8:00 a.m., a landscape historian about the annual white house easter egg role which began in 1878 and the changes that have been made on the way. this weekend on the c-span networks. next, a discussion about how consumers, corporations, and governments approach surveillance and privacy. the discussion was hosted by arena stage in washington dc. -- in washington, d.c..

edgar: good evening, everyone. can you hear me? good. my name is edgar dolby, the executive director here at arena stage, and i would like to think i have the best job in the world. one of the reasons is that we get to introduce new programs and new ideas that we have with arenas forum, civil dialogue. we asked a question whether that is actually possible in this day and age, and it all started with the across the table lunch with amitai etzioni, our -- if this were our play, he would be our playwright, and he would also be our director. this is all his conception. he is really welcome here at arena stage. we like to think we are in the empathy business.

one of our trustees asks us every board meeting, what is your business? i think building empathy during -- i think building empathy is one of them. we have a number of core values from here, and at the top of that list is learning in the rehearsal. at the rehearsal hall and you are meant to take risks, you're meant to be generous, be prepared to step into another character's shoes and to work on telling a story. so it seemed to be the idea that we get together and we have some conversation starters. we then engage in a very civil way in looking at an opposite point of view. it seems to be a natural fit for

us at arena stage. so this is the first in the arena stage forums. we are test driving the idea. we have two more that are scheduled, that information is at the back of your program here. but it is meaningful to me that we are able to do this on monday nights. monday nights -- there are no performances, so we should light the place up. well, i am hoping that we light the place up on monday nights on many occasions around such an important purpose as engaging in civil dialogue around difficult issues. so amitai etzioni does not really need any introduction. his -- a very brief resume is in the program. i just want to say that i feel

like i've made a new best friend. i certainly admire the fact that you have the generosity of spirit to share your humanitarian ways with us and the fact you have assembled such a wonderful group to engage in this discussion. he must be a bit of a prophet as well, because who knew that the topic for tonight would be so relevant? i know you wanted to pick something that was maybe not so hot and controversial, but it did not work out that way. [laughter] edgar: so let me get out of the way. please welcome my new dear friend, amitai etzioni. thank you. [applause] dr. etzioni: edgar, thank you very much indeed. it has been a true joy working with you. from the luncheon we had, the whole idea was a long sentence.

edgar and his staff turned it into an event. it is completely easy working together. it is also an opportunity for me to speak to the arena staff. there is a lot of work that goes into an event like this. dialogue starters who are all extremely in demand and busy people. and for all of you for joining to access the dialogue, i like to also say, edgar, we met our first marker, because this evening, we are going to be on c-span, which means our conversations are going to reach way beyond this room. we are hoping to model that people who come from different

backgrounds, but people work for the government, people from the private sector, you have people from academia, liberals -- do we have somebody who is not a liberal? we have a rich variety of viewpoints, but i'm quite confident that we're going to have a very civil dialogue. the theater for me is a magical place where did you leave the world in which you live, a normal world, behind, and for two hours, you can dance with "the king and i" in thailand, or serve on the jury of arthur miller's play, and tonight, maybe you can leave behind the andd of polarization

confrontation and anger and enter this magical world of dialogue. i want to add one more sentence, and that i would get out of the way. the way i see what is happening is barred from the court system, the advocacy models and employed for discussion of public policy, there i see in the court there are only two sides. very rarely third or fourth. that is already polarization. each side presents the most stark, extreme points, emotional way they are positioned. one final thing, the nicest person alive, he has a dog, he calls his mother every christmas, and some say he is the most awful person that she does not have a cat and is not say hi to his father.

out of that clash of 21-sided two one sidedf truth for justice and real life. we have one side saying privacy is is dead. they are recording your dinner conversations. on the other side we hear corporations are building safe havens for terrorists, even in -- will will not -- which will not allow government access even for the courts. and out of this extreme again, some kind of reasonable position should arise. i think a starting point for a good conversation is to assume that we have at least two major considerations. we clearly have an alienable rights.

privacy is high on that list. and we clearly have a concern for the common good. for public safety, protection, public health. 's to some -- to some degree reconciled, but they do common two dimensions. a good conversation will start by not assuming that one will trump the others and make all his way, but we have to start. at the end of the year, we can hardly minimize the conflict. this is one of the biggest subjects of tonight's conversations. we want to ask our panelists -- are we failing too far in -- are we tilting too far in direction of securing surveillance? or our way of our concern for privacy to not allow the government to do its job?

where are we and where should we be going. you. going to start with gabe: thank you so much. thank you, professor etzioni. thanks to arena stage for holding this discussion could -- this discussion. i will be a good lawyer and answer the question with a question here. the question is -- is the balance appropriate between surveillance and privacy? i will push back a little bit on that. balance is perhaps the wrong word. our system of government is the one based around i think an agreement that we all have the best way to do things is where we have ambition checking ambition. this is the old joke. i used to work at the aclu. i currently work at the committee for freedom of the press. the one time an aclu attorney was on saturday night live they

would keep saying "checks and balances, checks and balances," and i think that is what we are all striving to look for. to have hard and fast rules that ensure to the greatest extent possible, law enforcement and the domestic activities of our military and intelligence services are focusing on individual circumstances where there is some indication of wrongdoing. a search warrant is the basic example of that, it says you cannot really do anything unless you can say, articulate in a clear way with specific facts that what you are trying to do is based upon some predication, that it is based upon some real suspicion that what you are going out to do is going to find something wrong. again, the issue is -- you mentioned the word "reconcile." i think it is reconciliation.

we are not trying to balance surveillance and privacy, we are trying to find ways where you have effective law enforcement but you also respect these thatrdial principles underpin our free society. so i wanted to make two specific points. specific us to answer questions, which is how can we make things better? i think in two ways, i think there are two specific things that came to mind when i was trying to think about that. if i were king of the world, and i do not want to get too wonky, but i would do a better job of establishing policy legislation that is almost technology agnostic.

