broadband. >> i think it is important as the administration, the fcc, and congress considers infrastructure and other concepts, that band has been determined to be a matter of important infrastructure to our countrand national policy. that is a change because we typically think of infrastructure is roads, railways, bridges. >> but you cannot survive today as a business, as an individual, someone working from home without having a robust broadband experience. announcer: watch tonight on c-span2. >> now, a forum on how consumers, corporations, and andrs face a surveillance

privacy issue. >> good evening everyone. i'm the executive director here at arena stage, and i would like to think i have the best job in the world. one of the reasons is that we get to introduce new programs and new ideas that we have with arenas forum, civil dialogue. we asked a question whether that is actually possible in this day

and age, and it all started with the across the table lunch with amitai etzioni, our -- if this were a play, he would be our playwright, and he would also be our director. this is all his idea, it fell on really welcome ears here at arena stage. we like to think we are in the empathy business. i ask at every board meeting -- what is your business? i think building empathy during we have a number of core values from here, and at the top of that list is learning in the rehearsal. at the rehearsal hall and you are meant to be open to new ideas. your meant to take risks. andare meant to be generous

be prepared to step into another character's shoes and to work collaboratively on telling a story. idea that webe the get together and have and thenion starters engage in a very simple way of looking at an opposite point of view or another point of view. it seems to be a very natural stage. us here at arena so this is the first in the arena stage forms. we are testing the idea. we have two more scheduled. the information is in the back of your program. it is meaningful to me that we're able to do this on monday nights. monday nights, no performances so we should light the place up. i'm hoping we liked the place up

on monday nights on many occasions around such an important purpose as engaging in civil dialogue around difficult issues. that he does notd any trodtion. an the resume as program. i want to say i feel like i've made a new best friend. i admire the fact you have generosity of spirit to share your communitarian and humanitarian ways with us and the fact you have assembled such a wonderful group to engage in this direction. and he must be a bit of a prophet as well, because who knew the topic of tonight would be so timely?

way.t me get out of the please welcome my new, dear etzione.itai amitai: thank you very much. it has been a joy working with you from the luncheon we had. the whole idea was long sentence. and we turned it into a three-dimensional series of events. the ease ofes working together. it is also an opportunity for me to speak to the arena staff. there is a lot of work that goes into an event like this. dialogue starters who are all extremely in demand and busy people.

and forll of u for joining to access the dialogue, i like to also say, edgar, we met our first marker, because this evening, we are going to be on c-span, which means our conversations are going to reach way beyond this room. we are hoping to model that people who come from different backgrounds, but people work for the government, people from the private sector, that people from academia, liberals -- do we have somebody who is not a liberal? we have a rich variety of viewpoints, but i'm quite confident that we're going to have a very civil dialogue to

do this. the theater for me is a magical place where you leave the world behind. n dance with "thking a i" in thailand, and tonight, maybe you can leave behind the world of polarization and confrontation and anger and enter this magical world of dialogue. i just want to add one more sentence and then i will get out of the way. the way i see what happeng out there, borrowed from the court system, the advocacy model and employed for discuion of public policy and intellectual issues, there i see a lone

warrior in the court. only two sides. very rarely a third or fourth. it is a radical polarization and the most presents stark, extreme, emotional way of their position. nicest for some alive, he has a dog, he calls his mother every christmas. the other side says,he most awful person. she does not have a cat. positions,those two justice is supposed to arise. i do not know what is preferred in the court system, but i'm sure it is not working in public policy. dead or says privacy is being killed. the government is in every bed. alexa is recording your dinner conversation. on the other side, we hear the corporations are building a safe

haven for terrorists. extreme, some kind of reasonable position should arise. points for aing good conversation are to assume we have at least two major considerations. we clearly have inalienable rights. and, we clearly have a concern for the common good. public safety, protection, public health. to some degree that can be reconciled. but they do come into tension. a good conversation starts by not assuming that one will trump the others and make it all his way. but we have to start asking questions.

when do we yield and how do we minimize the conflict. this is one of the biggest subjects of tonight's conversation. we want to ask our panel last -- our panelists, are we failing in the direction of securing surveillance or are we allowing our concern for privacy to not allow the government to do its job. where are we and where should we be going. your going to start, in programs you will see. >> thank you so much. thank you professor. i'm going to be a good lawyer and answer the question with a question. the question that is presented is, is a balance appropriate between surveillance and privacy

question mark at will push back a little bit on that. i think balances preps the wrong word. our system of government is based arounan agreement we all have that the best way to do things is where we have ambition checking ambition. this is the old joke. i used to work at dac aclu, i currently work for readable of the press. the one time and aclu attorney was on saturday night live they kept saying "checks and balances." that is exactly right. that is what we are all ving to have hard and fast rules that ensure to the greatest extent , law enforcement and the domestic activities of our military intelligence services are focusing on individuals in circumstances where there is some indication of wrongdoing. basicarch warrant is the

example. it says you cannot really do anything unless you can articulate in a clear way with specific facts what you are trying to do is based upon some predication. that it is based upon some real suspicion that what you are going out to do is going to find something wrong. issue, you mentioned the word "reconcile" -- i think in some way it is reconciliation. we are trying to find ways in which you have effective law enforcement but you also respect these primordial principles, these first principles that underpin our free society. to specificmake points. you asked us to answer a specific question, how can we make things better.

think in two ways, there are two specific things that came to mind when i was trying to think about that. world, anding of the i do not want to get wonky, but i would do a better job of establishing policy and legislation that is almost technology-agnostic. what i mean is the political system tends to focus on the state-of-the-art at a particular time. email is an example. if you look at police procedurals, most people would think you would need a warrant to wiretap a phone, which you do, and you would need a warrant to search emails. which you don't in some cases. the reason is because one congress was legislating they were looking at a system where

was extremely expensive to store emails in the cloud, the proto-cloud at that time. you are talking about and the tens of thousands of dollars for a gigabyte of information. now, the cost of that is in cents. someonenotion of having with an entire decade worth of gmail sitting up there in a remote server, it did not occur lawmakers in front of when they were doing that. and that leads me to the second point. we are talking about reconciling surveillance and privacy. we need to approach it from a common frame of reference. in many cases, we are not, because we just don't know what is happening.

