple examples

of lawful interception systems being successfully compromised, what gives you confidence that some small silicon valley company and mandated to do so can build a security interception system? >> thank you for the question. i do not think anybody can build an interception proof system. with complete confidence. that is what i meant when i said the risk is non-zero. i think when you aggregate the risks and trade-offs, the alternative does not make sense to me, saying that while it is hard, we cannot limit risk, therefore a universal encryption and not just a going dark, but a complete darkness for law enforcement is a place we want to know. - a place we want to go. i agree with you. i think there is risk associated with what i'm suggesting. i think given the other risks involved it makes sense. >> david sanger? >> david sanger, "new york times."

you talked about the enforcement side of this, and you mentioned the pendulum swing from the snowden disclosures, but you did not talk about the nsa and others. one of the things we have learned from the snowden disclosures is the nsa found ways around encryption at google and other places by going in to the communications between the servers, and so forth. so when apple and google make these announcements, clearly they are trying to demonstrate to the germans or brazilians or anybody else who was outraged by these disclosures, that there is no hole that they have deliberately thrown away the key so that the nsa cannot do that in their systems. i have not heard from the administration that if you create the type of portal you

describe, front door or back door, that there would be assurances the nsa wouldn't do what it did before. so tell us a little bit about the talk within the administration about how you rovide those assurances. >> go ahead. >> a good question. i do not think i am in a position to talk about discussions inside the administration. in my 12 months, it has not been extensive, because there are a lot of other things going on, and i would not tell you anyway, david, what is going on inside the administration. [laughter] i understand totally, and i'm not trying to jump on companies. i understand totally the market imperative. i worked for two companies before coming back to government. i get it. but i think that we can address their concerns by being transparent as a country about here are the lawful authorities by which the government can enter through google's door or

apple's door so they can assure their customers no one is getting in here except you clearly understood channels. >> thanks. i'm garrett mitchell, author of "the mitchell report." which is a publication with a circulation slightly smaller than mr. sanger's. it is interesting to hear you talk in the abstract about presumably the chief executive officers and members of the c-suite in the companies that are clearly at issue here as being well intentioned, atriotic, etc. i wonder --and yet they do not

want to go where you want to go. i wonder if you could characterize for us the nature of the argumentation that they use, the logic, if you will, of their perspective, and, as you said, one of the wonderful things about a democracy is that people can do that. one of the not so wonderful things about a democracy is that people can do that. and so we get nowhere. so i would be curious if you could characterize for us the point of view, the sort of internal logic that those -- the people that you're dealing with have. and the sound necessary of that point of view even if you disagree with them. >> a good question. i do not want to talk about particular conversations because i want to make sure

that conversations are robust. maybe in general, i would trough from some of the questions here and remarks. they are responding to a market imperative where they are getting beat up around the world because the american government is reading everything on your systems, so their competitors are using it against them all around the world, so they are trying to respond to that by saying that is not true, our stuff is protected. i get that. that makes sense for them to advocate that position. they are not responsible for the other risks we have talked about. so they are advocating a good faith view that makes sense to me from their perspective. what they are not able to advocate cannot because it is not something they own except as citizens in this great country, is the safety trade-off, the security trade-off. that is probably the best way to describe it. >> yes, right here in the front. >> thank you very much. i would like to ask a question

based on my previous experience. one is as a federal law enforcement officer. the other is a member of the intelligence committee. in the past we had a lot of debates concerning civil liberties and protections in the activities of our intelligence service. there was a response with attorney general guidelines to put in place rules and regulations until the law was basically changed on caught up. i understand the problem with colea. in the internet of things, it does not address the problems we have. just like aristotle said in his writings, and when he asked the question, should a city have walls, we have an obligation, ne, to protect our city. and protect our city and our citizens. he also have an obligation to allow our law enforcement to do

its job to protect our citizens. are you taking any steps short of a law change to try to put in systems that will assure the american public that we will do it better job at protecting your privacy? >> that is a good question. the fbi has a ton, and if i get any complaints from my troops that we have an overwhelming amount of policy that governs their ability to obtain information in investigations of all kinds, then my response to my folks, i get your first question, but i like that. i like the restraint. i look at the researches on fbi agents to collect electronic evidence, and they are pretty darn expensive, and no one has suggested to me and improvement. i'm focused on trying to get the law changed so those with whom we interact with lawful process are able to comply with it. > joel margolis. what can you tell us about the

