Debating Electronic Surveillance | Policy
Resolved: The United States Federal Government should substantially reform one or more of its electronic surveillance policies.
0:00 the authority the legal authority that the government claims to be able to do the surveillance expires at the end of this year and Congress will be debating it and if they do not reauthorize the program by New Year’s Eve essentially it will expire and we’ve seen that any type of expiration dates on surveillance authorities they create momentum for debate and they create a essentially a necessity to discuss it in Congress now our concept of privacy always changes and while I may seem like I’m beating up on the government a little bit today to be fair privacy is always changing when the camera was first invented people might have thought that was a bit creepy yet today every single person has a camera in their pocket and we just accept that and we accept that generally outside of the privacy of our homes when we’re walking around on the streets or engaging in the public square we might be recorded so it is always changing and in the digital age privacy changes at a breakneck pace government struggles to keep up with that but it also does insert itself into this question in a very profound way and we saw that after 9/11 after the 9/11 attacks the Patriot Act was passed very shortly after not a lot of debate before passing that bill not a lot of amendments there was a certainly an urgency that Congress felt to do that but essentially the law gave the National Security Agency the NSA and the Department of Justice the DOJ far-reaching powers to conduct electronic surveillance very broad powers and these were updated in 2008 because what we came to realize was many of the Bush administration’s surveillance practices were unconstitutional they were illegal and Congress decided to kind of make them legal by passing this law in 2008 that’s the FISA Amendments Act so the original FISA Foreign Intelligence Surveillance Act that’s from 1972 but to bring it into the digital age to give the NSA capabilities to surveil our email our messages they created this law in 2008 what it did was it protected you know telecommunications providers maybe like your cell phone provider Verizon AT&T etc from liability for essentially cooperating and it made legal something that was not legal which was warrantless unconstitutional surveillance and there’s a couple different types of surveillance we’re talking about here downstream and upstream now these are names the NSA came up with so there’s a little bit of a PR element there downstream is essentially let’s say you use Google you use Gmail Facebook edge services here in the United States the government can go to these companies and compel them to give up data about a foreign target and necessarily that
3:00 there’s a gag order so those companies are not allowed to tell that target or tell their customer that their information has been handed over to the government that’s downstream then there’s also upstream when data are entering the United States via the Internet backbone so think about the underwater cables that connect us to the rest of the world make the Internet the global entity that it is they essentially take snapshots of those communications as they’re entering the country on sites downstream and upstream now much of this surveillance was not really talked about it flew under the radar for a very long time and you guys might be aware of a gentleman named Edward Snowden he’s kind of famous and in June 2013 his leaks revealed much of this surveillance now while a lot of those leaks and the media coverage focused on domestic surveillance surveillance of innocent Americans mass surveillance there’s also a lot of foreign surveillance that was revealed in that program and I want to sorry in those leaks and I want to talk about foreign surveillance today because the Internet is necessarily global it’s necessarily cross-border and while many believe that intelligence is a legitimate function of government it’s probably safe to assume that every country to some extent does this they they surveil they try to gather intelligence about other countries about foreigners about targets potential terrorists potential enemies that’s normal but even if you do your darndest to try to just make sure that you’re targeting foreign targets the Internet makes it almost impossible that you’re not also sweeping up Americans or US persons communications and notably you’re all aware you’ve taken civics that the Fourth Amendment requires warrants for surveillance but the Fourth Amendment does not apply to foreigners and think about it this way I’m sure some of you have friends overseas maybe relatives family members and you may talk about politics you may complain about a foreign leader you may be talking about a journalist who reports on foreign affairs and because of the NSA’s broad definition of what it means to be a foreign target or be discussing foreign affairs your communications about those topics have probably been swept up in the dragnet and the internet means your data are not necessarily stored in the United States they might be stored in Ireland for tax reasons they might be stored in a country that has cheap electricity these decisions are not necessarily made based on the nationality of an individual they’re often made because of taxes or electricity costs things like that companies like to do whatever is optimal so they will store the data where it makes most sense and this has been really key to the internet success free