we just had a case where this actually happened. context.email where judge said, you have a atst ament right to look the application materials for physical search warrants, but because and email warrant is not really a war and, you do not have a first amendment right to look at the application materials for an electronic communication search warrant. this is a case where the public quest to understand and define that public frame of reference that will allow us to appropriately reconcile surveillance is being stymied by this lack of technological agnosticism. a concrete example of how we can be looking at ways to improve policy and lawmaking.

i will leave it at that. muc and thank you very thank you, professor, for moderating this. thank you to you all. i am impressed that there are so many folks here this evening. i could not even get my own high school aged son to come down here. i hope he is watching c-span, but i think he is probably playing video games right now. look, this is a really important set of topics, and i know that you, professor, has dedicated your scholarship to this question of a balance between the common good and individual rights. in my experience, those two

things often are intentions, and i do not think there is any subject where that tension is more pronounced than in the area of government surveillance. my own career in the government, 20 plus years, most of that time as a federal prosecutor here in washington, and then several years in the intligenc community, incng of the national security agency, where i was general counsel. i come at these issues largely from a security perspective and from the government perspective. let me make three brief comments that i think and hope at least frame these issues from my perspective. the first of those observations really is that this is not a new debate. it feels new at times because it is very salient in this current environment, but it really goes back to the founding of our country. the imperative to perfect the common good and individual rights is embodied in the preamble to our constitution, which speaks of the necessity of providing for common defense on the one hand and the importance of securing the blessings of liberty on the other hand. this goes back to our founding

document. in fact some of the founders spoke of this being an ongoing process when they talked about the importance or the effort to create a more perfect union, not stating that this was an end state in and of itself but rather a process or a journey that we are on together as a nation. the constitutional matter -- and you are a bunch of lawyers here -- it is the fourth amendment that really captures this tension when it comes to government surveillance. the important concept is reasonableness. that is the touchstone of the fourth amendment, as the supreme court has said. what is frustrating, i think, is -- what is reasonableness? we have had to become comfortable as lawyers and citizens that it is a dynamic concept, it is fluid. it tends to be challenged by changes in technology. this debate has been going on since our founding. what is reasonable when it comes to government surveillance? the second point i would make is there are no absolutes in this

discussion. this idea of reasonableness, this and bodies the ideal that this is a balance. there is no such thing as an absolute zone of privacy. benjamin franklin understood his diary could be subject to being seized and searched by the local constable as long as that constable followed the law and obtained the necessary judicial approval for that search or was otherwise subject to the rule of law. so there is no such thing in our country as an absolute zone of privacy. similarly, there is no such thing as an absolute right to conduct surveillance. surveillance has always been subject to the rule of law, and that is true, particularly with respect to law enforcement and the idea of getting a warrant to search a house, but it is also true, going back to at least the 1970's and the church committee when it comes to national security.

having effective oversight over the effort to conduct surveillance for national security. ofno absolutes, no zone vacy and surveillance is always subject to the role of law. would say we have gotten it about right. i was in the balance is about where should be. in the criminal context, we have struggled to adapt to new technologies what comes to what is reasonable and when a warrant will be issued, but i think the fourth amendment has held up to the test of time. in the national security context, when it comes to the foreign intelligence surveillance act, we just renewed one of the key pieces of that act. post theden, revelations that snowden made about the law. the law was effectively extended for several more years after a

lengthy debate and i think that reflects the will of the people and the notion that congress has determined that we got that bae rht when it comes to national security. i do think there is an area where we need to work much harder and that is between the cooperation of the government the technology community. i think we have lost some of that cooperation and that cooperation will be critical in solving some of the key face, including an encryption and other cyber security because of the innovation in our technology community. it needs to work better with government. jeffrey: how can we balance the values of liberty and security? we can translate the text, an original understanding of the constitution, into a technology age, and the age of nsa surveillance, what does the text

of the fourth amendment say? says it shall not be violated, but no warrants issued unless upon probable cause, particularly describing the place to be searched or the person to be seized. what does that mean? for a nonpartisan understanding, you must consult the interactive constitution, which is cohosted by the national constitution center in philadelphia, which i am honored to head. this amazing new app brings the top liberal and conservative lawyers together to describe 1000 words about what they agree about and what they disagree about. if you click on the fourth amendment, i want you to download this app. not now, because i'm speaking, but after the show, you will

find my colleagues saying the core meaning of the fourth amendment at the time i of the framing was to outline the with writs oft assistance. what were they? they were engines of tyranny that authorized government agents to break into the homes of citizens and rummaged through their paper and private diaries libelarch of judicious criticizing the king or evidence they had not paid the hated boston tea taxes. john adams said at that moment the child, revolution, was born. so liberals and conservatives believe that any electronic searches today is, by definition, unreasonable and unconstitutional law and an anathema to liberty. so let's take the three questions women asked to decide

today. cell phone surveillance, the supreme court is about to drive about the most important case for digital privacy in the 21st century. the question and the carpenter cases, can the government subpoena five months of our geolocation records? that is when we walk around and to theations are sent cloud, owned by verizon or whomever our provider is. with this, we can use the movements of a suspected drug not suspectedwas of selling drugs -- he was breaking into radioshack's and stealing cell phones. his cellonstructing phone records, the government indeed a cellas phone thief. the objective of there was no

valid warrant and said the search was unconstitutional. what will the supreme court do? my predictions are as good as yours, but i believe that this court will, by a strong bipartisan majority, hold that the search of our movements in public for a month is unconstitutional and unreasonable. but justices are likely to diverge on the reasoning. neil gorsuch and the like are likely to say we own our property rights could when we surrender them to a company, we have expectations of those records will not be misused without respect to terms of service, and as suchthat is unconstitutional. the more liberal justices may hold that we have a next rotation of privacy on the whole, so when the government can reconstruct everything we can do for five months in public, it can find the political rallies we attend, the letters write, the love we never sent.

