Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  December 13, 2014 2:00am-4:01am EST

2:00 am
harm, just the act of government surveillance itself is having a chilling >> when we talk about surveillance, we talk about the n.s.a. that is a lot that local, federal and state law enforcement are doing. could you speak to wicker and the other apps that are becoming mainstream, and the push that tech companies like apple ios-8 is encrypted. even my mother "fantasy football now" who hardly follows the news knowing that barack obama may be sniffing her e-mails. this is part of the public perception now, and i am curious how tech companies are responding to this. >> in your original question you asked the perceptions of going down versus a stote.
2:01 am
they feed on each other. the f.b.i. is complaining we are going down because of encrypted operating systems et cetera. people are taking these on because they think of themselves of living in a surveillance society. it causes the government to take on more and more sfwrusive surveillance techniques. in the absence of reform, i don't think this is going to be a helpful cycle for anybody involved. >> if i may, and this gets to the issue ultimately of trusting governmental institutions. that is one of the reasons we are seeing this explosion of this kind of technology, is that folks increasingly simply don't trust the ferguson with respect to their personal privacy, data and all the rest of these things. i agree, it is a cycle that needs to be broken, and the only way it is going to be broken is when folks on the ferguson side begin to understand that they need to be held to a high standard when it comes to these kinds of
2:02 am
investigations. >> what companies are doing right now is an absolutely appropriate response in the absence of reform. congress has done virtually nothing to reign in what we know from the snowden disclosures, which shocked the nation and the world. now companies and individuals are taking matters into their own hands and encrypting and securing their own data. we think that is a great response. >> would you tell people to stop encrypting their data? >> we would not tell them to stop, but there would be less urgency felt by both consumers and businesses to encript their data to the degree they are now. we have seen an explosion in secure apps and systems. they have become popular because of the snowden disclosures, because there is the realization now that we are under mass surveillance. >> i would also make the point that a lot of the services are out there, i avail myself of a
2:03 am
virtual private network or v.p.n. to hide myself from ackers and try to protect my data from hackers. if we get it put in a box where they belong, there is still going to be an increased need for these kinds of technologies just to protect us from other malicious actors. >> i think that is an important point to make in the whole going dark debate. our view, the use of strong encription, while it will cause difficulty for law enforcement to get data, overall, particular increase the security of regular users. it will help protect them against cybercriminals, phone thieves, et cetera. overall we think it is a net good for society. >> that is an interesting debate. the f.b.i. director brought up four examples, and others were
2:04 am
dubious in terms of these examples that law enforcement was saying that encription is really going to hurt them. even now, people don't have an i phone. they are using s.m.s. messages, and they are in the clear, stored for a if i night time and can be subpoenaed and pulled. one investigator said it was because of those s.m.s. messages we were able to get off the phone that we were able to force through a plea deal. notwithstanding knit other special circumstances, in the interests of fairness i want to address this issue. if everybody uses an i phone, ses i.o.s. 8 and encrept data, what does law enforcement do? do they go back to 60 years ago before we had cell phones?
2:05 am
how does that affect the investigative powers they have? >> it cuts them back, and the question is how does law enforcement respond? i look at these issues in the sense of whack-a-mole in the sense you will have more privacy here. it is not like the government is going to say we are going to stop investigating those cases. they are going to come up with ways to getting warrants top access a device while connected to a network. it is a cat and mouse game in which it is constantly dynamic and not static. we can never say this is now done. it is generally going to be in the public interest for a certain amount of criminal activity to be able to be investigated and solved. we wouldn't want a world where you can commit crimes with inpuntoity and not be investigated. that would be bad. there generally needs to be some role for law enforcement,
2:06 am
what sort forward, of technology is needed. >> the golden key, this goes back to the era of clipper chip, what does that exemption look like? is it an incrippings back door, forcing somebody to turn over their pass word so they can get access to their phone. as harley says, they want their data secure and encrypted. how do we find that? >> i would imagine it is stiffer penalties for refusing to decrypt one's own device. so i think it will be harder for the government to ack the device without the person's help. then the law will come in and add extra pressure to push the person to help, not oluntarily, but involuntarily,
2:07 am
facing criminal punishment if they don't do that. >> so you think the solution is compelled encription as opposed to a golden key? >> that is the better way to go. i would agree. the golden key idea is awful. when we see golden key, we are talking about a back door access into encrypted products and services, which could be exploited by other governments and cybercriminals. a key he is company would be very good and sound by companies that have a lot of resources and less likely to be scomploited by hackers. -- to be exploited by hackers. but if it is a mandate, we are going to see small businesses, start-ups, trying to build this in, there will be a variety of fferent golden keys, and not all of them will be strong and will put them in strong position.
2:08 am
>> building on what he just said, the other problem i have with any kind of back door, and those of you who were privileged enough to give congressman thomas massie of kentucky give an eloquent explanation of this, this morning, what we are talking about here when the government wants to mandate these so-called back doors into electronic devices is something that represents an absolute mortal threat not just to the privacies of americans, but to the tech sector of the united states. we have already begun to see more than affirm evidence of orders here with american companies that were going to be going over to europe, asia and elsewhere being canceled. this is going to have a snowball effect. it comes down to an individual liberty and privacy. it is an economic and jobs issue here. i would reference the intercept
2:09 am
story on the aurora gold program where they were basically trying to dig into every cell phone network in the world. that is a prescription to see the american tech sector collapse if the government does not get in here and prevents in from going over-board in that respect. >> trying to sell asia an n.s.a.-ready phone. >> right. >> the back door or compelling somebody to give the government a pass word -- this is a question really from a legal perspective. what does the case law stand on say -- hypothetically i come across the border from a fourth amendment free zone, and they say you need to give me this pass word to unlock this device. what rights do i have? >> it depends on the circumstances. the legal issue is really whether being forced to decrypt, it is forcing the
2:10 am
person to testify about something, or what are they implicitly saying, and is it known or non-known already? if it is someone's cell phone, they are a known number, you call the number and it rings from that number. it is what the law would call a foregone conclusion that they possess that phone. if that case, there shouldn't be a fifth amendment privilege to force the person to enter that pass cord. if there is a pass code and ypt, re using true cr telling the person to give me your de-crypted data, that could be a different story. it depends on the circumstances. it is a messy answer. as with most interesting questions, it depends. >> when we talk about this
2:11 am
debate, we got into the encription route. we are not talking about these issues in the abstract. they are very real issues ffment a consumer or somebody wants to pass word protect, or they want to encrypt their data , there are real world consequences. julian mentioned the associated press knows something about being surveiled. my colleagues worked on a story before i came to the a.p., which led to the justice department subpoenaing their phone records. they could talk about their own experiences with government surveillance and the government getting access to their information. this is a very real threat to say even though my phone records weren't subpoenaed, i still have problems with sources who pointed to that instance and say no way. thanks. we will get a beer and talk another day. harley, we can start talking
2:12 am
about the real-world indications and why people want to be protected from the government and what options are for them out there. >> people don't know how the information will be used against them now and in the future, and it makes people that -- whose actions could be construed in a negative or even possibly criminal or shameful light very cautious about taking certain actions, whether that is talking to reporters or looking things up on the internet in order to educate themselves. there was a study of how interpret serve teams have changed since the snowden disclosures. i think this has a real chilling effect on the actions seek for to intellectual curiosity as well implications. >> the chilling effect is a little bit tricky.