what i mean by that is the political system tends to focus on the state-of-the-art at the particular time. email is a good example of that. policelook at procedurals, most people think you would need a warrant to wiretap a phone -- which you do -- and you need a warrant to search emails -- which you actually don't in some cases. the reason for that is congress, when they were legislating on what is required for law enforcement to access email, congress was looking at a system where it was extremely expensive emails in the cloud, the proto-cloud at that time. you are talking about in the tens of thousands of dollars for a gigabyte of information, whereas now that the cost of that is in cents. so the notion of someone having an entire decades' worth of gmail sitting up there in a remote server, it did not occur

or was not front of mind for lawmakers when they were doing that, and as a result, we have a system that does not protect at the rate but i think most of us would agree they should be protected. that has real-world effects. when we talk about reconciling surveillance and privacy, we need to be approaching it from a common frame of reference. in many cases, we are not, because we just don't know what is happening. at the reporters committee, we just had a case where this actually happened, again, and email context, where a judge effectively said you have a first amendment right to look at the application materials for physical search warrants, but because an email warrant isn't really a warrant, you do not have a first amendment right to look at the application materials for an electronic communication search warrant.

this is the case where the public's quest to understand and define that common frame of reference that will allow us to appropriately reconcile surveillance is being stymied. it is a concrete example of how i think, as you mentioned, we can be looking at ways to improve our policy in lawmaking. i will leave it at that. i look forward to questions. matthew: thank you very much, and thank you, professor, for moderating this, and thank you to you all. and to arena stage. i am impressed that there are so many folks here this evening. i cannot even get my own high-school-aged son to come down here. i hope he is watching c-span, but i think he is probably playing video games right now.

look, this is a really important set of topics, and i know that you, professor, has dedicated your scholarship to this question of a balance between the common good and individual rights. in my experience, those two things often are in tension, and i do not think there is any subject where that tension is more pronounced than in the area of government surveillance. my own career in the government, 20 plus years, most of that time as a federal prosecutor here in washington, and then several years in the intelligence community, including of the national security agency, where i was general counsel. i come at these issues largely from a security perspective and from the government perspective. let me make three brief comments that i think help at least frame these issues from my perspective. the first of those observations really is that this is not a new debate.

it feels new at times because it is very salient in this current environment, but it really goes back to the founding of our country, you know, the imperative to protect the common good and individual rights is embodied in the preamble to our constitution, which speaks of the necessity of providing for common defense on the one hand and the importance of securing the blessings of liberty on the other hand. this goes back to our founding document. in fact, the founders spoke of this being an ongoing process when they talked about the importance or the effort to create a more perfect union, not stating that this was an end state in and of itself but rather a process or a journey that we are on together as a nation. as a constitutional matter -- and you are a bunch of lawyers here -- it is the fourth amendment that really captures this tension when it comes to government surveillance. there the important concept is reasonableness. that is the touchstone of the

fourth amendment, as the supreme court has said. what is frustrating, i think, is -- what is reasonableness? we have had to become comparable with lawyers and citizens that it is a dynamic concept, it is fluid, it tends to be challenged by changes in technology. i think the main point i am trying to make up the top is this debate has been going on since our founding. what is reasonable when it comes to government surveillance? the second point i would make is there are no absolutes in this discussion. this idea of reasonableness embodies the idea that this is a balance. when it comes to privacy, there is no such thing as an absolute zone of privacy. ben franklin understood that his diary could be subject to being searched by the local constable as long as that constable followed the law and obtained the necessary judicial approval for that search or was otherwise subject to the rule of law.

so there is no such thing in our country as an absolute zone of privacy. similarly, there is no such thing as an absolute right to conduct surveillance. surveillance has always been subject to the rule of law, and that is true, particularly with respect to law enforcement and the idea of getting a warrant to search a house, but it is also true, going back to at least the 1970's and the church committee when it comes to national security and the importance of following the rule of law and having effective oversight over the effort to conduct surveillance for national security. no absolutes, and the -- it is always subject to the rule of law. third, have we tilted too far? i would say we have gotten it about right. i think the balance is where it should be. in the criminal context we have struggled to adapt to new

technologies what comes to what is reasonable and when a warrant will be issued, but i think the fourth amendment has held up to the test of time. really importantly, and the national security context, when it comes to the foreign intelligence surveillance act, fisa. we just had this debate about the renewal of one of the key pieces of that act, post-snowden, post the revelations that snowden has made about the law, and the law was effectively extended for several more years after a lengthy debate, and that extension, without any really significant changes to the law, reflects the will of the people and the notion that congress is determined, based on the will of the people, that we have got that balance about right when it comes to national security. the last point i will make briefly is i do think there is an area we need to work much harder, and that is on cooperation between the government and technology communities. i think we have lost some of that cooperation, and that cooperation will be critical in solving some of the key

challenges we face, including encryption and cyber security because of the innovation in our technology community, and it needs to work better with government. with that, i stop, and i look forward to your questions and the discussion tonight. jeffrey: how can we balance the values of liberty and security? we can translate the text, an original understanding of the constitution, into a technology age, into the age of facebook and drones and cell phone surveillance and nsa surveillance. what does the text of the fourth amendment say? that the right of the people to be secure in our papers and effects against unreasonable searches and seizures shall not be violated, but no warrants issued but upon probable cause, particularly describing the place to be searched or the person to be seized. what does that mean? for a nonpartisan understanding, you must consult the interactive

constitution, which is cohosted by the national constitution center in philadelphia, which i this amazing new app brings the top liberal and conservative scholars in america lawyers together to describe 1000 words about what they agree about and what they disagree about. if you click on the fourth amendment, i want you to download this app. not now, because i'm speaking, but after the show, you will find the core meaning of the fourth amendment at the timing of the framing was to outline the general warrants and with the system that sparked the revolution. what were they? engines of tyranny who authorized assumed agents to break into the homes of citizens and rummage through their private diaries and papers in search of judicious libel criticizing the king or evidence they had not paid the hated

boston tea taxes. john adams said at that moment the child, revolution, was born. so liberals and conservatives believe that any electronic searches today is, by definition, unreasonable and unconstitutional law and an anathema to liberty. cell phone surveillance, the supreme court is about to drive about the most important case for digital privacy in the 21st century. can the government subpoena -- which is demand without warrant -- five months of our geolocation records? that is locations owned by the

cloud, verizon or whoever our provider is, and with these, we can use the movements of a suspected drug dealer and see that he was -- he was not suspected of selling drugs, he was suspected of stealing cell phones -- you cannot make this up. the government concluded by breaking into his cell phone records, but he was a cell phone theft. the objective of there was no valid warrant and said the search was unconstitutional. the supreme court do? my predictions are as good as yours, but i believe that this court will, by a strong bipartisan majority, hold that the search of our movements in public for a month is unconstitutional and unreasonable. but justices are likely to emerge on the reasoning. neil gorsuch and the like are likely to say we own our property rights could when we surrender them to a company, we have expectations of those records will not be misused without respect to terms of service, and as such, that is unconstitutional.

