Skip to main content

tv   Hearing on the Email Privacy Act  CSPAN  December 30, 2015 10:00am-12:18pm EST

10:00 am
utilizing a false religion for a political purpose. so it just proves that once again i am an equal opportunity offender. >> sunday night at 8:00 eastern and pacific on c-span's q & a. tonight on american history tv, on c-span3, at 8:00 p.m. eastern, a debate on who is a better model for republican presidents, calvin coolidge or ronald reagan. a tribute to former vice president walter mondale. later, harry truman's decision to drop atomic bombs on japan. as 2015 wraps up, c-span presents congress, year in review, a look back at all the news making issues, debates and hearings that took center stage on capitol hill this year. join us thursday at 8:00 p.m. eastern as we re-visit mitch
10:01 am
mcconnell taking his position, pope francis' historic address to a joint session of congress, the resignation of house speaker john boehner and the election of paul ryan, the debate over the nuclear deal with iran and reaction from congress on mass shootings here and abroad, gun control, terrorism and the rise of isis. congress year in review on c-span, thursday at 8:00 p.m. eastern. the second session of the 114th congress begins in january. the house is back for legislative work next tuesday, january 5th. among the items on the agenda next week, a budget reconciliation bill that would de-fund planned parenthood and repeal the affordable care act. the senate has approved the legislation. the president said he would veto it. the senate returns the following week on monday, january 11th. senators will consider a u.s. circuit court nomination in pennsylvania. and a bill from kentucky senator
10:02 am
rand paul that would require an audit of the federal reserve. the house is live on c-span and the senate live on c-span2. the e-mail privacy act would require a warrant before law enforcement officials can order companies to turn over someone's e-mail. the house judiciary committee held a hearing on the legislation earlier this month. witnesses included a representative from google and officials with state and federal law enforcement agencies.
10:03 am
>> good morning. the judiciary committee will come to order. without objection, the chair is authorized to declare recesses at any time. we welcome everyone to this morning's legislative hearing on hr-699, the e-mail privacy act. i will recognize myself for an opening statement. today's hearing examines the e-mail privacy act and the need to modernize the electric communications privacy act. nearly 30 years congress declared that the law's purpose was to achieve a fair balance between the privacy expectations of american citizens and the legitimate needs of law enforcement agencies. reforming this decade's old outdated law has been a priority for me as chairman of this
10:04 am
committee. i have been working with members of congress advocacy groups and law enforcement for years on many complicated nuances involved in updating this law. i am pleased to now hold this now important hearing to examine the leading reform proposal in the house, hr-699, and to examine the nuances congress must consider in updating this law. while technology has undoubtedly outpaced the law in the last three decades, the purpose of the law remains steadfast. i am confident that congress will once again strike that balance and do so in a way that continues to promote the development and use of new technologies and services and create a statutory framework that will modernize the law to reflect how people communicate with one another today and in the future. reform has broad sweeping implications. more specifically, the stored communications act, governs
10:05 am
federal, state and local government access to stored e-mail, account records and subscriber information from telephone, e-mail and other service providers. it not only applies when law enforcement seeks information in a criminal investigation but also in civil investigations and for public safety emergencies. hr-699 at its core establishes for the first time in federal statute a uniform warrant requirement for stored communications content in criminal investigations regardless of the type of service provider, the age of an e-mail or whether the e-mail has been opened. i support the core of hr-699 which would establish a standard that embodies the principals of the 4th amendment and reaffirms protecting privacy interests of the american people. however, our adherence to the 4th amendment should not end there. congress can ensure that we are furthering the legitimate needs of law enforcement through
10:06 am
reform by joining with the warrant requirement recognized exceptions and procedures designed to further the legitimate needs of law enforcement. one of the goals of this legislation is to treat searches in the virtual world and the physical world equally so it makes sense that the exceptions to the warrant requirement and the procedures governing service of warrants should also be harm monized. it's well settled law that the government may conduct a search in the absence of a warrant in certain instances. including when the government determines that an emergency exists requiring the search or when the government obtains the consent of the owner of the information. the stored communications act, however, created a framework unique to the electronic world in which even in an emergency or with the consent of the customer, disclosure of e maim content or even non-content records is voluntary at the discretion of the provider. it is also well established law that a search warrant must be
10:07 am
served at the place where the search or seizure occurs. for three decades, warrants have been executed with the provider because as with any other third party custodian, the information sought is stored with them. hr-699 would now require the government to also serve the warrant directly on the criminal suspect, a proposal which has raised serious public safety and operational concerns across the law enforcement community. congress should also continue to ensure that civil investigative agencies are agent to obtain electronic communication information for civil violations of federal law. courts have routinely held that subpoenas satisfy the reasonableness requirement of the 4th amendment. unlike a warrant, which is issued without prior notice and is executed often by force with an unannounce and unanticipated physical intrusion, a subpoena commences an adversarial process
10:08 am
during which the person served with the subpoena may challenge it in court before complying with its demands. the stored communications act currently authorizes the issuance of a subpoena directly to the provider. albeit with a requirement that the government notify the customer. but congress can go further to ensure that this satisfies the 4th amendment by requiring that any civil process authorized by the law begin with service of a subpoena directly on the customer. in this concontext, the customes provided notice and the opportunity to contest the subpoena. enforcement of the subpoena through a court order issued by a federal judge that protects the rights and privileges of the customer while ensuring that evidence of illegal activity is not insulated from investigators would afford heightened protections beyond that which the courts have deemed necessary to comport with the 4th amendment. congress has enacted laws that impose penalties for certain
10:09 am
conduct sometimes criminal penalties and sometimes civil. we have established federal agencies to enforce these laws with the tools necessary to carry out that enforcement. congress should ensure that in its efforts to modernize, we do not eliminate access to evidence of violations of federal law simply because congress chose to make those violations punishable by civil penalties. i want to thank our distinguished witnesses for being here today. i look forward to hearing from each of you on hr-699 and how to properly balance the privacy expectations of american citizens and the legitimate needs of law enforcement. and i look forward to working with all members on both sides of the aisle to modernize the ee electronic communications privacy act. it's worth noting that we also plan to hold a separate hearing in the future on the issues surrounding law enforcement access to information located on servers outside the u.s. as with the broader topic of
10:10 am
reform, that is an issue with many nuances that we need to carefully examine. i would now like to ask unanimous consent to enter the following items into the record. a statement dated december 1, 2015, from the department of justice, a letter from the federal bureau of investigation agent association dated november 24, 2015, a letter from the national association of police organizations dated november 30, 2015, a letter from the association of prosecuting attorneys dated november 24, 2015, a letter from the virginia association of commonwealths attorneys dated july 10, 2015, a letter from the technology councils of north america dated november 30, 2015, a statement from americans for tax reform dated december 1, 2015, a coalition letter signed by tech freedom and other coalition members dated november 30, 2015.
10:11 am
without objection, the items have been entered into the record. it's now my pleasure to recognize the ranking member of the judiciary committee, the gentleman from michigan, mr. conyers for his opening statement. >> thank you, chairman goodlatte, members of the committee and our honored witnesses here for the hearing. and those who are in 2141 to participate in the listening of this very important measure. hr-699, the e-mail privacy act, enjoys, i'm pleased to say, the overwhelming bipartisan support in the house. as of this morning, the bill has earned 304 co-sponsors. 191 republicans, 113 democrats
10:12 am
and 27 members of the house judiciary committee. now, what do all of these members have in common? first of all, we agree that the electronic communications privacy act is outdated and provides unjustifiably inconsistent standards for government access to our stored communication. this statute continues to serve as one of the main guarantees of our digital privacy, but the law was designed in 1986. when few of us used e-mail and even fewer imagined a world in which we could so freely share information online. the consequences of applying a
10:13 am
30-year-old understanding of technology to modern communications are inconsistent at best. for example, the law seems to apply different standards for government access to the same e-mail at different points in its life cycle. when it's drafted, when it's transmitted, when it's opened by its recipient and when it is archived in the cloud. we are not well served by a law whose application is unpredi unpredictable and that the courts have had great difficulty in interpreting. because of the rapid pace of technological change, this situation will only get worse if we do not act. secondly, the sponsors of this bill agree that the government should be obligated to show probable cause before it can provide a -- before a provider
10:14 am
to disclose the content in its customer's mail. no matter how old the message is. this standard is consistent with the holding of the sixth circuit court in the warshack case in 2010. that case motivated the department of justice to voluntarily adopt a warrants for e-mail standard. it also effectively ended the unconstitutional use of subpoenas to compel third parties to produce content in civil enforcement actions. current law requires the government to show probable cause and obtain a warrant only for e-mail that has been in storage for 180s or less.
10:15 am
but the government can subpoena for the same e-mail if it's stored for one day longer. this is no longer acceptable to most americans. as the sixth circuit rightly observed, citizens have the same reasonable expectation of privacy in their e-mail before and after the 180-day mark. as the department of justice testified soon thereafter, there is no principle basis to treat e-mail less than 180 days old differently than e-mail more than 180 days old. thirdly, the sponsors of hr-699 all agree that current law is not adequate to protect new forms of digital communication.
10:16 am
content is content. our expectation of privacy does not diminish merely because congress didn't think of the medium when it last visited the statute. the law should protect electronic communications across the board, e-mail, text messages, private messages of all sorts and other forms of digital information stored in the cloud. finally, the sponsors of this bill agree that we must act without delay. we have an obligation to provide clear standards to law enforcement with respect to emerging technologies. we should also recognize that american businesses cannot sustain these new technologies if consumers cannot trust them. as the committee takes up this bill, we should ensure that it
10:17 am
does not conflict with the basic notion that the government's seizure of our e-mail without a warrant violates the 4th amendment. but we should note that this principle has already taken hold across the federal government. the department of justice already uses warrants for e-mail in criminal cases. the government stopped using lesser process in the civil context years ago. in short, mr. chairman, and members, this legislation accomplishes two vital tasks. it updates the statute for modern use, and it does so without any significant interruption to law enforcement. we should all come together on this bill as soon as possible.