2:13 am
you have to be careful distinguishing between a chilling effect caused by an awareness of what the government is doing, and a chilling effect caused by fear of what the government is doing or way or may not be true, or a chilling effect not related to what the government is doing. an example would be the government collecting information about phone calls people are placing. that is not something that encription can solved because it is numbers dialed. so to the extent people say the n.s.a. is watching me, i am going to use encription to stop that, that actually won't interfere with that kind of program. that is probably why the n.s.a. wants that kind of program because encription can't be used against it. we ran into this in the debate over the patriot act. there are some aspects of the
2:14 am
act that are narrow and some broader. some of the narrower provisions were incorrectly reported as being very broad. and there was a sort of misreporting of what the law was doing. then you saw the patriot act has a chilling effect. s the chimming effect from the misreporting aspect of it? the government is going to say we don't want a chilling effect because we don't want anyone to know about the surveillance. >> i am glad you brought up the patriot act because i would like to throw a generalized question out there, which is hy was the patriot act passed? >> 9/11. >> right. so the basic frame that the government hats presented over the course of the last 13 years is basically this. we had to pass things like the
2:15 am
patriot act and the fiso mend it's acts because we didn't collect enough data in order to uncover the plot and get the bad guys. that is one of the biggest lies to come out of the post 9/11 era. 9/11 happened for one reason and one reason only. that is because federal law enforcement and intelligence agencies failed to do their job of utilizing the information they had at their disposal, which was more than enough to actually uncover these plots and prevent them from happening. that is not simply my opinion. hat is the opinion of the 2002 gregsal inquiry. that is really what i keep going back to when i talk about surveillance issues whether we speak about the foreign or domestic aspect of this, which is almost a meaningless distinction now. congress passed laws to address
2:16 am
a non-existent problem. it is not like that hasn't happened before. but it has had an incredibly zorting effect on our society. that is why i think we need to go back and put the emphasis where it needs to be, which is on forcing the government to do its job with the available data. they didn't need the 215 authority. they didn't need any of the patriot act, in fact. if you go and do as i did when i worked on capital hill and harley was there. in october of last year i went to the con congressional budget off, the two other offices and i asked a very simple question. can you point me to any public evidence, particularly evidence offered by a federal agency or official to indicate that any of the 152 provisions of the patriot act have thwarted any terrorist plot against the united states. the answers i got back were no, no and no.
2:17 am
if you step back and think about it, that makes perfect sense, because it wasn't a lack of information collection that was the problem. it was the analysis and the dissemination of it that was the problem. we know those problems are still with us because we saw it infamous el case, the underwear case and just last year with the boston marathon bombing case. those are the things our government should be focused on. that is another reason we should roll back the surveillance laws and get them focused on that problem. >> i think there is a different story about what was actually in the patriot act. it is wrong to say the patriot act is some sort of big scary thing with bad things in there and must be bad. it is helpful to actually go through what is in the act. let me approach that with a story. around 1999 or 2000 i was in the justice department in the
2:18 am
computer crime session. we were tasked with coming up what we called the high tech crime bill. ways of improving the surveillance laws that were clearly out of date. a lot was telephone specific. a general updating of the laws needing to be done, nothing to shift the level of power, but good updating. understand i left the justice department in the summer of 2001. the understanding was at some point this would get passed because it was not controversial to the members of congress who had taken a look at it. 9/11 hits, and a few days later, the anti-terrorism bill comes out. some of the electronic surveillance parts of that anti-terrorism bill was part of this high tech crime bill we
2:19 am
were working on. it was not about expanding governmental power, but improving the surveillance powers generally. it got packaged as the pace rot act. he was saying this was not some expansion of government power, but improving the surveillance laws, more modest claims. in the public mind it took off as this dramatic expansion of the law. it is true that it was not about terrorism, but not about an expansion of government power in most of the provisions. in terms of trying to figure ut the patriot act, do you look at it sort of piece by piece and say was this a good idea or that a good idea. you end up with a different narrative. one exception to this and really an important story is
2:20 am
the section 215 power. on its face it was a narrow unobjectionable thorpte. it was basically subpoena power for national security cases. it was interpreted in secret to phany data le program. in secret the modest power was interpreted to be very broad, and for that i think -- the who do you blame question to my mind, we blame the foreign intelligence surveillance court judges that excepted this implausible interpretation in secret more than we blame the rafters of the statute that is on its face much narrower. >> i was about to call that out. that is huge. the interpretation in the fisk leads people to wonder what other things in the patriot act
2:21 am
are being construed in a broadway as an expansion of power. >> the use of military force to go into afghanistan in 2001. then senate majority leader tom daschel was pressured heavy lie y the white house to include language for the warrantless surveillance of americans. he refused to do that. it gets back to what orin was saying a minute ago. another part of the problem is the failure of con congressional over-sight to push back and probe them aggressively to prevent this kind of abuse. >> i know it is going to sound odd for someone from the aclu to defend the patriot act, but there is a provision we like in there. to bring this back to the way the discussion was earlier.
2:22 am
i was watching it in the car. companies are actually permitted right now by law to build encriptions into their products, and an encription for which they don't have a key and a way to surveil. it was really smart of congress o put that in -- it wasn't the patriot act. but congress has placed this in a law that many of us think is a really bad surveillance law. congress had the foresight to protect companies and therefore to protect our rights because none of us build encription technologies ourselves. congress decided that encription was important. encription with keys that companies held wasn't very useful and put that text in the statute. we have to recognize that , and strong there encription is protected by law.
2:23 am
it is not just going to take a little bit of arm wrestling for the government to get what they want right now. a few angry speeches isn't going to get what they want. they are actually going to need to change the law if they want to be able to force companies to get rid of these technologies. >> i want to talk about hanging the laws here. ecba reform was from the late 80's. the idea of updating these laws to be part of the drop box, the i phone encription era. starting with chris, where we are in this landscape beyond the patriot act. what is really the hindrance right no now? >> the situation right now, civil society advocate, we like to say that congress hasn't updated electronic laws since
2:24 am
1986. congress really hasn't given law enforcement any new surveillance powers to deal with these new technologies. what ends up happening is as these new technologies come up, the government has to try and fit the new technologies into the old authorities. so we have the government using devices like stingrays, a highly sophisticated tracking dwace that impersonates cell phones and collects information from tens of thousands of people. they say is this like the pen register, the wire cup or nothing, and there four can we use it without any court order? they have taken all three of though positions. if law enforcement was to hack into someone's computer do we use a pen register, a wiretap or a search warrant? they will try various authorities.
2:25 am
but congress has not given the government explicit legislative authority to hack or spy on people's cell phones. what that means is that law enforcement has put them into use, using the existing authorities without telling congress, the american people or the courts. to be clear, i am not saying congress should give the government the authority to hack. what i am saying is they are sneaking these techniques into use because they have never been given any explicit authority. >> it ♪ just congress. you mentioned stingray, alpr, what local and state law enforcement are doing too. we can get into the transparency, and we are going to have a panel about that after lunch. but how state governments are sort of grappling with this. in maryland a police investigator was asked about the use of a stingray or alpr, and he said that is classified.
2:26 am
he was later reminded there is no classification scheme under maryland statutes to what he was referring to. >> that was at a ridge slave hearing. t a court scoring an officer told a judge he couldn't talk technology.ingray the judge said you don't have an agreement with me, and he threatened to hold the law enforcement officer in contempt. what you are getting at there, many people when we saw the really shocking images from ferguson, and we saw these bare cats, heavily armored law enforcement age is his. we thought these are military weapons that have trickled dewine to state and local law enforcement agencies. we are rightly terrified in that there are technologies that are appropriate for the battlefield and not for towns.
2:27 am
but it is not just that. is the surveillance technology as well. these same programs that are funding armored personnel carriers in small town america intelligence ng things. these devices do not respect the privacy of innocent americans. maybe that is ok when they are being used on the battlefield. but right now we have overly inevasive surveillance technologies that are trickling down to state and local law enforcement agencies. it is not happening with sufficient judicial over-sight. legislative bodies are not passing laws to put them in use. we are only finding out about it because the police screw up in one place or the invoice foe a surveillance device shows up on the web. but this is not how we should be doing over-sight with
2:28 am
surveillance, and this is what is happening right now in america today. >> i actually think people talk about the chilling effects and ask about the harms that are sociate -- associated with surveillance has it is happening now. i don't want to diminish the very real harms of chilling effects, but i think it is very important to try to project into the future and think about what our government could be like in a generation or two. we simply don't know. we also don't know where technology is going to be in a generation or two. we are seeing it become much more intrusive, and we are going to be exploding with meta data in 20 or 30 years. if privacy is not built into the law in such a way where we actually have some protection against the uses of that data, the collection of it, and the uses of very sfwrusive surveillance technology, we will not have privacy.
