happening through things like technology companies. let me actually make sure that i've -- i can see these right. what we've seen are things on the technological side, sort of in the fabric of the internet, where immediately upon the public awareness of the problem, technologists, academics, engineers around the world all came together and went, this is a serious concern. and how do we address this? how do we solve these problems? how do we make sure we don't have to deal with this in the future? we see that individuals as well are taking action, taking steps o try to retrieve their rights that have been sort of unnecessarily taken out of their hands, out of their domain. this is done by a canadian group. they don't really have a dog in the fight. they got a representative sample of internet users around the world and they found that 60% had sort of heard of the

revelations of last year. of those 60%, 39% of those had taken active steps to improve the security of their privacy of communications online. and it was interesting how the media interpreted this. because they said, well, this is a minority. people must not care that much. nobody is really making changes. but when you're actually doing of ath on what 39% of 60% the world's global internet users is, that's 702 million people around the world who are now safer today than they were just a year and a half ago. and this is i think really where we begin to see the framework of how we can move forward in the absence of political reform, in the absence of legal reform, and this is good. because what we've seen politically around the world hroughout the development in history is that politics is about power. when you have people in great power positions, when you have super states, they will not

cede any sort of authority that they've claimed back to the public, back to civil society, unless they are afraid of a more undercutting nive. and this is really what is setting us up to really have a sort of renaissance of security and of liberty in the way we associate, the way we speak, the way reresearch online. it's critical. when we think about reforms, we think about the challenges, these are big picture problems, but at the same time these are only the things happening within the united states. and the policies of the national security agency and central intelligence agency and the f.b.i., as bad as they've been in regard to respecting the foundations of our rights, they are good relative to many governments around the world. so we have to think about not just how to protect the rights of americans, but protect the rights of individuals around

the world who live under regimes who are much less liberal and much more authoritarian. the only way we can do that is to ensure that there are international standards that are well agreed upon as to what behavior is proper and improper. we have court mechanisms that can enforce these and, ultimately, fundamentally, we can enforce these through technology on the basis of all of this i would say i'm tremendously satisfied. >> julia? >> well, hello. it is great to meet you, because you did a great job of marketing my book for me. i was already half way through writing it when your revelations came out, and i benefited greatly from that, so thank you. also, i want to say one other thing. i don't know if anyone has seen "citizen ford" but in case you were not convinced that edward snowden was graves, appearing robe is really a brave move in a documentary film, so if you haven't seen

it, there is a bathrobe scene. at any rate -- >> entirely unflattering. >> you know, everyone makes their own choice about that. we could have a bathrobe up or down vote, you know. so, you know, i'm a huge fan of encryption and i try to use as much encryption as possible. i think that you're right that there is a renaissance of encryption programs going on. but i am concerned about an arms race. so if i, a citizen, am trying to beat huge agencies trying to defeat my encryption and i'm trying to keep one step ahead of them, i feel this is something where i'm under funded. right? i'm concerned that i'm not going to win that. i think we have some evidence, actually, that the arms race is escalating. i would point to one thing that really disturbs me which is we've seen a lot more spy tactics that involve spoofing, we saw the d.e.a. spoofing a

facebook page. we saw the f.b.i. spoofing an associated press article. we saw the n.s.a. spoofing a linked-in page. we've seen commercial hacking companies spoofing adobe updates. and so i would like to hear what you have to say about, can we win this race in a world where we might not be able to trust the contents that we see n front of us? are we going to enter a world we can't authenticate anything we see online? >> this is a real challenge. computer security is a field rapidly expanding i think much more so than almost any other academic discipline. it is a fertile field. computers are so fundamentally insecure today it is impossible to rely on them and trust them fully.

many reasons i was successful is i did not have to rely on any particular computer or communication. this is not a world we want. this is the reason we're having the debate and people are fighting in countries around the world to push back against this kind of evasiveness, this kind of truth in policies, also the state of play in terms of our security around the world. now, there are a number of business interests that have been referenced by some of the other panelists. the representative from the aclu, matt greene, john hopkins professor, and many others who referenced the fact that there are commercial incentives today to find vulnerabilities, weaknesses in our system. and rather than work to fix those, rather than work to systems, they actually leave those open. they will sell them to the highest bidder and use those to enable the exact kind of