10:18 am
and i want to personally thank the witnesses for being with us today and for their testimony. and i urge my colleagues to give this measure their full support. and i thank the chairman. >> thank you, mr. conyers. and before we swear in the witnesses, i would like to recognize the presence of the chief sponsor of the legislation, the gentleman from wisconsin, mr. yoder. thank you for being with us today. kansas. kansas. kansas. the gentleman from wisconsin says he will take you. we welcome our distinguished witnesses today. if you would all please rise. i will begin by swearing you in. if you would please raise your right hand. do you and each of you swear that the testimony that you are about to give shall be the truth, the whole truth and nothing but the truth so help you god? thank you very much. please by seated.
10:19 am
let the record reflect that the witnesses have responded in the affirmative. the director of the enforcement division at the united states securities and exchange commission where he has served since 2013. prior to joining the sec, he served as the assistant united states attorney in the u.s. attorney's office for the southern district of new york where he was a deputy chief appellate attorney and a member of the securities and commodities fraud task force and the major crimes unit. as a prosecutor, he handles numerous white collar criminal investigations, including securities fraud, mail and wire fraud and money laundering. he is a graduate of columbia college and yale law school. mr. cook is president of the national association of assistant u.s. attorneys. he currently serves as the chief of staff of the criminal division of the u.s. attorney's office for the eastern district of tennessee. he has been an assistant u.s.
10:20 am
attorney for 29 years. in this capacity, he has worked in the organized crime, drug enforcement task force and the general crime section where he handled white collar crime, fraud and public corruption. he also served as the deputy criminal chief in the narcotics and violent crimes section. prior to joining the u.s. attorney's office, mr. cook was a police officer for seven years in knoxville, tennessee. he earned a jd from the university of tennessee. the assistant special agent inh of investigation. he serves as an adviser and trainer in criminal law and procedure as well as the bureau's chief firearms instructor. he is a frequent presenter to community organizations on ways to protect children online. he is active in engaging the legal community on better ways to protect children from victimization. he received a bachelor's degree
10:21 am
from boden college and a jd from vanderbilt university. the vice president for policy at the center for democracy and technology where he serves as the center's -- where he oversees the portfolio. he served as counsel at the american civil liberties union where he led privacy, new technology and identification system. he was legal counsel to the massachusetts senate majority leader. he is a graduate of harvard and holds a jd from the georgetown university law center. the director of law enforcement and information security at google. he oversees global law enforcement and legal matters relating to data, security and investigation. previously, he worked with
10:22 am
yahoo! and also served as senior counsel in the computer crime section of the u.s. justice department. as a prosecutor, he specialized in computer network crime such as hacking, wiretaps, denial of service attacks, malicious code and other technology driven privacy crimes. in 2005, he joined stanford law school as a legal lech ter you are on computer crime, internet business legal and policy issues and modern surveillance law. he received his jd from yale law school. the founder of red branch consulting, a homeland security consulting committee and a senior adviser to the churtof group. formerly served as deputy assistant secretary for policy in the department of homeland security. he is a distinguished visiting fellow at the homeland security studies and analysis institute.
10:23 am
he is a lecturer at george washington and the national defense university, a senior editor of the journal of national security law and policy and a visiting fellow at the heritage foundation. he earned a bachelor's degree from haverford, a master's from scripts and a jd from the university of chicago law school. your written statements will be entered into the record in their entirety. we ask that each of you summarize your testimony in five minutes. to help you stay within that time, there's a timing light on your table. when the light switches from green to yellow, you have one minute to conclude your testimony. when the light turns red, that's it. time is up. it signals that your time has expired. am i pronouncing your name correctly? >> you are. >> thank you very much. you may begin. >> good morning, chairman goodlatte, ranking member conyers and members of the committee. thank you for inviting me to testify today on behalf of the
10:24 am
commission concerning e maim privacy act hr-699 pending before your committee. the bill seeks to modernize portions of the electronic communications privacy act which became law fwh 1986. i share the goal of updating the evidence collection procedures and privacy protections to account for the digital age. hr-699 poses risk to the american public by impeding the authority of law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct. there are ways to update that offer stronger privacy protection and observe boundariboundary s without frustrating law enforcement. the mission is to protect investors, maintain fair ordinarily and efficient markets and facilitate capital formation. the sec's division of enforcement furthers this by among other things investigating potential violations of the federal securities laws, recommending that the commission bring cases against alleged
10:25 am
fraud and other security law wrong doers and litigating the enforcement actions. a strong enforcement program is a critical piece of the commission's efforts to protect investors from fraudulent screams and promote investor trust and confident in the security market. electronic communications often provide critical evidence in our investigations as e-mail and other message content can establish timing, knowledge or relationships in certain indications or awareness that certain statements to investors were false or misleading. when we conduct an investigation, we generally will seek e-mails and other electronic communications from the key actors through an administrative subpoena. in some cases, the person will respond to our request. but in other cases, the subpoenasubpoen recipient may have asserted damaged hardware or refused to surprise. individuals who violate the law are often reluctant to produce evidence of their own misconduct. in other cases, e-mail account
10:26 am
holders cannot be subpoenaed because they are beyond our jurisdiction. it is at this point in an investigation that we may in some instances need to seek information from an internet service provider known as an isp. the proposed ameant mntd would require government entities to procure a criminal warrant when they seek the contents of e-mail and other electronic communications from isps. because the sec and other civil law enforcement agencies cannot obtain criminal warrants, we would effectively not be able to gather evidence, including communications such as e-mails, dwre directly regardless of the circumstances even in instances where a subscriber deleted e-mails, related hardware was lost or damaged or where the subscriber fled. depriving the sec of authority to obtain e-mail content would also incentivize subpoena recipients to be less forthcoming because an individual who knows that the sec lacks the authority to obtain his e-mails may feel free to destroy or not produce them.
10:27 am
these are not abstract concerns for the sec or for the investors we are charged with protecting. among the type of scams we investigate are ponzi schemes as well as insider trading activity. in these frauds, illegal acts are particularly likely to be communicated via personal accounts. parties are more likely to be non-cooperative. technology has evolved since the passage and there is no question that the law ought to evolve to take account of advances in technology and protect privacy interests. even when significant law enforcement interests are also implicated. but there are various ways to strike an appropriate balance between those interests as the xh considers the best way to advance this important legislation. any reform can and should afford a party whose information is sought from an isp in a civil investigation an opportunity to participate in judicial proceedings. when seeking e-mail content from isps in it the past, the
10:28 am
division has provided notice to e-mail account holders in keeping with longstanding and just recently reaffirmed supreme court precedent. if it were so structured an individual would have the ability to raise with a court any privilege relevance or other concerns before the communications are provided by an isp. while civil law enforcement would maintain a limited avenue to access existing electric communications in appropriate circumstances from isps. such a judicial proceeding would offer greater protech to subscribers than a warrant in which subscribers receive no opportunity to be heard before communications are provided. we look forward to discussing with the committee ways to modern ike this without putting investors at risk and irpair sec from enforcing laws. i'm happy to answer any questions you may have. >> thank. mr. cook, welcome. >> chairman goodlatte, ranking member conyers and members of
10:29 am
the committee, first of all, thank you very much for giving me the opportunity to address you and to give you the perspective of career prosecutors with respect to hr-699. let me get right to it. the importance of historic communications act to the law enforcement community cannot be overstated. at issue are records of con tablt and communication by internet and cell service providers. to understand the importance of these records to the law enforcement world, i would ask you to pause and think for a minute about how these powerful resources are being used in the criminal world. child predators troll the internet 24/7 for children to lure them away. purveyors of child pornography often with graphic pictures of children sometimes, s infants those electronically across the internet. terrorists boast of their crimes posting pictures of those online and international drug dealers
10:30 am
gangs and other involved communicate effectively with co-con speer tors three e-mail and tech. when you realize how pervasive this,you realize that the evidence covered by the sca or the scored communications act is central to our ability to solve vir vully every type of crime and our ability to access this information covered by the sca and to access it quickly can literally mean the difference between life and death. it can mean the difference between recovering a child alive and returning her to her parents instead of the child being a victim of a vicious predator determined to commit unspeakable crime. even beyond the critical role of stopping violent crimes in progress and rescuing victims, evidence covered by the stored communications act is often central to the search for truth in our court and our ability to bring those most dangerous in our community to justice.
10:31 am
here are the problems. both of the opening statements by the chair and ranking member recognize this. the stored communications act were enacted in 1986. that was before much of this technology was in use, before any of us had any idea of its capabilities. to continue to use a statutory framework with definitions that were enacted before any of this technology was known is just simply not workable. it does not fit. that brings me back to hr-699, the primary goal of this bill seems to be to codify correctly we would submit warshack and the extension of the 4th amendment protection to e-mail. this is an issue on which we can agree. but the bill goes farther. it goes farther and we respectfully submit demonstrates a need for a comprehensive not piecemeal reform. in my written testimony i have addressed the number. by far, not all of the concerns that we have. i would like to highlight two
10:32 am
places where this bill creates or perpetuates limitations on law enforcement. that exceed those imposed anywhere else in the law. burdens greater than those related to the search of a home, burdens greater than those related to the search of a body cavity. while the e-mail privacy acts expands 4th amendment protections to compel e-mail or text, the statute does not recognize any of the well established exceptions to the warrant requirement. it would be applicable in every other circumstance. i know of no other area of the law where this is the case. the e-mail privacy act imposes notice requirements unlike those found anywhere else in the law. the government has been required to serve a copy of the search warrant on the person at the property being searched. that requirement makes sense, it demonstrates to the homeowner or the business operator the authority for the search. but that homeowner and that
10:33 am
homeowner or property owner is free in the course to tell whoever they wish about it. but the government has never been required and the law has never required the government to reach out to third parties and notify them of the search. it's not a discovery provision designed to alert those who are under criminal investigation of the ongoing investigation and although there are specific in fact 2.5 pages of rules that would control when that can be extended, this simply is a rule that has never been imposed in any other context. in conclusion, i would like to say that criminals have and we have seen that they have unlimited access to these modern and powerful resources. and they make full use of them. for us on the law enforcement side to do our job, abscess to this information is critical. information covered by the sca has to be accessible to us. that access we respectfully
10:34 am
recognize, of course. should be consistent with privacy protections afforded by the constitution. congress should not at this bill proposes impose new unprecedented and unwarranted limitations that will tie our hands in doing our jobs. thank you. >> thank you, mr. cook. >> chairman goodlatte, ranking members conyers, members of the committee, thank you for inviting me to testify. i serve on the technology committee of the association of state criminal investigative agencies. as you know, state and local law enforcement agencies work the vast majority of criminal investigations in this country. evidence is critical for us in those cases every day. hr-699 in its current form does not sufficiently protect that access. to give you some sense of the volume of potential electronic evidence in our cases, consider a stranger abduction of a 4 day old infant in nashville. over a four-day investigation, my unit processed and explored leads on hundreds of telephone
10:35 am
numbers, computers and mobile devices. at a time when every second counts, my fellow agents and i spent time trying to make contact to declare an emergency, calling and recalling to make our it was received. we had to process hundreds of leads any one of which could have been the key to finding the victim. volume alone isn't the only issue. we must contend with a lack of structure governing responsiveness. we received a lead that the creator of a posting on a social media platform may have information about the child's location. when we contacted the provider, they noted that the emergency provision is permissive rather than mandatory and demanded legal process before they would turn over records. we know hr-699 has support, but we believe that support is based on only one part of the bill, creating a uniform probable cause standard for stored content. advocates for reform argue the contents of an e-mail or documents stored should be subject to the same protections as a letter in your drawer at home.