2:29 am
>> the point of transparency going back to the baltimore case, didn't the prosecutor in that case rather drop the charges than have the police detective testify about how the evidence was obtain? >> in that case the judge tossed the evidence, but we know of several other cases where the prosecutors either dropped the case or cut really good deals with defense counsel to avoid that. all the encription in the world is not going to stop the collection of metadata. it is everywhere. all the companies are collecting it by default. the big data tools that have been created for the intelligence community, those tools are then trickling down to state and low law enforcement agencies via these distribution centers and other efforts. the government already has a huge amount of metadata, but
2:30 am
they are only going to have more. surveillance in five or 10 years will only be aided by the available of metadata. >> we should remember that as we talk about essentially these electronic surveillance technologies, there are other technologies that are being developed and currently deployed that raise other issues. these are extremely scary. and then the technologies the security administration has done. those of you who have traveled being subjected to additional screens. some of these machines, the back scatter x-ray machines, extremely inevasive and potentially a health threat. were fortunate that the congressmen were able to get them out of airports. but t.s.a. is working on still more technology in this arena.
2:31 am
this is another area we are going to have to spend time on to legislate. let me make an annoying lawyerly comment. normally what happens in the process of law making, in the area of surveillance and government investigations is we have -- the government gets some sort of new technological tool, and maybe under prior law it requires a law, maybe it doesn't require a warrant, and the government uses the tool pursuant to the court order or not. in the criminal case, the evidence from the tool is introduced. there is a motion to suppress saying this was unlaw fully used. there is some court opinion or g yes it was fully unlaw fully used. then you have a public
2:32 am
reaction. they say we are comfortable or not with this and we want a statue. so the courts and legislators get involved. that is the pattern here and what we are seeing here is consistent with that pattern. it was wire-tapping devices in the 60's, which led to a lot of regulation. and pen writer confuses in the 70's. this is kind of the normal pattern of things. i'm not saying don't worry, there is nothing to worry about. we should worry, but we should redick nigh that normally what happens is that the law steps in fairly late in the game once we know what the facts are and what is being regulated. ecpa from 1986, that was an early example of the cycle of technology in the sense that congress was regulating interpret privacy back before most people had heard of the internet or e-mail. that was early in the life
2:33 am
cycle of technologies. but this is kind of the traditional pattern. from a public standpoint, what we should be doing is looking for these new technologies, trying to understand what the new technologies are. in the case of stingray technologies, in 1983, actions brought against the officers using the technologies. this is a great area for state aclu's to step in. bring civil cases, especially to the extent that the government is dropping criminal cases using the technologies or blunting the motion to file a motion to suppress. civil cases bring the challenges that lead to cases on how the fourth amendment apply to these technologies, or how statutes applied to the neck to gos would be really helpful in furthering this process along. >> there is a piece of the story you are missing whether with stingrays or wiretaps.
2:34 am
for the first 10 years of wiretapping in this country. hey were first put in use in new york. police did everything in their power to keep the public in the dark about the availability of this tool. they say if the people know about that, they won't say what we need to hear on the phone. stingrays have been in use since about the 1990's. we have only two places where judges have playbooked at it and said anything about it. it has been kept so under wraps. it is an intentional effort by the f.b.i. to suppress awareness of this technology. how does that system work, where defense lawyers challenge them and congress weighs in? the law enforcement community is doing everything in their power to suppress any discussion of this technology. >> to my recollection, the stingray technology was
2:35 am
discussed in cases going back 20 years. >> two cases. >> but to the extent it is known it is being used in a case, i am sort of advocate fog a public interest group to bring cases when they learn of theo technologies. >> but the problem is we don't learn. in charlotte, north carolina recently there has been quite a bit of controversy about the string ray after the newspaper found out they had multiple stingray devices. they said we got court orders for these things. the ounsel called up all judges and asked have you ever approved the use of a stingray, and they said we have no idea what a stingray is. it short circuits the process of how we control the technology. you are right. there have been a couple of
2:36 am
instances where judges asked the right question and they said yes, this isn't a regular pen register. they thought they were getting the same kind of order they have been getting for who years, which is go to the phone company and get record of incoming and outgoing calls. that kind of secrecy corrodes the democratic process. >> with respect to stingray devices and how they have been ememployed, if they have tried to use evidence from them, have they engaged in parallel construction in order to height the technology being used for the collection? >> if florida we have seen the u.s. marshal service advising local law enforcement agencies when referring to information derived from stingrays as information coming from a confidential source of informant. that seems suspicious. that is the kind of behavior we don't want law enforcement agencies engaging in. what we do see time and again
2:37 am
are organized efforts by law enforcement age is his and the manufacturers to keep everything about them out of the public eye. that is a big problem. >> a very brief observation. from a journalist's point of view, it is not just the federal people. you see the obama administration quietly say it applies here even though it was a state public records issue. chicago, police department, any of these requests they go denied, denied, exempted denied or at best here is a page, here r. gillum, redacted. to ublic uses the press get at this, that transparency, whether it is a judge in baltimore saying not in my courtroom, you had better turn
2:38 am
it over. state legislator saying turns it over when we don't know it exists? >> your recommendation focused more on cases and bringing civil actions. that is beyond the expertise and financial means of most people. i think that it should not be understated the importance of actually contacting the government yourself. and not just the ferguson, but local and state as well. that is something that everyone can do. i am not talking about angry tweets because they are not reading your tweets or commenting to news articles. that is not activism. that is coordinating among yourselves. the surveillance debate needs you. that is the only thing that is going to work, is if everybody is chiming in about it. it cannot be up to just groups.
2:39 am
>> imagine hypothetically that the f.b.i. develops or buys some technology that allows them to interpret and did he crypt encrypted messages. that second knowledge is going to be really useful. ople who are saying things virginia i messages that they wouldn't say other things because they are think it is encrypted, they are going to keep it as close as possible to the vest. with every new law enforcement method, they are going to do everything in their power to keep that technology or method a secret. they say if we discuss this in court, if we tell defense counsel, it won't work anymore. what do we as a society do when the sources and methods must be kept secret from us? and particularly what do we do when these techniques don't
2:40 am
invade the privacy of the people targeted, but a stingray invading the privacy of people flying over a city. the average person support going to learn that there was an airplane flying over their house with a device that can take information from their phone. if not for one reporter, we would never have known that existed. >> i am occur us where we stand on this. know recently with riley v. california, the court was backlund in part of their language. the police want to search a phone, the answer is clear. get a warrant. that is clear with the general idea of the police needing a warrant. i am curious going forward, and this is mostly for the lawyers up here, where we are going to
2:41 am
go in the next 10 to 20 years. as harley points out, what is our society going to look like in 20 years? what is the meta data being collected about us? where does the jew dish area step in? >> it is a great question. we saw in the riley versus california case, the supreme court advicingly ruling -- not only a bit of a surprise, the court ruled that a subpoena was required to stempniak a cell. we have challenges under section 215, to find out hether smith vs. maryland is still viable. it may get up to the supreme court in a few years. yesterday the 4th circuit heard oral argument on a case about whether cell phone data is
2:42 am
protected. the florida court said it is protected, and the 5th circuit said it is not protected. they are working their wake-up up to the supreme court. the justices tend to be relatively sensitive to how technology affects privacy. jones versus the united states, the g.p.s. case from 2012. and riley versus california just this past year or this year. those are all cases where if you just looked at the case law, the precedents, you would assume the government would win, and those are all three cases where the government lost, and in jones and riley they lost unanimously. the justices are generally attuned to these concerns in lower courts as well. we are seeing fourth mend ypt law evolve, and if we had a functioning congress, you would see congress active.