bureau's plan to update the colea statute? >> not much more than i just told you, which is i am hoping we can now start a dialogue with congress on updating it. it has been an effort underway before i took this job that got blown away in the post snowden wind, which i understand, but now it is an opportunity to maybe stand in that wind a little bit and had that conversation. the first thing is to talk to responsible people on the hill about what makes sense and how do we get that kicked around. >> thank you. i am here at brookings as a visiting fellow. when i was at the commerce department, prior to that

effort, went back and forth with your predecessor abt some of the potential reforms. reforms to colea. some of the issues today were part of that discussion, and i want to ask about what other. as we deal with the explosion of data, there is also the phenomenon, and i think a widespread concern, that we are also going right. here is a tremendous amount of digital information that is available to companies and to governments. and one of the issues that we face in whatever we do in addressing public policies to deal with that data is the

impact on international norms. so my question is, and it parallels some of the cyber security questions, if we go own this road and take steps that would break the encryption, what is the impact on more repressive countries around the world that will follow that example? >> that is a good question. i do not think -- it is something i've thought about, but frankly not well enough to give you an intelligent answer at this point. i think that has got to be a part of the discussion, because i have heard people saying, ok, we can have transparency in the united states defined clearly, what access is given when, but that is a precedent for repressive regimes getting anything they want. others have said the repressive regimes are getting anything they want anyway as a result of doing business there.

i do not think i know enough at this point yet to give you a ood enough answer. >> thank you for taking my question. i am an author. i read a lot of surveillance and everything. i have a question about -- my situation. everything i do all day i can see, everything that i do. i don't know who to contact -- >> i missed the last part of that sentence -- >> everything that i do in the whole day i can see is a dream. and for this kind of -- i don't know who to contact. >> i have no idea. >> probably somebody at brookings. don't know. >> george washington niversity.

i edited a book 20 years ago, and it seems like we are in the same movie again. i heard something you said, which is what is the cost? my question for you, back then we did not have in my mind a serious cost-benefit analysis that people could say look, here are the trade-offs. has your organization or any other organization you know of yet made some serious cost benefit analysis, not only economic, which is important, but also social costs and law enforcement downsize and everything else? >> the answer is not to my knowledge. i have identified costs and benefits only in a rough order of magnitude, but not so far in any quantitative sense. i'm sure smart people have and it will be a useful part of the iscussion.

>> director, would you acknowledge perhaps some of that distress you just spoke about that comes from the government not being fully truthful about what it was doing -- i am referring to clapper, and even the fbi's own issues with national security letters. so perhaps the distress comes partly from that. would you acknowledge maybe that is part of the problem here? >> before i give you a yes, i want to take apart your question is a little bit. i do not agree with the predicate that your characterization of jim clapper in particular, but i think a lot of it comes from justifiable surprise on the part of the u.s. people as to the nature of the surveillance being conducted in the name of the united states. i see the u.s. people.

i believe very strongly that the elected representatives had a complete insight into it. when people talk about it, i can understand being freaked and surprised, but i also think i have yet to see their lawless conduct that folks talk about. i see the government operating with all three branches, but that does not mean that folks are not justifiably reacting saying, whoa, they're doing what? so i think that more than anything else has fed the post-snowden wind. which makes sense to me. it can be breathtaking. yes? > ma'am? >> i really appreciate that the chief got to be here. you know all the stories. i submit all the documents and evidence that the department of

justice and the agencies or lawmakers no longer give a response. so now my question, you say about three branches, and we are talking about a lot of surveillance, we are talking about people's e-mail being hacked. my question is, can you identify who is hacking people's e-mails and accounts -- or accounts on social media? >> i really do not think i am in a position to answer hat. >> i am from the center for democracy and technology. talk to us about the international implications. of these ideas. or example, if you're apple or