10:36 am
hr-699 would do that, but it goes farther to have notice requirements and definitions of records that would give greater protection for records stored than for that envelope in your desk. of it would do this without extenning any of the tools that law enferment can use to obtain evidence in the fphysical world as we get a warrant. bringing this into balance should put the physical and digital worlds on the same plane not favor digital or physical evidence. hr hr-699 should reflect a more balanced approach that ensures law enferment can access evidence it needs. when we get a warrant, it should behave like a warrant not a subpoena with a higher proof requirement. demonstrating probable cause should allow us to gather evidence with the same timeliness and effective ndz we would expect in the real world. the notice provisions in the bill would require us to describe our case to targets of a criminal investigation even as
10:37 am
we are pursuing leads. that endangers investigations. we urge the committee to balance the need for notification against the resource burden it places on us. time spent complying with time lines means less time investigating crimes and could compromise sensitive information. i urge you to ensure that whatever standard of proof you decide is appropriate you also ensure that law enferment can access the evidence we need reliably and quickly. speed is important in all investigations and reform should impose structure on service providers response to legal demands. a requirement for records with service providers would help speed access to evidence, provides transparency and authenticate law enforcement process. warrant should look like warrants everywhere else. that means that standard exceptions to the requirement like consent should exist. lawyer enforcement should control whether they are invoked like we can do when executing in the physical world. everybody agrees that law enforcement should have rapid access to communications evidence in an emergency, but that is not always the reality.
10:38 am
industry and privacy groups suggest that some declarations are unfounded. but those are unreviewed determinations. isn't law enforcement obts ground in the best position to assess the presence or absence of defensible oechl againsy in a particular case. we do it in other contexts all the time. there sean existing body of case law in the courts to determine whether or not we're correct. in closing, i want to re-emphasize how important both aspects are to our investigators. we agree that it should be updated. any effort to reform should reflect its original balance between assuring law enforcement access to evidence through legal demands and protecting customer privacy. the balance proposed by hr-699 goes too far in extending burdens of the traditional search warrant scheme to a broader range of records without any of the common law exceptions while requiring unpress dentsed notice to targets because the evidence we are seeking is electronic. thank you for having me here today. like forward to your questions. >> thank you.
10:39 am
i think maybe i have your pronunciation correct now. >> you were right the first time. i will take it however you give it. thank you. >> i'm on a losing streak here. go ahead. >> thank you, mr. chairman, for having me testify. that's the thing we appreciate the moment. ranking members conyers, members of the committee, thank you for the opportunity to testify on behalf of the center 230r democracy and technology. cdt is a non-partisan advocacy organization dedicated to protecting privacy, free speech and innovation online. we applaud the committee for holding a hearing on the electronic communications privacy act and urge the committee to speedily approve hr-699, the e-mail privacy act. when it was passed in 1986, it relied on balancing three policy pillars. individual privacy, the legitimate needs of law enforcement and support for innovation.
10:40 am
changes in technology have eroded this balance. the reliance on trusted third parties for long-term storage of our communications have left those communications with limited statutory protections. this void has created legal uncertainty for cloud computing one of the major business innovations of the 21st century and one at which u.s. companies excel. at the same time, information accessible to the gochl has increased dramatically from e-mails and text messages to social networking posts and photos. most, if not all of this information would not have been available in 1986. the technology has changed but the law has not. creating a major loophole for americans privacy protections. in the face of this outdated statute, courts have acted recognizing in cases that people have a reasonable expectation of privacy in e-mail. and in validating key parts of this. but that is not enough on its
10:41 am
own. it continues to lag behind technological change and harm smaller businesses that lack an army of lawyers. it also creates uncertainty around new technologies that rely on the use and storage of the contents of communications. reform efforts face a concerted assault from civil agencies that seek to gain new powers and blow a huge privacy loophole in the bill. agencies have blocked reform in spite of the fact that sec confessed to never subpoenaing an isp post warshack. no less than fbi director comey told this committee that in regard to this, a change wouldn't have any affect on our practices. in fact, new civil agency powers would harm the privacy of ordinary citizens. imagine if the irs had had these powers back from 2010 to 2012 when they were improperly investigating the tax status of
10:42 am
tea party organizations. during that investigation, the irs sent lengthy time consuming questionnaires. the irs is targeting conservative groups. the subpoena authority is broad and likely could have been used here. if the irs had had the power that the sec proposal recommends be granted to all federal agencies, they would have been able to go beyond gathering information directly from the target of the investigation. the irs would have been able to go to court and enforce an order allowing them to go directly to the isp and seek the suggebject e-mail. the subject of the investigation would have been able to contest that order in court. civil standards are very low. it's clear that the irs had a very expansive idea of the
10:43 am
information they could seek. this type of agency overreach is exactly why we can't grant agencies unjustified new authorities. support for privacy reform is deep and abiding. more than 100 tech companies, trade associations and public interest groups have signed on to reform principles. signatories include nearly the entire tech industry, span the political spectrum and represent privacy rights, consumer interests and free market values. the e-mail privacy act has more than 300 co-sponsors, including republicans and democrats. post warshack awarrant for content has become the status quo. nonetheless, it's a -- it's critical for the committee to approve hr-699 in order to cure a defect, protect privacy and ensure new technologies continue to enjoy robust constitutional protections. thank you. >> thank you.
10:44 am
welcome. >> chairman goodlatte, ranking members conyers and members of the committee, thank you for the opportunity to it appear before you today. >> would you pull your microphone closer to you? >> sure. thank you. i'm director for law enforcement and information security for google. i oversee the compliance with government request for users data including requests made under the electronic communication privacy act of 1986. in the past, i have worked on issues as a senior counsel in the computer crime and intellectual property section in the u.s. department of justice. google strongly supports hr-699, the e-mail privacy act which has 304 co-spon sorz, more than any other bill pending in congress. it's undeniable and it's
10:45 am
unsurprising that there is strong interest in aligning this with the 4th amendment and users reasonable expectation of privacy. the original discuss closer rules set out in back in 1986 weredkñ good given the state o technology then. in 2015, they no longer make sense. users expect as they should that the documents they store online of the same 4th amendment protections as they do when the government wants to enter the home to seize the documents stored in a desk drawer. there is no compelling policy or legal rational for there to be different rules. in 2010, the sixth circuit opined that it violates the 4th amendment to the extent it does not require law enforcement to obtain a warrant for e-mail content. in doing so, it struck down the 180-day rule and the distinction between open and unopened e-mails. as irreconcilable with the protections afforded by the 4th
10:46 am
amendment. warshack is the land of the -- the law of the land. it's observed by governmental entities and companies like google and others. in many ways hr-699 is a modest cod if i indication of the status quo and implementation of the sixth circuit conclusions in warshack. two important developments have cu occurred since i last testified in march of 2013. both of which have a significant baring on efforts to update the statute. first, the supreme court issued a decision in riley versus california where it unanimously held that officers must obtain a warrant before searching the contents of a cell phone seized incident to arrest. chief justice roberts noted that a regime with various exceptions and carveouts would con electroveen or general presence to provide guidance to law enforcement through categorical
10:47 am
rules. to reinforce the imperative for clear rules in this area, chief justice roberts concluded his opinion with direction to law enforcement. he wrote, the fact that technology allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the founders fought. our answer to the question of what police must do before searching a cell phone seized incident to arrest is accordingly simple. get a warrant. closed quote. notably this committee is being asked by some today to jettison the type of categorical rules that the supreme court held were imperative in riley. doing so would under mine the user's expectations of privacy and encroach encore privacy protections. we urge the committee to reject such pleas. second, many states have enacted bright line rules to bring their state versions in line with the 4th amendment. hawaii, texas and maine have all done this.
10:48 am
in addition, earlier this year the california legislature overwell well manyingly approved legislation to update california's version . it requirements the government to obtain a warrant before it compels service providers to disclose content, but it he extends to metadata and that stored on electronic devices. states are recognizing the protections ought to extend to the sensitive data stored in the cloud. hr-699 represents an overdo update that would ensure electronic communications content is treated in a manner commensurate with other papers and affects protected by the 4th amendment. it's long pastime for congress to pass a clean version. thank you for your time and consideration. i would be lap pi to answer any questions you may have. >> thank you. welcome. >> thank you very much, mr. chairman, ranking member conyers. i appreciate the opportunity to
10:49 am
come before you today to testify about the e-mail privacy act and the underlying principles of balancing privacy and law enforcement needs that are inherent here. as you know, i am a former prosecutor having spent 12 years in various roles throughout government. i then became a deputy assistant secretary for the department of homeland security with significant responsibility for our counterterrorism efforts. and today i operate a small consulting company and i serve as a visiting fellow at the heritage foundation. from this perspective, i am pleased to acknowledge that everybody on this panel agrees that a warrant requirement for content of e-mail is an appropriate response to changing technology. it seems to me almost beyond belief that notwithstanding the uniform agreement on that princip principle, we have been unable
10:50 am
to work out the details of how to implement that as a matter of statutory law. to my mind, that principle has its roots not in our agreement here but rather in the in the longstanding understanding of the privacy of one's personal papers and effects that goes back to the very foundings of this nation. the most famous case of which was wil can he s versus woods. wilkes was a protesters. his papers were the subject of a general warrant. that act of seven by the crown at that time was one of the most salient effects that drove the revolutionary movement. the writ of assistance which james otis famously lost in massachusetts is is what john adams said was the spark that lit the flame of the revolution.
