commencement speeches all this week in prime time. tonight at 8 p.m. eastern, jimmy carter, betsy devos, representative mark meadows, and atlantic mayor. this week in prime time on and on thec-span.org free c-span radio app. >> lawyers examined how consumers, and governments approach privacy in the modern era. the organized event was here in washington.

edgar: good evening, everyone. can you hear me? good. my name is edgar dolby, the executive director here at arena stage, and i would like to think i have the best job in the world. one of the reasons is that we get to introduce new programs and new ideas that we have with

arenas forum, civil dialogue. we asked a question whether that is actually possible in this day and age, and it all started with the across the table lunch with amitai etzioni, our -- if this were our play, he would be our playwright, and he would also be our director. he is really welcome here at arena stage. we like to think we are in the empathy business. i ask at every board meeting -- what is your business? i think building empathy during we have a number of core values from here, and at the top of that list is learning in the rehearsal. at the rehearsal hall and you are meant to take risks, you're meant to be generous, be prepared to step into another character's shoes and to work on telling a story. so it seemed to be the idea that

we get together and we have some conversation starters. we have been engaged in a very civil way in looking at an opposite point of view. it seems to be a natural fit for us at arena stage. so this is the first in the arena stage forums. we are test driving the idea. we have two more that are scheduled third that information is at the back of your program here. but it is meaningful to me that we are able to do this on monday nights. monday nights -- there are no performances, so we should light the place up. well, i am hoping that we light the place on monday nights on many occasions around such an important purpose as engaging in

civil dialogue around difficult issues. so amitai etzioni does not really need any introduction. his very brief resume is in the program. i just want to say that i feel like i've made a new best friend. i certainly admire the fact that you have the generosity of spirit to share your humanitarian ways with us and the fact you have assembled such a wonderful group to engage in this discussion. he must be a bit of a prophet as well, because he knew that the topic for tonight would be so relevant. i know you wanted to pick something that was maybe not so hot and controversial, but it did not work out that way. [laughter] edgar: so let me get out of the way. please welcome my new dear friend, amitai etzioni. thank you. [applause] dr. etzioni: edgar, thank you

very much indeed. it has been a true joy working with you. from the luncheon we had, the whole idea was a long sentence. edgar and his staff turned it into an event that is completely easy working together. it is also an opportunity for me to speak to the arena staff. there is a lot of work that goes into an event like this. dialogue starters who are all extremely in demand and busy people. and for all of you for joining to access the dialogue, i like to also say, edgar, we met our first marker, because this evening, we are going to be on

c-span, which means our conversations are going to reach way beyond this room. we are hoping to model that people who come from different backgrounds, but people work for the government, people from the private sector, that people from academia, liberals -- do we have somebody who is not a liberal? we have a rich variety of viewpoints, but i'm quite confident that we're going to have a very civil dialogue to the theater for me is a magical place where did you leave the world in which you live, a normal world, behind, and for two hours, you can dance with "the king and i" in thailand, and tonight, maybe you can leave behind the world of confrontation and anger and inter-this magical world of dialogue. i want to add one more thing, and that i will get out of the way.

the way i see what is happening out there, borrowed from the court system, the advocacy models and employed for discussion of public policy, there i see in the court there are only two sides. very rarely third or fourth. and each side presents the most stark, extreme points, emotional

way they are positioned. one final thing, the nicest person alive, he has a dog, he calls his mother every christmas, and some say he is the most awful person that she does not have a cat and is not say hi to his father. but the position of justice and truth for real life. we have long said privacy is dead are being killed. they are recording your dinner conversations. on the other side we hear corporations are building safe havens for terrorists, even in the court. and out of this extreme again, some kind of reasonable position should arise.

i think sovereign points or a good position. it is assumed that we have at least two major considerations. we clearly have an alienable rights. and we clearly have a concern for the common good. for public safety, protection, public health. they do come in conversations, and a good conversation will start by not assuming that one will trump the others and make all his way, but we have to start. at the end of the year, we can hardly minimize the conflict. this is one of the biggest subjects of tonight's conversations.

we want to ask our panelists -- are we failing too far in direction of securing surveillance? or are we allowing high fire encryption to not allow the government to do his job? where are we going? gabe: thank you so much. thank you, professor etzioni. i will be a good lawyer and answer the question with a question here. the question is -- is the balance appropriate between surveillance and privacy? i will push back a little bit on that. balance is perhaps the wrong -- our system of government is the one based around i think an agreement that we all have the best way to do things is where we have ambition checking ambition. this is the old joke. i used to work at the aclu. the attorneys on "saturday night live" would keep saying "checks and balances, checks and balances," and i think that is what we are all striving to look for.

if it has hard and fast rules that ensure to the greatest extent possible law enforcement and the domestic activities of our military and services are focusing on individual circumstances where there is some indication of wrongdoing. a search warrant is the basic example of that that says you cannot really do anything unless you can say, articulate in a clear way with specific facts that what you are trying to do is based upon some predication, that it is based upon some real suspicion that what you are going out to do is going to find something wrong.

again, the issue is -- you mentioned the word "reconcile." i think it is reconciliation. we are trying find ways or rehab effect of law enforcement, but we have these primordial principles, these first principles that underpin our free society. so i wanted to bring two specific points. you asked us to as racists of the question, which is -- how can we make things better? i think in two ways, i think there are two specific things that came to mind when i was

trying to think about that. if i were king of the world, and i do not want to get too wonky, but i would do a better job of establishing policy legislation that is almost technology agnostic. what i mean by that is the political system tends to focus on the state-of-the-art at the particular time. you know is a good example of that. if you look at police procedurals, most to go with think that you need a warrant to wiretapping phone -- which you do -- and you need a warrant to search emails -- which you actually don't in some cases. the reason for that is congress, when they were legislating on what is required for law enforcement to access female, congress was looking at a system where it was extremely expensive to store a males the cloud, the proto-cloud at that time. you are talking about in the

tens of thousands of dollars for a gigabyte of information, whereas now that the cost of that is in cents. so the notion of someone having an entire decades' worth of gmail sitting up there in a remote server, it did not occur or was not front of mine for lawmakers when they were doing that, and as a result, we have a system that does not protect at the rate but i think most of us would agree they should be protected. that has real-world effects. when we talk about reconciling surveillance and privacy, we used to be approaching it from a common frame of reference. in many cases, we are not, because we just don't know what has happened. we just had a case where this actually happened, again, and email context, where a judge effectively said you have a first amendment right to look at

the application materials for physical search warrants, but because an email warrant isn't really a warrant, you do not have a first amendment right to look at the application materials for an electronic communication search warrant. this is the case where the public's quest to understand and define that public frame of reference that will allow us to appropriately reconcile surveillance and such as being stymied. it is a concrete example of how i think, as you mentioned, we can be looking at ways to improve our policy in lawmaking. i will leave it at that. i look for to questions. matthew: thank you very much, and thank you, professor, for moderating this, and thank you to you all. i am impressed that there are so many folks here this evening.