6:03 flow of information is obviously important and yes there are countries that are less democratic than others but for the most part the Internet is a global borderless entity and that’s key to its success that’s why we have so many of the free services we enjoy today because the information can throw flow freely and we’re talking about such a broad definition of foreign affairs that it’s not necessarily that the NSA knows there’s a foreign target maybe he’s on a watch list maybe she has already committed a crime anyone can be swept up in this through discussing politics um let’s say the NSA is surveilling a journalist because that journalist reports on drone strikes you could mention that journalists in an email or a text to your friend overseas and your communication gets swept up and we’re not just talking about metadata metadata being you sent a message to this person at this time so the sender the recipient the time maybe the location that’s kind of the background information we’re talking about the actual content of the communication so we’re talking about your email text your text message text maybe a photo etc so that’s obviously very broad and because of the way the internet works it’s it’s safe to assume that a large chunk of Americans have been swept up some estimated a hundred million maybe more it’s hard to know they’re very not they’re very not transparent about this which is something I’ll discuss later but in theory the FBI and others are supposed to minimize this as it relates to domestic individuals right given that they’re not trying to sweep up in theory every text you send about you know a foreign leader like Putin they’re supposed to delete this stuff sort through it get rid of stuff that is not relevant the problem is their methods for minimization they call it are classified so many in the privacy community including my organization tech freedom which tries to find bipartisan middle ground solutions that give government the tools it needs to keep us safe without you know violating the Constitution they’re having negative consequences a lot of us in the privacy community we can’t even really tell whether the minimization is adequate or whether it’s doing what it’s supposed to because we’re not we don’t know what’s happening so yes the FBI and NSA can claim of course we would never collect information that is irrelevant but how do we know that they won’t tell us how they do that of course there’s certainly probably some national security implications of sharing such information but because they’re so secretive we just don’t know and we’re not just talking about a short retention period they’re default with tension period is five years that’s a long time I mean some
9:04 your telephone provider doesn’t keep your information that long but the NSA is keeping it for five years by default so it’s obviously concerning now we always get this into this issue when we talk about surveillance oh all right sure I might get swept up something I say might get into the dragnet why do I care I’m not doing anything wrong well maybe you’re not doing anything wrong now but maybe some day you do something wrong and you would expect as a citizen of the United States or a US person living here that you get to process you get benefits like your lawyer getting to know how the information was gathered or you get the right to a jury and a trial and all those wonderful things in the Constitution part of the problem is we’re talking about a foreign surveillance Authority and while the purpose of this Authority is to keep us safe it is to make sure we don’t get attacked very legitimate thing is that I don’t really have a problem with many in the privacy community even the ACLU would say yes of course right there’s a legitimate government function in trying to protect us this information could be used for domestic investigations that have nothing to do with terrorism and this is called the backdoor search loophole that’s a term of art you’ll hear it if you decide after this exciting lecture to delve into this topic further but the FBI for example they serve a dual function there are counterterrorism organization but they’re also a law enforcement agency and the FBI works closely with your local police department maybe your local sheriff’s department and I think it’s safe to say that no one ever really intended for your local sheriff to have the tools and capabilities of the NSA yes you want to be protected from crime I don’t know your feelings about drugs or whatever but you want certain things dealt with by your local law enforcement but the FBI can share information collected through a foreign surveillance program with local law enforcement now this may not sound like a problem but imagine this you’re a citizen who committed a crime maybe it’s minor you might only be caught and prosecuted because randomly your information was caught up in an NSA search now that’s not necessarily appropriate that’s not how due process and investigations are supposed to function because that information was collected without a warrant that’s the big problem here it’s not necessarily that the outcome is an issue if you believe the person is bad and deserves to be brought to justice but when your information was collected you were not a target you were not suspected of a crime it was caught up
12:06 because the dragnet is so broad and the minimization procedures are inadequate and there are so many loopholes that you’re now being prosecuted and let’s say you’re kind of a libertarian minded person and you don’t want the drug war being prosecuted so harshly you you care about the negative social consequences maybe you’re skeptical of our criminal justice system and the powers that prosecutors wield the DEA is an example of a federal agency that all the time they’ll just check the NSA database before even beginning to deal with a person and it doesn’t even necessarily have to be that the information was collected without a warrant because there’s this thing called parallel construction and I know I’m using a lot of terms of art here so if you have any questions at any time feel free but think about it this way I used warrantless information to find out you were doing something wrong and lo and behold as you’re driving through a tollbooth you’re stopped by police and they find drugs in your car and they claim that it was just luck oh how fortunate that we happened to check you but really the information was gathered through warrantless means through a national security database and now that they know you’ve done something wrong or that you might be doing something wrong they use parallel construction essentially to build a domestic case through the proper channels to