2:43 am
you see more action in the state legislature. one example would be the license plate readers. is it or 13 states have in the ast few years enacted some sort of legislation for data from license plate readers. if our government are collecting this data, what are they doing with it, how long are they keeping it? we need to ask these questions. the legal system is responding in its slow and cumbersome way. it is happening, but obviously it is delayed. >> slow, cumbersome and very mysterious sort of way. it is fragmented also. the jones opinion, it was a win, but it is very murky. it doesn't not offer a clear direction in terms of where they are going. they are going to avoid the third party doctrine and the reasonable expectation of privacy only so long.
2:44 am
the fourth amendment is supposed to protect us from unreasonable search and seizures, and the third base doctrine now allows searches and seize yours. draw the line in court is going to be tricky. the big problem in courts is a lot of their rulings are very narrow. jones is a great example. they had the ruling on the narrowest grounds possible, that putting the tracking device on the car was a search. they could have been much more broad with that. it is very hard to tell. but these issues are going to come more to the fore, and they are going to have to grapple with them, and they are going to be begging congress to do something about it. let's hope that congress does a great job. >> it is interesting you bring up the riley case, the cell phone stench arrest case. i was reading the briefs in that as they were being filed, and at the very last stage, at the point at which no one else
2:45 am
could respond, the government raised the issue of encription. it is a huge threat and we that.have the moment they put in the pin number, that is when we need to get the phone. a year later, apple does this big change. i can't help but think that had apple and google announced their changes before the riley decision came out, it may have looked a little bit different. even with the decision that we got, the supreme court really id leave a door open to search without a warrant when echnology made it necessary. the court didn't spend a lot of time there saying there were existing exceptions, and they will apply on a case by case basis. i am interested in hearing
2:46 am
orin's thoughts on this. my fear is where we are going to get because of the availability of the technology, because of the fact that the devices are being built to be more secure, that we are going to find ourselves in a world where we are going to have law enforcement agencies sitting in unmarked advance wait to go pounce. then the moment they see the target to pull out his or hero phone to make a call or read an e-mail, that is when they grab them or push them to the floor to get the device while it is unlocked. i think riley pushes us in that direction, and i think technology pushes us in that direction. that kind of seize your -- seizure when the device is unlocked is different. if they can get that phone at that briefest moment when it is unlocked, then they get everything that they need. >> that is what they did with dread pirate roberts? >> yes. he was sitting at a public
2:47 am
library in san francisco, and they waited until he had locked into his computer, and then they used a lot of force. i think what we are going to see is an increase in force in cases of computer or other device seizure. is my paranoia crazy. >> i don't see how the added use of force fits in. but i agree from a law enforcement standpoint, if you have probable cause to arrest someone, and you think there is evidence on the phone, you know ou are going to need a warrant to search the phone, and if you get them while they are using it, you are past that. a smart person would wait until the person is using the phone. we will go back and forth. empirically there is going to be a question of how often is the government really stymied
2:48 am
by encription in the i.o.s. 8 context? how often are they going to be able to bypass it either by encouraging someone to give me your pass code. the person may give it newspaper that context. sometimes me may be able to guess it and get through that way. there is this question of how often is i.o.s. 8 really going to stymie investigations. it may not be that much of a barry to law enforcement, in which case, the claim of examine jent circumstances becomes weaker. and in other cases it becomes stronger. the legal question depends on the technological question of of how much it is going to stop the government. >> i was surprised when the attorney general and the director both criticized apple and google. i was surprised not because two top law enforcement officials are criticizing a company, but
2:49 am
i was surprised that in the last five years that i have been watching the going dark stuff unfold, and this is not the first time the government has complained that companies are rolling out technologies that make life more company. i have never seen the government call out a company by name, not because they don't want to offend the company, they don't want to tell the bad guy not to use the technology. they talk about classes of technology, peer to peer technology, things that are causing problems. but they have never once said this particular app or carrier is a problem. they would be idiots to broadcast to the world the area in their armor that is weakest. so i was thinking why are they calling out apple and google by name? the best theory i have, and i am speculating here, but the best theory i have is what the attorney general, the f.b.i. and the broader national
2:50 am
security community are worried about is not the disc encription on the device. as orin notes that is probably not a huge problem. there are cloud backups, people choose bad pass words. i don't think disc encription is going to be a problem for law enforcement, not the kind of problem that would warrant the attorney general and others criticizing companies about. what they are worried about is end to end voice and text encription in face time services. the new encription built in by what's up services. that is a femoral communication that terrifies law enforcement because it means that wiretaps no longer work very well. what they are looking for is a way to apply pressure to these companies. they are looking for a way to direct the attention of congress and other folks at this sector and at this problem without actually telling the
2:51 am
public it is this particular technology. we are concerned about encription, but i don't think they want to say it is this part of the apple product the apple that -- product portfolio that makes it difficult for us. it is going to make it more difficult for criminals and foreign governments to spy. but i think that technology will be impactful in a way that i don't think any of us have sort of imagined. and i do think that either the wiretap numbers are going to start to drop, or we are going to start to see a usage of hacking by law enforcement that we have never seen before. if they can get malwear on to your phone, then it doesn't matter what is encrypted because they get the microphone, the webcam, everything that is going on through that device. e have been involved in an recently where d.o.j. has asked the courts for expanded authority to hack into computers around the world.
2:52 am
i think the response to encription from law enforcement isn't an increased use of orders compelling to de-crypt data. the natural response is hacking. it is going to trickle down to the d.e.a., the marshalls and every other law enforcement agencies. just like state and locals have acquired stingrays, they are going to get hacking. so the future of law enforcement is a world in which every law enforcement agency either has hacking tools or wants hacking tools. >> and the a.p. knows a thing or two about the f.b.i. impersonating people to get malwear. we have 10 or 15 minutes flfment is a microphone over here. if somebody can pass the microphone around, and then we can ask questions.