i cannot even get my own high school aged son to come down here. i hope he is watching c-span, but i think he is probably playing video games right now. look, this is a really important set of topics, and i know that you, professor, has dedicated your scholarship to this question of a balance between the common good and individual rights. in my experience, those two things often our intentions, and i do not think there is any subject where that tension is more pronounced than in the area of government surveillance. my own career in the government, 20 plus years, most of that time as a federal prosecutor here in washington, and then several years in the intelligence community, including of the national security agency, where i was general counsel. i come at these issues largely

from a security perspective and from the government perspective. let me make three brief comments that i think and hope at least frame these issues from my perspective. the first of those observations really is that this is not a new debate. it feels new at times because it is very salient in this current environment, but it really goes back to the founding of our country, you know, the imperative to perfect the common good and individual rights is embodied in the preamble to our constitution, which speaks of the necessity of providing for common defense on the one hand and the importance of securing weapons of liberty on the other hand. this goes back to our founding document. in fact some of the founders spoke of this being an ongoing process when they talked about the importance or the effort to create a more perfect union, not stating that this was an end state in and of itself but rather a process or a journey

that we are on together as a nation. the constitutional matter -- and you are a bunch of lawyers here -- it is the fourth amendment that really captures this tension when it comes to government surveillance. the important concept is reasonableness. that is the touchstone of the fourth amendment, as the supreme court has said. what is frustrating, i think, is -- what is reasonableness? you have had to become comparable with lawyers and citizens that it is a dynamic concept, it is fluid, it tends to be challenged by changes in technology. i think the main point i am front to make up the top is this debate has been going on since our founding.

what is reasonable when it comes to government surveillance? the second point i would make is there are no absolutes in this discussion. this idea of reasonableness, this embodied i feel that this is a balance. when it comes to privacy, there is no such thing as an absolute zone of privacy. ben franklin understood that his diary could be subject to being searched by the local constable as long as that constable followed the law and obtained the necessary judicial approval for that search or was otherwise subject to the rule of law. so there is no such thing in our country as an absolute zone of privacy. similarly, there is no such thing as an absolute right to conduct surveillance. surveillance has always been subject to the rule of law, and that is true, particularly with respect to law enforcement and the idea of getting a warrant to

search a house, but it is also true, going back to at least the 1970's and the importance of national security. no absolutes, and the surveillance is always subject to the rule of law. have we tilted too far? i would say we have gotten it about right. i think the balance is where it should be. in the criminal context of a we have struggled to adapt to new technologies what comes to what is reasonable and when a warrant will be issued, but i think the fourth amendment has held up to the test of time. really importantly, and the national security context, when it comes to the foreign intelligence surveillance act, fisa. we renewed key pieces of that act, post-snowden, post the revelations that snowden has made about the law, and the law was effectively extended for several more years after a lengthy debate, and that extension, without any really significant changes to the law, reflects the will of the people and the notion that congress is determined, based on the will of

the people, that we have got that balance about right when it comes to national security. the last point i will meet briefly as i do think there is an area we need to work much harder, and that is on cooperation between the government and technology communities. i think we have lost some of that cooperation, and that cooperation will be critical in solving some of the key challenges we face, including encryption and cyber security because of the innovation in our technology community, and it needs to work better with government. with that, i stop, and i look forward to your questions and the discussion tonight. jeffrey: how can we balance the values of liberty and security? we can translate the text, an original understanding of the constitution, into a technology age, and the age of nsa surveillance, what does the text say? that would work for the people, thousands of papers and effects

against unreasonable searches and seizures, shall not be violated, but no warrants issued but upon probable cause, particularly describing the place to be searched or the person to be seized. what does that mean? for a nonpartisan understanding, you must consult the interactive constitution, which is cohosted by the national constitution center in philadelphia, which i am honored to head. this amazing new app brings the top liberal and conservative lawyers together to describe 1000 words about what they agree about and what they disagree about. if you click on the fourth amendment, i want you to download this app. not now, because i'm speaking, but after the show, you will find the core meaning of the fourth amendment at the timing of the framing was to outline

the general warrants and with the system that sparked the revolution. what were they? engines of tyranny who authorized assumed agents to break into the homes of citizens and rummage through their private diaries and papers in search of judicious libel criticizing the king or evidence they had not paid the hated boston tea taxes. john adams said at that moment the child, revolution, was born. so liberals and conservatives believe that any electronic searches today is, by definition, unreasonable and unconstitutional law and an anathema to liberty. cell phone surveillance, the supreme court is about to drive

about the most important case for digital privacy in the 21st century. can the government subpoena -- which is demand without warrant -- five months of our geolocation records? that is locations owned by the cloud, verizon or whoever our provider is, and with these, we can use the movements of a suspected drug dealer and see that he was -- he was not suspected of selling drugs, he was suspected of stealing cell phones -- you cannot make this up. the government concluded by breaking into his cell phone records, but he was a cell phone theft. the objective of there was no valid warrant and said the search was unconstitutional. the supreme court do? my predictions are as good as yours, but i believe that this court will, by a strong bipartisan majority, hold that the search of our movements in public for a month is unconstitutional and unreasonable.