that thet is inspiring roberts court is willing, often by unanimous votes, to translate the values of the fourth amendment into a world of new technologies. that would about nfa surveillance? there, the government is seizing records from the past. because of this wonky but pernicious doctrine called the third-party doctrine, when i surrender my documents to a company like verizon, i surrender my rights. so everything stored on third-party servers we would have, as justice sotomayor said, and no expectation of privacy.

it is inspiring that conservative justices, as well as liberal ones are willing to strike down nsa surveillance like this and they have quoted james otis's final case. i think they are doing a noble b anslating these values and understanding into an age of new technologies when surveillance is ubiquitous and involves so much on our movements in public that it clearly violates our cognitive liberty or mental privacy. the values with the right to engage in political dissent. therefore, the first and fourth amendment are intimately connected. that leaves one final question and we will about it one final bit at what about this book? what do we do in an age where mark zuckerberg has more power over who can read up our information than any supreme court justice. the latest facebook privacy scandal is the largest of my life as a privacy advocate and

observer. it is striking to see mark zuckerberg responding to the public outrage over fook of private amounts data to cambridge analytic and using it to send targeted ads, not only in the 2016 campaign but to influence the brexit vote. suddenly the public is realizing, it isot the government seizing our intimate thoughts and political preferences, and trying to suppress our dissent or push us into one camp or another, it is the private sector, yet the fourth amendment says congress shall make no law, it is not say mark zuckerberg should make no law. the great constitutional challenge is to figure out what to do in an age where the powers of the platforms are not regulated by the constitution but they are exercising the power of constitutional officers. those answers are not easy, but the fact that zuckerberg said regulations may not be necessary, that europe is about

to pass the most significant privacy regulation of recent years, and that even congress may be moved to act leads me to hope perhaps we will have citizens marching in the streets as they have been doing so on behalfy recently of translating the fourth amendment so it protects the same privacy when it comes to facebook escorts does for the u.s. government. have been looking desperately for a way to keep you in-state a little longer. enjoy your enthusiasm for another minute. tell us, if you have your way and the government will not be able to search our phones unless reason, how much does it affect our public

safety? jeffrey: what is remarkable of these cases, the government could easily have gotten a warrant in the case, which was the first case where the government stuck a gps case at the bottom of a guys car. they were supposed to only arch in the sea, and the theyshington, d.c., and ended up searching and maryland. this was the obama administration, the obama administration stepan said -- we have no expectation of privacy and public and therefore no warrant is needed. completely unnecessarily aggressive. once the government said you needed to get a warrant, the police said no problem, we were going to do it anyway. in this carpenter case, the courts hold again that you need to get a warrant before you can get five months of cell phone records. that will be a problem either because if you have a serious enough crime like the ones that were involved in the case, and enough time to get a warrant, you can get one as well.

i think this is why chief justice roberts wrote the unanimous opinion and the riley cases said you cannot, when you are arresting someone, open their phone and search their a phon ne a cigarette the phone has our emails and we have an expectation of privacy. respect your dutiful effort to balance the interests of liberty and security, and i thought you did a thoughtful job in the balance, but these should not be hard cases. and they are not because they are nearly unanimous. the only hard thing is, and it is an analytical leap, for the framers, you need physical trespassing before you can go over the fourth amendment. in the 20's, they said if there is no physical version, you can go to wiretaps. it's exciting to see that they are doing things without physical trespassing.

this is one area where liberals and conservatives are agreeing. >> what an honor to be here and follow in the eloquence of jeffrey rosen on talking about wonky but pernicious doctrine. if you have not, you should go to visit the constitution center which he is the leader of. as a moment of indulgence, i'm a tenor, i think in my temple -- i'm a tenor, i sing in my temple choir, i love singing, and i never thought i would get to the arena stage here. [laughter] [applause] peter: let me just say that. i'm sorry, i have a sore throat so i can't sing tonight. [laughter]

peter: it's actually true. i come back to this community and do it a little differently. thinking about the communities of which nation and which community. a lot of the issues today are things stored in the cloud. where the united states government might want to get it under the fourth amendment, but maybe the british then wanted. maybe we trust the british maybe. then maybe india or china wanted. we are going to have to sort through all of the countries in the world. it will not just be our one community being behind two oceans. it will be somehow interacting with the rest of the world. when we do that, there is a great temptation to think of american exceptionalism. it is our constitution, there is the fourth amendment which jeffrey just gave us in perfect word-for-word verbatim. let's think about, if we share with the rest of the world when england should get access to it or france, some of these things, we should have fundamental rights protecting them even if they are requested from other countries. for instance, we might say we only share and have reciprocity with other countries if they have probable cause for warrants. right? that might seem the fundamental

thing you have to have. there has been proposals that the u.s. should get access to u.s. companies as long as they have probable cause. it turns out the rest of the world's standards to get emails is zero. no one else has said. that is an unusual standard. they say, maybe we can settle on something else as the bear minimum of what human rights requires. let's have a neutral or independent magistrate. that is another part of the fourth amendment, except when i took history and law, and france, they don't do that. they are investigating magistrates that are involved in prosecution and don't have somebody independent. in many countries, no independent judges, and so now, what communities do we go to? are there principles? universal rights? or do we say everyone gets to do it for themselves. defining which community counts

is going to be terribly important. so there will be some fundamental rights. no torture. we can get a lot of people on board for that. we can have rights before the government seizure emails where we might have a principle, some check on the zealous prosecutor, exact details of how you're going to do that might be different. there will be some things were countries very. in a world of 200 countries, where emails are accessible to everyone else, we have to think the 200 countries. i'll give you an example from the encryption debate. we can come up with discussions of whether the nsa or the fbi should be able to get decryption. should be able to get inur encrypted communications. states, we might

be able to build a good structure to make sure they never abuse it. we can hope for that. once the u.s. are companies providedec meanso open it up, wants the technical means is open to the chinese and the russians, so if you think about opening it up, do it as long as you would trust the least trusted country to do it. so, if you trust russia and china with access to encrypted stuff, well ahead. but if you do not, do not think the u.s. will have the magical ability to see this for the community. don't think the chinese and russians want. we will have the same software, same devices, same problems. in encryption, there are trust.es i do not i won't let the u.s. have a way of having broken encryption.