masquerade attacks, spoofing attacks, phishing attacks you are describing. more concerningly, we see agencies of government, for example, the national security agency, which has secured the name, actually using this same paradigm to weaken our own infrastructure. we've seen them go to bodies and spy on them and look for vulnerabilities and rather than fix those standards, rather than correct those flaws, they leave them in to try to exploit them and in other cases look at where they can introduce them to make them less secure overall in certain vulnerabilities where they did not exist before so they could exploit them and gain access. we can understand the intentions for why they might want to seek to do this. it would give them access in novel places, places previously denied, but at the same time the same vulnerabilities can be used against the american , american people,

allies and other citizens around the world. but also google has had a pretty big presence here. it's not just about google. it is about every american service around the world and product. if we're creating phones that have inherent insecurities, we're creating flaws in our standards and protocols that every interoperable system relies upon, we're weakening the basis of our modern economy, because america relies more on the internet for productivity, for trade, for economic gain and comparative advantage than any other nation earth and, yes, it may give us some sort of comparative advantage in spying on china, once they discover it, they'll be able to use the same thing against us and even if not them, even if it's latin america, russia, france, and they begin to do the same

thing, we quickly learn that being able to spy on other country, particularly based on how we restrict the uses of the product of intelligence, for example, the american government is very fond of saying recently that we don't give economic secrets to out e companies, we find that the benefit of having secrets on other countries is worth less than the benefit they dwayne from knowing ours because we put more into research and development efforts than other countries do comparatively. we put more into education and research than other countries do. we put more in military spending than other countries do. so if everyone is insecure at an equal level we don't benefit because we have the best spy agency. we actually lose because we are more reliant on security than everyone else. >> edward, you alluded to and

julia was alluding to also the spoofing and the sort of suite of malware tools collectively referred to as quantum. one of the stories that flow from your disclosures that i found most troubling was related to that and the idea of a system apparently called turbine that is delivering these in an automated way, to think of it very crudely, an a.i. for hacking that lives on the internet backbone and pushes out malware to thousands and potentially hundreds of thousands of target computers, categories of target computers and the goal is to eventually be able to sort of automatically compromise millions of computers around the world. that was -- i was surprised at sort of how little -- i don't know if anyone here is aware of turbine, i guess this is not a representative audience but i don't know how many people heard that before.

it seems like of all of this sort of stunning stuff, people have heard a fair amount about the telephony program and maybe something about prism but a lot of the other stuff, i guess i'm surprised that it hasn't gone as much -- hasn't gotten as much attention as the earlier disclosures. -- what ing what the have you thought deserved a few more stories and hasn't gotten that much attention and what bothers you most? >> right. this could go on for days as opposed to the short time we have here but really what you're touching on is a fundamental problem that we discussed earlier. we've got a few representatives in congress trying to protect and promote the interests of millions of americans, but the classification authorities who provide the clearances, offices

like the d.n.i., say their staff can't be cleared. this is problematic because people in d.n.i., people at c.i.a., at the n.s.a., say i wish i had this and that. i'd want a private secretary, too. they don't represent millions of people. they represent small agencies. the same dynamic happens with the press. we have a few editors, a few reporters who are not grounded. they don't have a background in technology. they don't have ph.d's in computer science. they don't know what stories matter and which don't. in technical reporting, in main stream news at the "new york times," "the washington post," it's incredibly a modern thing. this hasn't happened before. so one of the reasons we don't see the media real keen on stories that are of critical importance, is because they don't realize they are of critical importance. and because of this, we're increasingly reliant on the technical community to kind of do this for us and represent us. now, this is increasing the dangers over time i believe

because what we see is an increasingly disempowered citizen class and even in politics, because they have no idea what is going on that matters and an increasing empowerment of people who have sort of an elite, technological diversity. i think this is dangerous over time because you will see a concentration of power around the small groups, small individuals, who can increasingly impact society in greater and greater ways. i, personally, am an example of this. i'm not the world's expert in technology but because i was where i was, because i saw massive crimes against the constitution happening on an unprecedented scale, and i had the technological skills and capability to do something about it, i was able to change the conversation in a way, make some small contribution to the public that has really had an outside impact. we do not want our government to rely on this model because

that relies on the actions of the individuals. this is inherently dangerous. back to the basic question, stories that have been overlooked, one of the very significant stories is the fact that all of this information we're collecting in bulk, bulk collection, the government's euphemism for mass surveillance, the unreasonable seizure that is forbidden by the fourth amendment, these programs, mass collection, the 215's and what not, the n.s.a. and so forth assert this is okay because they apply what is called minimalization. they say if we see you're a u.s. citizen we'll remove your name and replace it with a pseudonym. we will take measures like this and say an analyst can't target the u.s. citizen though we can target and read all of your

information. we can't look at you. we have to look at who you're talking to. that kind of thing. but this is not done when we're sharing this with overseas allies in many cases. there was a story that was run i believe last year, late last year, that showed that we were sharing unminimized information that included information on u.s. political figures, on judges, on officials across the spectrum, private industry, private businesses, private individuals, their private records were being shared en masse with israel. this did not get a lot of play in the mainstream press in the u.s. in the "new york times," the public et idiosyncrasyor lator investigated this and -- the public editor later investigated and said why. this is a story of public importance. there wasn't a really satisfactory answer. one of the editors previously worked for the "l.a. times" and also sat on this story.