10:51 am
today, e-mail are our private papers. the isps that transmit by e-mail to you are the equivalent, functional equivalent of the post office and the cloud storage system that i use to store that information is the functional equivalent of the file cabinet in my office. there is no ground that i can see that is consistent with what the frame understood our personal privacy and papers to be to exclude that information from the full protection of the warrant. and i would add that our history of fourth amendment understanding has followed the development of technology by consistently applying that same principle. when the supreme court was faced with the idea of telephones in the cats case back in the 1960s, they saw that those types of personal communications ought to be subject to the exact same sorts of constitutional protections. this notwithstanding the fact that telephones were unknown to
10:52 am
the founders. and over the dissent of justice black who says history there are no telephones if it's not in the fourth amendment, then it shouldn't be in the fourth amendment. we have recently come to understand that the cell phones in our pockets are not just telephones. they are now mini computers that contain the stuff and substance of everything that we know and understand. so, too, i would submit with the content of our e-mail communications and our stored data in cloud service providers, whether it's google, microsoft, yahoo! or dropbox, this is where we store our data today. so what's the debate? what's left? all that i can hear that is left is the application of exceptions that are carve outs and restrictions on this general warrant requirement. and to some degree that has an intellectual appeal to it, doesn't it? we have had exceptions for a
10:53 am
while. but i doubt that that's really what the advocates are suggest issing. because i certainly have not heard any of them suggest we should adopt the fourth amendment suppression rules for when evidence is wrongly collected in violation of these exception requirements. the truth is that we have had no -- when ekba was first passed in the '80s, no exception for an emergency at all. the current statute was added in 2001 post 9/11 at the suggestion of the department of justice. so it's kind of passing strange that we would see that exception and an expansion of it held out now as a reason to oppose the fundamental changes that are necessary in light of technology. i would submit that the time is right for change. the principle is clear. in the normal law especially forcement context, police, law enforcement should have no more access to stored e-mail than they do our private letters.
10:54 am
i would urge this committee to give the bill before you plenty of consideration and markup and move it to the floor for consideration where these issues can be hashed out w. that, i thank you very much. i look forward to answering your questions. >> thank you. and we'll now proceed under the five-minute rule of questioning of the witnesses. i begin by recognizing myself. mr. salgado, if congress were to issue a subpoena for the content of a customer's e-mails, would that subpoena violate the fourth amendment? >> that's a question i would have to look into as to how the fourth amendment applies to congress. so i have not done enough research to be a able to answer that with much confidence. i would say that the changes that we're talking about today to ekba would not in any way effect the investigative powers of congress. >> i think it's a very important question, however.
10:55 am
because if you can't answer that question for me right now, answer this question. what's the constitutional distinction between congressional and executive subpoenas? >> again, i probably would have to investigate that. the fourth amendment is what the fourth amendment is. if there is restriction there based on the constitution, that exists regardless of what we do with ekba. >> if the subpoena issued to google for the contents of a customer's e-mails, the customer might be a government employee who is acting outside of the government's servers and e-mail system and is storing data on google's cloud, what ability would the congress have to conduct oversight if your finding is that it violates the fourth amendment? >> i don't know that it would. but i do note that congress
10:56 am
would have all the authority it does now to direct the subpoena to the user to get the information directly. >> we would very much appreciate your taking some time to think about the answer to that question. because it's a very important question with regard to how we address this. because there either is not a violation, in which case what is the distinction between congressional and executive subpoenas. or there is a constitutional violation in which case the congress'sant to conduct proper oversight of the executive branch is a very significant one. >> i'd be happy to answer the question. i don't think it touches on the question of this particular bill, but i would be very happy to look into that for you. >> thank you. mr. series any, critics of a mechanism, the sec has not sought to serve a subpoena in the five years since the sixth
10:57 am
circuit in u.s. v. wore shack. you have heard some of the criticisms today. they say it is not really a problem that needs to be solved because of that fact. is that true? >> congressman. >> the decision was made at the time -- i wasn't at the sec at the time. a decision was made in compensation of caution not to issue subpoenas to isps without concept of the subscriber. since i have been at the sec, we have held off on doing that in definite republicans to the discussions ongoing in congress about amending ekba. at the same time, we never walled worshack pursuant to a subpoena with notice to the subscriber wore shack dealt with a grand jury subpoena with no notice to a subscriber. it did not undermine a long line
10:58 am
of case law that exists that holds where a subscriber or the party you're seeking e-mail from or seeking material from has precompliance review before court, that that satisfies the fourth amendment. it is true we have not done it. i can tell you there are cases ongoing -- >> i know you haven't done it. i want to know why. >> in excess of caution at the time and in definite republicans to these discussions that have been ongoing before congress about the decision that to do to reform ekba. from our perspective, there are ongoing investigations that would benefit where we have not obtained e-mail from a subscriber we know exists. we have not been issuing you subpoenas to isps. >> so, how has that affected your ability to conduct investigations? >> i think it has affected our ability to conduct investigation ises. we issue subpoenas to individuals all the time for their e-mail. all the time there are instances
10:59 am
that either don't produce -- >> before wore shack you would issue them to a third party? >> that's correct. >> since then, you haven't felt a need to attempt to do that and have the courts clarify this issue which now where the congress is being asked to clarify? >> we have in definite republicans to the ongoing discussions in congress about reforming ekba determined not to do that. it in cases it would have been helpful to do that for our efforts. >> in addition to sevening the warrant on the customer, hr-699 also requires law enforcement to provide notice to the customer of the nature of the law enforcement inquiry with reasonable specify fistity. what is the harm if they are required to inform the subject of the nature of the law enforce
11:00 am
werement inquiry with reasonable specifity? >> (inaudible). >> turn your microphone on, please. >> sorry, mr. chairman. in traditional search warrant practice, the requirement is simply law enforcement leave a copy of an a warrant and the inventory of items seized on the search. to a service provider, an entity that is in possession of evidence, we serve a copy of the warrant on them. and we give them notice of the fact that we are requiring them to produce the records. hr hfr 699 imposes a set that requires us to go beyond what is required in traditional search warrant practices. >> thank you very much.
11:01 am
mr. conyers is recognized. >> thank you, mr. chairman. begin my questioning, i would like to ask unanimous consent to introduce the statement from the gentleman from colorado, mr. jared paulis into the record. his views are worth consideration by the committee. can i get a unanimous consent request? >> without objection, it will be part of the record. >> thank you. >> let me begin my questions with chris calabreeze. i'm trying to find out why this bill is so popular from your point of view. the e-mail privacy act. 304 sponsors. privacy advocates, civil
11:02 am
libertarians support it, fortune 500 companies, and small businesses across the country. more than 100,000 americans have signed a petition urging the white house to support this measure. >> between what government can do and having rules around how they can do it. all this bill does is the very modest step of bringing our privacy protections into the 21st century. and everybody agrees with that. a recent poll in the "washington post" said 86% of americans supported reform. this panel is unified in saying we need a warrant for e-mail.
11:03 am
now, we have some minor issues around the edges. honestly, i believe this is a bill that would pass congress, pass the house of representatives by 300 or 400 votes. it is is that popular. it is that common sense. i think we simply need a markup. the american people can-can get the privacy protections they want and they need. thank you. >> thank you. and also in your testimony you mentioned that the bill faces a concerted assault from civil agencies that seek to use statutory changes as a tool to gain new powers. some argue that powers are already on the books. why do you refer to the sec's proposal as a request for new powers? >> i think that if you don't use an authority for five years, and
11:04 am
there's questionable legal -- there's a questionable legal standard about whether you can use it at all, it's new authority. it simply can't be that you have this assisting authority and you say it is incredibly valuable but you held off on using it for five years. either what you're doing is in your investigations aren't important, which we all know is not true. or you don't think you have this authority. and to me there are really no other options. and i think this is authority. >> thank you. the government often conducts parallel criminal and civil investigations to the same target. what would be the practical consequences if we adopted a warrant standard for e-mail and criminal investigations and some lesser standard for those in
11:05 am
civil investigations? >> there would be the risk that the exception would swallow the rule. i spent much of my early career prosecuting environmental criminal cases. a regulatory area where the civil regulatory authorities had civil and administrative powers for securing evidence. there was a set of procedures, parallel proceedings procedures that were internal to the executive branch that governed the circumstances under which the civilly collected evidence could be transferred to the criminal prosecution side for use in a criminal case. those rules were simply rules of grace at the discretion of the executive branch. they were not statutorily mandated. and they were not suppressed in any constitutional limit. there would be at least some risk that in an effort to invade
11:06 am
the warrant requirement by reform of ekba, criminal authorities would solicit the securing of that evidence through civil process under a lesser standard. i do not mean to a describe ill motivation to anybody in this process, but nonetheless the interstitial pressures are very really. >> let me squeeze in one final question here. the sixth sir can cut in wore shack held to the extent that the stored communications acts permits the use of subpoenas to compel the production of e-mail, the statute is unconstitutional. given that holding, is the mechanism proposed by the sec also unconstitutional? anybody want to try that in addition to you? >> i think it likely is it
11:07 am
hasn't been tested in court. there is a history for restricting authorities for constitutionally protected material there is frankly law that goes to administrative searches. >> could it withstand a fourth amendment challenge in the court? >> i would say no. but -- >> thank you so much. thank you, mr. chairman. >> thank you, mr. conyers. the chair recognizes the senator from wisconsin. >> i agree with that on wholly. since that decision, the sec has been unable toe subpoena e-mail
11:08 am
content from service providers. mr. cresney, i read your testimony and listened to it. did you write it in 2009? >> no. i wrote it -- >> thank you very much. will the sec be denied the ability to obtain evidence? >> i don't agree we're not able to do it currently. we have refrained from doing it in definite republicans to congress's ongoing discussions. >> i guess you kind of ignored the wore shack decision on that. now, even under ekba as it was written almost 30 years ago, the sec could only subpoena e-mail content after it was older than 180 days. aren't you asking this committee to expand illegal authority
11:09 am
found in a more limited form? >> we are not -- >> why aren't you? because you would like to beyond 90 days. >> the court, you're not happy with the court decision and what your testimony says is that you would like to expand something that's already been held unconstitutional. >> i disagree. >> well, i disagree with you. if congress gives civil agencies the authority to subpoena e-mail content to service providers, would that law be constitutional? i think mr. series any has already said yes.