we should have a technical means for cyber security. but then i say something else. the police say they are going dark, they cannot see the encrypted information, the bad guys will geus going we're in a period, and that's what the facebook story tells us, where we carry tracking device on us at all times for location. lot of you grew up in a world where you did not have a tracking device on you. now you all carry one. you have databases and facebook and everywhere else. you have cameras of people around you at all times. the police actually have enormous resources to find things for the common good. and we're going to live with that and figure out how to put checks and balances on thatn part through cases on the supreme court. beyond that, we shouldn't break the encryption for everyone. we have to have technical security. if we don't do that, business

can't do its stuff, we can't do our communications, it will be broken for everyone, and that's much worse world. >> so i get to play a little bit of clean-up here maybe. i'll do my best. this is quite a distinguished panel. i second peter's motion that folks should go, maybe as a requirement, of attending tonight, visit the constitution center. it's really -- if you've got children, take your children. if you've got god sons and god daughters, take them. i know it's a must visit for anyone who cares about these sandishese others that are going on today. certainly thank you for inviting me to participate tonight. this is such an important discussion, and it's an important discussion to have a dialogue about why civil society and in a civil way, because these are challenging

answers that no one entity is going to have to the answer for. the courts aren't going to have all the answers. government is certainly n going to have all the awers. companies certainly may not have all the answers. and civil liberties groups might not have all the answers either. but collectively, i think the hope is that we can come up with solutions on how best to move forward. in part, it's been interesting, and peter and i kind of go back a ways working on privacy issues generally for 20 years here, so it's been quite a while, and it's been interesting to see the dynamics and how things change over time. there's a big privacy conference going on in washington, d.c., and i remember when you probably couldn't get 10 people in a room in washington, d.c. talking about privacy, and now thee got thousands of people

that participate from all walks of life from companies and ad very kearse organizations and others, from government, on talking about privacy and trying to figure out talking about the different issues that are important. but what i've seen develop over time is really come to be a part of a lot of the discussion today, two things, one, and this has this has already been

discussed. the advancements of techgy d how the law has kept up, and all the the glal nature of what us, that goes a little bit to or a lot to what are the expectations of our users? how do we stand up for our users, especially when there might not be a rule of law that applies, because the law hasn't caught up. for microsoft, we consider to be privacy a fundamental human right. because of that, we do certain things internally as far as privacy, best practices, privacy by design, all sorts of things. and we've done that in a few instances. we've challenged the government when they issue gag orders, in part because when we're

entrusted with our customers' information, and the government, law enforcement -- wants to to us come to a company and ask for information, should we be allowed to, in certain cases, not all cases, should we be allowed to tell our customers that the government is seeking data and that because the customers are in the best position to defend their rights. in this internet age, where before, when the customer is holding all their data in file cabinets, which probably isn't the most efficient way to hold data, the government would have to go to that particular business entity and serve them with the papers and get there, get the information that way. in another case, we received a warrant for information, this

is about five years ago, we cede a warrant for information from one of our users' email account. when we did our investigation, we take a look at when we receive these sort of legal requests for information, or a request for information. we check and see whether or not they're a legal request. do they comply with the law? in this particular instance, we said, well, we don't think the law that currently exists that was written back in 1986 applies to this particular warrant because it's seeking data that is of a foreign national that is residing in one of our data centers in dublin, ireland. so we challenged the case, and the case wound its way through the courts. we lost in the lower cases, we appealed to the second circuit, and we won in e second circuit. in part, the court said that this is a situation for congress to act on, that that he greed when congress pass this had law in 1986, didn't

contemplate the way the world works today, you know, five or six years ago. that congress didn't contemplate this sort of situation where companies are global, information could be held elsewhere. we have u.s. law enforcement seeking to go in and get this information, four nationals sitting in a foreign place, shouldn't that and one of the positions we held, shouldn't that citizen of that country, say ireland or germany or france, pick the country, have the expectation that the laws of their country should apply? so that gets a little bit to what peter was talking about. so we challenged the case. it made its way to the supreme court. we'll see what the supreme ourt has to say. but at the same time, also believing in the second circuit

view that this is one for not the courts, not an individual company to sort out, but when the congress, speaking on behalf of the citizens of this country, have to determine what's the best solution moving forward. and updating the laws, and in this case, the law that was passed in 1986, to contemplate the current circumstance, and in the course of trying to work through kind of how a new law or revision, a change in the existing law to work would allow u.s. law enforcement to seek this data, you know, we had to come up or work with congress to come up with the right legal framework, and so what we found was the way other companies work as well, and we're all facing the same -- we're all facing the same situation, is not only because we're global, but we're getting requests from u.s. law enforcement. we were also getting requests

from foreign law enforcement for information that we as a u.s. company may be holding about the citizens of their country as those law enforcement agencies are investigating cases that are happening in their country. and the same law that we didn't think applied in our case provided -- we called it a blocking statute, prevented u.s. companies from turning over that sort of information to a foreign law enforcement from another country, even if under that country's laws, those requests went through their legal process and were perfectly legitimate. how do you fix this going both ways? as it turns out, we worked for a number of years on some legislation that was just passed last week, something caed the cloud act. it was attached too the omnibus bill that was passed. it allows two things. one, it allows for u.s. law forcement to request data that u.s. companies may have,

