tv Forum Focuses on Overseas Data Warrants and Social Media Privacy Concerns CSPAN July 10, 2017 8:00pm-9:09pm EDT
, how police might have better access to social media data. is followed by theresa may telling members of the house of commons about her recent visit to germany for the g 20 summit. care, single-payer health and how it might work in the u.s. ♪ announcer: c-span's washington journal life every day with news and policy issues that impact you. tuesday morning, bloomberg news and real clear politics join us and discuss the week ahead in washington. also we talk about a george mason university report on the physical conditions of the states. washingtonwatch journal live at 7:00 a.m. eastern tuesday morning. join the discussion. now i look at
proposed rules that would give foreign police access to social media data on u.s. citizens here i. this took place on capitol hill and runs over just one hour. >> good afternoon. afternoon. this caucus is with the support from the chair side bob goodland and congressman anna and senator patrick leahy.
just a couple of housekeeping things before we begin. we are live streaming this event online. the audio and video will be available shortly after the on net caucus.org, and don't forget to follow us on twitter and use the hashtag cross border warrants. before we begin, we will be having our next event balancing national security and privacy, a panel on fisa 702 this friday at noon in this room. we hope to see you all here this friday. without further adieu, i like to hand this over to cary. she was formally at the department of justice. she'll be moderating this event today. thank you very much for joining us.
carrie: thanks everyone for joining us today. we welcome our audience of staff members here with us today on capitol hill. thanks to c-span for bringing this discussion to a wider audience. the congressional internet caucus has assembled a panel of experts to discuss the legal, policy and privacy issues involving cross board data request and court orders. i will briefly introduce the panelists. they are full bios are on available on the congressional internet caucus website. each of them have experience in government, academia and civil society and issues related to capitol hill. first to my left is richard downing, who is currently the deputy assistant attorney general in the criminal division of the united states department of justice. also to his left is jen dascal, who is an associate professor of
law. next is the legislative council at the aclu. at the other end of the table is stephanie with reform government surveillance, a coalition of leading technology companies, so welcome all of you. thank you for being here today. i will give a couple of opening remarks, then we will proceed with our discussion. just to frame the conversation. , we are all aware of the interconnectedness of our global communication. the location of people, their communication and their stored data is no longer fixed. our focus of today's discussion, as the title indicates, data warrants come across the pond, fighting crime while preserving privacy. our legislative policy proposal s exist to facilitate foreign governments obtaining a legal mechanism through which a foreign law enforcement agency
can obtain stored data held by u.s. communications company. in other words, can a u.s. company help another government 's investigation and still adhere to u.s. law? currently, if a foreign law enforcement investigator identifies the subject is using a u.s. based provider, that government needs to work through the mutual legal treaty process. the law, including communications privacy act, precludes u.s. companies from handing over certain data to other countries. that limitation is grounded in protecting the privacy of users and customers who use those services. the challenge of foreign government's ability to access data held by u.s. companies is one issue. what to do about the law lack of
clarity and how the u.s. government can access data held by u.s. companies when that data is physically stored outside the united states is another related issue. that issue involves the modern interpretation of the 1986 stored communications act. which is working its way currently through the courts. a cases next stop in that was brought by microsoft and concerns data that is held in ireland is currently will be with the united states supreme court. there are equities on all sides of these issues, including how to ensure that law enforcement can do its job consistent with the fourth amendment, how do protect the privacy of global users of a network communications infrastructure, and how to do right by private industry in a way that doesn't stifle innovation, lead to data
localization, and respect the challenges faced by global communications companies that maybe caught between competing laws of different countries. that there are sides to this issue, probably all the participants in this discussion agree that these various challenges exist and concerns that are expressed are legitimate. the question then is what comes next in terms of how to address these issues. what changes, if any, needs to be made to the united states law in order to accommodate these varying principles and objectives, and what would those legislative changes look like. before we get the discussions here,d, with my panel i will invite up for a few minutes chris randall and judd smith. mr. randall is the legislative director and counsel for representative hakeem jefferies from new york.
judd smith is the legislative council for tom marino of pennsylvania. they will speak for a few minutes to describe the legislative efforts that their members are engaged in. [indiscernible] [no audio] >> sorry about that. for the past two congresses, my bosses been working to find a solution for the legal questions raised by law enforcement access. the current legal framework provided, or the electronic communications privacy act was enacted in over 30 years ago, 1986. when congress debated in acting this legislation, the internet was in its infancy.
