the federal government agencies. making sure that they were prepared. protecting privacy of american .itizens while doing that promoting information sharing. how has the focus changed over the best two years when it comes to cyber security and protecting against attacks. schwartz: the sony incident and the incident against opm in the government. focus on making sure we have parts of the government and the economy protected that aren't necessarily the major federal agencies but making sure we have a lot more coverage and more across a wide range of different entities. everyone is at risk of the cyber

incident. have you go about making sure the you have the resources that those institutions need that don't get the direct funds and direct information? >> in your view what is our biggest vulnerability? schwartz: right now we have a lot of old systems in place and the newer systems are better equipped to protect us. we need to be would update the systems. based on the known threats that we have. as the networks begin to grow have you go about building in the security? >> when you talk about the old systems? schwartz: the opm case where you had a system that was 25 to 35 years old depending on which

pieces of it you're talking about. and you are trying to protect it today. you don't really have the resources to do that. you have to really to upgrade some of those systems. you can expect an 80's mainframe to be able to hold the sensitive data that we have over the last 30 years. we need to even upgrade to new systems. >> joining our conversation this week is corey bennett, he is a cyberspace reporter for the hell. ill. corey: tell us about the benefits that this bill might bring in terms of cyber security. schwartz: i don't want to oversell the possibility of

information sharing. it is important. the key point is that as we begin to upgrade those systems, the ones that have the ability to receive information and to automate this process of knowing when a threat comes in. that information can then be automated and you get to the edges of the network and we can build the protection faster. as you learn about the threat you can immediately take it to the edges of the network instead of taking weeks or months to patch the system. that is really the main goal here. to create the ability to automate and the incentive to share that information that we need. to find the threats faster. corey: you mention that you don't want to oversell it to a layperson might be watching it. ,hat is stop those breaches such as home depot?

schwartz: you get to the point of having upgraded systems that can take in that information so that it happens at one store and all the information goes to other stores. both of those incidents involved malware that had been known out there. it is hard to get to that point today. if we can update those systems and the information out to where it needs to be, then will be in a better situation. it is not the only protection. hardening the systems in the first place. looking for the right things and have the training and the staff that can do this. stop the incidents from happening in the first place. that is the best protection.

there's an added piece that can help us. >> what is the purpose of a cyber attack? there are a range of different reasons for cyberattacks. at the national security council, they reserve the word attack for something that is truly damaging. or destroyed.down you will hear me refer more to incidents. when information is taken cause a lot of harm but we are not a situation where it could be a crime, it could be espionage.

you have these different purposes whether it's espionage or just a crime. in some cases, people want to and they use thehe use internet as a means to make a point. are these individuals or state actors? schwartz: we are definitely seeing an increase of state actors. countries are ramping up their abilities in this area. it makes a lot harder for folks to defend themselves. say is growing exponentially, but it is certainly growing. we have new tools now that we didn't have in the past and that gives us insight into the kinds of threats that we made out of

seen before. now we're seeing a lot more of it. what has become public is certainly a lot larger than it was before. but it is growing at some rate. >> who are those countries that you're talking about. datahat are want with u.s. ? obviouslychina is one. iran has become a player. north korea was identified as the actor in the sony case. from an intelligence point of view, it make sense together data to try to figure out who individuals are and make decisions about it based on the information that you have.

we have seen instances where they just want to take down a particular company or service that they think is in their national interest. there is a wide range of companies that has been targeted that you would not think would be on the list. it is something that almost every country in the u.s.. corey: the casino comes to mind is one that was targeted because of sheldon adelson. i am interested in understanding explain the difference between a cyber attack in cyber espionage. seen that necessarily kind of takedown. .ut people

why haven't we seen it if we are so vulnerable. schwartz: a nationstate would really want to have to take down the company to make a point. . some people have said that it is an imminent threat i'm not quite sure about that. but it is a major concern. the electric sector has done quite a bit to build up its resiliency in this area. but there is still a big risk out there that things can be planted in advance and used by nationstate when they want to use it. that is really that concerned. are these companies scanning thinksetworks regularly it looks strange and how we go about finding those in advance.

use it when you needed and not to try to implanted and conduct the attack at the same time. there is evidence that russian hackers are sitting on the networks sussing out potential vulnerabilities. schwartz: utilities in general. i will leave it at that. that is just a fact. what is your responsibility of the isps? schwartz: we want the isps to play a role in security. as consumers we expect them to look out for our interests. as companies in this space. there is a question of how much do you want to do that. we have privacy questions. what kind of role that they play as gatekeeper for the network and what kind of role to the plate delivering the communications and sharing information?

the internet has grown the way that it has because we have had these open networks. we want to keep that going at the same time we want to be able to build and protections. the isps are doing a lot more to try to balance the two and keeping the networks open while building in more protections. sometimes it means that they charge for the services. sometimes they just provided as a baseline service. there is an ongoing debate on that issue. >> given what happened in san bernardino and the use of the telecommunications infrastructure, is the pendulum swinging away from privacy? schwartz: it is not going back and forth. to try to do both the

same time. i worked on privacy issues before i came into the government. i was working mostly on security issues but also some privacy issues. we keep having this ongoing discussion as though we have to have one of the other. you can only have privacy are only have security. they are both written into the , we have to be able to do both at the same time. that is what the american people expect. which do our best to do both. corey: senator dianne feinstein has introduced a bill that would require social media platforms terroristsuspicious activity on their networks. is that too much of an infringement on their privacy? schwartz: social media does that

today. they do a lot of this voluntarily. they are improving their ability to do it. what more would you expect them to do if you mandated it compared to what they are doing voluntarily. . don't understand i worry about tapping that in legislation and then that is all they're going to do. where are the lines here and how we go about promoting it in a way that encourages them to do a lot more. voluntarily and to invest to protect their users as much as protecting us. corey: encryption is another issue that is coming to the conversation. what is your opinion on encryption being part of this conversation and people using