but justices are likely to emerge on the reasoning. neil gorsuch and the like are likely to say we own our property rights could when we surrender them to a company, we have expectations of those records will not be misused without respect to terms of service, and as such, that is unconstitutional. the more liberal justices may hold that we have a next rotation of privacy on the whole, so when the government can reconstruct everything we can do for five months in public, it can confine the rallies we attend, the poems we write, the love letters within a set, and in a citation of privacy just like those diaries that were seized during the revolution. i think it is inspiring that the roberts court is -- ofteny often new unanimous votes to translate the values of the fourth amendment

into the role of new technologies. but that raises lots of hard cases that remain. what about nsa surveillance? the government is seizing records that some have held in the past, we had no expectation of privacy. i lose all expectation of privacy in it. case, in allbe the of our private diaries and records, certain movements are stored on third-partyrecords, ce stored on third-party servers, we would just have a notice of privacy. conservative notices, as well as liberal ones, were willing to strike down an assay , so i think we are doing a noble job translating these values of original understanding into an age of new technologies.

when the surveillance involves so much intrusion on our movements in public that it clearly violates our cognitive liberty or mental privacy, because the value the framers were trucked predict was the right to criticize the government, to write anonymous pamphlets, to engage in dissent, and the first and fourth amendments are connected. at lee's one final question, the biggest one, and we would talk about it -- that leaves one final question, the biggest one, and we will talk about it. what to do in an age when mark zuckerberg has more power than any king or president or supreme court justice question mark this in myl is the largest life as an advocate an observer. it is striking to see mark zuckerberg respond over the public outrage over

facebook's giving dated to cambridge analytic, ms. used to send target ads in the 2016 campaign, but the brexit vote, citizens realize this is the general warrants. it is not the government seizing all caps off red sox and preferences and trenches of press our dissent and push us into one camp or another. it is the private sector come and yet the fourth of a saysndment -- amendment congress shall make no law. it does not say mark zuckerberg will make no law. what to do in an age when the power of the platforms are not regulated i the constitution and yet they are executing the power of constitutional officers. those answers are not easy him but zuckerberg has said the regulations has said it is necessary that europe is about to pass the most significant privacy relation in recent years

, and even congress may be moved to that. perhaps we will have citizens marching in the streets him as they have been doing so effectively lately, so they at desk that they protect the fourth amendment. >> i have been looking desperately for a way to keep you in state a little longer. so enjoy it for one another minute. tell us, if you have your way, and the government will not be able to search our phones, how much harm does it do to public safety? jeff: what is remarkable of these cases, the government could easily have gotten a warrant in the gps case, which was the first case where the government stuck a gps case at

the bottom of a guy's car. they got a warrant the first time. it was just invalidated in d.c.. they were supposed to only search in d.c., and the search in maryland. they only were supposed to search for 10 days, but they searched for 11. this was the obama administration, they stood up and said we have no expectation of privacy and therefore no warrant is needed. completely unnecessarily aggressive position, and once the government said you needed to get a warrant, the police said no problem, we were going to do it anyway. i am sure in this carpenter case, the courts hold again that you need to get a warrant before you can get five months of cell phone records. that will be a problem either because if you have a serious enough crime like the ones that were involved in that case, and enough time to get a warrant, you can get one, too. this is really why chief justice roberts wrote the unanimous opinion in the riley case that said when you are arresting

someone come opening therefrom, you cannot search through their emails in their phone. a phone is not like a cigarette packet. the phone has our emails and we have an expectation of privacy in our emails. i respect your beautiful effort to balance the interests of liberty and security, and, matt, you did a thoughtful job in the balance, but these should not be hard cases. and they are not because they are nearly unanimous. the only hard thing for the , framers, you need physical trespass before you can go over the fourth amendment. in the 1920's, they said if there is no physical version, you can go to wiretaps. it's exciting to see that they are doing things without physical trespassing. and of all the polarization in our lock him this is one area where liberals and conservatives are agreeing. >> what an honor to be here and follow in the eloquence of

jeffrey rosen talking about the wonky but pernicious doctrine. you should go to visit the constitution center, which jeff is the leader of. as a moment of indulgence, i'm a tenor, i think in my temple choir, i love singing, and i never thought i would get to the arena stage here. [laughter] let me just say that. i'm sorry, i have a sore throat so i can't sing tonight. [laughter] it's actually true. i am going to come back to this community and do it a little differently, thinking about the communities of which nation and which community, because a lot of the issues today are things stored in the cloud, where the united states government might want to get it under the fourth amendment, but maybe the british want it, and maybe we trust the british. maybe india or china wanted. -- want it. we are going to have to sort

through all of the countries in the world. it will not just be our one community being behind two oceans. it will be somehow interacting with the rest of the world. and when we do that, there is a great temptation to think of american exceptionalism. it is our constitution, from 1787, there is the fourth amendment which jeffrey just gave us in perfect verbatim. let's think about, if we share with the rest of the world when england should get access to it or france. so some of these things, we should have fundamental rights protecting them even if the request comes from other countries. for instance, we might say we only share and have reciprocity with other countries if they have probable cause for warrants. that might seem the fundamental thing you have to have, probable cause of a crime, or else the government cannot do that. there has been proposals that the u.s. should get access to u.s. companies as long as they

get probable cause. there are a number of countries in the rest of the world whose standard is no one else has that zero. standard. that is an unusual standard that is held by the u.s. maybe we can settle on something else as the bare minimum of what human rights requires. let's have a neutral or independent magistrate. that is another part of the fourth amendment. except when i took history and law, and france, they don't do that. they are investigating magistrates that are involved in prosecution and don't have independent. so no probable cause. in many countries, no independent judge, and so now, what communities do we go to? can we have absolutely universal rights? are there principles? do we say everybody gets to do it for themselves? defining a community is important. there are some sentimental rights that we want to have in detail. no torture. we can get a lot of people on board for that.