the more liberal justices may hold that we have a next rotation of privacy on the whole, so when the government can reconstruct everything we can do for five months in public, it can confine the rallies we attend, the poems we write, the love letters within a set, and in a citation of privacy just like those diaries that were seized during the revolution. i think it is inspiring >> and we do have an expectation of privacy in those movements just like the diary seized in the american revolution. i think it is inspiring that the court is willing, by often unanimous vote to translate the values of the fourth amendment to a world of new technologies. that creates lots of hard cases that remain. what about nsa surveillance? there, the nsa is seizing records that somehow than the past. we had no expectation of privacy because of this doctrine called the third-party doctrine. that says when i voluntarily surrender a record to a third party, i lose all expectation of privacy in that. were that to be the case, an age

where all of our private diaries are stored on third-party servers, we would have no privacy. it is inspiring that conservative justices, as well as liberal ones are willing to strike down nsa surveillance like this and they have quoted james otis's final case. i think they are doing a noble job translating these values and understanding into an age of new technologies when surveillance is ubiquitous and involves so much on our movements in public that it clearly violates our mental privacy. the values with the right to engage in political dissent. what about facebook? what do we do in an age where mark zuckerberg has more power

over who can read up our information than any supreme court justice. the latest privacy scandal is just the latest issue for me as an observer. gained huge amounts of private data to cambridge analytical and that was used to send a targeted ads, not only in the 2016 campaigns, but to influence the brexit vote. citizens are realizing this is not the government seizing our intimate thoughts and political preferences, and trying to suppress our dissent or push us

into one camp or another, it is the private sector, yet the fourth amendment says congress so make no law, it is not say mark zuckerberg should make no law. the great constitutional challenge is to figure out what to do in an age where the powers of the platforms are not regulated by the constitution but they are exercising the power of constitutional officers. those answers are not easy, but the fact that zuckerberg said regulations may not be necessary, that europe is about to pass the most significant privacy regulation of recent years, and that even congress may be moved to act leads me to believe we will have citizens marching in the streets as they

have been doing so effective recently. on behalf of the fourth amendment when it texts -- protects the same privacy when it comes to facebook and others. >> i have been looking desperately for a way to keep you in state a little longer. [laughter] so enjoy it for one another minute. tell us, if you have your way, and the government will not be able to search our phones, how much does it do to public safety? jeff: what is remarkable of these cases, the government could easily have gotten a warrant in the case, which was the first case where the government stuck a gps case at the bottom of a guys car. they were supposed to only search in the sea, and the search in maryland. they only were supposed to search for 10 days, but they searched for 11. this was the obama administration, they stood up and said we have no expectation of privacy and therefore no warrant is needed. completely unnecessarily aggressive and, once the government said you needed to

get a warrant, the police said no problem, we were going to do it anyway. in this carpenter case, the courts hold again that you need to get a warrant before you can get five months of cell phone records. that will be a problem either because if you have a serious enough crime like the ones that were involved in the case, and enough time to get a warrant, you can get one as well. chief justice roberts wrote the unanimous opinion in the riley case that said when you are arresting someone, you cannot search through their emails in their phone. a phone is not like a cigarette packet. the phone has our emails and we have an expectation of privacy in our emails. i respect your dutiful effort to balance the interests of liberty and security, and i thought you did a thoughtful job in the balance, but these should not be hard cases. and they are not because they

are nearly unanimous. for the framers, you need physical trespassing before you can go over the fourth amendment. in the 20's, they said if there is no physical version, you can go to wiretaps. it's exciting to see that they are doing things without physical trespassing. >> what an honor to be here and follow in the eloquence of jeffrey rosen on talking about the doctrine. you should go to visit the constitution center which he is the leader of. as a moment of indulgence, i'm a tenor, i think in my temple choir, i love singing, and i never thought i would get to the arena stage here. [laughter]

[applause] let me just say that. i'm sorry, i have a sore throat so i can't sing tonight. [laughter] it's actually true. i come back to this community and do it a little differently. thinking about the communities of which nation and which community. a lot of the issues today are things stored in the cloud. where the united states government might want to get it under the fourth amendment, but maybe the british then wanted. maybe we trust the british maybe. then maybe india or china wanted. we are going to have to sort through all of the countries in the world. it will not just be our one community being behind two oceans. it will be somehow interacting with the rest of the world. when we do that, there is a great temptation to think of american exceptionalism. it is our constitution, there is the fourth amendment which

jeffrey just gave us in verbatim. let's think about, if we share with the rest of the world when england should get access to it or france, some of these things, we should have fundamental rights protecting them even if they are requested from other countries. for instance, we might say we only share and have reciprocity with other countries if they have probable cause for warrants. that might seem the fundamental thing you have to have. there has been proposals that the u.s. should get access to u.s. companies as long as they get probable cause. no one else has that standard. that is an unusual standard that is held by the u.s.. maybe we can settle on something else as the bear minimum of what human rights requires read let's have a neutral or independent magistrate. that is another part of the

fourth amendment, except when i took history and law, and france, they don't do that. they are investigating magistrates that are involved in prosecution and don't have independent. in many countries, no independent judges, and so now, what communities do we go to? are there principles? universal rights? or do we say everyone gets to do it for themselves. defining a community is important. there are some sentimental rights that we want to have in detail. we can get a lot of people on board for that. we can have rights before the government seizure emails where we might have a principle, some check on the zealous prosecutor, or the exact details might be different. there will be some things were countries very. once they differs from another. when we think of independent and

community in a world of 200 countries, where emails are accessible to everyone else, we have to think through the 200 countries. i'll give you an example from a debate. we can come up with discussions in the united states of whether the nsa or fbi should be able to get decryption, to get into our correct -- encrypted communications. in the united states, we might be able to build a structure to make sure they never abuse it. maybe we can hope for that. once the u.s. or companies provide a technical means to open it up, i said technical means that is open to china and russia, so as you think about opening it up, do it as long as you would trust the least trusted country to do it. if you trust russia and china with access to decrypted stuff, go ahead, but if you do not, don't think the u.s. will have the magical ability to see this for the community.