2:53 am
>> why is congress not taking steps? and we need to look at things like military equipment, and you can look at the stingray material. >> they have taken some steps with the introduction of legislation. in some cases it has passed committees. the problem is it has never gone over the finish line. there is a lot of legislation in congress right now that touches on one surveillance taupic or another. some good, some very good, some bad, some very bad. the problem is actually getting it through congress. con congressional leadership has proven to be an incredible bottle neck there. as i tried to say before, the best thing that could happen for moving it along is for people to stay mad about it and to contact congress. it sounds simple, but that is a very powerful tool if enough
2:54 am
people do it. >> i would just add to that, this year you saw a perfect example of what harley was describing. one of the most promising reform mashes was passed by the house. members of congress need to hear from everybody about this, that it is a priority for americans. it is going to take a lot of pressure. for example in the national security community, they love having these authorities. it is just that simple, and they are not going to give them up without a fight. >> we have at least seen three letters go out in the last month from senators to the attorney general and to the seblingt of d.h.s. demanding
2:55 am
answers about stingrays. one letter that went out this week had so additional senators signing on to it. we have not yet had a hearing on stingrays. i have testified at state hearings in texas and michigan on the stingray technology. in those states, the state representatives were furious to learn about the technology when law enforcement refused to testify or refused to answer questions at hearings. we would like to get letters out the door about hacking tools and techniques, and we would love to see a hearing focused on hearing. when members can learn that the f.b.i. can control the webcam without the light turning on, that would make for a great c-span moment. speaking of c-span, we have
2:56 am
viewers joining us there. state your name and affiliation if you have a question. >> i am paul wagner. you all discussed the increasing use of encription or likely increasing use of incrippings end to end. it seems clear the surveillance agencies are going to want to target the devices themselves and the end users. how can end users trust -- it seems like they would want to go after the operating system or the hardware. how can end users trust microsoft, anding, indel or motorola in the face of secret ? ders any way we can trust them whether through open source hardware, software or any other model. >> i know this is a law enforcement panel and not a
2:57 am
national security panel. in the national security context there is good reason to be concerned about the financial relationships between large u.s. chip and other equipment companies and the intelligence community. i think it is troubling when you have a government services division of a company that makes the chips that power the encription that we all use. i think that creates a serious cause for concern. even if there were some capability that these companies were either building in or revealing information that wouldn't make it easier for the government to intercept, i don't think those capabilities are going to be used in the law enforcement context. if there is a secret back door in intel's random number generator feature in their microprocessor, it snote going to be given for the f.b.i. to use in a drug care. i don't think the average person has to fear hardware back doors, but when it comes to trust, what worries me most
2:58 am
is for good security reasons, we have got security updates in our web browsers, in the app stores we all have on our cell phones. the goingles, microsofts and apples of the word have the ability to push software updates down to their customers. there have been a few incident in the past where these companies used that ability to remove books from people's devices. amazon famously removed copies of 1984 from kindles a few years ago. i am concerned at some point that one of these tech companies will receive an order compelling them to deliver malwear to a target. we don't have a copy of that kind of order or had any information to suggest that is coming, but these companies do have the ability to update software on our devices. i think as the devices get more and more secure and they get
2:59 am
locked down by the companies and users, law enforcement agencies and their alleys are going to look to any leverage they have, and that ability is one that is so powerful, i cannot imagine that they are not going to use it at some point. >> the gentleman down here had his hand up. >> john petty from mcclain, virginia. i disagree with the panels early discussion when they talked about a back door being sort of a way out to find a compromise for the issues being raised. encryption systems are server door is just as open to a hacker as it is to the
3:00 am
f.b.i. it's just open sesame to the hacker community. alternative, the industry. recovery system, dynamic key, it's not server based. regenerate owner can a key at any time. that can be responded to by a the, so you have a control system and a balance broaden kription system that's available for reasons --curity >> that's another name for key
3:01 am
escrow. is -- escrow thinking i'm talking dynamic key. >> the distinction is that your government has a mechanism, has some kind of key mechanism built into your device such that they can then on a case by case basis -- theo, sir, only administrator of a network has control over that. key creation. >> regardless of who has the key, whether it's your employer or apple or the f.b.i., if there's an additional an additional target after.ople will go the only person who can hang onto your key is you. have been available on the market and haven't heal enterprised outside settings. if an imle quits you want to be data if theyhe
3:02 am
won't give you the password. >> i'm sorry, that analysis is not correct for a dynamic key situation. >> well, most security experts toe spoken to don't want have anything other than a key held by the user. here. gentleman right >> i'm sure it's not just judges haven't heard of sting ray technology. give a 30 to 60 second description of what it is, what does, why we should be afraid of it. >> sure. sting quick version of a ray is that it exploits a fundamental security flaw in the generation of cell phones, which is that your phone has no is of proving that it
3:03 am
talking to an at&t tower. any tower, any cell phone tower any device that is effectively a tower can decide itself.wants to call it can call itself an at&t tower, a t mobile tower or a and you don't have to be verizon to call your device a verizon tower. so the ray impersonates the sphen infrastructure of the phone f.b.i., you know, the drives into a neighborhood, they turn it on, it has a higher signal strength than any legitimate tower nearby and suddenly all the phones in that look,orhood say, oh, there's this new tower, it's got great signal strength, let me and int for my calls, the process of that happening it causes every cell phone in the neighborhood to identify itself sting ray and reveal a unique serial number, it then the sting ray to locate those phones, and in some cases tose devices can be used intercept incoming, outgoing call itself, text messages and
3:04 am
even internet connections. so for all intents and purposes, the government is your phone network when they're using this device, and when that happens they also disrupt the normal functionality of the phone network, you may not even be able to make calms. sites very disruptive, invasive, ofrequires a degree impersonation that i don't think is appropriate. that its very design requires that the government send penetrating signals through the wall of your reach the phone that's inside. theink the idea that government can drive through a neighborhood and send signals through the wall of innocent finde's homes in order to that one bad guy down the street, i think that's a step too far. much.nk you so i very specific question if you about the law
3:05 am
enforcement threat to journalists and to lawyers who ability tond on the discuss confidential with their sources or their clients. that the issue raised about pushing out mal wear is a real one. if you remember in dubai the telecom pushedd out malware to our black berries. i was working as a journal is there. we only knew about it because foreign workers were able to report on it. but the acl expu human right did a very important report and i think it's important to raise the specific rights, orhuman sorry to lawyers and journalists and hear about those threats. jack answer in a second because i think he has some thoughts on that. but one of the things that post-snowden is journalists are starting to take additional security seriously.
3:06 am
the use of encryption is now widespread. that definitely wasn't the case two years ago and in some cases help people. but i think the journalist community has come a long way. the legal community has not yet come in that direction. still the number of encrypted e-mails i get who aclu is veryr the small. the number of legal organizations who encrypt their who offer encrypted telephone services to their clients is very, very small. and sadly lawyers don't seem to do anything until failure to do so is deemed to be unethical. so what we really need is for american bar association or the national association of criminal defense lawyers to put saying thatts lawyers need to use e-mail telephone, encryption. but the journalism community is
3:07 am
the right direction. the problem is that still many of the tools we have are not easy to use. so text message and voice encryption are basically idiot i'mf at this point and happy where where things are going there. but e-mail encryption is still a and sharing encrypted documents between reporters is still very difficult. briefly, because i wanted to ask warren a question, snowden disclosure to national secure is but one very small area in sensitive reporting that journalists do all over the country and world. at minimum i've talked to sources in state governments, companies, private firms, outside of the intelligence community. where they may not about to jail, they may not face 20 to this, butisclosing they have a mortgage to pay, feed.ave a family to and worst case, journalists in hostile countries, i mean here in a countrylive where maybe the worst that happens to me i get held in
3:08 am
contempt. we're talking about people dieing dieing and disappearing if this sources of our who disappear in the middle of the night because a government intercept it. and the question about lawyers, i'm curious from the legal perspective is what this surveillance means for attorney-client privilege and thisthe government does mass surveillance, how that's works.ed and how that whichally depend on surveillance you have in mine. on the journalism question, to been too muchs emphasis by the press on how victimized the press is by investigations that involve leaks to the press. the press is very good at its interests in such cases. basic problems seems to be leaking national security crime, to the press is a so naturally the government is going to investigate the leak and then the reporters on the
3:09 am
of that leak, so it creates, the reporter is getting awfully close to the crime. so it is a question, how does thosevernment investigate cases, some say the government should not investigate those not be aat should crime. but if we accepted that as a crime,it should be a where we have some secrets that are class file which should be naturallythen reporters will get close to that and i think there's been some investigations, i guess the affidavit in which an a.p. reporter was described as committed an offense and that got totally blend out of proportion, it was really a phrase that was under a statutory authority, and justice department approval process that that the reporter was targeted, it just meant that there was part of a check list in ahad to be covered language that ended up 'an affidavit. these not convinced that are a verdict problems as suggested. attorney-client
3:10 am
question it depend on the nature of the surveillance. slightly different view andly be brief. we absolutely need to have an iron clad shield law for journalists, certainly at the federal level, i would argue at every level. you want a poster child, just reisenlook at the jim case. making an argue up that we need to have wide latitude for prosecutors to be caseso go after folks in like this is that the only reason question know that unconstitutional surveillance conducted against every one of us is because of edward towden being willing to go folks in the business, to jack and others are in. and we need to be able to find ways, iesh clad ways, i think, to make sure those journalists untouchable when they're doing their reporting on this. me is the vulnerability we have in the law right now. hope our conversation will
3:11 am
upstairs.t lunch i really hope that you will gin at 1:00 sharp where we'll be joined by google schmitt, naz's best frenemy. a fantastic afternoon lined up. we have a panel on reform and limits to surveillance. and then a very special closing session that you will kick if you miss, i promise. and after all that we'll have tools.tion in privacy our panel again, please, and join us for lunl. [applause]