we can have some rights before the government seizure emails where we might have a principle, some independent review some , check on the zealous prosecutor, but the exact details might be different. there will be some things were countries very. once state differs from another. when we think of independent and community in a world of 200 countries, where emails are as accessible to everyone else, we have to think through the 200 countries. i'll give you one example from a debate, the encryption debate. we can come up with discussions in the united states of whether the nsa or whether the fbi should be able to get decryption, to get into our encrypted communications. in the united states, we might be able to build a good structure to make sure they never abuse it. maybe we can hope for that. once the u.s. requires or companies provide a technical

means to open it up, i said technical means that is open to china and russia, so as you think about opening it up, do it as long as you would trust the least trusted country to do it. if you trust russia and china with access to decrypted stuff, go ahead, but if you do not, don't think the u.s. will have the magical ability to see this for the community or think the chinese and russians won't because we will have the same software, same devices, and the same problems. in the encryption, there are countries that i don't trust. i am not going to let the u.s. have a way of having broken encryption. we are going to have to have technical means for cyber security. but then i say something else, and i will stop here. at that moment the police say , they are going dark, can't see indications, the

bad guys will get us, we have no way again. going dark means the police can't see anything anymore. instead, we are in a golden age of surveillance. weare in a period where carry a tracking device on us at all times for location. a lot of you grew up not having a tracking device. now you all carry one. you have databases, facebook, and everything else. you have cameras of people around you at all times. the police have enormous resources to find things for the common good. and we are going to live with that and try to put checks and balances on that. but then, beyond that, we should not break the encryption for everyone. we have to have technical security. if we don't do that, business cannot do its stuff do the , things, and everything will be broken for everyone.

that is a much worse world. >> i guess i get to play a little cleanup here. i will do my best. this is quite a distinguished panel, and i second peter's motion that folks should go maybe as a requirement of attending tonight, visit visit the constitution center, it is really -- and if you have children, take your children. if you have god sends and got donors, take them. i think it is a must visit for anyone who cares about these issues and others that are going on today. certainly, thank you for inviting me to participate tonight. this is such an important discussion, and it is an important discussion to have a dialogue about with civil society and in a civil way because these are challenging answers that no one entity will have the answer for. the courts will have the answers, the government will have all the answers, companies

may not have all the answers. and civil liberties groups may not have the answers either. but collectively, i think the hope is that we can come up with solutions on how best to move forward. in part, it has been interesting and peter and i go back a ways , working on privacy issues generally for 20 years. jeff: yes, about 20 years. frank: it has been quite a while, and it has been interesting to see the dynamics and how things change over time. there's a big privacy conference in washington, d.c. and i remember when you could not get 10 people in a room talking about privacy, and now they have got thousands of people that participate from all walks of life, from companies, and advocacy organizations and

others, government, talking about privacy and talking about different issues that are important. what i've seen develop over time, and is really come to be a part of the discussion today is two things. one -- and some of these have already been discussed -- the advancement of technology and the law is not kept up and also, the global nature of what we are talking about now. it is not just the united states' laws that microsoft and the companies like them have to abide by. it is the laws of other countries and how these things mesh together and how to decide of a fundamental importance, our company, and that is how to maintain customer in consumer trust, how to maintain the trust of governments that you may be

engaged with his well. and for us, that goes a little to, or a lot to, what are the expectations of our users? how do we stand up for our users, especially when there might not be a rule of the law that applies because the law hasn't caught up? for microsoft, we consider that to be a fundamental human right. because of that, we do things differently internal as regards to privacy. we also challenge the government and we have done that in a few instances. we have challenged the government when they issue gag

orders. we are entrusted with our customer's information and the information -- the government law enforcement wants to come to us, a company and ask for information. should we be allowed to, in certain cases, not all cases, should we be able to tell our customer that the government is seeking data and because the customer is in the best position to defend their rights. in this age where before the customer is holding all of their data in file cabinets, which probably isn't the most efficient way to hold data, the government would have to go to that particular business entity and serve them with the papers and get the information that way. in another case, we received a warrant for information, about five years ago, we received a warrant for information from one of our user's email accounts.

when we did our investigation, when we took a look at when we receive these legal requests for information, we check and see whether or not they are legal requests, do they comply with the law. and in this instance, we said we don't think the law that currently exists that was written in 1986 applies to this warrant because it is seeking data that is of a foreign national that is residing in one of our data centers in dublin, ireland. and so we challenged the case, and the case wound its way through the courts, we lost in the lower cases, appealed to the second circuit, and we won in the second circuit. the court said, in part, that this is a situation for congress to act on, that they agreed in part that when congress passed this law in 1986, did not contemplate the way the world

works today. congress did not contemplate this sort of situation where companies are global, information can be held elsewhere, we have u.s. law enforcement seeking to go in and get this information, foreign national in a foreign place, shouldn't that in one of the positions that we held, shouldn't that citizen of that country, say ireland, germany, france, pick the country, have the expectation that the laws of their country should apply? so that gets a little to what peter was talking about. so we challenged the case, it made its way to the supreme court, we will see what the supreme court has to say. but at the same time, also believing in the second circuit's view that this is one for not the courts, not any individual company to sort out,

but one the congress speaking on behalf of the citizens has to determine what the best solution moving forward. this law passed in 1986, to contemplate the current circumstance. trying to work through how a new law or revision, a change to the existing law will work, u.s. law enforcement can seek this data. we had to come up or work with congress to come up with the right legal framework. what we found was, we were all facing the same situation, is not only because we are global, we are getting requests from u.s. law enforcement, also from foreign law enforcement for information that we, as a u.s.

company, may be holding about citizens of their country as those law enforcement agencies are investigating cases in their country. and the same law that we did not think applied in our case, provided a blocking statute, from preventing u.s. companies turning over that information to foreign law enforcement from another country, even if under that country's laws, those requests were perfectly legit. how do you fix this going in both ways? as it turns out we worked for a , number of years on legislation that was passed last week, the cloud act, attached to the omnibus bill that was passed. and it allows for u.s. law enforcement to request data that u.s. companies may have, respecting and going through a

process, a comity process, looking at the laws of the other countries, asking the ability to object to that request, the ability of foreign countries, for companies receiving that request to reject that, and setting a rule that allows u.s. law enforcement to obtain data on -- that a company would be holding about u.s. persons, wherever that data may reside. there is a current court decision. it is unfortunate that the codification of this did not not happen, but there is a legal decision that requires law enforcement to continue to follow it. at the same time, the law allows for the u.s. government to negotiate treaties with other countries like the united kingdom, for instance, to allow for those foreign countries to seek data about their citizens that u.s. companies may be