or think the chinese and russians won't. we will have the same software, same devices, and the same problems. in the encryption, there are countries that i don't trust. i won't let the u.s. have a way of having broken encryption. we should have technical means for cyber security. but then i say something else, and i will stop here. of having broken encryption. the police say they are going dark, can't see the encrypted information, the bad guys will get us. going dark means the police can't see anything anymore. instead, we are in a golden age of surveillance. that is what the facebook story tells us. we carry a tracking device on us at all times for location.

a lot of you grew up not having a tracking device. now you all have one. you have databases, facebook, and everything else. you have cameras of people around you all the time. the police have enormous resources to find things for the common good. we will live with that and try to put checks and balances on that. but then, beyond that, we should not break the encryption for everyone. we have to have technical security. if we don't do that, businesses can you are -- do the things, and everything will be broken for everyone. that is a much worse world. >> i guess i get to play a little cleanup here. i will do my best. this is quite a distinguished panel and i second peter's statements. visit the constitution center, it is really -- and if you have

children, take your children. i think it is a must visit for anyone who cares about these issues and others that are going on today. certainly, thank you for inviting me to participate tonight. this is such an important discussion and it is an important discussion to have a dialogue about civil society in a civil way. these are challenging answers that no one entity will have the answer for. the courts will have the answers, the government will have all the answers, companies may not have all the answers. civil liberties groups may not have the answers either. collectively, i think the hope is that we can come up with solutions on how best to move forward. in part, it has been interesting and peter and i go back a ways working on privacy issues

generally for 20 years? jeff: yes, about 20 years. frank: it has been interesting to see the dynamics and how things change over time. there's a big privacy conference in washington dc. i remember when you could not get 10 people in a room talking about privacy, and now they have thousands of people who participate from all walks of life from companies, and advocacy organizations and others, government, on talking about privacy and trying to figure out different issues that are important. what i've seen develop over time, and is really come to be a part of the discussion today, is two things. wine -- and some of these have already been discussed, is the advancement of technology and

the law is not kept up. also, the global nature of what we are talking about now. it is not just the united states laws that microsoft and the companies like them have to abide by. it's how these things mesh together. and how to decide of a fundamental importance, our company, and that is how to maintain customer in consumer trust, maintain the trust of governments that you may be engaged with his well. for us, that goes a little too, or a lot to, what are the expectations of our users? how do we stand up for our users? especially when there might not be a rule of the law hasn't -- because the law hasn't caught

up. for microsoft, we consider to be -- that to be a fundamental human right. because of that, we do things differently internal as regards to privacy. we also challenge the government and we have done that in a few instances. we have challenged the government when the two gag orders. in part, -- we are entrusted with our customer's information and the information -- the government law enforcement wants to come to us, a company and ask for information. should we be allowed, in certain cases, not all cases, should we be able to tell our customer that the government is seeking data. because the customer is in the best position to defend their rights.

in this age where before the customer is holding all of their data in file cabinets, which probably isn't the most efficient way to hold data, the government would have to go to that particular is this entity and serve them with the papers and get the information that way. in another case, we received a warrant for information, about five years ago, we received a warrant for information from one of our user's email accounts. we took a look at when we receive these legal requests for information, we check in to see whether or not they are legal requests, do they comply with the law, and in this instance, we said we don't think the law that currently exists that was

written in 1986, applies to this warrant because it is seeking data that is of a foreign national that is residing in one of our data centers in dublin, ireland. we challenged the case and the case went through the courts, we lost in the lower cases, appealed to the second circuit, and we won in the second circuit. the court said, in part, that this is a situation for congress to act on, that they agreed in part that when congress passed this law in 1986, they did not contemplate the world -- the way the world works today. congress did not contemplate this sort of situation where companies are global, information can be held elsewhere, we have u.s. law enforcement seeking to go in and get this information, for a foreign national in a foreign place, shouldn't that citizen of

that country, say ireland, germany, france, pick the country, have an expectation that the laws of their country should apply. that gets a little to what peter was talking about. we challenged the case, it made its way to the supreme court, we will see what the supreme court has to say. at the same time, also believing in the second circuit's view that this is one for not the courts, not any individual company to sort out, but one for congress speaking on behalf of the citizens has to determine what the best way to move forward with -- forward would

be. this law passed in 1986, to contemplate these are come search -- the current circumstance. trying to work through how a new law or revision, a change to the existing law will work, u.s. law enforcement can seek this data. we had to come up or work with congress to come up with a light -- right legal framework. what's brewing -- what we found was, we were all facing the same situation, is not only because we are global, we are getting requests from u.s. law enforcement, also from foreign law enforcement for information that we, as a u.s. company, may holding about citizens of their country as those law enforcement agencies are investigating cases in their country. the same law that we did not think applied in our case, provided a "blocking statue" from preventing u.s. companies turning over that information to foreign law enforcement of

another country, even if under that country laws, those requests were perfectly legit. how do you fix this going in both ways? we worked for a number of years on legislation that was passed last week, the cloud act, attached to the omnibus bill that was passed. it allows for u.s. law enforcement to request data that u.s. companies may have, respecting and going through a process, looking at the laws of the other countries, asking the ability to object to that request from the foreign countries, for companies receiving that request to reject that, and setting a rule that allows u.s. law enforcement to obtain data on -- that a company would be holding about u.s.