3:12 am
>> thank you all for coming and thank you to our tv audience on c-span. incredibly impressive group of people that the cato institute has put together today. some of the most august minds in the legal policy making journalistic circles. i'm very pleased that brady to fines time for us in his busy schedule to talk about surveillance. me, it'syou for having a very important conversation. >> so just so you know, i'm going to ask a few questions, about halfway through i'm hoping to open up the floor to
3:13 am
questions. for now, i'll start off here. when the "washington post" first learned that the fast was tapping -- the links was tapping of google an the world, some with words wed could not print in our family newspaper. so i was wondering if you could tell us how you learned that this was happening and what your time.ts were at the >> so as best we can tell what gchq, which ise the british arm of the five i's sniffers on traffic between the data centers of google. google has a very large private data network that moves the data in very complicated ways, it's why google works so well. massive and amazing
3:14 am
technical achievement. the "washington post." because jerryked cohen and i had written the book which talked about this being possible. and people had hinted that it was possible to do this by monitoring light fiber although i think the mechanisms are classified. but the fact that they've been directly and documented in documents that were leaked to thelly a shock company. >> so here we are, more than a year later from that day, about a year and a half from the only snowden revelations and the tech indexley high is up 20% much google remains one of the most massively companies in the world. so has there been real damage to or to us the industry more broadly? >> well, there's been damage at
3:15 am
many levels. let's start by saying that if you're a european right now, you're less likely to trust an firm to retain your data. maybe you should always have been less likely, but as a result of these refuse elations less likely. as a company, what google did is encrypted our internal systems using the technical people in the audience, encryption that's 2048 phoneng and for the technical 2048 is much larger it not twice 1024, as big, it many many times bigger and it's generally viewed level of encryption is unbraiblable in our lifetimes by any sets of human beings in any way. we'll see if that's really true. but i today believe that if you have important information, the safest place to keep it is in google. and i can assure you the safest to not keep it is anywhere
3:16 am
else, because of the level of attacks. chinese attack and then later the n.s.a., gchq, whatever you want to call it attack. so it has affected our relations conversations in europe where people are very sensitive to this. us to tightened every procedure within our system. a lot safer. >> so assuming there is a moral cost,st or who do you blame for that? to offer a rule, of sort of surveillance life, which you can doe something doesn't mean that you something. and the fact of the matter is that all of the technologies that we're describing are capable of massive, in the hand the wrong person, violations against privacy. everyone here has a mobile
3:17 am
phone, they're all on a data network, the phone knows where is. all of that information could be misused. the snowden set of incidents including your the othernd all things have essentially sort of theed people to maybe nontechies, understand that data's a pretty deal of beg collected about you that's benign, but nevertheless could the wrong hands' as an example i would offer a rule for governments which is you collect da acin a data base, you better be sure to beow what it going used for and make sure it doesn't get leaked. the way tech no allowedopportunity have large -- now an opponent can
3:18 am a large amount of you want to be careful about collecting this data and not misusing it. i was part of a white house task force that looked at the questions of we were not part of the policy side. datauestion was can meta be misused, and the answer we came back with is yes. data, that is information about the data as itself, canhe data be misused. the industry oppose the u.s. 215 stuff because although the government a misuse ofas not the data, our argument was that itself could be misused. i think these are learnings that nowcountry has to now
3:19 am
forever. snowden, hero orville land, year and a half look? how does it >> it's interesting, depending this america you get a different answer. juliane same with assang. the eastlk to coasters, they tend to take negativengs in a very context. west coasters, again these are iteralizations, tend to view in a more civil libertarian view. and i'll let the court decide on questions. we clearly do not want to encourage bulk data leaking. imagine again, think of all the data bases that exist about us, taxof you, health record, record, where you are, what you're doing, it's not good for people tone courage do that. on the other hand, his helpful in were
3:20 am
shining the light on these practices that people like myself and maybe you didn't know existed. possible.ey were but when it starts monitoring traffic between google servees, they're clearly for peopletraffic are in the u.s., which i under is not their mission. tech the response from the industry to the snowden revelation, massive new en kreption, lawyers for the .ompanies much tougher in court the response from the u.s. government, a little more at this point. your industry a grade? >> i'm proud of our industry's response, because we knew that encryption was powerful and google was the, there's a set of not justat we do, it's the 2024 encryption. talk to eachystems
3:21 am
other, im mail for example is fully encrypted all the way from held system out. but what happens when the e-mail b,s from server a to server there's a protocol which the industry has now agreed to which the encryption as it goes from g mail to hot mail or what have you. so the city as a unit acted to and.ct users interest, i'd say the governments responses that been fairly clear. 1995, louis freeh was the f.b.i. director, i believe and the first one of these. its with a meeting in dianne office which were the c.e.o.'s at the time. there were,ho were
3:22 am
and she asked them to report on the dangers of all this. wanted the trap door. door, thed the trap that the government could go in there and watch all the e-mail traffic. and i remember sitting there to these presentations and saying virtually all criminals now use e-mail, right. what we want to do is watch .he e-mail we snuck out the back door, we were not allowed to talk to the press. this is 0 years later, it's exactly the same conversation. and the problem with the government request is it would be great if you're the door,ment to have a trap but how do we at google know that the other government is not over the trap door from you. and we can't prove and we're not endorsing this notion of a u.s. trap door. which is precisely what the like. safety people would
3:23 am
our argument, which i think is the clear now, is that government has so many ways, and the way, to go in by the front door. they're called warrants, they're called good police work, they're perpetratorng the in the desk with the guy in front. you see this in the movies, all of that kind of stuff. and just because you could put a trap door in does not mean that you do. for all the unintended consequences. >> you raise an interesting warrants. the because you had a front door, n.s.a. was availing it of the back door -- way, we did not intend to put a back door in. only has front >> so we've seen google and a these the companies do encryption initiatives. there's a new wave of encryption though that doesn't even have a
3:24 am
door where if the government comes to you with a the be --rant of curious what you think these encryption initiatives that actually lock out the government entirely, where the the door and open i'm curious if we're going to see that with any google product. me not pronounce any google products here. let me simply say that it's been time and againg we wrote this in our book that encryption in the hand of is very empowering. encryption is an incredibly tool for freedom filers in repressive regimes. does allow people to are evil or nasty communicate bilaterally. the good news is that these systems are not that easy to use, and we argue in the book and i'll say it again that when theobably winning evil person is using a cell phone, because trust me, those cell phones if you're trying to
3:25 am
them and you're a bovment and you're willing to look for them you can find them. indeed this is how osama bin laden was tracked down was phonetely through cell tapping. active to as sentence the argument that this is the only way to solve this problem. powerfulact that encryption has been around since was my view theof in overreach of perhaps well intentioned but ultimately strategies, this encryption cape aability is moreing more and available. like these kind of services that actually are encrypted so author reportly that the companies themselves can get interest it? is this a good idea or a idea.le >> you're asking me sort of an emotional question as opposed to
3:26 am
a factual question. is that it's been possible for many years and the thing that's held it back has management, the ability to hand tell keys. but because of what the government did all those services are getting easier, so my opinion is that you'll see of thesemore remember, the person is doing this with a device that itself an be follow if they are legitimate danger to society. if it's evil terrorist, can you find that phone. >> so sound like you'd like to see the proper door remain open. >> i have my own issues with the
3:27 am
patriot act. one of the great strengths of america has been an independent court system, proper balance of rights of individuals. and i'll give you an example. i'm not advocating this, so please don't say this. we can end essentially all crime in this city in a very short period of time, except for emotional crime, that is a spur crime.moment by massive surveillance. do this.hould not other countries may choose to do that. the fact that you can do it, the fact that you can, for example, on every street corner and do face detection, is not something we should do. but i can assure you it will affect crime. so you want to be careful about they can be seriously misused. that kindwe're clear, of mass surveillance is completely counter what what america is and the american
3:28 am
constitution. >> about a year ago after the snowden revelation ttion on howton posts polled people feet about surveillance and you will not be surprised to 66% of americans expressed concern that the oversurveilling. 69% of americans expressed that tboog el is sur vaifling. >> which we are not. is youd news about that me and i can answer definitively. the answer is no. >> for those americans who are concerned that in a way that's in roughly similar numbers, what can you say to them about google sector way private collection works. >> as a general statement i are veryt people concerned about privacy. recenthink that the
3:29 am
illegal disclosures of personal information and photos, the sony attack, the jennifer garnary tacks, all that stuff, heighten there's thist thing that's out of control and is dangerous. average person, i occasional encounter a normal industry, the normal person says i don't understand this, i'm worried about, why this fixed.t and we're working on that. so a lot of these questions come safe on thei internet, am i about to be attacked by a virus, is my besonal information about to disclosed to everyone. so google has a series of answers to that. i think that's what's driving a lot of concerns in europe, that people are correctly worried that incredibly important information about them will released.t so in googles case we have a mechanisms, we have a pain which will allow you to control what we retain about i invite you to take a look at it, it's called the
3:30 am
dashboard. chrome toso a way in browse called incognito browsing where no information of any kind maintained about what you're doing, and those are publicly, anyone can use them, good people, bad people, can't tell if they're good or bad people, whatever. those are services and they've been around for a long time. so part of my answer to the googles role is we do need to retain a certain ournt of information for systems to work, but unlike others we make it very easy for to delete that, mask it or avoid it entirely. mostogle now makes the popular mobile operating system in the world, one of the most world. browsers in the we know that our government against all manner of targets. google has put money into figuring out where that may be with project zero. you feel about your government, your tax money
3:31 am
potentially gathering and using zero days against your own products? a race -- >> there are a lot of things the government does that i don't like. if you care about security, which i'm sure everyone in this room does, you should use chrome. the reason you should use chrome free, good, it's also faster, good, it's also the safest and most secure. detectors that are the best detectors for the man in the middle and phishing attacks. there is debate over android versus ios and both are now very hard. i publicly claim that android was safer, there are other that my factsue were wrong.