prosecute you so that’s one of the issues that goes hand-in-hand now what do we want to do about this program right I mean I’ve talked a lot about why it’s problematic but frankly the politics are very difficult while spying indiscriminately on American citizens and collecting their metadata that was the original big blowup that Snowden leaked that was actually reformed they shut down that program because they could not justify it because there was no targeting it was essentially every single phone call you made the metadata to who you were who you were calling the duration what time of day which you’d be surprised how much information you could gather just their metadata without even knowing what you talked about that was shut down there was a lot of agreement in Congress and President Obama agreed that that was really not justifiable but now we’re dealing with a foreign tool and the politics are very different there’s a legitimacy here only the most extreme privacy conscious people on the right and the left are arguing that section 702 be shut down most of us including including tech freedom are trying to talk about reform in the middle but there’s a large contingent national security minded people law enforcement hawkish members of Congress that just want to keep it the same the way it is now and they actually hate the fact that there’s a sunset and when I say sunset it means the authority ends on midnight December 31st they hate that there’s that uncertainty
15:07 because it forces us to have a discussion it forces us to have a debate it forces the NSA FBI Department of Justice other agencies to justify what they’ve been doing there’s some that want to permanently reauthorize this program now I have a major problem with that for one reason technology as I said earlier in the show is constantly changing so one benefit of having a sunset is that you can you every five years ideally that’s how long it was reauthorized last time and say okay how has technology changed what are the different apps and services people are using more people are using encryption these days maybe some of you on this chat are using whatsapp maybe you’re using signal maybe you’re using iMessage these services have encryption that didn’t necessarily exist or was not necessarily as prevalent back in 2008 so that’s a reason to reconsider these laws just how technology changes if you permanently reauthorize the program then you run the risk of one not being able to give law enforcement more tools maybe they need more tools maybe the pendulum needs to swing more towards the NSA sometime in the future but you know more importantly from my perspective you don’t give us the opportunity to swing the pendulum back towards privacy and civil liberties if things go too far because if you know anything about Congress once a law is made permanent it’s very difficult to undo it and the reason that bulk domestic program was shut down that I mentioned earlier that was section 215 not section 702 two different numbers here that was shut down after it expired like three days later they passed the law that allowed some way of getting the information through warrant through justifiable due process means but the impetus was that sunsets because Congress felt the pressure because they were worried that an important tool would be lost so what do I want in reform the most basic thing my organization wants and many on the right and the left were in the privacy community is transparency we don’t know how minimization works we don’t know how many Americans are affected by this how many US persons are affected we guess 100 million we don’t actually know it could be 300 could be more we just do not know and the odni that’s the Office of the Director of National Intelligence they have promised many many times to tell us what’s going on to say okay at a minimum we’re going to tell you how many people are affected they’ve just failed to keep this promise they’ve been letter sent so many letters we’ve signed a bunch of letters we’ve helped write letters calling them out and saying this is ridiculous you promised this basic level of transparency we haven’t gotten it and
18:08 that’s messed up like how can we as citizens how can you know the this small group here you know listening to me blabber on how can we have a real debate about this and if the purpose of this webinar is to help you know spur debate and help you think about debate it’d be very difficult for you to have a fully informed debate about a program you know nothing about so one of the reasons to have transparency is just to know enough to consider the pros and cons and at a minimum our representatives in Congress might want to know but there are certain things that the public should know too so transparency is one reform that we’d hope to see in a compromise piece of legislation another reform would be narrowing that definition of foreign affairs I think reasonable people could agree that merely mentioning a target given that essentially every president of every other country could be a target we we famously tapped German Chancellor Angela Merkel’s phone that’s our ally so it just goes to show you that it’s not just Putin it’s not just terrorists it’s not just China or North Korea it’s our allies that get swept up and I’m sure they’re doing it to us too you know to be fair to the United States there are worse offenders than us but given that any single German American or someone who’s got a friend in Germany discussing the word Merkel should not have their communications warrantless least surveilled and if they are they should be deleted and not held for five years and potentially used against them in the future I think we want to limit information sharing that’s another important reform let’s have some separation between local and local law enforcement rather and national security and I’m not saying a full separation right I mean given the terrorist attack in New York City recently that’s where I’m from I think there’s a necessity of cooperation but there’s certain information that should not just be shared willy-nilly so this gets back to checks and balances the Constitution due process rather than this information sharing happening automatically or without any resistance I think a judge a regular judge not some not the FISA Court which is kind of a kangaroo court which operates in the shadows I want a normal judge that deals with normal Criminal Investigations to have to authorize where they warrant the sharing of this information before the FBI can just take NSA data and shove it to your Sheriff’s Department I think that would be a good thing closing the backdoor search loophole that’s another reform you should not be able to just search this database anytime you’re investigating a crime again you should have to have a good reason to search the database judge