persons, wherever that data may reside. there is a current court decision, the codification of this did not happen which is fortunate, there is a legal decision that requires law enforcement to continue to follow it. at the same time, the law allows for the u.s. government to negotiate treaties with other countries like the united kingdom, for instance, to allow for those foreign countries to seek take about their citizens that u.s. companies maybe holding, provided that certain things are met, including that they had to go through human rights records, congressional oversight that they not seek information about u.s. citizens. all of this is a long-winded way

of talking about one instance where our company recognized that the existing laws don't mesh with the way the world works today, and the importance we thought of protecting our users and trying to set a rule of the law that will carry us forward. there are likely other scenarios like this where, like i said, the existing laws have not caught up with the changes of technology. there is going to be many instances where additional public discussion, debate, back-and-forth engagement will be needed to sort out a good path forward. amitai: that is excellent stuff. i have 20 questions i want to ask you. i want to also get our audience in. i ask one question. that concerns that the golden standard for protecting our privacy is that the government

not be allowed to search them unless it is specific authorization or specific servers. basically, that is the golden standard. a day behind it, the government should not go fishing for -- should fish for significant information to show they were part of the crime. isn't that a much bigger deal? when we hear about what happened on facebook, doesn't make a mockery of the whole idea that the front door is locked, and the government cannot go and search but they can get it [indiscernible] i need to explain what i'm talking about.

all corporations, keep information about their client in order to, instead of advertising, improve the service. some use that information for advertising. [indiscernible] that's the only business, the only business they have, connects cons of information -- connects tons of information. in one case, 20 million americans, and in another case, 78 million americans read they have the internal revenue service and immigrations send that information. don't we have to rethink this

whole notion that as long as the government's warrant, the private sector can avoid it. how can that be? the difference between the fbi having the dossier on 200 million people, and give it to the government, is one click and one check. no difference. where do we go from here? frank: the events of the past few weeks, around facebook as well, this is one where, like i said, in my remarks before, we really do need to have a public discussion.

for some companies, i think maintaining user trust, where you have a more direct relationship with your users, consumers, enterprise customers, business customers, certainly doing something that violates those -- that trust will have some probably fairly significant business impacts. i think one of the things i have seen over time, is increased public interest in these sort of topics. i think that -- and jeff alluded to the marching in the streets,

while that may be more optimistic than i think will happen, nonetheless, i think i think some of what you talked about may come as a surprise to a lot of people. as that comes up, what will they ask of our lawmakers or regulators in terms of doing , something, curbing practices. i have seen the pendulum swing between the days after 9/11 where people would say in the name of public safety, the government should be able to get this data. it is important to protect us and keep us safe, and that should be a priority. and then, after the snowden

regulations -- snowden revelations, we saw the pendulum swing in the other direction. we say, do we want the government to be doing what some of the revelations revealed that the government was doing or trying to do? question and i think as time marches on, we will see folks working on what the right solution to it is. >> so the question is about data brokers and huge information that the government can get. that is roughly the question. i look at it this way, in the european union, as jeff mentioned, in may, they will have a very strict law go into affect. a general data regulation. it is pretty easy to pass regulations and directives in the eu. in the united states, when it comes to regulating huge, successful companies, we don't pass a lot of laws. it is pretty hard to regulate that. these same proposals have been around since the 1990's and have not passed for internet privacy on these companies.

and in my world, we have the u.s. not regulating, even when we see pretty bad problems. we see the eu regulating more than i think they should, what we haven't had is a good enough imagination of what can be in between. people haven't really -- at the legislative level of craftsmanship that went into the cloud act, the details i think , people are starting to say, social networks, what else is going on? and so congress has a chance to imagine more than they could imagine. there are people on different sides of the political spectrum that are not happy with what they have seen. but that is going to take some active work of imagining where there is some regulation of big business that makes sense. if the answer is zero, we will have businesses collecting everything and doing everything. and if you want less than that, you will probably have to have laws, and we don't know those laws and what they should be yet. jeff: just a quick thought,

since peter is absolutely right, that the u.s., unlike europe, is an suspicious about this the , court will have to do it in the u.s.. it is remarkable and criminal procedural grasses -- classes how much time we take to find out whether a private citizen is being used as an agent of the government. there is something called the silver platter doctrine. and when the police go along with a taxidermist who is looking for marijuana and the real purpose of him going into find the is to marijuana but when the police , officer asked him where he is if the situation is where you if the situation is where you describe, the data is used as a , specific purpose to give it to the government, it would be -- it would not be a stretch for them -- and the same judges might be

willing to say that you can't do it through the back door what you are not able to do through the front door. amitai: just to clarify, i see what you are saying. they are not collecting it for the government. they're collecting them for anybody, and in addition, they shared with the government, obviously. >> i think i agree with all three of you on this question. of course the problem is that so , much information is being collected by the private sector that people, the business model of these companies is to have us exchange our data to give them , our data so they can sell it and give us great free services. , we are seeing an instance where that whole business model, facebook's business model is being called into question because the way they make models make money is by selling our data. we have made his bargain that we get is great free service out of it.

the question is, would we be willing to pay for the service to have more privacy regulation? that is an open question. another quick observation, a quick challenge in this area. i'm in agreement with all your points, jeffrey, and i think the courts are challenged in drawing the line. about what point giving over data voluntarily to a third party becomes a fourth amendment violation, when the government gets that information. this is really a job for congress. that may be futile in the current environment, but courts are not very good at coming up with policies as well as -- coming up with policies, as opposed to implementing the policies that congress puts into law. i think we have a separation of powers issue here as well. >> i agree with all that is just been said. there are probably three other things i would note.