technology clearly left the law behind. it is time to bring the outdated law to address 21st century problems. until we address it, this issue will continue to rise in the last year's decision from the courts with growing frequency. last year's decision from the second circuit in the microsoft case laid out a clear directive for congress to act. he understands the needs of law enforcement to obtain evidence in a timely and efficient manner. at the same time, he recognizes the importance of following the rule of law and preserving privacy. in the 114th congress he introduced international as anications privacy act first of towards finding a legislative solution. in the 115th congress, we were excited to working with congressman jefferies to improve this bill. we have also been working with senator hatch and senator coons. this is true bipartisan effort. it is important that all parties , including privacy advocates, the d.o.j. and industry stakeholders have voice in this
discussion. our goal is to find a solution that aligns these interests. the second circuit celebrity, congress needs to act in order to clarify and update the law. i look forward to hearing the insights from the panel today. good morning everybody. thank you for having us. as my colleague just said icpa , come to us in 1986. over 30 years ago. needless to say, there is a lot that has changed in telecommunications law since. what we have is a scenario where tech companies are in a place why they have to figure out whether or not they are going to adhere to certain privacy protections or others. they have to make these difficult choices. foreign consumers are wondering whether or not tech companies are going to be able to adequately protect their privacy interests. theress has the role, responsibility as we did in 1986
to decide where the law goes under the circumstances. recently, the microsoft case decided that it cannot be used to permit territorial search warrant spirit our colleagues at the d.o.j. are seeking to get the supreme court's take on that decision, which is their prerogative. regardless of the higher court decision, it is our role here in congress to decide what the law is and how we're going to make this work for law enforcement for tech communities and for privacy. so with that said, you have representative hakeem jefferies from new york working with congressman marino from pennsylvania and colleagues over in the senate, senator hatch and coons, to find a solution that will reflect today's realities , that will balance our fundamental privacy rights and our law enforcement needs. so with that, we look forward to lively discussion and we will
take back all that is discussed here to our bosses. we hope soon that we will have a product that we can move that will make sense for everybody. >> thank you. thank you both for your remarks. we're going to turn now to our panel of experts. i'm going to start by asking richard downing from the justice department. richard, could you first describe starting with the issue of that have been of interest to the united states and united kingdom on foreign government and foreign company cooperation. first, what is the issue from the perspective from the justice department from a law enforcement perspective? what is the problem that you're trying to fix? and then two, what is the current status of the justice department's efforts to move this issue forward? >> sure. i think it's important to start with the problem as you point out. the paradigm case that i think
we should be thinking about is a situation where there is very serious crime imminent or has happened in a foreign country. let's say that u.k. in this case, and they are trying to solve that crime. it is a murderer. scotland yard opens an investigation. they search house and question witnesses. they seize a cell phones. they're and to do all the investigation except there's a chunk of their case that is not located in the u.k. instead, it is located in the united states because it is a social media account or e-mail account or whatever it might be. in that situation, they would normally go through the process m-lap process. that process is universal that's being too slow and not up to the needs of speedy and important investigations that are going on. the providers are also in a jam. they see the u.k. needing this data. the u.k. could issue their own
legal process and direct providers to comply. the u.s. providers are worried that if they did that for data stored in the united states, it would be in violation of u.s. law to disclose it. yet it is a very weird situation. why should u.s. law be controlling in this situation? it is her happenstance that data is stored in the united states. some have suggested that we bar awayke that fa and let u.k. law control completely and not worry about the location of the data. we've taken slightly different approach. the providers came to us some time ago during the last the providers came to us some time ago during the last administration and asked if we would work with them to come up with some sort of an arrangement where the blocking statute, the u.s. law that prevents the provider would be lifted in certain circumstances and certain countries. that's the genesis of this u.s., u.k. arrangement. in order for that to be
need to havewe congressional action to change the law. you'll see that idea was spawned in the last administration and now in this administration it has been taken up again. last year, we released a proposal and almost identical proposal released this year by this administration because it is practical, useful thing. it which has a number of important benefits. it helps our foreign partners, it's important that we support the needs of the u.k. and protecting his public safety. it supports the providers. it gets them out of this position being in between two countries laws, reduces the incentives for data localization. because countries that would like to sign up, would have to meet a series of robust privacy protections, it has the effect of raising privacy ideas across the world. it has also reciprocal benefits