21:09 should have to authorize that and then very very importantly we need a sunset I don’t think that this program should be reauthorized permanently ever I don’t think a lot of surveillance programs should be reauthorized permanently and in general as a legislative principle depending on what the topic is sunsets a good idea it allows you to reconsider things it allows you to add amendments it allows you to think about how things change every 5 10 20 years and take into account changes in technology changes in politics changes in global affairs maybe our allies have changed maybe there have been fewer attacks maybe there been more attacks maybe the terrorist landscape has changed maybe there are groups that we used to call terrorists that are no longer and vice versa so sunsets very very important because otherwise you might just have permanent warrantless surveillance now why does this matter I’ll try to answer that question and I want you to have listened to this whole thing and just be like why who cares whatever this doesn’t affect me the Constitution I think matters fundamentally we’re talking about warrantless surveillance the whole purpose of the Fourth Amendment is to require warrants I do think you can teach an old law new tricks I don’t think just because the Fourth Amendment was passed in the 18th century that it means it’s irrelevant it just has to be clarified courts have to interpret it and I believe emails your text messages in general should be afforded the same protection as the papers you lock in your desk or things around your house fundamentally they are the same you can have an exception for emergencies of course with probable cause we don’t want anyone getting killed because law enforcement have to jump through hoops but in general I think that the the same protections that we’ve always said apply to your papers should apply to your electronic communications there’s not much of a difference there and our lives are moving online evermore every day and it’s crazy to me that we’re making this distinction there’s a diplomatic impact of this program it’s really soured our relationship with certain countries I’d say Germany is one I mentioned that earlier spying on Angela Merkel’s phone was just bad diplomacy especially because they’re an important ally in Europe so if we do not do surveillance in a thoughtful way in a way that takes into account the rights of our own citizens but also the rights of those living abroad we run the risk of really straining our relationship with other countries there’s also an economic impact let’s say you don’t care about the Constitution which it seems some of our representatives these days do not let’s say you don’t really care about our relationship with other countries maybe you care about business now us technology companies every
24:10 technology company but especially US technology companies we are dominant in the world Google Facebook Yahoo Microsoft’s all these companies and especially some of the smaller ones they rely on trust in their products yes we do sign away you know certain things without reading them terms and conditions that doesn’t mean necessarily that we don’t care about the security of a product or that we don’t care about who’s spying on us and we’ve seen with something like the Equifax breach that credit bureau with 140 million americans seeing their data hacked government does not necessarily hold on to data in the most secure ways now yes the NSA is a sophisticated agency and they probably have a lot of great tools to prevent hacking but the CIA has been hacked the IRS has been hacked the hiring agency at the federal government the OPM Office of Personnel Management 30 million people about saw their data hacked if you ever even applied for a job with the federal government your social security number your resume whatever that was leaked so we need to think carefully about how much information we want in the hands of the government and while it’s a little different when you’re dealing with a private company I understand that I’m taking a risk when I use Google on a Google fan I use Gmail I use a Google pixel I use the calendar right but I know that I’ve entered into a contract and I run the risk of a hack but I also trust them more than I trust my local police department or maybe more than I trust a very small email provider with less reputable data security so trust matters a lot and if we want to remain competitive if we want to continue to lead the world and technology we cannot be sending a signal to everyone around the world that our that our products are compromised and there have already been studies about this it might be hard to believe given how profitable and successful our companies are but there’s already been billions of lost opportunity over this perception and there have been studies done and I’m sure things could possibly get worse I mentioned cross border data flows right the internet works best when data flow freely around the world um if countries start to believe that they cannot guarantee the security of their citizens let’s say Germany a very privacy I keep bringing them up there are very privacy conscious people they have a history that informs that eastern Germany suffered under the Stasi which engaged in some of the worst surveillance practices imaginable so they’re very sensitive about handing over their data to companies if those companies are being hacked into or cooperating in an inappropriate way with