we also saw a story last year in "the huffington post" that found that the national security agency documents reflected that they were intercepting, collecting, and planning to use information on individuals' pornography habits to discredit them in their communities and in public on the basis of the political views they held. now, these individuals were islamists. their politics were considered radical. so we can understand why this sort of interest would be there. but it also said these individuals were not suspected to be associated with violence. these were not actually terrorists. these were people who on the basis of secret judgments made by a secret agency with no public oversight and with no authorizing legislation had decided that a certain brand of political viewpoints would authorize the intrusive

monitoring collection and eventual disbursement of your private records related to your sexual activities. this is a fundamental thing. we have to ask ourselves, why do we allow this in the first place? okay. maybe mistakes were made. but how do we -- i think this follows to a fundamental point. i don't want to be on bob. he came to the forum. he is kind of what we've got. he is doing a hard job. we all know he is trying to do his best. he said something fundamentally concerning in regards to false testimony of james clapper. he said, that the real problem was not that the most senior official in the united states intelligence community committed a crime in front of congress. it doesn't have to be perjury or a willful lie. giving a false statement to congress in itself, providing

false testimony, is also a crime under u.s.c. 1001. i believe u.s.c. 18-1001. that false statement is itself a crime. he was not concerned about the crime and he was not concerned out the impact this had on the public. he was concerned that the question had been asked at all. this kind of paucity of concern for the public's role in the function of american government is a real danger. and i hope that this is, you know, he spoke quickly and that was not a representation of his true intent. the reality is we see this consistently and it becomes increasingly concerning, this incautious language that causes them to lose credibility, causes us to lose faith in the institution of government upon which americans must rely. he said something such as, it is indisputeable that the

exposures of last year caused damage. that terrorists changed their communications and we lost reporting as a result of the leaks. but the evidence on the public record shows this ness fact not the case. it is entirely contrary. there is no evidence on record that this has been caused a is a result of the disclosures made last year. i do believe him when he asserts that, you know, some sources of intelligence have gone dark. me taps we had up are no longer functional but this is part of the process of evidence collection. people change their route of communication all the time. as anyone knows the correlation did not imply -- we also know from the evidence on record there is no reason to suspect causation in the first place and there is actually no evidence for a correlation at all. al qaeda's methods changed in the same week in the same manner in the last year they had in the years past.

the only study that had ever shown anything contrary was actually done by a contractor that is funded by the central intelligence agency investment office. and so we need to be careful about these kinds of things and the representations they make. it is entirely in dispute that damage has been caused at all but the benefits of this are not in dispute. in fact, the director of national intelligence, himself, argues that it is necessarily in the public interest to know about these policies about these processes and the fact ey should not have been done in the first place and the justifications being made to disclose these. how can it be we use the anguage of indisputeable -- we haven't reaped the benefits. the answer is politics and their understanding. this is a community that feels itself under threat but this is

unnecessary. if they were more open we wouldn't have these problems in the first place. what happened last year was preventable. it was avoidable in the same way that the torture program, itself, was avoidable. i mean, one of the things that was not well understood in the torture program was that individuals throughout the central intelligence agency and other factions in the government knew these programs were wrong. on both a moral basis and a legal basis and they raised concerns about it. the second bullet point shows people were concerned about how long it went on for and the third bullet point shows that individuals were actually brought to tears as a result of being confronted with the reality of these programs. others were transferred away. others said, you know, prepare for something that's never been seen previously. this is unprecedented. and what is the response to this? these were within the agency

who raised concerns. as this shows it went into official paperwork which is extraordinary at the c.i.a. having worked there the only things that go into official cable traffic are things coordinated on and agreed upon by a number of individuals. the analysts write the report, the officers write the report, then they send it to their superior and his superior who talks to the round table about it and then it finally goes out. they were questioning not just the legality but the utility. the questions were rejected, buried, and the head of the counterterrorism program said that these things, these concerns need to stop being put in official cable traffic, stop being put on the official record. they need to be buried because such language is not helpful. i think these are the things we as society need to think about how do we correct? how do rerestructure the incentives to ensure that when individuals have these serious