3:32 am
both android and ios are working to make them more safe. >> let medal take this opportunity for you to clarify some remarks. said if you something you don't want to know, maybe you in the't be doing it first place. is that still how you feel? >> that's great about that is that it was the first moment i felt sorry for american politicians. the entire paragraph was about the patriot act. if you read it in context you'll see i was commenting on the patriot act. of the echo chamber of the internet, i guess that little quote is long enough, it twitter, but the par braf doesn't. >> if you type in eric schmitt, dead, it immediately gets filled in by google. >> it important to know that that is not driven by google but
3:33 am frequency of since we have a very smart audience here, the answer is i'm of the patriot act. and the reason is the yet court part of it. -- the secret court part of it. has itstand secrecy purpose. but a lot of things are classified, et cetera. a stronger country weremost all matters if we obnoxious about some of the classifications and some of the ways in which we collect data, i'm quite convinced of it. the greatness of america is the which we address problems and the way to do that is you do that with knowledge. is, i waswer referring to the patriot act. care a lot about privacy and being el has worked very hard to protect your privacy. google end up in these
3:34 am
debates more than almost any other company i cover and i just wonder if there's something about the company, you were the glasseses out with the and that apparently identifies my desires before i have them me advise on how to organize my day. are, wouldn't you you like the computer to help you organize your day? >> no. >> no. you are in a -- the average person would like the computer to help thet get through the day because their are difficult. >> is there something about she's hard tokes untangle? for this,ourselves up a long time ago by saying don't evil. that's a pretty strong line, so back, have a strong fight and i get that. so we have answers for these. describings you're with google glass, for years
3:35 am
we've had internally the ability to do face recognition and tell you who you're going to talk to. this isvanced age clearly a useful product. when i was c.e.o. we had one of had thisduct and we meeting and i'll never forget and they basically said we built this product, i set with a are we requesting to do, we're why.ling it, i said let's start with, it's illegal in europe, okay, i got that. it's illegalrope to maintain a nonregistered, nongovernmental private base.ric data we think it legal in the u.s. but it a mistake. why is it a mistake. well, start thinking about the uses, stalking and all these starts of things. and we decided not to release this product. so when google blast comes do.g, what do we
3:36 am
perception that somehow we're not playing by the rules of modern society. wrong. it's i think the evidence is that google has been incredibly issues,e about privacy over these kind of things, and compared to everybody else in stand on ouri will record. we're very, very sensitive to these things, for many things, right thing,the also because we're so heavily criticized and scrutinized. were to release such a product it would be a disaster to the company. a cup questions from the audience because we're running out of time. back there in the blue shirt. kind of >> does google receive information from the chrome if you --at without, (.audible
3:37 am
is there a danger that google would have owe. >> at the level of question you're asking i think the answer is no. browsers themselves, the apps do communicate information. but we don't sit there and track things beyond the url and where you went. that information you can delete. using incognito mode, we don't have any of that. if for whatever reason you do tracked by be federal and state authority my recommendation would be to use that's whatde and people do. the problem with in cog me to is you then loose the data retention services where we information long enough to make the algorithms better. if your position is i want zero incognito you use mode. >> let take one more question in the front here.
3:38 am
>> before i ask the question, i want to say that incognito mow will do nothing to protect you from surveillance from authorities. there are technologies that will be a better job. my question is this -- >> let me pond to that. google's partto of that. using tour is a whole another conversation, which may or may not be appropriate in certain situations. >> let me put in question. interviewed bye nbr and were asked why goggle retained data about users and you gave two reasons, the first one being whichou described before is google need a certain amount of data in order to provide the service it does to its customers to mine data. gavehe second reason you was to hand it over to law enforcement agencies in response warrant.oena or search that was a very surprising response, and i wanted to give
3:39 am
you the opportunity to correct record. does google collect data in order to perform it to law enforcement oagz later? may have misspoken or you may have misheard my request. plenty of situations where the law effectively wants tracking.s and in europe, for example, there's something called the dataean privacy initiative, which started this. the way to understand this is that there's a balance of between civil liberties and short-term police action. if you you look at police the time whenf police need information they need relatively recent information. so we negotiated for a long time over all these issue police we down with roughly a 12 month number, which is that from safetyndpoint of public that kind of retense was start of 12ish months. that's what i meant to say, if that's helpful. and that was, this was not our this was essentially forced on us by governments.