for the united states in those situations where data maybe stored in the u.k. >> what are the two parts of the proposal? there's an agreement that have to take place between the two countries, then there is the legislative component. can you explain -- this isn't just a matter of congress passing law, there's different pieces that has to fit together. >> the idea is that in order for this to be worked out in a sort of way that does respect the need for a robust set of privacy safeguards and for robust civil liberties and what not protection, there has got to be a system for evaluating which countries would be appropriate for this. so the mechanism that we proposed there would be a bilateral agreement between the united states and that foreign country, and we would work out the terms of that. in order to have that happen, there has to be legislation that
lifts the blocking that is in current law. what the basic legalization says, if there is a bilateral agreement and it meets a set of really robust standards, in that situation, providers are entitled to disclose information in response to foreign court orders. those requirements are actually fairly stringent. it requires that orders for example, be individualized. there's no bulk collection. it requires that orders be based on credible facts and particularity so they are specific to individuals and there is a real basis for them. they are not allowed to target u.s. persons. this is about solving foreign crimes. it's not about targeting u.s. persons. u.s.ey want to target persons, then they have to use the existing legal process. it's a lot of stuff designed to make sure countries qualify for this and we entered in the agreements with our ones that we share basic baseline civil
liberties and legal systems that we can respect and agree with. professorlet me ask dascal. gaskel if you're looking for background reading, she has done lot of academic work, including long and on thees website. professor, can you then professor, can you then take what richard has described and explain for our audience what he just described sounds perfectly reasonable. to the initial server, what are they sticky issues come the points whereg
there are areas that still need to be worked through in order for congress to feel comfortable passing some type of legislation on this issue? >> thank you. i agree that this a very reasonable proposal. i think that it does mediate between the various privacy and security and sovereignty concerns. it is an approach that ought to be endorsed. there are critiques of it. i'll talk about those in a second. why do i say that? i say that for some of the reasons that richard talked about. we are talking about a situation in which a foreign government needs access for solving local serious crimes, and previously the foreign government used to be able to get that according to their own rules from their own providers, their own telecoms. , a variety of other sources, and because of the changing nature the internet, because u.s. companies control so much of the world's data, they are increasingly finding themselves in situation where they need access to data that happen to be
u.s. held and u.s. stored, and these countries understandably frustrated. that frustration is leading to a number of different incentives that i think really need to be addressed. it's leading to -- it incentivizes companies to mandate data localization. if the data is local, they don't need to deal with the u.s. and get it according to their own rules, privacy protected or not as the case may be. incentivizing foreignzin governments to increasingly seek access to data, extra territory territorially without regard to u.s. laws come so it is putting companies in the middle. they have to decide i can comply with one law. it's not just a it's not just a hypothetical concern. there's been an executive who have been arrested and detained because of failure to comply with foreign demands for data. when foreign governments get frustrated, they seek out other
surreptitious means of accessing data. i think we see here a link between the debate that we're talking about right now and debates with respect to decryption and finding ways around these problems. that is one of the reasons why i think this is so important and why i think the legislation offers pretty very reasonable response to this. because what it does, it does not require a u.s. company to provide data to foreign government. it simply lifts the bar in those situations where the u.s. and the foreign government had entered into agreement. it sets a number of really critical limitations. to governments, the foreign partner have be certified by the executive branch as satisfying basic rule of law standards. then each request in addition has to meet a number of criteria that richard talked about. most importantly, these foreign
governments cannot get access to the data of a u.s. citizen or legal permanent resident or any other person physically located in the united states. they also cannot get the data with the intent of then sharing the information with the united states and if they access the data of u.s. persons or legal permanent residents, they are required to put in certain protection in place. in addition, the request have to be particularized, targeted. there's limits under duration. there's a requirement of judicial review. i think where the critiques come in are with the specifics of what's required. there are suggestions that some of the language judicial review or oversight, not entirely clear what oversight means, it requires judicial review. there's other questions about the predicate factual standard. credible facts.