27:12 the NSA and other intelligence agencies you might start to see laws and you’ve seen them pass or you’ve seen them be proposed already in a lot of countries requiring something called data localization I mentioned data go all over the place there are countries that want to make sure that every piece of data about one of their citizens lives in that country so if the US were to do it we would say okay any data about Americans has to live in the United States so those countries those companies can’t park their data in Ireland they can’t park it where it makes the most sense to optimize the service it has to be in the US so that we can guarantee some level of safety right that might not be the worst thing from your perspective but think about it from a different perspective think about it from a Russian journalist or a dissidents perspective maybe a human rights activist in China they their jobs their lives literally might depend on American technology to use encryption to evade a repressive regime to be able to talk about human rights abuses if their governments start requiring companies like whatsapp which is owned by Facebook to store their data in their country that could have serious consequences we don’t want a fragmented internet we don’t want internet to become intranet where every country has their own and that would really have economic impacts that could have political impacts it could be life or death for some people as I mentioned so to be fair to the United States look we do have oversight we do have you know committees in Congress that look at this stuff it’s not a complete free-for-all I did spend a lot of time beating up on us because I’m you know I’m an American and I want our country to you know adhere to its values but we are not the worst about this I mean Saudi Arabia is an example but even the UK they have a different culture they’re not as privacy conscious but they don’t have the same protections that we do that said I think I think the way we approach technology policy in general but especially surveillance policy sets an example for the rest of the world and there’s a lot of things China wants to do that are bad that they’d haven’t done yet because they’re waiting for us to do it so that they can play the hypocrisy card if we if we complain now I’m not even kidding I mean one of the reasons they don’t necessarily restrict encryption meaning the right of you to use apps and secure your data it’s because they think that eventually we’re just gonna shoot ourselves in the foot and do it in a way that justifies worst behavior on their part so we are the inventor of the Internet we have the most dominant tech companies the most widely used services whatever policies we adopt whether it be the FBI Congress whatever they will have an outsized impact a disproportionate impact on how other countries follow
30:13 suit so I believe it’s extremely important that we tread carefully one other thing to remember is even if we reform section 702 there are other legal authorities the government could use section 702 applies to data coming into the u.s. or data in the US there’s an executive order twelve triple three that’s one two three three three that applies to the data flowing out of the US or data flowing between other countries or just data sitting in other countries and that’s even less restricted and the NSA might find a way to just do some legal gymnastics and claim that anything we outlaw under reform they could find another authority that said I still think this is really important I think it’s important for privacy advocates to get a win to show the world that you can have your constitutional rights and you can have intelligence activity they’re not mutually exclusive and protecting the rights of citizens does not mean the sky will fall that we’re not going to just immediately have you know a complete breakdown of society by you know doing basic protections and reforming the program and a sensible bipartisan way not shutting it down not giving them carte blanche finding somewhere in the middle that works for enough people that they’re willing to pass it I’ve said a lot I’ve gone through a lot of information right now I want to give you all a chance to ask any questions if not about this surveillance other types of surveillance I’m happy to keep going but I want to give you all a chance to ask questions in case you have any Joshua Sunderland Josh thanks for the question let me just increase this window so I can see it can you give us an example of a balance of privacy and protection that’s a great question I mentioned one earlier but I’ll hone in on it essentially you could there used to be a complete wall between the FBI or sorry between national security and local law enforcement there used to be no information sharing pre 9/11 there used to be no connection at all between activities done for national security purposes counterterrorism you know espionage etc and your local law enforcement which was busy dealing with drug crime arson theft whatever we went way in the opposite direction we kind of broke down the wall completely one of my colleagues says we need a chain-link fence it’s a common it’s it’s somewhere in the middle between a wall and complete information sharing and that’s essentially having the court approve of requests for information sharing there’s