11:10 am
>> i would love an opportunity to explain. >> no. i'm limited on time. >> my answer is, yes, it would be constitutional. >> mr. littlehill? >> yes, it would be. >> mr. cal breeze? >> i believe, no, it would not be. >> mr. salgado. >> i believe no, it would not be. >> mr. rosen slide. >> no. i believe that's what wore shack here. >> we heard messers cook and littlehill, since i believe it would be stpaourbl, how do you position that with the sixth circuit court hold anything wore shack. >> the critical decision is the one they have already drawn. the subpoena at issue there was a grand jury subpoena. one issued with no notice to anybody. the fourth amendment to the constitution of the united states never had a warrant without any other exceptions or without any other way in the
11:11 am
reasonableness clause. >> congressman, i believe due process provided by the sec proposal offers a significant amount of protection offered by the fourth amendment. i believe the courts would view it as sufficient protection. >> well, the issue is that a subpoena -- there can't be a motion to call a subpoena until it is served. so even if there is an immediate motion to cautious a subpoena, isn't there a risk of a constitutional violation here? >> congressman, there isn't. they are not self-executing. if we want to enforce our subpoena, we have to go to court and compel production. >> well, except that wore shack seems to indicate the opposite.
11:12 am
>> apparently the position of law enforcement is they want to expand what is currently the law. and those who are privacy advocates say the law is the law and cod phi it. i think this is a slam dunk for congress to make a determination. because we already have something that everybody seems to think is okay, except a few people that would like to expand the dragnet. with that, i yield back. >> the chair thanks the gentleman and recognizes the schedulewoman from california for five minutes. >> thank you, mr. chairman. i'm glad we are having this hearing today. it has been mentioned at the beginning of the hearing over 300 members of congress are sponsoring the legislation. so it hasn't been a close call
11:13 am
for most of it. there is a competing -- not a competing bill. a bill that encompasses the provisions in this bill but also goes to geo location. i'm wondering mr., cooke, the doj recently enacted policy requiring a warrant before a cell site similar like a sting ray to locate a customer using their cell phone. does your association support that policy? >> the answer to that of course is ye is s. that use of a stingray or trigger fish, cell site similarity under certain circumstances would trigger fourth amendment protections. that is to say that either a warrant or one of the exceptions, and there are many occasions when law enforcement uses a stingray and it does so under the emergency aide or ex
11:14 am
extent circumstances, et cetera. >> the ex skwrept circumstance issue, which we are not arguing against, would you consider that a warrant for any means should also be favorable supported by your group? >> i'm not sure i understand. >> for example, you don't need a stingray to actually identify where a person is with a cell phone. but the identification issue is the same. so wouldn't that logic extend to that? >> well, when law enforcement seeks protective tracking of a suspect a as was the case in jones in ongoing tracking, then the fourth amendment is indicating. i think jones resolved that for us. >> i think it did as well. shouldn't that same logic apply
11:15 am
also to historical locations? >> that's a great question. of course as i can tell from on your question, you are fully familiar with the courts struggling with the fourth and fifth circuit and other courts divided on that. so part of the division is driven by the understanding of the technology. the technology with respect to some location information is it's just not as specific as gps tracking. and with respect to that, the courts have recognized that there's -- >> i don't want to run out of time. assuming that you technologies are resolved, logically shouldn't the fourth amendment apply to historical and prospective records? >> the other longstanding doctrine that touches on that is the one the courts have pointed to, smith and miller third-party records. >> right.
11:16 am
which has also been not favorably received is recently by congress. let me turn to you, mr. salgado. because we have approached this whole issue from the point of the fourth amendment and the constitution and the right to privacy and the like. but it also has an impact on american business. the most approximate important technology companies in the world are located in the united states. can you comment on the impact, if any, on american business or perception in other countries that privacy is not secure if you use an american product? >> thank you. yes, i certainly can easily burn up the rest of your time with an answer to that question. it is is a significant impact on american industry that there is a perception outside the united states, europe, it's no secret certainly holds the perception.
11:17 am
the data held by u.s. companies is somehow there for the taking for the u.s. government. e-mail privacy is a good step towards getting rid of the miss perception. >> now, if i can, and you may not have the answer to this. certainly this is not an issue for google but for facebook and all the isps and microsoft has a big case in ireland right now and the like. has anybody added up the risk. >> that may have been done. i need to get back to you. it's not on the tip of my tongue to be able to answer. >> okay. that's fair enough. riley versus california, our answer to the question, what police must do before searching
11:18 am
a cell phone is accordingly simple. get a warrant. how does that apply to the legislation that we are considering today in your judgment? >> i think it illustrates the point that the supreme court wants us to have right rules so the law enforcement officer in the field knows what to do. when we're talking about the further of course and our right to privacy, we're not messing around with gray areas. the rules should default to a client. >> thank you. my time has expired. >> i thank the witnesses for your testimony. i first it was mentioned that there is is a gentlemen's
11:19 am
agreement. is there anything that expands the dragnet in this bill? mr. cooke? >> of course i'm troubled by the characterization. >> let me define dragnet so you don't have to. >> okay. >> is there anything in this bill that expands your ability to do investigations and maybe make innocent execution more vulnerable? >> no, sir. it limits in unprecedented ways law enforcement's ability to do their job. >> that's my understanding as well. mr. littlehill. >> yes, sir, i share that concern. >> and you would share the characteration mr. cook as well? even if governing records as contemplates in the bill is
11:20 am
given, we will have less authority with respect to those we would with records in the physical world, yes. >> thank you. i turn to mr. salgado. from a google perspective, when i or a citizen signs up for app e-mail account, there is a law agreement, i have not studied that or had my attorney look it of. i say, okay, i agree. i sin up for e-mail and i'm glad to have the service and it works really good. am i waiving privacy in that agreement? >> not with respect to what we have here.
11:21 am
we will honor search warrants. we honor subpoenas but not for content. we will honor for what the statute says. it is our preference to let users know when we get these interests unless we are informed by gag order, for example, that we are not able to. so we will honor all of those rules that congress has set in place in the fourth amendment has established. we also will honor requests to preserve information while law enforcement goes through getting a search warrant. >> are you aware of any isps than you are describing here with google? >> there may be slightly difference. but, no, generally i think the pattern i'm describing is the one the larger companies here operate under. >> so practice is pretty close to the mirror of the act or legislation we're discussing? >> yes, sir. i think that's right.
11:22 am
i'm not aware of providers producing content on anything less at this point. >> i would burn more time on that. i appreciate your response. i believe you gave the clearest definition of modern electronic versus the postal service from the constitutional -- the founders era. this is still the constitutional era. >> will you hand that data over to an isp provider, i could do that willingly under the
11:23 am
constitutional law? >> you could consent to anything. provided sit voluntary and not coerced. if the police come to your door and say can i get the letters in your file cabinet, you can say sure. >> you are cam with california versus greenwood. the distinction between wore shack and california versus greenwood, which is essentially people take your garbage out to the curb, it's not protected by any fourth amendment right. if i delete my e-mails and they are within custody of an isp and i waived my right to privacy, that would be open access then to the investigators? >> i would say no. but i would have to think about that. my sense is when i delete the e-mail, i'm intending not to throw it to the curb as garbage
11:24 am
but to eradicate its existence altogeth altogether. >> it is actually where we are getting where we need to go with this panel as a distinction between greenwood and wore shack on what those e-mails consist of. are they garbage or aren't they? # so i appreciate the panel. this has been clarifying testimony today. and i thank the chairman and yield back the balance of my time. >> thank you, mr. chair. and i just want to thank the chair for holding this hearing and to all of you for taking the time to be here with us today. mr. stress any, do you dispute the preservation orders and court interference to enforce targets of sec investigations should the e-mail privacy act pass? >> so if the question is whether
11:25 am
preservation requirements should be contained in the statute and the ability to obtain from a is subscriber. >> do you think if the e-mail privacy act passes you would have the ability of preservation orders and court interference to enforce administrative subpoenas? >> i believe that is still something one could obtain over the proposed statute. it wouldn't allow us to obtain isps. >> you have energied in your testimony that one would be that it leads targets. so are you telling this committee that the e-mail privacy act would be to blame if you don't take the common sense step of issuing a preservation order on an isp from day one of an investigation. is there any reason whatsoever that you wouldn't take that step, that very simple step
11:26 am
which can be done without a judge is's involvement. >> we would certainly take that step. the preservation doesn't allow us to obtain the e-mail from the isp. certainly we would try to do that. we would make sure it is available. the next step, obtaining it from the isp, that would not be available. >> your comment this would lead people to delete e-mails doesn't really hold water if you have a preservation order, it will be safe there. >> the person treated the e-mail and then we subpoenaed the person, the only entity that would have possession would be the isp. >> if you have a preservation order, then the isp is going to preserve that information? >> yes. but if they preserve it we can't obtain it. >> i don't know about you but i use it to keep in touch with my family, husband, my friends back home in washington state, all across the country. i'm sure pretty much everyone in this room, in this building would tell a similar story. as e-mail has gone mobile, sit
11:27 am
virtually in distinguishable from a phone call or a text message. no doubt contains very important details of people's personal stored in the cloud companies like mr. salgado. we would all hope to be kept safe from intruder's or prying eyes. in your testimony it seems that e-mail service providers are more like a witness or informant that you should be able to tap directly for information as opposed to the digital home of intimate communications. let me ask you this. if the sec wants a box of documents sitting in a target's home, can you use an administrative subpoena to bring a locksmith to unlock documents. >> we cannot. >> so please explain why we should give you the ability to do exactly that with the digital equivalent, how that could comport with simple expectations of privacy and due process.