there's some who think it should be higher than that. i personally think one thing that should be included any my final bill would be some explicit mechanism that protects the company. they have any questions about whether or not request meets those standards, it would protect them, allow them to kick it up to the department of justice and kick in the other mutual legal assistance treaty process. so there's clearly minor modifications that i think that can be made to this piece of legislation, but as a whole, i agree with the basic premises. it is a reasonable approach and needed. .> thanks jen i will turn to nema guiliani from the aclu. why should we concerned about creating a legislative framework for a foreign government to request communications data from a u.s. company? >> sure.
first, thank you for having me at this panel. i'm really glad that we're discussing this issue. i want to say at the outset, i think that the aclu and largely many privacy and human rights groups disagree with the proposal. amnesty international, human rights watch in the aclu have come out in opposition of the proposal. i can't think off the top of my head of u.s. based privacy group that have done full throated endorsement of the d.o.j. proposal as written. i think the reasons are for couple of major reasons. the first is, we hear, richard said this and jen said this, this isn't about u.s. persons. this is about targeting people overseas. i think that that is a bit of a fig leaf. if i'm an individual in the u.s., we communicate with people overseas. obviously the standard that is going to apply to targeting of that overseas person affects collection of my data, my conversation with somebody overseas.
and so i think this idea that simply because a target cannot be someone in the u.s. that u.s. privacy interests aren't implicated is simply false. let's say the u.k. government wanted to collect a conversation i had with somebody in the u.k. they were investigating that citizen of the u.k. for a crime that had occurred. under today's system, they would have to comply with essentially the m-lap process which would require them to generally comply with a warrant standard. my data, my conversation with somebody in the u.k. is protected under u.s. constitutional standards. if that standard is dropped and it's the requirements are lessened and we can, that
affects my privacy. we are creating a system where incidentally you can collect the information about people in the u.s., citizens and green card holders, under standard that is lower than a warrant standard potentially lower than a warrant standard, and under standards that are lower than would apply to the u.s. government itself, so that i think is a significant concern. it's also a significant concern because the proposal as drafted doesn't prohibit foreign governments from voluntarily sharing information with a u.s. government in certain cases. information then can make its way in court and be used against somebody. that i think is major concern. the second concern has to do with exactly what it allows. the proposal doesn't just affect e-mail stored communications like e-mail, text messages, etc.. it also involves real-time interception, wiretaps essentially. in the u.s., under federal wiretap, congress, obviously reflecting the perception of the
public, put in place very stringent requirements for what applies to when the government can do a wiretap. for example, in the u.s., you can only do a wiretap for certain types of crimes. there are very robust procedures involving the handling of data. you see on tv, someone shuts of phone off when an irrelevant conversation happens. that is part of the wiretap infrastructure. there are notice procedures. you use wiretapping as a last resort when you exhausted other means of obtaining that kind of information. all of those protections are not required for foreign government s who wants now to wiretap using the apparatus created by the d.o.j. proposal. so essentially what you're saying is that foreign governments like the u.k. or other countries who may enter into these arrangements may not necessarily have to comply with the stringent requirements of the wiretap act that the u.s. government would have to comply it were to do a wiretap on someone in the u.s., so what
you're talking about is generally, potentially lowering of standards that doesn't apply to individuals overseas , including the conversations they maybe having with people in the u.s. >> ok, great. that's excellent outline of concern. we're going to come back there to question of stored data. before we do that, i want to turn to stephanie marks with reform government surveillance. so that stephanie can explain to us here, what are the equities , what is the interest from the u.s. based technology sector in these issues of creating a frame work for compliance with foreign government requests. thanks to thel, internet caucus for hosting this event. i think this is -- i actually think there's a lot of agreement on this panel about what the principles that we need to be protecting when we're talking about the difficult issue of when foreign governments can get
data about people -- can get data that lives outside the borders, often about people who are not their own citizens. it implicates complicated matrix of law that don't all talk to each other very well. i think the main disagreement is how to accomplish that while maximizing the ability of legitimate law enforcement need to get material that's related to terrorism and to help keep us all safe, while also maximizing on the curve the privacy protections of all the people who use the internet on a daily basis, so reform government surveillance is a group of 11 all thes that are companies that make the operating systems for this, have all the apps you use this, that enable us to communicate with each other on a day-to-day
basis. rgs formed shortly after the snowden disclosures to support the passage of u.s.a. freedom act. even more specifically, to provide a forum for companies to have detailed conversations about what exactly those reforms should look like and to make sure that everybody was really pulling on the same oar get the important reforms to section 215 done. going forward, the companies have similarly been concerned about other issues that implicate government access to data around the world, and the flip side, of course the privacy rights of the consumers that use these internet platforms all over the world. we have been very involved in fault in discussions about encryption, the european safe harbor and i've is a shield in existence. we have been involved in all
kinds of issues that have arisen in the congress over the past few years. downose would water privacy protections. we have been involved in suggesting reforms to 702 this year. the most important priority is to find a solution to these cross-border issues. we are very much in favor of the language that the department of justice proposed regarding moving the blocking and entering into a bilateral agreements on a limited basis. emphasize that there are five pages of requirements in the bill language. including limiting those reciprocal arrangements.