concerns, when we see clearly unlawful activities occurring as is still the case today, regardless of the justifications being put forth by this, that, or the other, when you look at them on their at and they are clearly least in dispute as to leality how can we ensure they are protected and these decisions be made not behind closed doors but in public? >> because you mention that, it occurs to me before we move to the questions from the audience, might give you an opportunity to direct a comment to maybe a couple members of our audience since you talked about what you regarded as illegality and the importance of mechanisms to correct for that and we have sharon weber franklin from the board which is one such mechanism. while they took a fairly dim view of the 215 telephony

metadata program, the 702 authority used for prism, and upstream collections, the sort of general warrants that involve a single authorization and then tens of thousands of targets, oversees the task at the analyst's discretion, and we're base -- they were basically satisfied with how that was being used and it seemed not to be used in an abusive way, i wonder if you were comforted looking at the findings of the board or if you think that perhaps they neglected something, something that you sort of suggest they take another look at? >> it is a challenging question because i have personally used the 702 authority in targeting and i believe the conclusions of the board specifically in regard to the value, potential productivity of the program, are accurate. it is an extraordinarily invasive authority. it does allow you to get

incredible intelligence when it's used in a certain way. the real danger, because when we saw the response to the 702 report it was universally derogatory to anyone with any peripheral connection to the issue, any kind of knowledge on the civil liberty issue, they looked at it in a kind of glib way, in the way that i used it which was on a target basis where you looked at individuals already suspected to have some access or nexus to this, that, or the other, particularly the prism type authorities where you're requesting content from a, from a private entity. they weren't looking at the mass applications. they weren't looking at, for example, the upstream authority in sort of the detail they should have. that is where the real danger is. there are very few people who contest we should not be able to pursue investigations using

almost any -- against individuals where you can get a judge to sign a particularized warrant. benjamin witty earlier basically argued that should we have legislators involved? should we have public rules about the way we apply our surveillance capabilities because vladimir putin might know about it. i say, yes. because there is no court in the world, well, at least no court outside russia, who would not go, this individual is an agent of the foreign government. i mean, he's the head of the government. of course they will say this guy has an access to some kind of foreign intelligence value. we'll sign a warrant for him. if we know about the authorities, there is no problem whether they are public or private because he can't sort of hide. we know who he is, what his capabilities are. there is some argument to be made this is not the case with terrorists. but we have also seen that mass

surveillance is not beneficial in the context of terrorism. despite all the mass surveillance that happened with programs in 2001, they did not -- all of this 215 collection, all of this internet collection, all of this stuff that's happening with retrospected search, or go through g mail boxes or facebook and i want to see the contacts, everything you wrote, the pictures, every i.p. address you ever checked in at, every device you ever used, all of these things, they did not stop the boston marathon bombings. in fact, they may have contributed to causing them because they gave a false sense of security. they made us think these individuals were not associated with terrorism. despite the fact that we had intelligence from the human sources including the russians who saw this guy going into chechnya and associating with known terrorists and said, hey, you might want to take a look at this guy, we didn't do a good job. the same thing overseas. mass surveillance did not stop the london bombings, the madrid

bombings. mass surveillance has no proven track record and it should not be a part of a policy. it should not be pursued. it should not be funded. because it takes resources away from things, methods and mechanisms of investigation that we know work. and that we know are effective. this is a very timely analog to the torture case. we know that rapport building interrogations work mplet we know that becoming friends with these people and saying basically the interrogator is your advocate against your captors works. all of the intelligence we got from the program that was beneficial was gained before we applied torture techniques. and yet we did it anyway. we funded it to the tune of millions of dollars. all of these individuals and all of these officials have never been held to account for unambiguous war crimes. >> julia actually has a last

question of her own before we turn to audience questions. >> i want to challenge you on two things actually just because i have to stand up for journalists. some of us do have some technical skills and i built a team at "the wall street journal" that had two technologicalists working full-time. so i agree that there is, that is not always true in every newsroom but i felt i needed to raise a flag for journalists. i guess that leads me to sort of another question, which is hat i think that the decisions made about publishing these stories are in the hands of a few people and you, yourself, might not agree always, right, with what choices are made. >> right. >> and i wonder if, going back, do you think to yourself, maybe i should have sat and sifted through more carefully before handing over -- or do you feel maybe there just needs to be a wider array of technically