holding, provided that certain things are met, including that they have a good human rights record, that there is some congressional oversight, that they not seek information about u.s. citizens. all of this is a long-winded way of talking about one instance where our company recognized that the existing laws don't mesh with the way the world works today, and the importance we thought in protecting our users and trying to set a rule of the law that hopefully will carry us forward. there are likely other scenarios like this where, like i said, the existing laws just have not caught up with the changes of technology. and there is going to be many instances where additional public discussion, debate, back-and-forth engagement will be needed to sort out a good

path forward. >> that is excellent stuff. i have 20 questions i want to ask you. and i will not. i want to also get our audience in. i will ask you one question. heardat concerns, we repeatedly that the golden , standard for protecting our privacy is that the government is not allowed to search them unless it is specific authorization or specific servers. but basically, that is the golden standard. and a day behind it, the

government should not go fishing for innocent people, should fish for significant information to show they were part of the crime. isn't that a much bigger deal? when we hear about what happened on facebook, doesn't make a mockery of the whole idea that the front door is locked, and the government cannot go and search but they can get it --[indiscernible] it does not make a mockery of the whole idea. the front door is locked. i need to explain what i'm talking about. i think partly all corporations keep information about their client in order to, instead of advertising, improve the service. and some of them sell that information for advertising. small number of and that's the

only business, the only business they have, they collect tons of information. in one case, 20 million americans, and in another case, 78 million americans read they have the internal revenue service and immigrations sell that information. so the question is don't we have , to rethink this whole notion that as long as the government's government's warrant, but the private sector can completely circumvent it? how can that be? the difference between the fbi having the dossier on 200 million people, innocent people,

and give it to the government, is one click and one check. no difference. [indiscernible] microsoft. where do we go from here? this is one, and the events of the past few weeks, around facebook as well, this is one where, like i said, in my remarks before, we really do need to have a public discussion. i think for some companies, maintaining user trust, where you have a more direct relationship with your users, consumers, enterprise customers, business customers, certainly

doing something that violates that trust will have some probably fairly significant business impact. i think one of the things i have seen over time is increased public interest in these sort of topics. and i think that -- and jeff alluded to the marching in the streets -- that may be more optimistic than i think will happen. nonetheless, i think over time, we will see calls for some rules, changes. i think some of what you talked about may come as a surprise to a lot of people. if that comes up, what will they ask of our lawmakers or regulators in terms of doing something, curbing practices? i have seen the pendulum swing

between the days after 9/11 where people would say in the name of public safety, the government should be able to get this data. it is important to protect us and keep us safe. and that should be priority. after these other revelations, we saw the pendulum swing in the other direction. we say, do we want the government to be doing what some of the revelations revealed that the government was doing or trying to do? so a great question and i think as time marches on, we will see folks working on what the right solution to it is. >> so the question is about data brokers and huge information that the government can get. that is roughly the question. i look at it this way, and the european union, as jeff mentioned, in may, they will have a very strict privacy law go into affect. it is pretty easy to pass

regulations and directives in the eu. they are right a lot of them. in the united states, when it comes to regulating huge, successful companies, we don't pass a lot of laws. it is pretty hard to regulate that. these same proposals have been around since the 1990's and have not passed for internet privacy on these companies. in my world, we have the u.s. not regulating, even when we see bad problems, we see the eu regulating more than i think they should. what we haven't had is a good enough imagination of what can be in between. and people haven't really -- at the legislative level of craftsmanship that went into the act, the details, and i think people are starting to say, social networks, hmm, what else is going on? so congress has a chance to imagine more than they could imagine. there are people on different sides of the political spectrum that are not happy with what they have seen. that will take active work of

imagining where there is some regulation of big business that makes sense? if the answer is zero, we will have businesses collecting everything and doing everything. if you want less than that, you will probably have to have some laws, and we don't know those laws and what they should be yet. >> just a quick thought, since peter is right, the court will have to do it in the u.s. it is remarkable in criminal procedure classes how much time we take to find out whether a private citizen is being used as an agent of the government. there's something called the silver platter doctrine. when the police go along with a taxidermist who is looking for marijuana and the real purpose of the attack is best of the housermist going into the is to find it, but when the police officer asked him where he is not, if the situation is where you describe, the data is used as a specific purpose to give it to the government, it

would not be a big stretch of the doctrine. and the same judges who are willing to say that 24/7 surveillance is like a general warrant might be willing to say you cannot do through the back door what you are now allowed to do through the front door. >> i see what you are saying. they are not collecting up for the government. and in addition, they share it with the government obviously. with all three of you on this question. the problem is that so much information is being collected by the private sector that people -- the business model of these companies is to have us exchange our data, to give them our data so they can sell it and can give us great free services.

we are now seeing an instance where that's business model, facebook's visit model is being called into question because the way they make money is by selling our data. and for that we have made his bargain that we get is great free service. the question is, would we be willing to pay for the service to have more privacy protection? that is an open question. another quick observation, a quick challenge in this area. i think the courts are challenged in drawing the lines, about what point giving over data voluntarily to a third party becomes a fourth amendment violation, when the government gets that information. this is really a job for congress. i realize that may be futile in the current environment, but courts are not very good at coming up with policies as well

-- as opposed to implementing the policies that congress puts into effact. i think we have a separation of powers issue here as well. >> i agree with all that is just been said. and i think there are probably three other things i would note. one, as you note, the note of legislating this area and regulating the private sector collection of information is an extremely difficult proposition, but there's a couple of things that we could conceivably do. one, we should pay attention to how the government is able to get the information that we share with private sector entities. in the united states, for instance, in the privacy act, and that tries to control information that the government has. i think that is an important element to protecting individual freedoms in this new, brave digital age.

the second point is the old joke -- if it is free, you are the product. i think that is something we all need to internalize. we need to understand what information we are giving over, how it is being collected, and how it is being used. and that leaves me to the third point, which is we did have the tools at our disposal to figure out how much information is being shared, how it's being used, and that is acute when you are talking about the government using tools like the freedom of information act and state and local sunshine laws. it is also important for the private sector, this notion that sunshine is the best this invective. one of the reasons is the chance that there is going to be sunshine with a check on somebody from doing bad things. >> thank you all very much.