there are all kinds of ways that we can improve definitions in that language and processes in that language. to make sure that what we are doing internationally for ibis -- the material that these internet companies have is not theirs. it is the communication of consumers all over the world. when we look at solutions to figure out what governments can get this information and under what circumstances and what laws should govern that ability to have tormation, what we focus on is not -- is it -- is the inquiry over when we know it is a u.s. company? the data doesn't belong to microsoft or google, the data belongs to the
people having the conversations. think thedo they people are going to govern when a foreign government wants certain kinds of information? it is what sits at the crux of that. they are the ones with a data center here and a customer over here asking for that data. the ones trying to figure out which law applies, when they should comply, what the due process is. process -- emet lat process such asc it is, companies arespan talking about replacing it completely. they would only be available for governments that are rights- protective, substantive and
procedurally. this seems like a good solution for situations where governments througheed to get important situations quickly. thek selecting through issue of why it is so important to the technology sector. i want to come back to an issue that giuliani race which is the issue of electronic surveillance and in real-time the ability of foreign governments to request from u.s. companies real-time surveillance results. i will turn back to our department of justice representative and ask him two things. is this proposal geared toward law enforcement challenges? stephanie mentioned terrorism as
well. is this a national security problem? at his question one. and question two, does this doj administration proposal -- would it cover real-time surveillance? the ability of a foreign government to request the cooperation of a u.s. company in real-time surveillance? is,hat correct, and if it why is it part of the proposal? >> the way that the proposal frames it is that it covers serious crimes including terrorism. terrorism is often regarded as a national security matter. about spies spying on other countries or any
classic espionage. this is about serious crimes including terrorism falling into the category of criminal to the tea. this proposal would cover wiretapping and the wiretap act. we have to remember that the basic paradigm we should be thinking about is a crime in the u.k. and that the u.k. is trying to solve. you can imagine an organized crime figure in the u.k. and the need to wiretap that to see what their plan is or if they will commit a murder or something. it is fortuitous that the communication has to be in the united states. model of therrent way they are routed, that would
be done under u.k. law in the u.k.. that situation, i would say that is the default. if the u.k. person would call in and get set up on the wiretap, that person would have zero rights at all. in the u.s., they would have a lot of rights. the u.k. cannot target them, and there are a lot of regulations that they would have to comply with such as credible facts, particular richie, exhaustion of alternatives. end, they have to minimize the u.s. persons to get involved in that conversation. have thethen -- the bottom line
u.k.ike the u.s., the views this as a critical part of protecting public safety. if the don't have the thistunity to have arrangement to get access to it, it has the -- it does not solve the underlying problem where if they will insist on decryption disabilities or data regulation, or something else, they are facing serious terrorism and criminal threats. this is a fair and balanced approach for how to deal with that to avoid unnecessarily impinging on anyone's writes, but meeting the legitimate needs of the u.k. >> does anyone want to respond? >> that was so effective that no one has an answer. >> i will just reiterate.
if the u.s. government [inaudible] the wiretap act -- was it not on ? sorry. the wiretap act requires notice. the implication of third parties. allowing discretion for judges to order notice and information to those third parties and we are creating a framework that fundamentally doesn't have those that willuirements now be permitted by foreign governments. it's a way that could have very real implications for people in the u.s.. for information that can be collected by a foreign government and can make its way to the u.s. or a criminal proceeding even though it has not complied with the requirements of the wiretap act.