respecting and going through a laws of oking at the the countries, having the ability for those countries to object to that request, the ability for companies receiving the data request to also object , also setting a rulehat allows u.s law enforcement to obtain data that a company may be holding about u.s. persons, where that data may reside. there's a current court decision. it's unfortunate that this doesn't happen, but there is a current legal decision that requires more for content that law enforcement continues to follow. at the same time, the law allows for the u.s. government to negotiate treaties with other countries, like the united kingdom, for instance, to allow for those foreign

countries to seek data about their citizens that u.s. companies may be holding, provided that certain things are met, including that they have a good human rights record, there's some congressional oversight, that they not seek information about u.s. citizens. all of this is kind of a long-winded way of talking about one instance where, you know, our company recognized that the existing laws don't mesh with the way the world works today, and the importance that we thought in protecting our users and trying to set a rule of law that hopefully will carry us forward. there are likely other scenarios like this where, like i said, the existing laws just haven't caught up with the changes of technology, and there's going to be i think

many instances where additional public discussion and debate, back and for the engagement is going to be needed to sort out a good path forward. >> that is completely excellent. i look and i have 20 questions want to ask you, and restrain myself with good effort to get our audience in. but i will ask one question. nd that concerns, we heard repeatedly that the golden standard for protecting our privacy is that the government did not allow to search you unless there's specific authorization of the court, or specific search. but basically that is the golden standard. and the golt should not go fishing, only where officially

to suspect that a person committed a crime. but what if the private ompanies will keep dossiers on 100 million americans, and serve them to the government? isn't that a much bigger deal than when we hear about what happened in facebook? doesn't make a mockery of the whole idea that the front door is locked, the government cannot go and search, but it can get it. i need to extend what i'm talking about. i think partly all corporations keep information about their clients in order to call service, and some of them have said that information into others to get some income.

but you think a small number of corporations that are required, but in current connection, and that's the only business, the only business they have is it connects tons of entities, personal information, but including medical information about, in one case, 20 million americans, and in the other case 78 million americans, they have contracts with the f.b.i., c.i.a., internal revenue service and immigration, and sell that information. so the question is, don't we have to rethink the small notion that as long as the -- but the private sector can completely circumvent, how can that be? i mean, let me put the last line, the difference between e f.b.i. having a dossier on

20 million people, innocent people, and clear choice given to the government is one click and one check. so let'start this. where do we go from here? >> yeah, so this is one, and the events over the past, you know, few weeks, you know, around facebook as well, you know, this is one where, like i said, in my remarks before, we really do need to have a public discussion. i think for some companies, maintaining user trust, where you've got a more direct elationship with your users'

consumers and business customers, you know, certainly doing something that violates that trust would have some -- probably some fairly significant business impact. and so i think one of the things that i've seen, you know, over time, is increased public interest in these sorts of topics, and i think that, you know, jeff alluded to the marching in the streets, while that may be more optimistic than i think will happen, nonetheless, i think over time we'll see some calls for some rules, some changes. i think some of what you just talked about, you know, may come as a surprise to a lot of people. so as that comes up, you know, what will be asked of our lawmakers be, our regulators

be, in terms of doing something, curbing some practices? you know, i've seen kind of the pendulum swing between, you know, the data after 9/11, where i'm sure people would say, in the same of public safety, yes, the government should be able to get all this data. it's important to protect us and keep us safe, and that should be priority. and then after the snowden revelations, we saw that the pendulum swing in the other direction, where it's like, ok, wait, do we really want the government to be doing what some of the revelations revealed that the government was doing or trying to do? so, you know, a great question, and i think as time marches on, we'll see folks working on what the right solution to it is. >> the question is about data brokers and huge amount of commercial information the government can get, that's roughly the question. so i look at that time this way. in the european union, as jeff

mentioned, in may they're going to have ay stri privacy law go into effect. it's pretty easy to pass regulations and direcin the e.u. they write a lot of them. in the united states, when it comes to regulating huge, successful companies, we don't pass a lot of laws. it's pretty hard to regulate them. these same proposals have been around since the 1990's and they haven't passed for internet privacy on these companies. and in my world, we have the u.s. not regulating, even when we see pretty bad problems. we see the e.u. regulating a lot, even more than i think they shoul what we haven't had is a good enough imagination of what can be in between. people recent really, at the level of legislative craftsmanship that went into the cloud act, and i think that right now people are starting to say, hmm, social network, hmm, what else is going on. and so congress has a chance to imagine more than they could have imagine.

there's people on different sides of the political spectrum that weren't happy. but that's going to take active work of imagining, where is some regulation of big business that makes sen? if the answer is zero, then we're going to have businesses collecting everything and doing everything, and if you want to have less than that, then you're probably going to have to have some laws, and we don't know what those laws should be yet? >> just a quick thought, peter is absolutely right that the u.s., unlike europe, is suspicious of global regulation of the private sector, the court has to do it in the u.s., and it's remarkable and criminal procedure classes, how much time we take trying to figure out when a private citizen is being used as an agent of the government. there's something with the police going along with the tax dermist who is looking for marijuana, and the real purpose is to find the marijuana, then he's an agent of the government.