capable journalists? i just wonder, if you could design the optimal system where would it land? >> you know, i do want to go back and second guess the reporting in hindsight. i mean, we can look at the record and see that harms have been mitigated if harms do exist they are minimal. there has been no evidence of -- despite incredible incentives to share lives lost, that occurred. but there is always the chance that things could have been done better. i can't say i made no mistakes, this was perfect. what i can say is i was very concerned about my own life. i evaluated all of the stuff coming out because i believed it was in the public interest to know it about these things, these were programs that went too far, had constitutional implications, that should not have been -- the government should not have assumed for itself these authorities behind

closed doors without public debate because they limited boundaries of rights. however, you can tell from my manner of speaking, it is an issue i am passionate about. i recognize that i could be drawing a line in a radically different way than what would be considered in the public interest. it's for this reason that i worked with journalists institutions and i demanded that they coordinate with the government, give the government a chance to comment and say, this could cause unnecessary harm if published in this way. if you redact this sentence that's mitigated. to address those concerns and to allow them to draw the lines differently. i think by creating that system of checks and balances, which was intentionally done, that that was really the only thing i could have done, because there was no way sitting back when i was, when i was sort of operating with only the benefit of one brain and no debate department, how i could ensure

that we could get the best possible outcome. i'm not sure we have the best possible outcome of all the world but i think it is pretty clear to the public globally agrees this has worked out relatively well. >> should we start with the audience questions? there are a bunch of them about sort of how they can protect themselves. >> i'd be happy to. we are having a wonderful party after this event. >> thanks. >> i don't think tech support will be able to join us but -- >> let me know. >> i was going to go somewhere else. i think that actually it would be really interesting, you know, we had two representatives from google top -- like what are the three things you would tell google? what they should do to make all of us more secure. actually the fact each one of us is going to be less effective at doing it than if

they do something for everybody or apple. so i thought maybe you could address it in a broader way. what are the things that should be done to secure the internet? >> i'm pretty sure we have microsoft in the room as well. >> sorry. >> your wish list for google and microsoft. >> so the first thing i would say is, google actually needs to stand in solidarity with a competitor here and they need to get on the same page with apple and say we're going to encrypt our phone. i believe the reason they haven't so far is because the benchmarks on their phones that have encryption enabled show there is a pretty significant performance impact because they have some kind of driver problem or crappie hardware on the given model of phone, whatever. but really we need to take a standard that goes -- the government does not have a mandate to say what corporations can and cannot do to protect the quality of their products and services. if google is not willing to take a position of leadership in the way apple is and say

that one thing we can do is say when you sell, when we sell you a device, the device itself is going to be secure even if we can't guarantee the things that happen off the device, they really have no place in this selling of hardware. this has got to be the standard moving forward. i'd point out the sort of counterargument there is i forget how they represent themselves in their introduction but sort of the unrepentant status which is oh, hey, guys, i actually worked against chinese hackers. that's a complete fiction. what someone said previously was that it's not going to be about compelled disclosure. it's going to be about using exploitation, using actual remote exploitation, basically flawed in services flaws, the website is flawed, the devices, for judges to say, i think, i suspect this is the direction

we're going. there will be debate around this as well. for the government to say, in this particular case we will authorize you to commit a criminal act, hacking into this device, for the purposes of a limited investigation, which is analogous to the way they tell police, we will give a warrant to do a sneak and peek on this house or to kick in the door and search. i think that is the biggest thing. we need to end encryption which google is well on the way to doing but many others around the internet need to do this. they need to commit to guaranteeing they will protect the certificates that protect rt of their -- these sort of communications. eric schmidt made a reference to sort of 28-bit encryption certificates. this is for the little lock icon on your browser. if the government or any government or any criminal group or adversary can gain

access to this certificate suddenly that encryption is meaningless. they need to commit to saying all right. we'll make best efforts to protect this within our network to make sure it's not macdonald -- it's not need hacked but they need to say we will fight this publically to the highest court of appeals. i think those are really the obvious best steps they can do with a relatively low effort on their part. >> let me actually ask, because you've talked about a technical solution and it seems like in the background of this is that while you may be optimistic on the whole for the future of privacy you don't seem -- very sanguine about the prospects for productive political change. we have a question if twitter particularly about hr-4681. i don't know whether you've looked at the intelligence authorization but really she is talking about that legalizing