number one, as you note, the notion of legislating this area and regulating the private -sector collection of information is extremely difficult, there's a couple of things that we could conceivably do. one, we should pay attention to how the government is able to get the information that we share with private-sector entities. in the united states, we have the 19vacy act passed in 1970's, wesed in the have tried to control information that the government has. i think that is an important element to protecting individual freedoms in this new, brave digital age. the second point, is the old joke if it is free, you are the product. i think that is something we all need to internalize. we need to understand, what information we are giving over, how it is being collected, and how it is being used. that leaves me to the third

point. we did have the tools at our disposal to figure out how much information is being shared, how it's being used, and that is a -- that is particularly acute when you are talking about the government using tools like the freedom of information act, or state and local sunshine laws. it is also important for the private sector, this notion that sunshine is the good disinfectant, one of the reasons that it is a good disinfectant is that the chance is that sunshine will prevent somebody from doing bad things. amitai: thank you all very much. if there is anybody in the room who doesn't feel completely reassured yet, let me tell you, you are not alone. [laughter] it is your turn. shere are some standing mike

here. but i think the room is small enough that anybody can stand and speak. raise your hand if you want the floor. >> on the left. >> good evening. i think you your panel has , touched on a numerous amount of technology changes and other issues, but the question i have deals with a prediction of behavior of individuals who use, or maybe i should say miss use the technology to misuse people's personal information. my question is, do you see a time, if not through government, maybe private companies working with government, that we might start having away for individuals to challenge

companies, along with government on how the information is , gathered and used, or in this case, to prevent it from being misused. peter: there has actually been another law passed by congress year -- passed by congress this year that addresses some of that. congress passed laws when we weren't looking. it might be called festa, i'm not sure. here's part of what it is about. up until now, if you ran an online service and people posted stuff that was bad, the company that was running the online service could not get into trouble. they had intermediary protection from section 230 of an old law. and the new law passed, which i have not studied in depth, makes for those sorts of

things, particularly around things we are all against. one of the things that has like sex trafficking. happened this week, craigslist has dropped all of its personals because, and sorry folks, you missed your chance, and that is after decades because craigslist , said under this new law, they could no longer police itself strictly enough, and craigslist's own assets were on the line now.

reddit has also done so. there has been legislation creeping in saying some of the speeches, are the risky enough for congress to say no? state laws are also moving forward on the revenge for him. this is a bad thing to do. you have pictures with your intimate friend, you break up, and then post pictures to the internet. that is revenge porn. these are all examples of some misuse of these online services where the company's are starting to take the hit for it. up until now, they did not have to. and now they are scratching their heads and saying, what are we facing? because the abusive actions are now starting to get liability on some of the companies. >> but this intermediary liability is not without cost. the europeans have passed a sweeping new law called the "right to be forgotten." phrase, from a french the right of oblivion, which is very, very french. [laughter] if we were in france right now, and somebody was to tweet that jeff was going on too long and taking up too much time, or something like that, after the show, i could sue google and remove thisthey incredibly embarrassing although perhaps truthful offense against

my honor. google would then have to decide and if they guess wrong, they are liable to up to 2% of their annual income. , likegle's case, that is $70 billion last year per tweet. if you look at europe, including articles about the right to be forgotten itself, putting liability on the intermediaries to police truthful but embarrassing or bad, or offenses against dignity, clashes directly with american notions of free speech. that is why the section that peter mentioned section 230 of the communications decency act, which is incredibly wonky, but it is incredibly important and distinguishes america from europe. generally we don't ask facebook and google to look at content and decide what is embarrassing, true or back, and what is not. and now in light of these , regulations, there will be new

pressure, especially on fake -- especially in light of fake news to decide what is fake and , what isn't. do we really want the platforms to be deciding truth? those are very hard questions. my instinct is to not put that on the intermediaries and to come up with some other solutions. >> good evening gentlemen, i am dominic. guess from my accent, i come from germany. so we had a police state for a decades, and maybe i am more sensitive to the topic because of this. i was very happy about the point that mr. olson made in the end about big corporations because, in my opinion, there is a misunderstanding of the current facebook scandal. in my opinion it is not abuse of , facebook and misuse of facebook data, it is use of facebook data, what has happened there. and the whole problem that has

been raised already in the panel -- for-freefree mentality that we see in the internet. it is convenient to get all of the services that we want, messaging, email, and this one for free in exchange for our data. i pay for my imo service provider, i pay for my messenger i am an economist, i , do not know if they will keep my data safe, but as an economist, i also know that there is no free lunch. what i would be interested in knowing is what can we do or when will the rest of the population wake up and basically there is something going wrong, and maybe they have

to change their behavior? what can we do to incentivize them? is education enough, or can we do anything else to make them understand that there is no free lunch and that not only the government, but the specialized arecies like clear choice our problem, but also microsoft, google, and facebook. [indiscernible] [laughter] >> when i talked earlier about seeing the progression of privacy through the years, one thing that has challenged companies through the years is how to make it very transparent to users about what they are doing with their data, how it is being used. i have seen this at my company

and likely others, where, when i first arrived and you start to read through the policies and you get to the 45th page and the n you look at who wrote it and the engineers wrote it, and you have to explain what they are doing and it begins becoming this legal gobbledygook. you want to know what's going on and you want to be very descriptive, but how do you turn that into something understandable for the average user? and one example is, if my grandmother couldn't understand this then we have to go back to the drawing board. companies have worked through the ftcthe years with on how to be helpful on guidance on how to explain to users and a -- in a very simplistic way what you are doing with their data, how it is being used, what happens downstream, are you selling it to other users, what is going on?

because, to get your point, transparency is going to become even more important. the revelations that we have seen, it has been interesting watching the reaction of some of our policymakers who themselves did not understand how data is being used, what is being collected about them, so you do have to make the choice. do you want the service provided for free in exchange for what is happening, but to make that decision, you have got to understand what is happening in parameters around that. and then if you don't want that, , you have to decide, do i want to pay for the service? again, this is one that i think people are going to have this discussion and people will have to make these value propositions

for themselves. and i think what we will see is the regulators either here or europe step in when they think companies are stepping out of bounds. certainly it is out of bounds if , you are say you are doing one thing in your privacy statements and your promises to users, and then you go about doing something else. or if you are misleading about that or are being too opaque about that. i think the ftc has brought cases through the years against companies, and correct me if i'm wrong, that might not be misleading, but may kind of be fudging a little bit about what they are doing with people's data. >> one quick observation on the economic bargain. it goes back a long way. people used to have party lines. and you give up some degree of privacy to have very cheap or free telephone service. this goes back decades. that's we are seeing that now. as an economist, you would that iste the idea going to be up to consumers to