33:15 a little bit of a step there that’s adding in a balance of privacy and protection you’re essentially saying look it’s not that you can never communicate with the feds it’s not that your local sheriff’s department can never access the information that the NSA gathers what we need is that protection is that due process is that having that judge there I would say that is a balance of privacy and protection because you’re taking into account the terrorist threat which is requires local state federal coordination on all fronts but you’re also taking into account the potential for local law enforcement to abuse that privilege so we’ve got a question from brown what specific legislation is there on data localization I’m not aware of any in the United States I am aware of legislation in Iran which would have required every single citizen to keep a copy of their whatsapp messages so they didn’t want to necessarily ban encryption but they wanted every single message they sent to be copied kept on a hard drive which could then be searched by their government so they’re essentially saying that the data which otherwise would be stored in the cloud or not at all was forced to be stored in Iran I might be able to search some other examples while hawala checking out some of these other questions but there’s just one example I can refer you to an organization that specializes in that if you’d be interested what is your opinion on National Security Letters are they overused who can use them how do they work that is a great question National Security Letters the biggest problem with them let’s say the FBI does National Security Letters right one they’re intimidating so even if an organization or a company does not have to comply they often do because they’re scared the problem with National Security Letters is the due process is internal so an FBI agent wants to use a National Security Letter they get a sign-off from a second FBI agent that’s like going to your buddy at the watercooler and saying hey can you sign this I mean it’s not that’s not a really great due process requirement there and there’s certain information a metadata is one that you can just get with a National Security Letter without a warrant I do believe they are overused I’m not sure they’re always inappropriate I’m sure there are instances where in an emergency it’s important to use them but I do believe there needs to be more of a check on National Security Letters than just hey can you sign this I think it’s a moral hazard if the same entity the FBI gets to issue a letter and approve of it and decide whether it’s appropriate that seems a little ridiculous what do you
36:18 think our cari Campbell’s got a question what do you think of the idea of short-term surveillance less than 24 hours being permitted without a warrant wondering if warrants can bog down the process too much and restrict investigators ability great question for the most part we’ve gotten to a suit where warrants are approved within 24 hours almost every single type of reform legislation that we talked about in surveillance policy not just section 702 they have exceptions for this and generally it it’s probable cause that’s the exception right if the FBI can show some type of probable cause that there’s an imminent threat I think that’s generally that the principle that courts have dealt with and caveat I’m not a lawyer I think that’s appropriate because later on down the line in a court matter or in the investigation in the how the crime and how the the court process plays out if that emergency exception we’re not legitimate or the information was obtained illegitimate Lee that could help the defendant so I think that that is definitely okay an emergency cannot possibly be we need everything all the time no exceptions and that’s kind of what we’re dealing with now in this program because the definition of foreign affairs is so so broad we’re also not dealing with a normal court for a lot of this surveillance we’re dealing with the Fisk that’s the Foreign Intelligence Surveillance Court I’m not saying that’s we can’t have the Fisk I agree with the premise of your question that traditional warrants for counterterrorism could definitely bog down the process what I’d like to see and a lot of the reform legislation around 702 would include is having an advocate they’re essentially a friend of the court and amicus someone from the privacy community not someone from the FBI not someone from the NSA someone who’s got a privacy mind maybe an ACLU person to be there to advocate for privacy to just be there to bring up the trade-offs to weigh the options and and make the case for why a potential surveillance action is not appropriate I think that would be at least a good step in the right direction many on the privacy side would say it’s insufficient but I think it’s a good step because right now when I call it a kangaroo court part of the reason I say that is because most of the sir prove without without question Josh Sunderland asks another question a common question brought up in debates so far we’re in the fourth amendment does it mention emails or some other digital product what is your response to this definitely not mentioned but maybe they didn’t mention faxes either fax seems a lot like a letter it is up to courts to interpret how laws are applied there’s always gonna be ambiguity in laws there’s there’s no way that Congress at
39:19 any point in our history can foresee every single potential case study there’s no way they can foresee every single development in technology that is why we have courts I think the courts have been consistent that digital goods should be treated similar to written goods the proper physical goods the problem is one of the reasons the Fourth Amendment doesn’t have as much weight in the digital realm is that some courts have said and this is not settled but some courts have said that there’s this third party doctrine meaning if the because of the cloud if your data are stored in the cloud and held by a third party that they don’t get the same protection as a letter in your desk there’s legislation there’s one called the email Privacy Act which would fix that and essentially say just because Gmail holds your email doesn’t mean it’s not yours for the purposes of surveillance so that’s a good question it’s definitely not settled and I think that’s why a lot of times Congress should update laws to make sure the Fourth Amendment applies you can’t only rely on courts because if you get conflicting rulings which we’ve had in the third-party doctrine you get a gray area but I do believe that it’s important to allow courts to interpret things like the Fourth Amendment as they apply to the future and I’m sure there’s gonna be a lot of challenges we’ve got we’re heading for a driverless future we’re heading for artificial intelligence it’s not gonna be easy but um and technology moves faster than government I mean