sellingandroid, you cannot sell an fbi-ready iphone in europe. so what are you going to do? are you expecting them to build three s of iphones and r four or six times when other countries are following our lead and impose the same kind of mandates you're talking about? what happens in the indias and united kingdoms of the world? >> i would market this as an fbi- or nsa-ready phone. we may have a better brand. i have not gotten this out of my head completely. i can imagine them saying we as an american domiciled corporation will comply with lawful process, pursuant to law and enacted by congress, we

will comply with the government -- requests from the u.s. government for lawful investigations. it would not be about marketing the phone. it would be about them at retaining some capability to be able to access the information. again, i would forget how that would work, but something like that, but i think it is a serious conversation to have about how they would do it in particular. where we may get is to a place where congress says, you need to force this on american companies, and maybe they will take a hit. someone in some other country will say, we sell iphone even with lawful authority able cannot get into, but people as a society are willing to have american companies take that hit. that is why we have to have a conversation. >> time for a couple more questions. i will try to get a few people, and then let the director wrap up. sir?

>> abc. you talked about the balance and cost-benefit, and you brought up the hypothetical example of a kid being kidnapped and tried to access information. do you know of specific cases where someone was in danger, was rescued, but would not have rescued had you been blocked from the information you have een talking about today? >> um, that's a good question. i think i gave you four cases where the information opponent to which would be blocked if it was encrypted would not have been available to us. i see so rescuing someone before they are harmed? someone in the trunk of a car or something? i don't think i know yet. i've asked my partners to canvas local and state departments. are there examples of this? i think i've seen enough. here's the thing, when i was

preparing the speech one of the things i was inclined to talk about was to avoid those kinds of edge cases because i'm not looking to frithesen people. logic tells me there will be cases like that but the theory of the case is the main bulk of law enforcement activity. but that said, i don't know the answer. i'm failing you. >> time for one more question. yes? >> thank you. lucas tomas from fox news. slightly off topic, sir. is there any credible evidence that terrorists can use ebola as a bioagent here in the united states? >> no. >> do you have any -- want to wrap up? >> i hope this is the beginning of a robust dialogue in this country about this challenge. like i said, i don't think i have the wisdom or the

technical knowledge to say here's what it ought to look like. but i see a problem that when our last government's light was blinking red in the corner of my eye, it's now blinking red in front of me and i don't want to get to a place where people will say how did we get to this we t without making -- if get to the point where we want an encryption on every device we use, we as a country need to decide that not go there as a default. >> i want to thank the director for coming in and having this son very sation. please stay in your seated as he leaves so he can get out. thank you for joining us. [applause]

>> thank you. >> coming up today, a discussion about u.s. nuclear policy with alison mcfar land the chair of the nuclear regulatory committee. life coverage of her remarks starting at 8:30 on c-span 2 and later the brookings institution hosts a discussion on marijuana legalization and international drug treaties. that's at 10:00 a.m. eastern. >> this weekend on the c-span networks. tonight at 10:00 p.m. eastern on c-span from the texas tribune festival. a conversation about dealing with undocumented youth coming

into the u.s. then a town hall meeting on the coverage at harris state university in st. louis and sunday on "q&a" historian richard smith on his recent biography on norman rockefeller then author richard whittle on droughns anda yation and how they transform the american military saturday at 120k on book tv afterwards halpern on the questioning practices on the collection industry and then the southern festival of books tonight at 8:00 on american history tv on c-span three martin luther king's poor people campaign and the 1968 election then the life and legacy of booker t washington then sunday afternoon at 4:00 when america from --

the two countries were allies, find our television schedule at c-span.org and let us know what you think about the programs you're watching. call us. or email us. or send us a tweet. join the c-span conversation, like us on facebook. follow us on twitter. >> coming up next on c-span, your calls and comments live on "washington journal." then an update from the defense department on operations against the terrorist group's sis. then tonight the wisconsin governors debate between the incumbent scott walker and his democratic challenger mary burke. >> coming up in 45 minutes on "washington journal," teresa cardinal brown discusses ebola

screening procedures put in place by the department of home land security and then the u.s. and international efforts to fight isis. host: this morning, we will continue our conversation about the ebola outbreak. we want to hear from you. the mediaound coverage and lightning or sensationalized? lightning -- enlightening or sensationalized?