drive this or offer more transparency and ease around the privacy protections. or customers will stop using the se services. but i think we are a long way from there and all of us who , have any interaction with young people are shocked at what they are willing to put on their public facebook or instagram, or snapchat. so maybe privacy is changing for the next generation and they are willing to give up that amount of privacy for these incredible services. >> can you stick around for a moment? let's get the benefit of an economist. i think economists struggle with asymmetric information. so to help this transaction, to people are willing to give up private information for a free

service, that if they, for instance, sell it to the toernment, it never occurred me that buying a pair of sneakers from whatever, that it would end up with the fbi. or they use information from different sources to define my medical condition without directly correcting the information. to what degree, in order for that free economic deal to work, there has to be symmetry of information. >> there clearly has to be, and i think the problem of all digital technologies is that people don't know how to use them properly. i mean, when we talk about itvacy, i always discuss with my friends and they say i , have nothing to hide. i asked them, why do you have curtains in your windows? why do you don't write any

intimate information on postcards, but send it in a letter to your loved one. and they say, it's because i know someone else can read it. the problem with all this digital information is that somebody else can read it then somebody else can see it, but it is so abstract. it is a computer, and there is less fiber in between us, so you think just the fact that i can't see it and i can't touch it basically puts it in an abstract space and does not make us understand that it is accessible to the people that have the skills and capacities. and the big problem that i see, i think mr. olson or jeff, you just mentioned it, the big problem is, why do all of these companies like microsoft and google, why are they so powerful? because we made them so powerful. it is that simple.

without the kind of information, without the data, without the privacy that we have given up on a voluntary basis, and that we have given up on a monopoly basis to very few players in the market, basically they wouldn't be able to create and establish, and analyze all of these profiles to take advantage from them. holder, i have spent the last 25 years or so in telecommunications, since before the 1996 telecommunications act. speakingrosen was about the cell phone thief who was tracked for five weeks through verizon, and as someone else talked about the snowden

revelations, which in my understanding was something like this giant data room where everything that went across at&t and verizon networks was being listened to and whether it was u.s., or foreign speakers, it was all listened to and then supposedly the government was , going to decide what they could or could not use. i am wondering why, where those -- why were those things not protected by the prohibition with anyoneing cpn other than customers themselves. jeff: i've worked on all the things you have mentioned. the snowden revelations, one set of them, and there were previous lawsuits that the frontier foundation brought, i think people now call that part of the upstream program.

the upstream program would be a lot of stuff coming across the system and the nsa is authorized by a federal judge under section 702, a real judge, confirmed by -- a federal judge, confirmed by the senate, lifetime tenure, anyway, the point there is there has been authorization for specific identifiers, like this email address, so 1000, one million, 10 million things go through and only that one item is able to go through the nsa storage. you might say they are breaking the rules. my view on having worked on it is that is what they do. so that was reapproved by congress this year, that approach, so that is not a secret anymore and that is what congress approved. in terms of cpni, that had to do with the 1996 telecom act and data use, that had to do with the phone companies for commercial use selling data about people's usage.

under a court directive, for fisa or verizon for cell phone stuff, a judge has said we are , the government, we are giving you the right warrant. and cpni does not stop that. cpni says the company should not use your information for personal purposes. but that does not stop judges, from national security, if they have shown a right to see it. >> good evening. i don't want to derail the discussion too much, because my question does not really relate to social-media platforms or the kind of technical aspects of a lot of cyber security, but it does touch on the broader elements of security versus privacy. i was curious because some of you have experience with safeguarding medical information, and that has been referenced in year comments about its sale.

how do you respond to the current debate over the right to purchase firearms? i know that some people say, to be honest, i would probably say i am one of them, if someone once to purchase a firearm, it is a relevant matter what their medical history is and what their psychiatric history is, but as the matter stands today, that information is not around for state and federal background checks. so i'm curious to what your thoughts would be on that subject, within the parameters of privacy versus security. amitai: it is a legitimate and timely question. before i turn it over to the panel, let me mention one thing that most of you may be familiar with, but maybe one or two may not. you used the term medical information. the law does not protect your

private medical information, it tells certain entities like doctors, clinics, hospitals, that they cannot divulge medical information. but for example, if you use any of the apps to check on your heart rhythm or status of any information, fitbit is perfectly happy and able to sell it. it is important to understand that the law differentiates between which is protected and other small, separate units from sharing information. jeff: it is a wonderful and important question. from a constitutional question, let me recommend the interactive and nonpartisan constitution. [laughter] if there were to be proposals to allow sharing of medical information as part of

background checks, the second amendment would not prohibit it. what is so valuable to have people on the second amendment agreeing that historical purpose of the amendment was to prevent a to radical federal government citizens from defending their own liberty it , is not a debate about an individual or collective right and in the heller decision, , justice scalia's decision said it would be consistent with the first amendment. so if we fail to pass the regulation you propose, it is not the constitution's fault, it is the states that don't want to pass it. what is so interesting about your suggestion, is you can imagine a system that balanced the use of this data for security purposes with legitimate privacy concerns of individuals and gun owners.

second amendment advocates are concerned about being on a do not buy list that you cannot get off of. you can appeal to get off of it, and query anonymously unless the individual was found to have a serious mental illness and was put on a do not buy list. so the regulations that enforce the database and so forth you , could, in theory see the congress pass this. >> good evening, thank you very much. this is very interesting, thank you so much for sharing your opinions and experiences. today at work i had i had theally, opportunity to review the privacy policies for the messaging app we use at work. they are about to release a new

version of that, they are currently revising that and they have the new policy and the old policy up there. they are doing a better job of being clear, or less legalese. however, they are not really being clear in terms of what they mean. they don't really define the terms, or say what other means or third parties means, or what other uses could be, so with zero legal training, and not a lot of time to study this in depth, what resources are available to people like me would like to understand more, don't want to hire a lawyer to go through this stuff, don't want to pour hours over these terms, are there consumers unions, anything working on this? i heard about the electronic frontier foundation. could you share resources on more information and could you recommend a credible advocate?