these attacks to promote the fact that we might need an entry point. schwartz: it is more of a security versus security debate. systems, allecure the things you need to do to proactively secure systems rely on encryption. the greater use of encryption actually winds up producing -- protecting systems better. what happens is that something happens behind the scene and law enforcement needs the information and then law enforcement can get out of it. so far it hasn't happened that much yet. greater push this

for end-to-end encryption. i was talking at the beginning about moving to new technologies . why the benefits of new technologies is that you can build in a lot more layers of encryption if they are faster technologies without an impact on the performance. we want to build in greater levels of encryption into the system. so that it is harder to attack. hard to penetrate. it is going to be harder for law enforcement to get access to that information. that is where the tension comes in. corey: what kind of alternatives are available. has called for a commission on technology and law enforcement. encryption would be one topic. some people say there is no alternative.

schwartz: i think there are a lot of alternatives out there. when it comes to certain kinds of encryption. we are talking about and to and on the communications line, there are fewer choices there. when you show about information actually being on a cell phone, the san bernardino case, the information was on a cell phone and they tried to destroy their cell phones. it seems as though they are still getting information on thee phones even though folks try to destroy it. the same would be true if it was encrypted or not. that was the case in the french incident as well where someone was using the cell phone and had some encryption on it.

but law enforcement had access to that immediately. when they have the device itself they can get information from it. law enforcement was not hampered by that necessarily. even other was some encryption involved in the case. you have to figure out what exactly information they need in that case. depending on the type of encryption they are talking about. >> the move to the cloud, has it made it easier for law enforcement to get that information? schwartz: it is different in different instances. as you have more information the , that could give law

enforcement more of a greater ability to access that it. if it is encrypted and their stronger protections around it, it could eventually mean they'll get less access to it. in the short term it means they've had greater ability. >> to put a really simply, hillary clinton has called for facebook and twitter and other get ridedia outlets to of the sites that are being used by terrorists. is that realistic? schwartz: what they can do is take down things as they pop up. lacrimal but they

can go further in that regard. there is effort to make it easier to do. then we can take advantage of technology. corey: some of this space to the government's ability to conduct digital surveillance. we just finished a big debate about a phone metadata collection program. we are or been at the battle about internet surfing. section 702. there has not been enough -- as much of a push to totally eliminate that program. what you think is going to happen with that or do we need it? schwartz: there's a difference

in the way that those two programs have been seen. the privacy and civil liberties oversight board which was givesd by congress that public comments on this type of activity. they said that 702 there were some tweaks to it that could be made. it allows law enforcement and intelligence in more information from folks working with companies directly to get it. communication information. under certain court supervision.

the issue i think has been -- the president called for review .fter the nsa disclosures can board had a lot less concerned with 702. those two different groups making this kind of recommendations on this front changed the way that a lot of people are talking about these issues. this is a mean that there can be but we're talking about very differently than we are with the telephone metadata program.

when you say to people who are concerned about the government surveillance, the privacy concerns in the current bill, just another way to shuttle data on americans to the nsa and the fbi? the white house initially had concerns about that. they have since come around as the language has moved forward. schwartz: the white house is still concerned about it. they continued to raise privacy concerns. what is the oversight even put over it? one of the keys that the white house had when i was there is that to make sure this goes through a civilian portal. when information comes into the

government? that allows for public oversight. oris all going through nsa the defense department. it is much more difficult to do public oversight that you need. privacysure that the controls are put in place that we must have. that has been a key point for the white house. privacy groups obviously feel like that is not enough. buts an important component they are concerned about how the information is shared afterwards. that becomes a key question on how you go about looking at these issues. we be having this conversation were not for edward snowden. on this particular bill the white house actually threatened to veto of it with this exact

same point in mind. , we would have no oversight over it and it would be a major problem. that was before the snow revelations came out. that often gets lost. he said this was something he cared about. that is something i really point to all the time. this is proof that he actually meant that. there has been concern in the white house for the kind of oversight you can do of the private entities. this will be true's researcher raise some of the security issues that we've seen in recent months. is this an area of cooperation between congress and the administration. ?

lot of bipartisan work and we've seen starting from where we started, the administration threatened to veto it. we've moved toward the center. the ability to come up with bipartisan solutions in this space has caused the white house to change its view. there was this kind of coming together on good solutions that would address the privacy issues and create transparency while still protecting security. cori: obvious leave the white on cyberts to see more

security. schwartz: my view has been that cases whereumber of the agencies and entities that are being hit are one so we wouldn't normally not expect that to be the case. there was never have the technology that they need. we have to think about how we are investing. traditionally when it comes to terrorism we give our money to fbi and dhs. that is not enough with cyber security. >> you have moved on to a company called venable. firm,tz: it is a law although i am not a lawyer.

toare building a consultancy try to help companies in these different areas and build the protections of in ways that work and it canng law happen so they don't have to be afraid to look. they know that they have the ability to do things under the andrney-client privilege use the new technology to search and find the concerns that are out there. ari schwartz is now with venable, and corey bennett is with the hill newspaper. thank you both.

>> all persons having business before the united states supreme court are asked to give their

attention. >> landmark cases, produced in corroboration with the constitution center, exploring the dramas behind 12 historic supreme court decisions. >> quite often, in many of our most famous decisions, the ones the court took were quite unpopular. >> let's go through a few cases that illustrate very dramatically and visually what it means to live in a society of 310 million people who need to live together. >> good evening and welcome to the landmark cases series. tonight, case number 11 out of