aspects of some of the programs you revealed. let me just, in case you haven't studied that specifically, let me broaden that a little bit and say, is there legislation that you looked at that you feel is helpful or moving the ball in the right way? or we have, you know, certain folks like marcy wheeler who private people are supporting the freedom act believe it blocked in some of the very programs it was trying to reform. you know, obviously rand paul's stated reason for not voting for that bill. i wonder if you could give us a kind of quick take on the legislative developments. >> let me respond quickly on the intelligence authorization act. that we've got the section 309 thing which apparently some could read to be providing sort of a legislative halo, sort of a congressional recognition of

eo 12333. that is an authority that only exists on an old piece of paper . it basically says you can do whatever you want overseas. don't sweat it. if it's not happening over there, it's fine the way we want it. the problem with that authority is it actually collects americans's communications as well because it is a global internet as well. our own communications go to for example google's data centers outside our borders and then they bounce back to us. so the n.s.a. has in the past used this authority to sort of do an end run around congress and collect information about americans although they'll say it was not targeted of course. that did not need to be reported because eo-12333 is not required. there is no congressional reporting requirement on how it's applied because it's not provided to the legislature. but we do have, you know, again, mr. lit from the d.n.i., who has said on the record, i

hope everybody makes a historical footnote of this, that there was no legislative intent in providing that kind of halo. so if, you know, we were to have any faith in our institutions we have to assume this will be accepted and that his statements can be accepted and relied upon. if that's the case, then let's go to bat. maybe just restrict the activities. beyond that as far as reform legislation, we've got a lot of reforms out there, which are good ideas and make small steps. but we don't have anything that really solves the problem. we're looking at kind of baby steps reform. this is fine. you know, we've got to start somewhere. we have to build some momentum. we really need to, if i can suggest something radical here, we need to think more broadly about the kind of society we're building, the kind of guarantees and process protections we want to enjoy in regard to our rights, in regards to our access to courts, in regard to our ability to challenge evidence

that's not just used against us in court, but gathered for use against us within agencies through some kind of means. we have to have some way to provide for redress of grievances which today does not exist. and could we actually take a bigger step back and go, all right. we have intelligence agencies. but where were these intelligence agencies born? they were born in times of total war, world wars, in contests between super powers. they were intended to exist for particularized means for what everyone would imagine is a limited period of time until they would be demobilized. anybody with an understanding of government knows this never happens once the institute and agency never shuts down unless there is some kind of scandal that can be avoided. particularly in the context of state security agencies, right, spy agencies, do we really need

them? are they a product of developing societies, developing governments, developing civilizations that can be replaced by our methods of law enforcement? when we talked about earlier for example ben witty's reference to vladimir putin do we really need the n.s.a. and secret court to say hey we're going to wire tap putin. i don't think we need a special mechanism to provide for targeted wiretaps for targeted efforts to gain intelligence elated to a particularized investigation. . we could provide for legislation that provides that outside of secret organizations that inevitably push the line beyond what the public would agree to. >> that's thinking outside the box. >> i'm just kind of thinking out loud because i wasn't thinking the -- expecting the

question. but why not? we have probably the most law enforcement funding of any government around the world just as we have the greatest military funding. we've got these tanks driving around ferguson, sting rays above new york city and other places, collecting all of our movement. we've got license plate readers. we have ez passes tracking individuals' communications en masse and providing for retrospect searching where police departments can go, hey. where was this guy in march of last year? that is an intelligence power. you know? when our police are capable of things that other countries' spy agencies aren't capable, we need to start asking questions about what utility is unique to our spy agencies that cannot be provided for through transparent public legislation. >> one idea you talked about, the inevitable capabilities of

misuse. along the lines, it doesn't seem as though we've -- i mean, there's some disturbing revelations in there that you've disclosed, but it doesn't look like we see the kind of real hoover level, you know, trying to drive martin luther king to suicide, you know, really targeting peaceful protesters, stuff that not just a sort of -- is disturbing because of the scale of what they're collecting by the way it's being used in a sort of obviously antidemocratic way, do you think that in fact there are uses we should be worried about in addition to the collection or is it more that you are prospectively worried the architecture is so fearsome that even if it's not being misused now, it would, the damage if it were to be misused would be so much greater? >> well, one of the arguments i would make is first up remember

i work at n.s.a., i worked at the c.i.a. both of these were outward facing. the attempts to get martin luther king king to commit suicide, these were by the f.b.i., the inward facing agency. as some of the guests mentioned today we have very little ration o how their op -- how they're operating. we don't have any as to the d.e.i. into how they managed this. beyond that let me argue by anecdote and provide some data. just two days ago a report was released that the central intelligence agency tortured at least one man to death. he died after being tortured, chained to a concrete floor without pants apparently and froze to death. beyond that 29 other more individuals were disappeared. now i worked at the c.i.a. and i can tell you nothing happens there without people making a record of it, without people making note of it, picking up the phone and coordinating.