jeff: you mentioned them and the eff is a great one. a number of other organizations -- you can also one of the issues here to is, he don't understand it, is just a regular reader, that is a problem. and there has absolutely been a shift on the part of technology providers to make the material as understandable as possible. so if you are reading a privacy policy or terms of service on a website, and you cannot make heads or tails of it, that is a red flag. >> consumers union has actually announced a major project. are going to systematically rate products for security and privacy. issue will the car matter because god knows what has been collected in your car with the allotted -- with the electronic cell phone port.

but that will be somewhere to look to figure out which of these is better to use. >> and if you are looking for general information, i would , i'mmend the ftc website not sure where but just general information. like i said, they have done work over the years about how to make privacy policies more understandable and readable. and chris hufnagel, a professor it university of california at berkeley has also tried to digest companies' privacy policies and how to read them. >> can make one quick other suggestion? this is an area where security and privacy come together. when you think about cyber security and what happens when companies have your information and don't protect it, for example the equifax breach which affected a most every person in using our information

which we never said to equifax was ok to use and sell, they held it and it was stolen. here is an area where security and practices should be completely in line because the better they are protecting that data, the better our securities being provided -- being protected. >> my friend from microsoft mentioned the cloud act earlier. there wasn't necessarily a consensus in terms of whether it was a good thing for the public. i'm not super familiar with the cloud act but i know the electronic frontier, and some groups read a medically -- were adamantly opposed to the cloud act. seems like it was passed outside the traditional way of going through omnibus. >> the cloud act is to basic

things. ne, there is a supreme court commonly called microsoft the island. microsoft is challenging a probable cause warrant that is seeking records, dated that is physically stored overseas. microsoft's argument in that case is effectively that the law that permits any male wort does not apply extraterritoriality. answers that question in the affirmative. it says that any male provider must disclose to the government those emails, regardless of where the data is, whether in the united states are overseas. it also has a second part, which would deal with what are called

mutual legal assistance treaties. if another country wants law enforcement assistance here or if we want law enforcement assistance abroad, there is a system right now where you go through, in many cases, the other country would come here, the department of justice would go and get a warrant and get the information and send it overseas. this would create a system where the department of justice, with the concurrence of the state department, could enter into agreements with another country that they say that if other country has sufficient procedural protections that protect privacy enough, where we can have a reciprocal agreement where they can get stuff here and we can get stuff there. and in terms of positions on the law itself, that you say was included in the omnibus, i think it would have benefited from

additional debate and additional publicity. i think everybody agrees that there are concerns. i think even those who support it and support it for good reasons, given the alternative, partsthat it has certain that i think we need to keep an eye on, that might be problematic from a privacy perspective. >> i have spent a lot of the last three years working on these issues. we have a project at georgia tech, where governments try to get access to data from other countries. pages toundreds of read about it. based on that research i think it does a surprisingly good job, compared to what might have happened. but undoubtedly, there are things you can polish. if we didn't fix it we would have all sorts of a mess. you always have to judge if this imperfect legislation is better than the mess we would have had otherwise. why, all things

considered is actually good for privacy and civil liberties, but people have sharp disagreements. >> we heard two positions from the panel. on one hand, the third-party that once you release information to a third party they can do with it what they want. i'm not sure that's the only interpretation of the third-party doctrine. work around the find print. the concept that once you release it, it is gone. in contrast we have this idea of the europeans, who say no. it is your own information, and if you give it to somebody and they want to give it to somebody else they have to go back and get your permission. these are two bookends, two extremes of a continuum. when i looked closer to the it gets union position,

a little more intricate. if indeed every time a commercial firm wanted to use information that you released to somebody else without your permission, saying because on an average day information about you is being used about 700 times. i don't think most europeans do that. and if you read the law, it exempts one area after another. for don't have to do this research, they don't have to do it for commerce, so pretty soon it looks like such a wonderful, idealistic solution, that you own the data and nobody will touch it unless you get permission, and then you add one last thing. which the law applies, europeans have what they call a compliance gap.

that means they don't enforce the law. and ask, ifrope anybody in this room has been asked for permission for second use of the information, would you raise your hand. i saw when hand rise -- i saw one hand rise. me ask the panel, is the european line he were nearly as idealistic as it sounds? and where do we find a balance between third-party doctrine and this notion that we own the data and anybody the touches it needs to get written permission. >> neither part seems satisfying. the idea that once we surrender information to a third-party party we lose all expectation of as justice sotomayor said that in the age of the cloud it would mean we have no privacy. the europeans say data disclosed

to a third party may be disclosed to somebody else with consent, that risks that we might give away our privacy in exchange for a toaster, or give away our privacy and then we can't get it back. it is answered by the immortal question, what would brandeis do, justice louis brandeis had the greatest privacy defense of the 20th century. read his dissenting opinion in the homestead case. he said the proper question is, is the government invasion and unreasonable intrusion our security and safety? it reveal unexpressed thoughts, sensations and emotions? then if it does, it is impermissible, even with a wort. he said wiretapping is so invasive because you can hear the conversations of people on both ends of the conversation, that it was unreasonable even with a warrant unless the crime

was severe and the suspicion was very intense. so that is the practical western that we need to ask -- the practical question that we need when the search is so vast that it invades that privacy and is inherently unreasonable with or without consent. >> i'm so excited about the discussion that i didn't realize we overran the time. [laughter] at this point all that is left for us to do is thank the panel for a wonderful discussion. [applause] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] later this year the supreme a rulingl issue between masterpiece cakes shop in the colorado rights association, which looks at free

speech, discrimination and religious freedom. the panel includes an attorney representing the same-sex couple that sued a colorado bakery for refusing to create their wedding cake. here is a preview. >> the way i see it is that a business or an individual cake maker should not have the right to refuse to sell his goods to someone because of their sexual orientation. because that would give rise to discrimination across society, potentially, and a certain section of society would be unable to access goods and services in the same way other people could, and that's wrong. however, an individual cake maker, in this case who describes himself as an artist, should have the right to refuse to express something he doesn't believe it. so if he had said to those, to this couple, i'm not selling you the cake because i hate you people,