but when a police officer asks, he's not. it's a decision, and clear choice's business model is to collect data for this spific purpose and giving it to the government, then it wouldn't be a big stretch to say they're effectively acting as if they're government agents and should be regulated accordingly. the same judges who are willing to say that 24/7 surveillance is like a general warrant might be willing to say you can't do through the back door what you're not allowed to do through the front door. >> just to clarify. i completely see what you're saying, they're not collecting for the government. they're collecting for anybody. and in addition, they were sharing. >> well, i think i agree with all three of you on this question. i mean, of course the problem is that so much information is being collected by the private sector that people are -- the business model of these companies is to have exchange our data, to give them our data

so that they can sell it and then they can give us great free services. i mean, we're now seeing an instance where that whole business model, facebook's business model is being called into question, because the way they make money, the way other social media companies and other companies make smone by selling our data. for that, we have made this bargain that we get this great, free service. the question is, would we be willing to pay for that service in order to have more privacy protection? i think that's an open question. the other quick observation, i think one of the challenges in this area, all your points about these cases that are going to the supreme court, i hink the courts are challenged in drawing the line, at what point giving over data voluntarily to a third party becomes a fourth amendment violation, when government gets that information. this is really a job, from my perspective, for congress. i realize that may be futile in

the current environment, but courts are not very good at coming up with policies as opposed to implementing the policies that congress puts into effect. so i think we have sort of a separation of powers issue here too. i agree with all that he said. i think there's probably three other things that i would note. i mean, one, as you know, the notion of legislating in this area, directly regulating the private sector collection of information is an extremely difficult proposition. but there's a couple of things that we could conceivably do. one, we should pay attention to how the government is able to get information that we share with private sector entities. we have, in the united states, for instance, in the privacy act that was passed in the 1970's, we have done things that try to control how the government uses information that it has, and i think that's an important element to

protecting individual freedoms in this new, bra digital age. you know, the second point is one you just raised f. it's free, you're the product. you know, that's something i think we all need to internalize. we need to understand that -- we need to understand what information we're giving over, how it's being collected, and how it's being used. and that brings me to the third point, which is we need to have the tools at our disposal to figure out how much information is being shared, how it's being used, and, you know, that's particularly ate wheyou're talking about the government and using tools like the freedom of information act and state and local sunshine laws. and it's also important for the private sector, this notion that sunshine is the best disinfect can't. one of the reasons why is because the chance there's

going to be sunshine puts a choke somebody from doing that thing. >> thank you all very, very much. if there's anybody in the room who doesn't feel complete al insured on that issue, let me tell you, you're not alone. now, it's your turn. but i think maybe should we try that? i think this room is small enough, if anybody wants to speak, wherever they are, there's a question, mack a statement. unfortunately, when you raise your hand, on the floor. >> good evening. i think you touched on numerous issues of policymaking and the challenges of technology changes, but the question i have is a prediction of

behavior of individuals who use or maybe i can say muse the technology to misuse people's personal information. and my question is, if not through government, maybe through private companies working with government that we can start having a way for organizations or individuals that challenge companies along with government on how the personal information is gathered and used, or in this case, prevented from being misused. if there's a time in the future when maybe we start predicting bad behavior as it relates to a business model or an organization gathering information and misusing that information. >> there's actually been another law passed by congress this year that addresses some of that. congress has passed some laws when we weren't looking. i might have -- it might be called ftda, but here's part of what it's about.

up until now, if you ran an online service and people posted stuff that was bad, the any th was running the online service couldn't get in trouble. they had interimmediate air protection, section 230 of an old law. the n pasthis had y which i haven't studied in-depth, makes it illegal to do certain things. the people who organize this website now can get into trouble. in particular, around sex trafficking and other things, all of them, again, one of the things that happened this week is articles at craigslist have dropped all their personal. sorry, folks, you missed your chance, and that's after decades, because craigslist said under this new law, it could no longer police the personals strictly enough, and craigslist' own assets orpt line then. reddit has eliminated a large number of sub-reddits also, for

my kids' generation who know what reddit is. so there's been legislation creeping in saying some of speeches are risky enough that congress is going to say no. state laws are also moving ahead, sometimes called revenge porn. this is a bad thing to do, gentlemen. you have pictures with intimate friends. you break up, then you post pictures of her to the net. that's revenge porn. it's really awful, shouldn't happen. and states are finding ways to write laws to put pressure on companies not to post the revenge porn. these are all examples of some misuse of these online services, where the crps starting to take the hit for it. and up until now, they didn't have to, and now they're scratching their heads saying what are we facing? the abusive actions are now starting to get liability on some of the companies. >> this internet, interimmediate air liability is not without cost. so here's the danger. the europeans have passed this sweeping new law called the right to be forgotten on the

internet. it comes from the french, right of oblivion, which is very, very french. and the idea is if we were in france right now, and someone were tweeting jeff is going on too long, ta up too much time on the panel or something like that, after the show, i could sue google and demand that they remove this incredibly embarrassing, although perhaps truthful, offense against my honor, and google would have to decide whether i'm a public zpig whether your tweet is in the public interest. if they guess wrong, they're liable for up to 2% of their annual income, which is in google's case was more than $70 billion last year per tweet. so google has taken down 42% of the take down requests received for truthful and embarrassment information, including articles about the right to be forgotten itself. so obviously putting liability on the interimmediate airs to police truthful but embarrassing or bad but offensive offenses against

dignity clashes directly with american notions of free speech. and that's why the section that peter just mentioned, 230 of the communications decency act, is incredibly important and distinguishes america from europe, because generally we don't ask facebook and google to look at content and decide what is earrassing or what is true or bad and what isn't. and now in light of all these facebook revelations, there will be new pressure, especially in light of fake news, on the platforms to decide what's fake and what isn't, and once again, do we really want the platforms to be deciding truth? so very hard questions. my instinct is not to put that responsibility on the interimmediate airs and to come one other solutions.

>> it good evening gentlemen, my name is dominic. i come from germany, and we had a police state for a couple decades, and because of this, i was very happy about the point that mr. olson made in the end about big corporations because, in my opinion, there is a misunderstanding of the current facebook scand in my opinion, it is not abuse of facebook and misuse of facebook data, it is use of facebook data, what has happened there. the whole problem that has been raised already in the panel was the free mentality that we see in the internet. it is convenient to get all of the services that we want, messaging, email, and this one for free in exchange for our data. i pay for my email service provider. i pay for my messenger. i am an economist. professional.t.

but as an economist, i know there is no free lunch. them, if i do not pay there are no free things. they have no choice but to use my data. the question is, when will the rest of the population wake up and realize there is something going wrong and maybe they have to change their behavior? what can we do in order to incentivize them? is a campaign for education and or can we do anything else to make them understand there is no free lunch and then not only the government or the specialized our problems, but also -- i am very sorry but also microsoft, google, and facebook.