if there is anybody in the room who does not feel completely reassured on the issue, let me tell you, you are not alone. [laughter] now it is your turn. there are some standing mikes here, and, i think, maybe we should try that? i think this room is small enough. raise your hand if you want the floor. >> the light is on my face. raise your hand if you want the floor. >> on the left. >> good evening. i think you and your panel has touched on a numerous issues of policy changes and technology changes but the question i have , deals with a prediction of behavior of individuals who use -- or should i say misuse the

technologies to misuse people's personal information. my question is do you see a , time, if not through government, maybe private companies working with government, that we can start having have a way for individuals to challenge companies on how the personal information is gathered and used, or in this case, prevented from being misused? predict bad information -- >> there has been another law passed by congress that addresses that. congress passed laws when we weren't looking. it might be called festa, i'm not sure. here's part of what it is about. up until now, if you ran an online service, and people posted stuff that was bad, the

company that was running the online service could not get in trouble. they had intermediary protection from that, section 230 of an old law. the new law passed, which i have not studied in past, makes it illegal for people that organize these websites from getting in trouble, in particular around sex trafficking and all things we are all against. one of the things that has happened this week, craigslist has dropped all of its personals, because, and sorry folks, you missed your chance, after decades because craigslist said under this new law, they could no longer police personals strictly enough. craigslist's own assets were on the line. reddit has also done so. so there has been legislation creeping in saying some of the

speech is risky enough for congress to say no. state laws are also moving forward on the revenge porn. this is a bad thing to do. you have pictures with your intimate friend, you break up, and then post pictures to the internet. that is revenge porn. is is awful. it cannot happen. these are all examples of some misuse of these online services where the companies are starting to take the hit for it. up until now, they did not have to. now they are scratching their heads, saying, what are we facing because the abusive actions are now starting to get liability on some of the companies? >> but this intermediary liability is not without cost. the europeans have passed a sweeping new law called the right to be forgotten on the internet.

it is called the right to oubl ie. it comes from a french statement. [laughter] if we were in france right now, and somebody was to tweet that jeff was going on too long and taking up too much time, or something like that, after the show, i could sue google and have them remove this offense against my honor. and google would have to decide and if they guess wrong, they are liable to up to 2% of their annual income. for google, that is like $70 billion last year per tweet. this concentrates the mind, and google has taken down 42% other quests, including articles about the right to be forgotten itself, so putting liability on the intermediaries to police, clashes directly with american notions of free speech. that is why the section that

peter mentioned, section 230, is incredibly important and distinguishes america from europe because generally we don't ask facebook and google to look at content and decide what is embarrassing, true or bad, and what is not. and now in light of these regulations, there will be new pressure, especially on fake news on the platforms to decide what is fake and what isn't. do we really want the platforms to be deciding truth? very hard questions. my instinct is to not put that on the intermediaries and to come up with another solution. >> good evening, gentlemen. my name is dominik. i come from germany, and we had a police state for a couple decades, and because of this, i was very happy about the point

that mr. olson made in the end about big corporations because, in my opinion, there is a misunderstanding of the current facebook scandal. in my opinion it is not abuse of , facebook and misuse of facebook data. it is use of facebook data, what has happened there. and the whole problem that has been raised already in the panel is the free mentality that we see in the internet. so that it is convenient to get all of the services that we want, messaging, email ne for free in exchange for our data. i pay for my ipo service provider, i pay for my messenger. i am an economist, i do not know

if they will keep my data safe, but as an economist, i know there is no free things. what i would be interested in knowing is what can we do or when will the rest of us wake up and realize there is something going on wrong and maybe change their behavior? what can we do to incentivize them? his education and off, or can we do anything else to make them understand that there is no free lunch and that not only the government or the specialized agencies -- our problems, but also microsoft, google, and facebook. [indiscernible] [applause] when i talked earlier about seeing the progression of

privacy through the years, one thing that has challenged companies through the years is how to make it transparent to users about what they are doing with their data, how it is being used. and we have gone from -- i have seen this at my company and and likely others -- we have gone from -- you start to read through the policies and you get to the 45th page and the engineers who wrote it, have to explain what they are doing and it begins becoming this legal gobbledygook. which some people appreciate and you want to be very precise about what is going on and being very descriptive but how do you , turn that into something very understandable for the average user? one example is if my grandmother could not understand this, we have to go back to the drawing board. companies have worked through

the years with the ftc on how to be helpful on guidance on how to explain to users and a -- in a simplistic way what you are doing with their data, how it is being used, what happens downstream, are you selling it to other users, what is going on? because to get your point, transparency will become even more important. and i think the revelations that we have seen, it has been interesting watching the reaction of some of our policymakers who themselves did not understand how data is being used, what is being collected about them, so you do have to make the choice. do you want the service provided for free in exchange for what is happening, but to make that decision, you have to understand what is happening and parameters around that.

and if you don't want that, you have to decide, do i want to pay for the service? and so this is one that i think people are going to have this discussion and people will have to make these value propositions for themselves. and i think what we will see is the regulators either here or europe step in when they think companies are stepping out of bounds. it is out of bounds if you are say you are doing one thing in your privacy statements and your promises to users, and then you go about doing something else. or if you are misleading about that or you are being too opaque about that. i think the ftc has brought cases through the years against companies who might not the may the fudging be misleading a

little bit about what they are doing with people's data. >> one quick observation on the economic bargain. it goes back a long way. people used to have party lines. he would give up privacy to have very cheap or free telephone service. this goes back decades. we are seeing that now. as an economist, you would appreciate that it would be up to consumers to drive this or offer more transparency and ease or use around the privacy protections or customers will stop using the services. i think we are a long way from there and all of us who have any interaction with young people are often shocked at what they are willing to put on their public facebook or instagram or snapchat. so maybe privacy is changing for the next generation and they are willing to give up that amount of privacy for these incredible services. >> can you stick around for a moment?