11:28 am
and without a shred of meaningful evidence from you so far or anyone else that this -- the lack of this authority will have any impact on your ability to carry out investigations that so far. >> we view the isp as a third-party storage provider much like hard copy documents that are kept in a storage facility. and where hard copy are kept in a storage facility, we could go with notice to the person who uses that storage facility and try to obtain those documents by a subpoena. that is the analogy that would be appropriate in these circumstances. from our perspective, we do have instances in the past when we did issue isp subpoenas where we could show we obtained significant evidence in investigations for that purpose. as to the last number of years when we haven't used it, we don't know what we have lost.
11:29 am
>> i want to get your role, mr. cal breeze, on this. >> well, it is clearly our digital home. you would find much more sensitive information in the cloud than you would in my house, if you wanted physical documents. the thing i would also like to point out that we haven't touched upon here, the standard for accessing information in the civil context is very low. it is mere relevance. sit not a high standard of probable cause. also the number of things that a predicates, a civil agency has sort of simply mis-filling on out your taxes are much greater than the criminal predicates for a warrant. so we are talking building a much lower standard, much greater number of ways we can access information. that means we are potentially opening the cloud by civil agencies than we would by criminal agencies. and i think that's exactly that. >> mr. cessnery, give me just a
11:30 am
couple more seconds, mr. chair. you talked about cases. can you give me specific names of those cases? >> we have a number of cases. we are happy to provide it to your staff. an e-mail indicated someone was using an insider trading case. micro cap case where it showed control of corporations. whatever standard congress would like to meet, we are fine meeting that standard. we need some mechanism where the individual has deleted it or otherwise destroyed it. >> i think we have already discussed right now with post wore shack. you never needed that authority. my time has expired.
11:31 am
i yield back. >> i thank all the witnesses for being here. for anyone that can-can answer, if someone deletes an e-mail that he or she has already sent on out, would the isp be able to retrieve that at some point? >> i'd be happy to try answering that. it may vary from company to company. in most cases i think it's fair to say there would be some short period of time between the point of deletion and when the system purges the content that has been deleted. so there would be some period of time. that may vary from provider to provider. >> couldn't it be retrieved from the person to whom it was sent? >> it certainly could. there may be many communicants. >> even though i am w]=ñ of th
11:32 am
persons proudest of the work yoder has done, i think it's fabulous. i think it is important. my concern has been that we have left a provision on page 10, for example, that allows the governmental entity to apply for a court order so they can not inform the individual. and that's fine, to my mind, if there is a question oven dangering the safety of app individual. like the child that was talked about. i made the sure there was probable cause. i felt comfortable in '05 and '06 when the bush administration was ab $rñ assuring us we wouldr use national security letters
11:33 am
unless there was someone who actually had contact with an international terrorist or terrorist organization. we find out by july of '07, they said there were potentially thousands of abuses. they just sent them out. in the "new york times" there was a good article by moynahan talking about nicholas merrill. he fought to disclose the contents of the nsl. and then with the disclosures of snowden. yes, he committed an act of trees on but he exposed lies. when i saw verizon's disclosure on of all of their meta data i realized we were lied to by both administrations about what was
11:34 am
being sought. we were told that, look, you don't have to worry. there's a confirmed judicial nominee that's a federal judge. they will protect the constitution. there was no particularity at all. just give us everything on everybody you've got. the judge signed, okay, you want everything, here's everything. i couldn't believe it. so i'm not as comfortable with providing the exception that i'm sure was demanded by governmental entities. and i'm wondering if an excuse of destruction of tampering with evidence is enough to get an order saying we can avoid informing whoever sent the e-mail or whoever should have possession of the e-mail. we don't have to inform them. if we're concerned they might delete the e-mails?
11:35 am
really? that would always be a concern. so you could always, always, always get some judge somewhere that would sign off on that order. i know that now after seeing the disclosure by snowden. so i'm not comfortable that this is really going to be that helpful because of that massive gaping hole. on page 11 it says that basically the provider would have the burden of notifying the government at the end of the exclusion isary notice time. the provider has the burden of notifying the government. okay. my time is out b up. i'm not going to notify the subject of the warrant so that the government can do -- there should be no burden on the provider to do that. if the government wants to keep that secret, the government should try to extend it. i'm not sure it wouldn't be extended automatically virtually
11:36 am
in every case. you say we should not -- we've always protected documents and we shouldn't change that because it's in a cloud. i agree. but the isps say we check a box that say these documents aren't yours anymore. they're mine. i think we should have some legislations to tell isps, these documents are really the property of the person that created them, not the one who holds -- or provided the safe to put them in. >> the gentleman's time has expired. but the witness may answer. >> i share -- i will respond by saying i share your concern about the delayed notification provisions, especially the destruction of evidence portion of it. and i think others risk of physical injury and harm, those
11:37 am
are very good. it was added in the immediate aftermath of 9/11 as a cot fiction of a longstanding common law that developed in the courts of appeals that adopted various rules tpaor when they would delay notification. to this preexisted ekba. it has traourblly been one of those. that should be something that should change. for control of one's own personal data in the cloud, i think that there are certain degrees of information. so i generally tend to be comfortable with the idea that there's competition in the marketplace. and that if that's something that matters to you, there are service providers that will
11:38 am
promise they take no interest and will not process, not examine they may be more costly in other ways. i'm a free marketist on that one. >> thank you, mr. chairman. thank you to our witnesses for sharing your expertise and diverse perspectives with us today. i believe that all of us assembled here, those of us on the committee and the witnesses recognize that technology off evolves much faster than the law. this is a testament to the rapid pace of american innovation but represents a gap that must be addressed.
11:39 am
my first question is, does the sec currently use subpoenas to obtain the content of communications from internet service providers? >> we do not when we do not have consent of the provider. >> why not? it does not believe we do not have the authority under the statute. >> but you do not currently use it? >> we do not without consent. >> it acknowledges that the sec, off conducts investigations in parallel with criminal authorities. if the fbi needs a warrant to obtain my e-mail but the sec can object tape it less than
11:40 am
probable cause, why wouldn't they share my e-mail contents with the fbi. >> whatever standard congress establishes we are willing to abide by, even if it's probable cause. when we issue subpoenas -- >> wait. so your objection is not the standard but who makes the determination? probable cause finding a judicial consent is a warrant. >> a warrant is ex partee. the subskraouber doesn't have the ability to object. whatever objections they have, relevance, privilege, that provides additional protections beyond those with a warrant. to answer your question about the criminal authorities, any subpoena or other order we seek would be in advance of our
11:41 am
investigation. it would not be heft of criminal authorities. >> violations of civil law are much broader. if i fill out my tax form incorrectly or state this was a business expense when maybe it was a vacation, you can say, oh, i have probable cause to believe that by going through my e-mails i'm going to find out he was on vacation not on business trip. so what we are talking about, no matter what the standard is, is much broader access to americans's information. >> that has been stored for 180
11:42 am
days but can use lesser process for e-mail that was served for 181 days. if there consensus this rule is inconsistent with how we use e-mails today should it be eliminated? your written testimony you give a good list of the digital content we store on line. these forms of media merit protection is and is current law adequate. >> well, i certainly think that the court in wore shack believed it should extend to all of these contents of communication. my worry is that we don't know what the next new technology is going to look like. we don't know the next way to keep our communications private and confidential is. so we shouldn't be waiting and
11:43 am
ekba doesn't have a suppression remedy. we shouldn't wait 5, 10, 15 years for a court to find a strange case that allows them to say we have a reasonable expectation of privacy and communications. we all seem to agree that the content of communications should be protected by a warrant. >> thank you. i yield back. >> the gentleman's time has expired. the chair recognizes the . for being here. as my friend mr. gomert was, i was a criminal court justice for 22 years. felony cases. 20,000 cases or more. all that time i had law enforcement officers come to me with a request for me to sign a search warrant based upon their affidavit. and i signed a lot. and some i did not sign because
11:44 am
of the basics of the fourth amendment. the fourth amendment makes us different than every other country on earth. because of our history, it is uniquely united states history goes back to the british who wanted general warrants to kick in doors of warehouses in boston to see if the american colonists were storing demon rum they hadn't paid tax on yet. to me a general warrant is the same as a court order. like i said, i signed a lot of them. it makes no sense to me that the right of privacy is protected for six months but it's not protected more than six months. send a letter snail mail. and i put that in an envelope and i send it off to one of my
11:45 am
grandkids somewhere. it floats around america post office to post office and who else knows where until it gets to grandson is. it's protected. generally it's protected. it's a form of communication. when we use e-mails or store in the cloud, it's a form of communication wherever the cloud may be. so i think it's congress's responsibility to determine what the expectation of privacy is. it's not, god bless them, federal judges's responsibility. this is an expectation of privacy for americans. and when we enter the digital age, i don't buy the argument, welsh we're in in the dim tal age, you have to give up constitutional rights so we can have government investigate things. whether it's civil investigation, whether it's criminal investigation. i don't buy it. the fourth amendment gets in the way of that. it's a -- i think it is one of
11:46 am
the most important rights that we have. so it's our duty to set up a standard. over 300 members has signed on mr. yoder's bill. hadn't come up for a vote. ms. laughlin and i signed a similar bill in 2013. i want to get a vote on mr. yoder's bill. 340 members of congress agree. really? republicans and democrats see the importance of privacy. mr. cal breeze, let me start with you. i have a lot of questions. i have five minutes. the wore shack case, the sec lost the wore shack case. they did not appeal that, did they? >> no. the case was not appealed. >> it was not appealed. the sec, the way i get it, the sec wants a carve out for civil investigations. the way i see this legislation, it's to protect us from the sec.