[laughter] >> so, no when i talked earlier about seeing the progression of privacy through the years, one thing that has challenged companies through the years how to make it very transparent to users about what they are doing with their data and how it used.ng so my company, and likely others, when i first arrived and you start to read through the privacy policy -- i'm a lawyer -- you get to the 45th page and say wait a minute. you look at who wrote it and it is the engineers. kook.omes this legal it is important because you want to be precise and descriptive but how you turn that into something understandable for the average user.

my grandmotherf could not understand this we have to go back to the drawing board. our federal trade commission here took it upon themselves to try to be helpful in providing guidance and how to explain and expand to users what you are doing with their data, what happens downstream. are you selling it to other users? what is going on? transparency is going to become more important. i think the revelations we have seen, it's been interesting watching the reaction of some of our policymakers who themselves did not understand how data is being used. what is being collected about them. you do have to make the choice. providednt the service

for free in exchange for kind of what is happening? to make that decision, you have got to understand what is happening and parameters around that. if you do not what that, you have to decide, do i want to pay for the service? havee are going to have to this discussion. people are going to have to make these value propositions for themselves. i think what we will see is the regulators will step in when they think companies are stepping out of bounds. certainly it is out of bounds if you think you are doing one doingand you go aut something else, if you are misleading or being to opaque about that i think that federal trade commission has brought cases against companies who mayt not be misleading, but

kind of be fudging a little bit about what they are doing with people's data. >> one quick observation about this economic bargain. it goes a long way. lines,used to a party you would give up some privacy inrder thave vercheap or free telephone service going back decades. that is what we are seeing now. as an economist i think you'd appreciate that it is going to be up to consumers to really more is offer privacy or consumers. using the services. i think we are a long way from there. i think anyone that has interaction with young people are shocked by what they are willing to put on their facebook or instagram or snapchat. ande privacy is changing the next generation is willing to give up their privacy for

these services. of an's have the benefit economist. asymmetry of information. to have this transaction, to assume i am willing to give up private information in exchange for free service, as soon as i understand what they are going , ifo with my information they for instance send it to the government it never occurred to me that when i bought a pair of , that therom whatever fbi would use the information from different sources to decide my medical condition without correct information. that an you not agree order for that free economic deal to work there has to be some symmetry of information.

>> i think the problem of all digital technology is set people do not know how to use them properly. privacy, ik about always discuss it with my friends and they say, i have nothing to hide. and i say, why do you have curtains at your windows? why do not write internet information on postcards but only on letters? they say, because i know it.body else might read the problem with all this digital information is somebody else can read it and see it but it is so abstract. it is a computer. just because i cannot see it and touch it, basically i am putting it in an abstract space and it does not make us

understand it is actually peopleble to a lot of that have skills and capacity. thinkg problem i see is i why do well in these companies like microsoft and google and facebook, why are they so powerful? it is because we have made them so powerful. simple.at without the privacy we have given up on a voluntary basis and we have given up on a basically they would not be able to create and establish and analyze all of these profiles they are able to take advantage from. >> thank you. i'm ruth holder.

been in telecommunications law since before the passage of telecommunications act. one of the provisions of that was strict cn pi. when mr. rosen was speaking about the cell phone thief who weeksacked for five through verizon, and someone else talked about the snowden revelations which in my understanding was something like this giant data room where everything went across at&t and verizon networks was being listened to and it was all supposedly the government was going to decide what they could or could not use. i'm wondering why those things were not protected against the prohibition.

lawyer on that. revelation, one set of them and there were others, i think people now call that part of the upstream program of the nsa. the upstream program would be a lot of things are coming across the system. the nsa as authorizeda federal judge under section 702. tenure, confirmed by the senate. the point is there has been authorization for specific identifiers like this email address. thatone goes through, only one goes to nsa storage. you can say maybe they are breaking the rules, my view is

that is what they do. that was reapproved by congress this share, that approach. that is not a sret anymore. cn pi, the 1996 telecom act, that had to do with commercial sales of peoples phone usage data. so under the court directive for cell phone stuff, a judge has said, we are the government, cn pi does not stop that. they are not supposed to use that data. they've toldhow if the judge they have a right to see it. >> good evening. i don't want to derail the

but it doesoo much touch on the broader elements of security versus privacy. withof you have experience medical information safeguarding. that has been referenced. ho you respond to the current debate over the right to purchase firearms. to be honest, i would probably say i'm one of them. if someone wants to purchase a firearm it is a relevant matter what their psychiatric history is, but as the matter stands today, that kind of information is not available for federal or state background checks. i'm curious what your thoughts

are on that subject within the perimeter of privacy versus security. >> that is a very timely application. mention one thing that most of you will be familiar with but maybe one or two are not. you used the term "medical examination." it tells certain entities like doctors that they cannot divulge medical information. but if you use any of those apps orcheck your heart rhythm ,tatus of any medical condition they would be happy and free to sell it. it is important to understand the law differentiates between a wish of privacy of information

as distinct. >> it is a wonderful and important question from a constitutional standpoint. interactivemend the constitution, which reminds us if there were to be proposals to allow the sharing of medical information, the second amendment would not prohibit it. it is wonderful to have people agreeing that the historic purpose of the second amendment an overzealous government. not about an individual or collective right. in the heller decision, the supreme court in justice scalia is majority said all sorts of

regulations including restrictions on people who are mentally ill from buying guns would be reasonable and consistent with the first amendment. constitutionsthe fault, it is because congress and the states don't want to pass it. you can imagine a system that balances the obvious use of security purposes with legitimate privacy concerns of gun owners. advocateendment errors, you can imagine. you can created anonymously at person's status unless they were put on a do not fly status or something like that. so, the regulations that enforce the legitimacy of the database, by that isot do this