that’s you know obvious but the four it doesn’t say email that doesn’t mean it’s not relevant Brown asks a question one of the most important reasons that advocates of 702 give to renew a great question they say it’s an important intelligence tool while the one that I mentioned the bulk 215 program they could not make the case that it had stopped a terrorist attack or it was important that’s why it was shut down 702 generally is accepted that it’s important I mean this is a tool to go after foreign targets it’s supposed to be for foreign targets not for US citizens if Isis is communicating with a US citizen 702 applies and you can collect that communication they say it’s extremely important to keep us safe I do not disagree I have issues with the way that it necessarily is applied but section 702 the main the number-one reason why we talk about renewing it it’s because it’s important and because it stops the text one of the issues is they’re not gonna get very specific they’re gonna say oh it stopped this attack at this time involving this person they don’t like to get into the details but you know my best guess is that it’s safe to assume that a program like 702 is important in the world that we’re in when we’re when we’re dealing with foreign threats when we’re dealing with espionage Russian hacking things like that it’s important to be able to
42:20 surveil the communications of foreigners with the US persons if the purpose of those communications is to subvert us or to harm us another about the 180-day rule is the third-party doctrine being misapplied wanted to use to justify the 180-day rule for reading emails with a subpoena instead of a warrant great question this gets to that email Privacy Act I was talking about which would fix that again I’m not a lawyer I don’t know if it’s being misapplied but I will explain what you’re talking about for the others in the webinar the 180-day rule was passed in 1986 now email in 1986 was not widespread that’s an understatement no one was using it except the handful of people that were at the advent of the internet this is the Electronic Communications and Privacy Act known as expa that is the acronym we use that my colleague jokingly said sounds like a hairball but the email Privacy Act would essentially clear up that confusion Brown one of the reasons we have the 180-day rule is because no one stored emails for 180 days back then nobody no one had storage space storage was expensive so it was kind of just a number they threw out there was no sophistication or science behind it now we laugh because of course things are stored for 180 days I have emails going back years and years and years and just because something’s old doesn’t mean it doesn’t deserve protection so if I send you an email today it’s more protected than if that email lingers for 180 days does that make any sense no it does not so the email Privacy Act would get rid of that rule it would also clarify the warrant issue one of the reasons subpoena versus warrant is important and I’m glad you brought that up brown is law enforcement agencies have warrant power non law enforcement agencies have subpoena power so from the conservative side who the hell wants the IRS being able to subpoena your emails to find out if you weren’t paying your taxes from the liberal side maybe it’s you don’t want congressional committees being able to subpoena Occupy Wall Street or something like that right I mean there’s there’s agencies that the left doesn’t like there’s agencies that the right doesn’t like one of the reasons we say subpoena is bad is because it essentially gives law enforcement power over your email to agencies that should not have that so the email Privacy Act would clarify that Nick’s 180 day rule would make sure the Fourth Amendment applies and it would make sure that it’s a warrant not a subpoena y’all are asking great questions I’m really impressed Carrie Campbell are there areas where we do give up some of our privacy or when we can’t have a reasonable expectation of privacy I’d say in public I’d say if you’re walking around the streets government is allowed to use CCTV cameras to surveil you just as a paparazzo is allowed to use a zoom
45:22 lens on a public sidewalk as to take pictures of you in your bedroom as long as you are on the public sidewalk that gets to the whole question of privacy mores evolving there’s probably a time in our history where we would have found that repulsive but because of the way technology has developed we have now changed our conceptions of privacy so if you’re sitting on the subway in New York City or anywhere you’re out and about outside of your property and someone takes a photo of you and posts it on Instagram that may suck and you may think that’s creepy but that is you mean you did not have a reasonable expectation of privacy in the public square so I’d say that’s the most obvious example maybe there’s other ones like you’re in a government building but really your reasonable expectation of privacy I’d say in your digital goods like your Dropbox your Google Drive or whatever that should be treated the same way as your desk or your filing cabinet and in your home and on your property now of course someone could take a picture standing on a sidewalk of your property not much you could do about that but you could build a wall to use a topical example or you could make some really lovely hedges that cover your whole house Josh Sunderland you mentioned this briefly already but should people have an expectation of privacy from God from the government due to the third party doctrine let me see what do you mean by this oh yes I would say Oh for email right yeah absolutely I believe that that should be clarified I do not believe that just because a company holds the information that that means it should not be protected that should they should not have a warrant any confusion about that should absolutely be cleared up through legislation I think that the nature of the internet is one of the reasons why the Fourth Amendment does need to be clarified through non constitutional amendments just legislation because we didn’t necessarily know when