11:47 am
and the irs, and the epa. because without this legislation, they could keep doing what they're doing. would you like to comment on that, weigh in on that? civil agencies snooping around in e-mails? the word snoop is my word. >> we have already seen is agency overreach. we saw it in this tea party investigation. no question it was an improper investigation. much broader category about people than anyone i think here is comfortable with. looking at what people are reading, looking at their donor list. as part of the civil investigation is wrong. and it disturbed me that if someone could have high relevant standard so low we might bring those into play, i think that's a problem. and i think that that's why we limit this very powerful authority to warrant being
11:48 am
supervised. >> judge, may i respond? >> not yet. you can respond in writing. because i have the same question for all six of you. the basis of a search warrant also requires there to be notice. under the current laws, use the as you can -- or use the irs. i like to use them better. they can do their investigation, their snooping, and the person being investigated doesn't know about it. is that correct, mr. cal breeze? >> it depends on the circumstances. sometimes notice is delayed. >> notice is delayed. >> sometimes notice is delayed. sometimes they do not know >> but would you agree it is part of fundamental fairness under the fourth warrant, that there is a search warrant, it is executed, and there was a return to the judge of what was seized or not seized. and eventually whoever a's house was searched they get notice of
11:49 am
the results of the search warrant? >> this is one -- >> the gentleman's time has expired, but the witness can answer. >> this is one of the most invasive things. they can be the subject of law enforcement scrutiny. so, yes, absent some compelling reason not to notify them, they absolutely deserve to know. >> i will ask that you submit answers to the record. >> you can submit as many as you would like. >> we should get the southern rule, we should get to talk longer than five minutes. >> we are just better of expressing ourselves with the southern execution. >> thank you. >> thank you so very much, chairman. i thank the witnesses. i want to engage in a give and take with mr. calabreze, mr. s is algado and mr. rosenleague if
11:50 am
i might. let me thank all of you for your series and acknowledge the wore i might. i will take the case as a circuit case. since that case, the warshack case, mr. cook, do you know whether or not the department of justice has used anything less than a warrant based on probable cause to compel a third party provider to produce the contents of a communication? do you all adhere to that? >> yes. >> let me move on, then. >> that was easy, thank you. >> thank you. to say that i come to this with a sense of trust of government, not to say that government is unworthy and consistently trying to undermine its citizens. but i am an adherent to the fourth amount and its value, and
11:51 am
its value with the founding fathers. so let me engage the three of you. one, i'm going to go to you, mr. rose enswayi rosenzweig, that matters relating to terrorism are excluded under this legislation. are you comfortable with that? >> very much so. it's at least my personal view that this legislation is appropriate. given the post-9/11 changes that have empowered our national security apparatus in ways that i think are appropriate, it's important to exclude from the coverage of this bill those issues. i think that's something that we can agree on. the construction provision that is in section 6, i guess it is of the bill, is perfectly appropriate to that end. >> i think it is important to make note of that.
11:52 am
i'm on homeland security as well. america is obviously on alert. but we've always said since 9/11 that we would not allow fear to instruct and guide our interpretation of the constitution. i want to go to mr. salgado. professor at school with the same name. do you know him? >> sadly, i don't. >> you'll be favored by his name. let me engage you on the value and sanctity of the fourth amendment, and whether or not in this interpretation of this bill, which i understand so many of us are on the bill, but 100,000 petitions are being sent to the white house to support it, whether it is obstructionist in terms of preventing law enforcement from doing their job. if you all engage? mr. calabrese will start and mr. salgado will finish. >> sure. i don't believe it is
11:53 am
obstructionist. you know, we're codifying what amounts to existing practice and existing protections under the fourth amendment. we're also saying that you should have noticed when someone does a search of your most private electronic home. to be clear, unlike a physical warrant where you get that notice immediately, we're actually delaying notice for ten days here, so that law enforcement's got a head start. >> absolutely. >> and then we're allowing a gag provision, which says that, you know, in important circumstances you'll never get that notice. i think these are all pretty basic protections for anyone. and honestly, if there are issues around the edges, i'm not sure that there are, but if there are, that's why we have markups, so that we can bring these issues forward, we can take votes on whether there's anything here that we should be concerned about. then we can get this bill to the floor. >> thank you, mr. salgado. i served as a judge and got a
11:54 am
lot of pc warrants for police officers. i had a responsibility to the police officers but also to the citizens to be able to inquire what the basis of this warrant was. that layer was placed in my hands. i think the american people place their protection in our collective hands. what do you think, what is your perspective on that? and maybe, mr. ceresney, you might want to answer that you're not hindered by the present sixth circuit interpretation. >> it's something that sets america apart from a lot of questions and gives us reassurance that well-meaning but perhaps poor judgment is overridden by the cooler judgment of a magistrate who doesn't have a particular interest in a case. it's significant for fourth amendment. it's no accident that that is the standard for valid warrants.
11:55 am
>> thank you. quickly, mr. ceresney, do you want to comment on that, as mr. yoder sits in the room on pins and needles wondering how we're going to treat his bill. >> the time of the gentlelady has expired, but the witness can answer. >> i think it's important for the judge to provide objective views on the matter. and that's why the order that we are proposing would be before a judge with notice to the subscriber, and the subscriber would be able to bring before that judge whatever objections they have to our seeking the e-mail. and that is actually the remedy that we're seeking in this case. we would try to obtain that e-mail from the subscriber. if we couldn't, we would go before a judge and tried to obtain an order, and the judge could be the effective fact-finder. >> mr. chairman, i like this bill. i like the bill before us. i look forward to it going to markup. >> thank you. the gentlelady's time has expired.
11:56 am
>> good afternoon, gentlemen. my question will be directed to mr. rosenzweig and mr. salgado, in that order. police speak to the trends of users moving to encrypted services, often hosted overseas to seek privacy, and how this might make us unsafe than if we had a clear framework in place. do you understand my question? >> i understand understand your question. i think to begin the answer, obviously the encryption discussion is slightly different than the one we're having now about the lawful access to content. what i would say about the encryption discussion is that it is essentially a reflection of the exact same impulse, which is that people are seeing increasingly the lack of privacy in their personal effects and papers. i like the idea of a digital
11:57 am
home, in their electronic home. to the extent that this congress does not take steps to protect that privacy by law, encryption is essentially citizens engaging in self-help and protecting themselves with their own capabilities. i would say that from my perspective, encryption is an idea. it's a mathematical truth. it's not suppressible. so if we do not regularize access through things like the proposal before you, that will provide comfort to citizens, they're going to engage even more, i think, in self-help. >> mr. sell gado? >> i agree completely with that statement. and i think to the point in your question about the movement of users to services overseas, i think that's a natural
11:58 am
consequence of the misimpression that the u.s. government has such easy access to the data of providers. it's not true. and this bill will help make it clear and will help prevent the fleeing of users to other services based on this misperception. >> thank you. mr. cook and mr. littlehale, i have 18 years of law enforcement behind me, prosecution, state and federal level. and as far as i'm concerned, what i've seen here since i've been in congress, and this is only my third term, the less federal government in my life, the better. basically what nsa has done, what irs, and there are many more we can get into, the overreaching and what i think the criminality that has taken place in these agencies. but being a law enforcement guy, and i've prosecuted many child abuse cases and pornography cases, if the two of you could quickly tell me what the
11:59 am
obstacle is to you, and how we can fix that. in the investigations that i had, i didn't want the person who was looking at and transferring and uploading and downloading child pornography to know at this point in my investigation that he or she was the target. could you please respond. >> and i'm concerned that we've lost sight of that issue and the emergency aid exception issue. if i could begin with that. the concern that we have is, many of these investigations, whether it's child pornography or any other type of investigation, many fraud investigations, involve dozens, sometimes hundreds or thousands, sometimes, in child pornography cases, of targets. for us to get the content and then have to let the target of the investigation know is a new discovery requirement that puts
12:00 pm
the partings, whether it's terrorism or otherwise, on notice that we're looking at them. it's unprecedented. i've said that, unprecedented in our law. >> what's the change that we can make? tell me collectively what changes you would like to see. >> thank you, congressman. if all we were interested in was extending and leveling the playing field, this rule would be a page long. the additional protections that the bill provides are one of the great reasons that we're concerned about it. and while i certainly think that we would like to have a conversation, i think those are a little bit more than issues around the edges. i mean, that's the body of our concern about the bill, is that when we get a warrant, we want it to mean something. that's true on the earlier point with respect to encryption. you know, if i serve a search warrant on somebody, i want access to that evidence, and in many instances i don't.
12:01 pm
if i want that from other places and it's denied to me because of delays or burdensome notice provisions, those slow me down and make me less effective as an investigator. i think this committee should take a robust review of what this bill -- >> my time has run out. would the two of you please put in writing and get it to me, what you think could be a remedy for this. and anyone else who wants to address that as well. listen, i am just as much a fourth amendment advocate as i am putting these people behind bars. and i wish -- no one should have to look at the photos and the kids that i've looked at, and you've seen over the years, and question as to why we need to have some delay before letting that person know that they're going to be arrested. i yield back. thank you. >> the gentleman's time has expired. the cheer recognizes the gentleman from new york. >> i thank the distinguished
12:02 pm
chair and the witnesses for your presence here today. i want to follow up on the discussion of my friend from the great state of the commonwealth of pennsylvania. mr. cook, i know you've expressed concerns as it relates to the notice requirement. i think in your testimony you referred to the provisions as a red alert tool that could notify an individual that he or she is under investigation; is that right? >> yes. >> and if you could just kind of walk me through a series of responses as it relates to the particular concern that you've got with the notice provision. because it's my understanding that section 4 permits up to ten days of delayed notice; is that right? >> that's correct. >> and is it your view that the ten days is inadequate?