3:40 am
police are, the going to want to have something that they can subpoena in most of these countries. especially for a legitimate police case. that's true across the industry. >> could we get a pike row phone here?is gentleman >> google was in this unique to solve management problems and make en kreption that was not for geeks, but the response i got from a lot of people, was their business model tocollect data and why that serve ads and other purposes, so less they make data
3:41 am
accessible. some months ago it was announced there was a test phase of encryption ae feature that was compatible with g mail. balance those things? >> the people making these claims don't understand how google works. google's job is to build stuff delights customers. ask when governments invade a negative.y that's so it's easy to under why we would try to make the systems stronger. we don't make the decisions we base themnue, on delightful products, and ofurity and privacy are part them. >> hi. to check, in europe
3:42 am
understand, i'd like to know what google has done in tojunction with the industry move towards being able to enforce that right. >> so thank you for asking. court judgment, they found in the european system like the score forces the following. shall, assays, google opposed to anyone else, determine if information is from a nonpublic person and of nonpublic interest, and if it's and a nonpublic person nonpublic interest, we are required to remove it. that information is retained on for example newspaper sites. to dorticular court had
3:43 am
with a fellow who had a tax problem in spain 20 years ago, he wanted that result removed. even though the newspaper is spanish civilhe laws. so we have been forced to do than there are more 150,000 requests roughly respecting we grbl slightly less than 50% of these requests. are rejected by us, they chain about google's in theoryd they have they have a right to appeal to their governments. spend a greatto deal of money to implement the system. it is by force of law and it the 28 european countries and european citizens. in the u.s. there is no such law. >> we'll take one last question. you.ank do you worry that all of the collect will be misused
3:44 am
somehow, some day by your successor, by an employee of pay or becomes a spy. seeou live long enough you how things work. >> we do, and here's how we think about it. were a data breach by at google orerson something, it would be terrible, obviously for the person also for the reputation of the company. so we have many, many checks and on where information is kept, how it can be misused and so forth and we pride ourselves having the best such systems in the world. so while i understand the because of our scale, the combination of the retention rules that we have wech is the amount of time keep this information by query logs i think we're going to be okay. important that these breaches not occur, they're against our policy and they're illegal.rtainly
3:45 am
whouccessor is larry page, implemented all these policies, so i think we're fine with larry, and he's going to be around for a long time. 30 or 40 years from now when larry and sergi will be people, allthe same of us who built google have the same view. and i'm sure our successors will have the same view. dr. schmidt for coming today. [applause] >> for a long time the evident array of stake holders limit surveillance, limit it
3:46 am
by the courts, limit it by ittute, limit technologically, has involved an array of sometimes complimentary, sometimes partially conflicting efforts on different fronts. ofwe've assembled a mix expertise, we have a photographer, an academic and an advocate, compliance officer from a technology company. spy agenciesues for a living. and so i look forward to exploring how those efforts fit and again few people are better suited to moderate panel than the security report information the "washington post." terrific day you've put together. congrats you and cato.
3:47 am
i feel like i should be getting college credit for everything learned today. lookingn mentioned, our at limiting surveillance. the goal is to explore the ways public andvariety of private actors have tried to against surveillance, overbroad surveillance and to promote privacy. heard eric schmidt earlier today talk about how google has moved to encrypt data on travel centers.ata you've seen stories about apple moving to encryption there's an evident by congress to pass u.s.a. freedom, and bulk data.tion of and there have been moves like advocates to challenge the constitutionality of the laws
3:48 am
these programs. these are a few of the ways in we've seen various actors inpond to concerns raised particular after the disclosures lastward snowden beginning year about mass collection of data or surveillance. the exceptional breakingies we've seen into what were thought to be communication. so julian mentioned the array of we have here. i will briefly introduce likeone and then we would to launch into our discussion with the aim of keeping it as as possible. analysts are encouraged to jump in and respond to one another's points. with moderator playing traffic cop. leave some times for questions and answers.
3:49 am
the senatera flint, judiciary committee's chief counsel for national security. aboutll talk to us efforts on the hill to limit surveillance. advocate andpublic legal expert with the center for justice and is trying to promote reforms in statute and in courts. gado is google's director for law enforcement and weional security matters and look forward to hearing from him about what google has done to privacy. the deputy general counsel with the electronic frontier foundation, which has challenged the constitutionality of several surveillance programs and is to bill grass roots awareness about privacy issues. is a krippingeen , is at johns hopkins university. richard, why don't you launch, by briefly telling us
3:50 am
google's efforts to , limit privacy surveillance. eric mentioned the encryption effort on the data centers. i'm curious, did you do that in response to snowden's disclosures? >> what i was referring to is that goes from one google data center to the other google data center, and you may recall stories about collection of data from centers.hose data and as eric mentioned during aat presentation that was pretty shocking moment when we learned from the press that that was happening. was your preferred reaction? reactionmy personal shockingit was pretty to see that this was happening. i guess my personal reaction was a front door at google for the government to ask us for
3:51 am
data. is,ow what that front door i man that front door, and it would have been nice if they e if nayta from going could use the legal mechanisms that are available through the door. so my reaction was what is this about, it was somewhat confusing. leadership in the company was outraged by it. started about a year before encrypting the data between the data centers, and knew of thishey particular kind of collection but because it was the right thing to do. you look at your network and say to curewe're trying user data, where is the vulnerability. no reason to think it being exploited, but let's clean it let's get it encrypted. so about a year before the first denh of the snow revelations came out or this
3:52 am
story in particular we in already started encrypting the data between the data centers, now what happened after this dame out and became snot just this academic theoretical vulnerability, but looks like it's really happening, we've sped up the effort to encrypt that. driving authorities through the legal system to get the information. >> but that's not all you've done. >> no. i think probably the first reaction to, when we saw these come out was a bit of confusion about what are these isdes that we're seeing, why our logo splashed on them and do these words mean. for somebody who knows the authorities, has had some experience in government, it was baffling to figure it out. idea of what this was mostly from the press, almost exclusively from the press, we felt like the first thing we immediated to do was
3:53 am
up the misunderstandings about google and its relationship with government for data, which is very arm's length and based on the rule of law. so the first had was how can we be open with users about things the we're being told by government we're not allowed to talk about. so we were very big on trying to get the right to be transparent users, ended up in court, in the fisa court with justice department trying to get the right to be transparent. kind of like where we are with our criminal requests and some of you are familiar with the reports companies have. other stuff that we're doing and that i think some other folks we're familiar with.
3:54 am
>> another thing of course defaultone is move to encryption on your android system.g
3:55 am
--when you as you mentioned, phones are the operating system where you can enter a pin code code that will be default encrypted, so if you it, if it gets stolen, who ever has it will have a heck of a time what's on there because it will be encrypted. that's a good security measure for all of us, i think it a common experience when you go moment of panic of where is your phone. impactto help reduce the
3:56 am
your data will be safe even if the device. companies are always trying to more secure.oducts will that defeat some feature if or is there some other it.nological problem with there's definitely a trend and you've heard about it from the government towards more communications. >> absent action by congress, stillnow we're really dependent upon companies to users. the privacy of change, whathings , has the impact of oh den --s by
3:57 am
snowden. if the government offers to pay your assist taps, what guarantee do customers have that will move in the area of privacy and not be retreating on that. a good question and i think it's right for people to concerned of what happens to their data when they use third providers. google is very much reliant on that we're going to do the right things with users data, it fits with culture of the company and how the products are offered. that does helpng folks have some sense of trust that theider is provider is telling them about what their experience is with government. so you can, if you care about it what thee watching
3:58 am
company is doing, and if there's a change you can take that into account. maybe somebody ebbs tecial will notice it and report it. but a company that doesn't tell doing, isn't making that information available for you, is a company an easier time shifting to a model you might be uncomfortable with. of this is making it hard for you to move in a way that's undesirable without it being noticed. the market to see responding in this way and adding its protections that the my concern is as folks at cato the markets were on, will only work when the consumers have the information informed to make choices. and until snowden, consumers had information about kind of programs companies could be pulled pooh and companies to disclose that
3:59 am
any way. it because of snowden that the market is working the way posed to, in the future when there are new authorities that are new interpretations of authorities, a new programs that unfold to the extent those programs are secret we can't necessarily rely markets to be the solution. so while i'm thrilled that it's think i we also have, this is a public good, privacy is a public good and protecting will require regulation. that.otally agree with if we were being transparent about the requests we were be transparent about very early on, we extended it to national security letters after into lengthy negotiations with the department of justice about getting the right to publish those this was all presnow den and thun wens snow den happened it made it easier for us to make an argue you to it into the national secure world and we were able to do so.
4:00 am
i think your, i take your point and agree with it that once you've got a world of secret law real trouble and that's one of the problems with thatisa court and the idea you could have opinions laws that are passed by a congress that presumably represents you but you don know what those interpretations are, they may and probably have deviated what wasally from intended. >> and it took a leak to force that transparency for the public finally understand what the secret interpretations were. and if that's the only way to reforms, is that good for our society. matt, richard spoke about the protocols. what can technologieses do