i think economists talk about asymmetric information. to have this construction to assume people are willing to information in exchange for a free service, that if they, for instance, -- it never occurred to me that buying a pair of sneakers would -- wouldn't the degree for that free economic deal to work, there has to be some symmetry of information. and i think the problem of all digital technology is that people do not know how to use

them properly. when we talk about privacy, and i always have this talk with my friends, and they say, i have nothing to hide him and then why do you have curtains on your windows and why do you not right internet information on postcards but only in letters that you might send to your beloved ones? not because of the else could read it. the problem with all this digital information to some the else can read it and see it come but it is so abstract. therea computer from and is glass fiber in between us, and just the fact that i cannot see it and cannot touch it, basically, put them in an abstract and does not understand that it is actually accessible to a lot of people -- to all the people that have the skills and capacities.

the big problem i see -- and mr. olson or, jeff, you just mentioned it, the big problem is why do all of these companies , like microsoft and google, why are they so powerful? because we made them so powerful. it is that simple. without the kind of information, data, privacy is that we have given up on a voluntary basis, and that we have given up on a monopoly basis to a very few players in the market, they wouldn't be able to create and establish and analyze all of these profiles they are able to take advantage from now. >> i have spent the last 25 years or so in telecommunications. once the provisions of the 1996

act was a strict protector of proprietary network information. when mr. rosen was speaking about the cell phone thief who was tracked for five weeks through verizon, and as someone else talked about the snowden revelations which, in my understanding, was something like this giant data room where everything that went across at&t and verizon networks was being listened to and whether it was u.s. or foreign speakers, it was all listened to and then supposedly the government was going to decide what they could or could not use, i am wondering why where those things not protected by the prohibition against sharing cpni with anyone other than customers themselves? >> i can't play lawyer on that. i've worked on all the things you have mentioned.

snowden snowden revelations, ot of them and there were previous lawsuits that the frontier foundation brought, i think people now call that part of the upstream program of the nsa, a lot of stuff coming across the system and the nsa is authorized , by a federal judge under section 702 -- >> the fisa court. >> the fisa court a real judge, , confirmed by the senate, the point there, there has been authorization for specific identifiers, like this email address read so 1000, one million, 10 million things go through and only that one item is able to go through the nsa storage. now you can say maybe they are doing that and maybe they are breaking the rules. that was reapproved by congress this year. that approach.

so that is not a secret anymore. that is what congress approved. in terms of cpni, that had to do with the phone companies, that had to do for commercial use selling data about people's usage. under a court directive, for fisa or verizon for cell phone stuff, a judge said we are the government, we are giving you the right warrant, and cpni does not stop that. cpni says the company should not use your date for personal purposes. they have shown the judge they have a right to see it. >> good evening. i don't want to derail the discussion too much, because my question does not really relate to the social media platforms or the kind of technical aspects of a lot of cyber security, but it

does touch on the broader elements of security versus privacy. and i was curious because some of you have experience with medical -- safeguarding medical information, and that has been referenced in your comments. how do you respond to the current debate over the right to purchase firearms? because i know some people say that -- and to be honest, i i am one ofly say them -- if someone once to purchase a firearm, it is a relevant matter what their medical history is, and what their psychiatric history is, but as the matter stands today, that information is not around for state and federal background checks. i'm curious to what your thoughts would be on that subject within the parameters of privacy versus security. >> it is a legitimate and timely

question. before i turn it to the panel, let me mention one thing that most of you may be familiar with, but maybe one or two are not. you used the term medical information, the law does not protect your private medical information. it tells certain entities like doctors, clinics, hospitals, that they cannot devulge medical information. but if you use any of the apps, to check on your heart rhythm or status of any other medical condition, they are perfectly happy and free to sell it. it is important to understand that the law differentiates between which is protected and small units from sharing information. but the question stands.

>> it is a wonderful and important question. from a constitutional standpoint, let me recommend the constitutional center, which reminds me if there were to be proposals to allow sharing of medical information as part of background checks, the second amendment would not prohibit it. what is so valuable to have people on the second amendment agreeing that historical purpose of the amendment was to prevent a terrific federal government from disarmament of citizens it , is not a debate about an individual or collective light, and in the heller decision, scalia's opinion, said the shootings -- said it would be consistent with the first amendment.

if we fail to pass a regulation, it is not the constitution's fault, what is so interesting about your suggestion, is you can imagine a system that balanced the use of this data for security purposes with legitimate privacy concerns of individuals and gunowners, second amendment advocates are concerned about the vilest that you cannot get off of. you can appeal to get off of it, and query anonymously unless the individual was found to have a serious mental illness and was put on a you not vilest very -- do not buy list. with all the technologies and and amend the desk anonymity that were designed come and you could not in syria designed this system, and congress could not pass it, that is very theoretical. >> good evening, thank you very much.

can you hear me? ok. this is very interesting. thank you so much for sharing your opinions and experiences. today at work, i had the opportunity to review the privacy policies for the messaging app we use at work. i notice they are about to release a new version of that, version of that, so they are revising it and having the new policy. they are doing a better job of being clear or less legalese. however they are not any more clear in what it actually means. they do not define the terms, or say what other means or third parties means, or what other uses could be, and so with zero legal training, and not a lot of time to study this in depth, what resources are available to people like me who would like to understand more, don't want to hire a lawyer to assist, don't want to pour hours over these terms?

are there consumers unions, anything working on this? i heard about the electronic funding foundation. could you share resources on more information and could you recommend anything as credible? all caps you mentioned them and they are great one. a number of other organizations , the center for democracy and technology, the aclu. here is, ifssues you do not understand it, is just a regular reader, that is a problem. and there has been a shift on the part of technology providers to make the material as understandable as possible. if you are reading a privacy policy or terms of service on a website, and you cannot make heads or tails of it, that is a red flag. consumers union has announced

a major project. they will try to systematically rate products for security and privacy. the car issue will matter because god knows what is being collected in your car, but that is an effort for ordinary consumers to have somewhere to look to figure out which of these is better to use. >> if you're looking for general information, i would recommend ftc's website, i am not sure exactly where, and general information, because they have done work over the years on how to make privacy policies more understandable and readable. and also chris hufnagel, a professor at the university of california berkeley, through the years has tried to giant just cy policies anda how to read them. >>