12:03 pm
>> in our discussions already we've drawn parallels with the fourth amendment as it applies in other connections. everybody seems in agreement that that's the goal, is to make the bill parallel fourth amendment protections. but this bill does more than that, and here's why. for example, if you have terrorists working out of an apartment, a third party's apartment, and there is evidence in that apartment, we get a search warrant, search that apartment, there's no obligation for us to tell the terrorist that we've gotten evidence out of that apartment that can be used against him. >> right. but this bill doesn't necessarily impose that obligation. it's a default provision. but there are steps that the government can take under exigent circumstances. i wouldn't think that it would be sound public policy to create a law that simply applies in the instance of the terrorist context, when this is a country of people that values their privacy rights. there has to be an appropriate
12:04 pm
balance between the legitimate ability of law enforcement to help keep us safe and prosecute wrong dodoers to the full extenf the law, the and civil rights and liberties of american citizens; is that correct? >> as an e-mail user, you why agree more. i think the fourth amendment has already reached that billion. because in the analogy we've given you, when we serve that third party's home or service provider, that homeowner or service provider is within their rights to contact whomever they want to notify them. there's never been an obligation for the government to figure out who the evidence is going to be used against and to notify them. that's why i say this is unique in the law and i've never seen it before. >> now, as it relates to sort of the ten days delay, if the government concludes that additional delay is warranted, this bill, correct, provides for a court to make that determination that the notice
12:05 pm
can be delayed indefinitely, is that right? >> not indefinitely. there's a 180 delay limitation, then there's an obligation to reach back to the court. >> right, but after that 180-day limitation expires, they can go back to court and request another delay; is that correct? >> that's correct. there are narrow limitations on it. one of the limitations is if we can show there will be harm to another individual. but there are many advertisements when the harm could be to a community rather than an individual. and i wish i could report to you that all judges are reasonable and will always in the right circumstances limit that new -- or this new statutory notice rule. but the truth is that that just isn't how it works. in expanding these obligations on the government will come with great risk in serious cases. >> but there are times this an
12:06 pm
article iii judge, or a magistrate, could reasonably disagree with the government as it relates to privacy protections and potential overreach; is that correct? >> of course. of course it is. and there are times when that will -- that the disagreement will result in notification to -- under this newly-created rule, to targets of criminal investigations and alert them to allow them to flee or otherwise destroy evidence or otherwise engage in bad behavior. >> mr. calabrese, could you speak to the adequacy of this notice requirement, in your view? >> i believe it's a very strong notice requirement, and constitutionally appropriate, with a very strong delay procedure. one of the things that i'm struggling with a little bit is we're talking about a circumstance where i am going before the judge and getting a search warrant.
12:07 pm
at the same time i may get a delay of the search warrant. we're not talking about some separate process where i've got to go through an additional burden. when i get the warrant, i can also make the case that i must delay notice. that can happen for 180 days, before a provider or anyone else notifies the subject, they have to tell the government that they're going to do that, giving the government an ability to go back to the court and say, you know what, the reasons for our delay have not ended and we need to expand it. i think it's a very reasonable, very balanced approach that supports a fundamental constitutional value, one of notice that's embedded in the fourth amendment. >> thank you. i yield back. >> the gentleman's time has expired. the gentleman from texas, mr. ratliff. >> thank you, mr. chairman. as a former u.s. attorney, i'll always appreciate and listen to concerns expressed by law enforcement whenever congress proposes changes to a law that may impact your ability to do your jobs, because you're the folks who are working so hard to keep us safe.
12:08 pm
i want to certainly make sure you have the tools and resources and capability to make sure you can do that effectively. that being said, i strongly believe in an increasingly connected, complex, digital society, our laws have to be modernized to make sure they reflect the current technological landscape. as our technology is evolving, this increasinglily personal information is being stored on our phones, our fitbits, what we read, where we shop, who we communicate with. we've got to make sure we've got robust protections in place for that. i certainly don't believe that the fourth amendment protections that we all hold so dear and the needs of law enforcement are mutually exclusive. and i appreciate all the witnesses being here today to have a thoughtful discussion about that. mr. ceresney, i want to start with you, because from my perspective it seems like the
12:09 pm
sec has been the most vocal civilian agency in expressing concerns about modifying ecba. the fec doesn't appear to have served a subpoena on a commercial provider since the warshack decision. the sec's annual report last year, 2014, touted a record year, cutting edge enforcement actions, more cases than ever before, a number of first ever cases that spanned the securities industry. and i know that chairman white has testified that the sec isn't issuing subpoenas to third party service providers for content. given the record number of cases, enforcement actions and first ever cases brought by the sec, all done without encroaching on fourth amendment rights of americans, why is the sec asking congress to give it the authority to get content on something less than a warrant? >> we certainly have been successful, we think, in
12:10 pm
enforcing the securities laws. that does not mean there aren't cases that would benefit tremendously from e-mails we would be able to obtain from isps. i guess the point that i would assert is the fourth amendment is not violated but what we are proposing which would be an order before a judge, which a judge could issue with notice to the subscriber after the subscriber has an opportunity to raise whatever objections they have, under a standard that congress would establish. and from our perspective that does supply with the fourth amendment and it also balances privacy protections, because you would have an objective fact finder reviewing the situation, determining whether it is appropriate for us to obtain e-mails in that circumstance. and i can tell you that there are ongoing investigations now, which we have refrained from seeking those e-mails, which would definitely benefit from such e-mails. >> when you say what you are proposing, i mean, how have you been proposing it? >> we've had ongoing discussions with members of congress about these issues for the last couple of years.
12:11 pm
>> from my perspective, it seems like you've been altering your behavior for the last couple of years rather than coming to the committee of jurisdiction. i know when fbi has a problem, they come and let us know what it is and how we can fix it. >> we've been having ongoing discussions with the staff of both judiciary senate and house judiciary throughout this period. >> fair enough. thanks for that. mr. salgado, in your p.mtestimo i'm paraphrasing but you seem to be saying it's really just a codification of the status quo under warshack, is that right? >> that's accurate, yes. >> you don't think that hr 699 goes beyond the holding in warshack? >> i don't think it does. i'm happy to hear suggestions. but my review the warshack and the bill suggests they're very consistent.
12:12 pm
>> mr. calabrese, do you agree with that? >> i do. >> mr. rosenzweig? >> i think i do. i haven't checked precisely, know. >> i'm going to yield -- my time is about to expire so i'll yield back the balance of my time. thank you all for being here. >> the chair recognizes himself for questions. mr. salgado, there has been this emergency issue of emergency disclosure mechanisms. mr. littlehale in his written testimony says that the primary mechanism currently in law is voluntary. he also mentions companies are unable or unwilling to respond to law enforcement's demands in a timely manner. i think we would all agree that there is not going to be anybody that would deny the need from a law enforcement perspective. it seems to be implying there's something missing here. we did a little bit of research
12:13 pm
and based on the concerns that we saw, the publishing google's transparency report, it says google received 171 emergency enclosure requests and responded in 80% of the requests. i would like to hear your answer. can you explain why google responded to only 80% of these requests? break down that number for us. why couldn't the response rate be 100%, given what's been said by mr. littlehale here? >> sure, i would be happy to. i think the statistic you're referring to is in our transparency report, we've been publishing that number for a while here so that policy writers and others could get an idea. the number is relatively low, 171, compared to the type of legal process that we get. the 80% represents lots of different situations where the emergency doesn't justify the disclosure.
12:14 pm
often the case is that the identifier that's given to us in the emergency request doesn't actually go back to any real account. so there are some services out there where you can create an account using a google or any e-mail address. and it's not verified that there is such an address. they may use that account to threaten a school shooting or engage in other violent activity. the authorities, quite legitimately, will come to google and ask us for information about this account that was used to create the account that made the threat. we look in our system and there is no such account. so the response back is, we have no data to produce in response to this otherwise legitimate emergency request. that gets counted as a nondisclosure. that adds into the 20% where there was not a disclosure. there was no responsive data. that's probably the most common situation in that 20%. there may be other situations where the request is coming in, and the emergency is over. that the investigation is now actually about a historical crime.
12:15 pm
there is no ongoing threat to loss of life or serious physical injury, which means it's inappropriate to be using that authority to get the information. and we are able to at that point say this doesn't look like an ongoing emergency, we can preserve the information, and when you come back to us with the legal process, we can promptly disclose. >> real quickly, you went on with your answer long enough to bring up a question. are you making that determination, if the emergency situation is still ongoing? >> that's right. the statute -- >> not the law enforcement agency? >> the statute says that we are allowed to disclose if we have a good faith belief there's an emergency. >> mr. littlehale, when you testified in 2013 about the emergency disclosure issue, you said some providers make a decision never to provide records in the absence of legal process no matter the circumstance. can you identify the service providers that have a policy of categorically rejecting a request in the absence of a compulsory legal process? if not, why?
12:16 pm
>> as i stated at the time, i have made a decision not to identify, in the examples i give, specific providers, because i don't want to highlight a vulnerability in a public forum. >> i'll tell you what. you can submit that in a nonpublic forum. i'm really concerned here that we're making a categorical statement without categorical proof. >> i can certainly say anecdotally -- >> mr. littlehale, you made a direct statement. it wasn't anecdotally. i didn't start off by saying, anecdotally. you said in your testimony, providers make a decision never to provide records in the absence of legal process no matter the circumstance. that's a very direct statement against the business practices of internet providers. is it true? is it not true? do you have evidence or due not have evidence. >> i've been told that by providers. >> you do not have evidence. you made a statement that is not grounded in anything except anecdotally.
12:17 pm
>> i would suggest i do have evidence. i was told that by providers. >> i was told there was a santa claus but i found out real quickly that there wasn't. >> congressman, i would suggest that's evidence. if you choose not to believe me, then i suppose i can't help you with that. i've been told and agents that work for me have been told that in some cases. >> i'll just let that one sit. mr. ceresney, during an exchange with senator leahy in a senate hearing on this topic, you said with regard to phone calls you're not seeking authority that criminals have that civil agencies do not. you're essentially seeking more authority than the criminals have. isn't that contradictory? >> i don't think we're seeking more authority than the criminals have. >> what are you seeking? >> i'm sorry? >> then what are you seeking? i'll give you a chance to clarify that. >> what we're seeking is the ability to obtain e-mails after we try to obtain them from an individual


info Stream Only

Uploaded by TV Archive on