29 people do not disappear from a secret government torture program without any records. so we don't know what happened to them. you know, maybe they ran away and disappeared off into the forest and are living happy life now. we can hope for that. but the reality is much more sinister. when we look at the, i should say the probability is much more sinister. the other things, you know, rectal feeding and rehydration, we've had physicians say these are not medical procedures that have any indication for use on anyone anywhere. and yet we were using them for what they said increased, had the ancillary benefits of increasing compliance. if you think these things are not related to trying to get someone to commit suicide but not actually torturing them to death i would have to question your moral compass to some extent. not you personally but in a general way. beyond that, when we talk about the scale and we talk about scope and domestic abuses let me provide another data point

and actually credit journalists and the technological investigation of "the wall street journal" here who i have not worked with, but they reported a story very recently that found that we were using sort of these sting ray type devices that have been, basically ingest any signals that emanate over certain radio frequencies. that means your cellular phones, that means wireless cards on your laptops, that means certain kinds of smart cards and things like that though smart cards probably can't be heard from up in the air, and they correlate these to the device identifiers. then we simply do reefs searching to correlate the device identifier with the user name you log in to say your itunes account or your google account and suddenly we know who owns that phone. now we can then correlate this really briefly with going, all right. we've got a plane circuiting over this level and it hears

this phone at this point in the transit and this point in the transit and you've got enough points you can locate location. this is very compressible. very small amounts of data. to allow them to create a comprehensive in depth of movement of not just the target individual but of necessity to get this to work they have the data set of everyone who is carrying a phone, so now you would go, okay. these surely have to be exceptional authorities. maybe they're only used in certain ways. but where did it come from in the first place? where is the groundwork for using this? for the d.o.j. operating this program in the united states which is the case today? that is the story "the wall street journal" broke. when we look at where it came from we see it was actually broken in a story by the intercept earlier this year, a program called shenanigans,

incredibly now, i can't imagine who chose that code but they call it shenanigans. his is a program putting these sort of sting rays on phones. it is called a dirt box, the d.r.t. box. putting it on phones and using these things in yemen to target the drone program. they try to figure out where this phone is and then they shoot a missile at it. that's what this program was developed for. it was an extraordinary use overseas, allegedly against terrorists and yet we saw within the span of just a few years without any public awareness, without anything in congress, without any authorizing legislation, now it is being operated in the united states on common criminals that are not threatening the existence of our society. how can this possibly be justified without the involvement of the public in some way in some manner? and as was mentioned previously, these programs are

not briefed to all members of congress. when we talk about sort of decoder programs, these black programs, missile strikes, drone strikes, we're relying on a very small group of people. they're called the gang of eight and so forth. even when we expand this to the intelligence community the incentives are entirely wrong for them to represent the public interest because everyone sitting on the intelligence committee, even opponents of the people receive twice as much in terms of campaign donations from defense contractors, from people seeking business with the c.i.a. and so forth, as any other member of congress. so they have every incentive to approve the programs to maintain their own chairs, their own seats as to hold people who are asking for them and authorizing them to account. and how we can fix these structures and provide mechanisms that will prevent this in the future --.

>> something that is maybe a yes or no, but in terms of the mirror universe where there is evil edward snowden motivated not to disclose things for, because it is in the public interest but because they want to help one political party and hurt the other, let's say, could evil edward snowden have targeted someone for those political purposes and gotten, you think your evil counterpart could get away with that? >> absolutely. it is no secret, here we are sitting in, you know, december, 2014, and the n.s.a. still says and asks in public under congressional oath and stuff like that what did he get referring to me and they still don't know. if their auditing is so poor that after a year and a half of investigation, god knows how many man hours spent, god knows how much money, how many forensic specialists they brought in, they can't tell

what happened with an individual who like myself was not trying to cover his tracks, what is going to happen when they have an individual in a position of privileged access who is trying to stay under the radar, who is trying to abuse the system, who is trying to use sort of the incredible authority, these exceptional powers for the benefit of themselves, their class, their group, their own interests? today there is no protection against that. and that's an incredibly dangerous, concerning problem. they haven't provided an answer for it. >> i think we have time for one last question. honestly, there are so many people who really want to know about your personal life. so i'm going to combine them into one question, which is based -- you know, do you expect to return to the u.s.? i think you said yes. you like wine. i think you said you don't drink wine. i would like to know why you were, chose the name "citizen four" and i also want to say as