we only had hard drives and things were stored locally on floppy disks that most of our digital information would eventually be held by third parties it makes the internet work it makes the internet great that doesn’t mean that just because gmail has your emails that you should not have warrant protection I think it would be a really horrible thing if we decided that everyone had to store everything they wanted to be protected by a warrant on a local hard drive as opposed to being able to take advantage of the cloud that would not make the internet work very well great question Brown sorry if this is something question there are no silly questions just the silly answers I give you in response can you go into more detail on the differences between subpoenas and warrants how does one get a subpoena besides from a grand jury how does one call a grand jury I very unfortunately I have to play my non-lawyer card I do not know the full difference getting back to what I said earlier there are agencies like the Federal Trade Commission they bring enforcement actions against companies for that for defrauding customers or lying about advertising
48:24 right they have subpoena power they do not have warrant power their agencies like the IRS they have subpoena power they do not have worn more in power warrant is a law enforcement function subpoena is not necessarily a law enforcement function you could be some peanut to testify before Congress even if you never committed a crime I do not know the threshold for how to get a subpoena versus a warrant it’s a great question and like I said I’m gonna throw my email and the question thing at the end of this and any questions you have we have several lawyers at Tech freedom of Goodell to answer them do you another question from Brown do you have any opinion or anything to say about the use of ankle bracelets in criminal cases that’s not an area we get into we’re really dealing with the digital realm here I know there’s a digital element there but I do not have an append that I’m sure there are people who prefer an ankle bracelet to being in jail um thankfully I haven’t had to make that decision but I’m really what what concerns me is how the federal government uses surveillance authority and the implications for our rights and for our economy that’s what concerns me fundamentally we can’t we’re not a criminal justice reform think-tank we’re a tech policy think-tank and surveillance is one piece of what we work on we do a lot of other stuff that has nothing to do with the NSA you guys have asked some fantastic questions really and your level of knowledge of the subject matter is certainly above average and there are probably some members of Congress who could learn a thing or two from you kids so uh Bravo and I’m not even kidding there are I’ve watched the congressional hearings where they are basically being told what 702 is for the first time and it’s kind of frightening so it’s encouraging to see that you guys have such a robust knowledge level before I even began speaking looks like we’re getting another question I’m happy to keep going until they tell me I can’t ah technology it told me someone was typing and then they were no longer typing that’s okay well up here we go while allowing another question to queue up I will shamelessly plug my podcast it’s called the tech policy podcast we’ve done episodes on issues like this done episodes on 702 on the 215 program we’ve done episodes on CIA hacking we’ve done episodes on expa these are all issues we care about a tech freedom so I’m really happy to answer questions after the presentation but I really encourage you to subscribe because that is you know doing over 200 podcast is really how I’ve learned so much just
51:24 talking to so many really smart people from the ACLU from organizations that are much more Pro 702 it’s been a really great way to get a diverse perspective on things and you know if you all are interested in debate I’m sure you’ve noticed that the temperature of our national discourse is that catastrophic lehigh levels sometimes it’s not necessarily conducive to thoughtful debate but I think podcasts are a great way to give people a platform to get their message out without being shouted down by a by a television host what technically qualifies as surveillance is there anything we would consider surveillance that lay people as lay people that the government would not um alright so we’re gonna make this our last question sorry to anyone who’s still got a burning question I’m happy to answer questions on the after the show that’s a great question um I say my opinion is that surveillance involves generally I’d like to use the word surveillance in context with government now I know that there’s surveillance like you could put a surveillance camera outside your house right and and and look at people I like to think of it as spying it’s essentially whether it’s appropriate or not it’s spying I like to use the word surveillance in the context of government because I think what companies do is very different there are people that use the term corporate surveillance for the data collection that Google does in exchange for letting you use the best search engine known to mankind for free I don’t like that I think it’s a negative connotation that’s also partly driven by my political beliefs I’m fairly free-market about this stuff but um I think that there’s a contract there you might complain that the terms and conditions are long and you didn’t read them but you’re getting a free service in exchange for data collection so I would say data collection voluntary you know this is a contract between consenting parties that’s not necessarily surveillance surveillance I like to think of as government related even though like I said you could have a camera outside your house that’s technically surveillance I’m not sure that these are official definitions that’s just my opinion and I’ve been told I’m allowed to answer Shelby’s question too so that’s excellent Shelby asks do you think we should treat the emails of government leaders who have power differently than those of normal people absolutely you