very theoretical. >> good evening. thank you very much. this is very interesting. thank you. today at work i had coincidentally the opportunity to review the privacy policies. i notice they were about to release a new version. they are revising that. they have done a better job of legal.lear or being less they are not any more clear and what it actually means. they do not say what the other means or what other uses could be. so with zero legal training and not a lot of time to study this resources are

available for people like me who would like to understand more, don't want to spend hours poring over these terms, are there consumer union offices or campaigns working on this? i heard about the electronic frontier foundation. can you share with us some more information? >> sure. you mentioned eff. a number of other organizations. the aclu. one of the issues here is if you it, as just and regular --, that is a problem. technology of on thers, there is onus from writers to make it as understanding as possible. if you're reading the privacy

policy and cannot make heads or tails of it, that is a red flag. brief. consumers union has announced a project. they are going to start trying to systematically rate products for security and privacy. the car issue will matter because god knows what is being collected. that is an effort for ordinary consumers to have somewhere to look to try to figure out what is better to use. >> if you are just looking for general information. i would recommend the ftc website. for general information. because they have done work over the years on how to make privacy policies more understandable and readable. also, a professor at university of california berkeley, through the years he has tried to digest kind of company privacy and how

to kind of read them. >> one quick other suggestion. it occurs to me as you make your point, this is an area where security and privacy come together. when you think about what happens when companies have your information and don't properly protected. think about the equifax the reach. said equifax was ok to sell.nd it was stolen. here is an area where security and privacy are completely in line. the better our privacy is protected from lost or being stolen. >> thank you. our friend from microsoft recommended -- mentioned a cloud act earlier. i was curious where they were

taking it because there is not necessarily a consensus over whether it is a good thing for the public. withm not super familiar the cloud act but i know the electronic frontier and others were adamantly opposed to the cloud act and it seems it was passed in a circumvention way. so i was curious as to whether anybody had information. >> it is too basic things. one is there was a supreme court ise of microsoft, it challenging a probable cause recordsthat is seeking of data physically stored overseas. microsoft's argument is

effectively that it permits and email warrant. in answer that question in the affirmative and says and email provider must disclose email regardless of where the data is, whether it is here in the united states or overseas. it also has a second part, which would deal with what are called mutual legal systems. another country wants law enforcement assistance. do we want to hear or abroad. where ina system now many cases the other country would come here. the department of justice would get a warrant and get the information and send it overseas. the department of justice could on its own enter into agreements

with another country where they say that other country has sufficient procedural protections that protect privacy in a four week and have a reciprocal agreement where they can get stuff here and we can get stuff there. in terms of positions on the law itself as you say was included think it would i have benefited from additional publicity additional and i think everybody agrees there are concerns. even those who supported and supported for very good reasons, given the alternative agree it has certain parts we need to keep an eye on that might be problematic. >> i spent a lot of years on these issues. we have an act called the

crossed data act. we have a whole webpage on it and hundreds of great pages to read on it. based on that research, it doesn't surprisingly great job. there are things you could publish. if we did not fix it, we would es with to judge whether this is better than what we would've had otherwise. concerneds have been about it. i have written why i think all things considered are good. feelingse have mixed on that. >> we have had two positions from the panel. on one hand, the third-party doctrine that once you release information to another party, they can do with it what they want. i'm not exactly sure of that is the only interpretation. maybe the government does not

necessarily need it. but let's look at the fine print here. thisntrast, you heard idea. you own the information, you gave it to somebody collect they want to use it for second user given to someone else, they have to get your permission. two extremes of a continuum. looked closer at the , it getsunion position ntricate. all, if indeed every time a commercial firm wanted to use information you were used to someone else of that your permission, you would receive a question on your computer saying yes or no because every day your information is used about 700 times. i do not think most europeans do that. areaer, it it exempts one

or another. they don't have to do this for commerce. soon,hat looks like such a wonderful idealistic solution that you on the data, no one will touch it unless you give permission, then you add one thing. they have something they call a compliance gap. europe so i went to has everid, if anybody asked for anybody to the second information, they said one person did. amazon. is european law anywhere near idealistic? itre do we find a base of between third-party doctrine and

a notion that we own the data and if anybody touches it they need to give us that information? >> neither seems satisfying. the idea that we lose expectation of privacy is justhe sotomayor said inhe age of crowd we have no privacy. data that is disclosed to a third party may be disclosed might givetent we away our privacy in exchange for a toaster. we might click away and not get it back. immortalwered by the question, what would justice louis brandeis do? if you want some inspiring homework, read his opinion. he says the proper question is,

is the government invasion reasonable intrusion on our security and safety? unexpected -- unexpressed emotions? that case involved wiretapping. he said wiretapping is so in face you can hear both ends of the conversation that it was unreasonable even with a warrant unless the crime was very severe and the suspicion was very intense. so that is what we need to ask. society, when the search is so vast it invades the privacy it is inherently unreasonable. >> i'm so excited about this discussion i did not realize we overran the time. point, all that is left

for us to do is thank the panel for a wonderful discussion. thank you. [applause] ♪ announcer: c-span's washington journal, live it every day with news and policy issues that impact you. morning, talking about the week ahead on capitol hill and at the white house. redundant federal programs and their cost to american taxpayers. be sure to watch c-span's washington journal. join the discussion. >> here is a look at live coverage today. on c-span, talking about

maritime security. that is followed by a preview of the upcoming summit. the militaryabout technology being developed and it is followed by online messaging being evoked by isis. discussesu.s. senate the judicial nomination for kentucky. ♪ announcer: this week on "q&a," biographer patricia o'toole discusses her book "the moralist: woodrow wilson and the world he made." ♪ brian: patricia o'toole, your book about woodrow wilson, the review in the new york times