you mentioned in your new yorker interview you're working on a tool that you might offer to journalists in dangerous areas. i wondered if you could update us on that. so combine those into one. >> yes. that's a lot. yeah. it is my goal to return to the united states. unfortunately, there are no provisions under the mechanism of the charges leveled against me for a fair trial. that provides some challenges. i'm constantly working with the government to see if there is any way we can do this in a manner that serves the public good. unfortunately, everything we've heard implies that they want to basically use me to scare everybody in the world out of ever saying -- obviously it's fundamentally something i will ever agree with. there is work to be done but the government is becoming more open and who knows? also internationally it is becoming more and more clear as well in the united states as no

harm surfaced that this really, i never should have had to do place. the first so we'll see. second thing is do i drink? no. i've never been drunk. it's not a religious thing, inideological thing. i just don't like the way it tastes. citizen four, i'm neither the first nor the last. when i was thinking about that, i used a number of synonyms then but the point i wanted to reflect was that this is a tradition. in the history of civil society people have to put themselves on the line. people have to take risks. citizens have not just an in rest but an obligation not just believing in truth but standing forth and challenging the government when it goes too far. if we see our constitution being violated on a massive scale, and we have been demanded by the power of our own government by these officials to swear an oath that we will protect that

constitution against all enemies not just foreign but domestic as well, we have a duty to stand up and do something about it. i tried to do my best to do that and that's that. and i hope others would do the same in the future. i hope we will have no need for something as dramatic as we've seen in the last year. but we'll go from there. the last one i completely lost track of. sorry. i'm not sure. >> whether you are working on a tool to protect journalists. >> that is still an area of active focus. i am doing a lot with the freedom of the press foundation. there are projects i am working on developing. i'm actually beginning to develop in my thinking there, which is we should not develop tools that are specific to journalists and we should provide tools that are toward the general audience, provide value, and serve everyone, but they also take a specific interest in providing to protect the use to journalists.

journalists, your sources can communicate with you on this. it will be all bulletproof. much more nuanced than that. you suddenly stand out like a sore thumb when people are looking at the crowds. when you look at the analysis over mass surveillance systems, they go, who is using the communications signature of this one program that we know is associated with journalists communications? >> encryption makes you invisible, but highly visible to -- [indiscernible] >> everything will intelligence group in the world goes, why is this person different? we see this in is changing and normalizing the use of encryption, which is important we are hiding within the crowd.

this is being done which has been going on for a number of years. i trusted my life to it, and history shows it did work. it is not bulletproof and is -- in the future. for transactional things, basically what do you use for your bank transactions online, communications, all the stuff has to happen with greater -- i will say one thing, have to point out i'm disappointed in amazon.com still uses unencrypted searches. when you go and look at a copy of "1984" online or a book about community organization, wherever that jurisdiction is, they can see what books you are looking at. this is incredibly dangerous, and it is morally responsible as a business, and it is

problematic that amazon allows this to continue, when they have the capability to provide more secure communications, because as soon as you go to purchase that book, they turn it over to encrypted communications. i would hope that amazon would take a position there, and say, all right, let's encrypt the whole library. >> some of our friends from "the washington post" can answer. i would love to do this for another hour, but we are at the end of our allotted time. i wanted to thank you for both taking the time to talk to us and thank you for taking the risks you have to inform the public. [applause]

>> they knew they were going to

spend a lot of money and technology. on technology. they watched harry reid election in 2010. it was a tough race. he was going to the latest technology. he said he was going to build the most thorough campaign ever. got there. >> sunday night at 8:00 on c-span's q&a. to mark 10 years of q&a, or in one program of each years starting december 22 at 7:00 p.m. on c-span. >> washington journal is next. efforts to combat isis from the senate foreign affairs committee. in 45 minutes, talking to one of

the march's chief organizers, reverend al sharpton. then, larry pratt, executive of gun owners of america. ♪ host: it looks like we're going to see the u.s. senate this weekend. the agreement cannot be reached in several areas, including how to get to a final vote on the $1.1 trillion bill to fund the federal government. current money runs out at midnight tonight. setting up today's showdown on the senate floor. c-span2watch it live on today. we will explore what the problems are in the senate and now the senate might get past them. we also want to hear from you. here are the phone