>> can make one quick other suggestion? this is an area where security and privacy come together. when you think about cyber security and what happens when companies have your information and don't protect it, for example the equifax breach which affected every single person in this room, using our information which we never said to equifax was ok to use and sell, they had and it was stolen. here is an area where security and privacy are oh -- are in line because the better they are protecting that data, the better our securities being provided -- being protected. >> thank you. my friend from microsoft mentioned the cloud act earlier. i was curious on everyone's take on the cloud act. it was not necessarily a consensus in terms of whether it was a good thing for the public. i'm not super familiar with the

cloud act but i know the electronic frontier, and some groups were adamantly opposed to the cloud act. and it seems like it was passed outside the traditional way of going through omnibus. i was curious if anyone had any input on the cloud act. the cloud act is two basic things. one, there is a supreme court case, commonly called microsoft the island. microsoft is challenging a probable cause warrant that is seeking records, dated that is -- data that is physically stored overseas. that case, microsoft's argument in that case is effectively that the law that permits email warrant does not apply extraterritoriality. the cloud act answers that question in the affirmative.

it says that an email provider must disclose to the government those emails, regardless of where the data is, whether in the united states are overseas. -- or overseas. it also has a second part, which would deal with what are called mutual legal assistance treaties. so if another country wants law enforcement assistance here or if we want law enforcement assistance abroad, there is a system right now where you go through, in many cases, the other country would come here, the department of justice would go and get a warrant and get the information and send it overseas. this would create a system where the department of justice, with the concurrence of the state department, could enter into agreements with another country where they say that if that other country has sufficient procedural protections that protect privacy enough, where we

can have a reciprocal agreement where they can get stuff here and we can get stuff there. and in terms of positions on the law itself, that you say was included in the omnibus, i think it would have benefited from additional debate and additional publicity. i think everybody agrees that there are concerns. i think even those who support it and support it for good reasons, given the alternative, agree that it has certain parts that i think we need to keep an eye on, that might be problematic from a privacy perspective. >> i have spent a lot of the last three years working on these issues. we have a project at georgia tech, where governments try to get access to data from other countries. we have a whole webpage on it and hundreds of pages to read about it. based on that research i think

it does a surprisingly good job, compared to what might have happened. but undoubtedly, there are things you can polish. if we didn't fix it we would have all sorts of a mess. you always have to judge if this imperfect legislation is better than the mess we would have had otherwise. civil liberties groups have been concerned about it. i have written why, all things considered is actually good for privacy and civil liberties, but people have sharp disagreements. >> i want to go back to the basics for a moment. we heard two positions from the panel. on one hand, the third-party doctrine that once you release information to another party, they can do with it what they want. i'm not sure that's the only interpretation of the third-party doctrine. but let's work around the find -- fine print. the concept that once you release it, it is gone. in contrast we have this idea of

the europeans, who say no. it is your own information, and if you give it to somebody and they want to give it to somebody else they have to go back and get your permission. these are two bookends, two extremes of a continuum. when i looked closer to the european union position, it gets a little more intricate. first of all, if indeed every time a commercial firm wanted to use information that you released to somebody else without your permission, saying yes or no because on an average day, information about you is being used about 700 times. i don't think most europeans do that. second, if you read the law, it exempts one area after another. they don't have to do this for research, they don't have to do it for commerce, so pretty soon

it looks like such a wonderful, idealistic solution, that you own the data and nobody will touch unless you get isand then you add one last thing. in those areas which the law applies, europeans have what they call a compliance gap. that means they don't enforce the law. every time i went to europe so say, if anybody in this room has been asked for permission for second use of the information, would you raise your hand. i saw one hand rise. they said, amazon did. let me ask the panel, is the european law as nearly as idealistic as it sounds? and where do we find a balance between third-party doctrine and this notion that we own the data and anybody the touches it needs -- that touches it needs to get written permission. >> neither approach seems

satisfying. the idea that once we surrender information to a third-party party we lose all expectation of privacy, as justice sotomayor said that in the age of the cloud it would mean we have no privacy. the europeans say data disclosed to a third party may be disclosed to somebody else with consent, that risks that we might give away our privacy in exchange for a toaster, or give -- click away our privacy and then we can't get it back. for me, the alternative is answered by the immortal question, what would brandeis do, justice louis brandeis had the greatest privacy defense of the 20th century. if you want inspiring homework, read his dissenting opinion in the homestead case. he says, the proper question is, is the government invasion and unreasonable intrusion on our

security and safety, does it reveal unexpressed thoughts, sensations and emotions? then if it does, it is impermissible, even with a wort. -- with a warrant. he said wiretapping is so invasive because you can hear the conversations of people on both ends of the conversation, that it was unreasonable even with a warrant unless the crime was severe and the suspicion was very intense. so that is the practical western -- question that we need to ask, what does it mean to have cognitive liberty and freedom of our thought sensation and emotions. and when the search is so vast that it invades that privacy and is inherently unreasonable with or without consent. >> i'm so excited about the discussion that i didn't realize we overran the time. [laughter] at this point all that is left for us to do is thank the panel for a wonderful discussion. [applause] [captions copyright national cable satellite corp. 2017] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]

c-span, where history unfolds daily. in 1970 nine, c-span was created as a public service by america's cable television companies. and today, we continue to bring you unfiltered coverage of congress, the white house, the supreme court, and public policy events and washington, d.c., and around the country. c-span is brought to you by your cable or satellite provider. earlier today, president trump met with north korean official and give an update on the u.s.-north korea summit president trump: -- summit. president trump: we will be meeting on june 12 in singapore. you set --t to know situation. mike has spent two days doing

this. we have gotten to know their people -- their people very well. people will have to travel because we will be in singapore on june 12. i think it will be a process. i never said it goes and one meeting. i think it will be a process. the relationships are building. that is a very positive thing. announcer: commencement speeches. all this week in primetime. tonight, at 8:00 p.m. eastern, jimmy carter, betsy devos, representative mark meadows, and atlanta mayor keisha lantz bottoms. this week in primetime on c-span and c-span.org, and on the free c-span radio app. lauren underwood is a first-time congressional candidate running for the u.s. house of representatives from illinois. the former federal government worker is the youngest african-american woman running for congress in 2018. she and former new hampshire republican senator kelly ayotte were part of a