robust saying there is a set of requirements that apply to countries. from our perspective those requirements do not seem very robust at all. been far, you have described primarily in terms of the u.s.-u.k. relationship. they are an ally, they are a in collaboration and national security matters, but the legislative change is not country-specific. so what happens for the rest of the world? maybe there are a few other countries either in north perhaps or europe, who have -- similar to the united
states, maybe not the constitution, but similar judicial requirements -- what happens when other countries come knocking on the door wanting this same type of arrangement with u.s. companies? >> it is a great question about scalability. i want to step back and think about this problem a little bit. what we are facing, because of the way the internet is structured and the dominance of the u.s. companies, something that we as a nation have an , becausein promoting of those things, there is a the characterween of governments and things that used to be specific to their jurisdiction and things that move around and are not specifically located to their
territory. there are fundamental questions about who gets to set the rules. should the specific supply because the data happens to be located here? it's the same problem that we spoke about earlier with respect to the ireland case. should irish rule apply because it happened to be in ireland? ireland may not have any other equity in the case. stepping back and is worth asking some of those bigger questions. homee country that is the of so much of the world data, and has set some of the rules, there is a real opportunity to demand baseline standards and to try to harmonize the borders, with legitimate access and legitimate cases, so we do not
end up with increased falcon is asian. you might -- vulcanization. we might see a reduction of -- to your second question, if this legislation were passed, hopefully it is, there would be a u.k. draft agreement that would be implemented pretty quickly. my hope is there would be other country second meet the standards and can adapt minor changes to meet these standards. time, -- there are some interesting proposals that some people have started to talk about. peter swire has been writing about this that some countries can have specialized points of contact. you can have units in the
country that would not be explicitly required to deal with those standards. even if you do not trust all of india, you may trust a unit for that request. >> if i can turn to stephanie from the industry perspective, how are the companies who will be on the receiving end of these requests from other governments. how are they looking at the issue -- if this legislation work to pass, and this would serve as a model for other arrangements with other governments, how would the industry view the potential request downstream for agreements with other countries? industryens from the perspective when they might be
facing requests from india china come a brazil or other types of countries that have different legal and judicial systems. >> i don't foresee that several of the countries you just listed would meet these standards to enter into an agreement. i don't think that china will be high on the department of justice's list. that would enter into an agreement to go directly into technology company. upset if weould be were presented with such an agreement. there are other countries that could meet the standard and the most exciting thing about this proposal is that there are other countries who can not quite meet the standard, but with some
changes they can. it is important for them to get with u.s. companies that have the bulk of the information that travels the internet. that is something that is really important to the company, something that makes it possible for legitimate law enforcement asks to be met quickly. a make sure they are met in rights-protective manner and to raise the bar on privacy protections around the world. i know we will disagree on whether this particular proposal a couple shows that. if you would go point by point i thinkthe proposal -- it sets the bar higher than it is right now. it will be beneficial to consumers all over the world.
it will discourage them from blocking laws and enacting data localization laws. it will give clarity to people all over the world. we have very stringent due process requirements in this country. there are plenty of other companies that do not view the docedural part exactly as we , but they have a fair amount of inrsight and independence the way that they review and handle law-enforcement requests. to see if we can get other law enforcement to honor our requests. we are trying to maximize law-enforcement and privacy. >> it sounds like part of the
confidence trying to be instilled in this legislative it does and agreement, ory on judicial oversight some kind of institutional oversight that would take place ensureforeign country to that the request being made conforms with the fourth amendment and privacy principles to know that there is a process that was involved. how would that play out. allow the oversight so we can envision it a little bit to provide some comfort for those he might be concerned of the privacy and civil liberties per spec if. first layer of protection would be based on the foreign
law itself. the foreign country investigating a crime involving its citizens. legalt situation, the procedures and protections inherent in that set of rules would be the first line of travesty defense. to make sure that the agreement is being lived up to, there is an agreement of oversight done on a bilateral basis. where theprovisions united states would be able to make sure foreign governments are not intentionally targeting u.s. citizens. they will have the protocol in place in the practice is that it is being done directly. and the whole agreement must be ped everyry -- reup
five years. if a provider receives a piece of information from a foreign government, it could raise it with the united states. the united states may block any particular order if it is not in keeping with the agreement. the other thing a went to emphasize is that the congressional role is quite strong. there is a provision notice that would be provided to congress before any agreement goes into effect. this is the idea we happen trying to work in close partnership with congress all day long to make sure we are doing the right thing. that is the baseline, we are acting reasonably and trying to solve problems that meets the larger circle of equities
holders. those safeguards sound to the other panelists? >> i think that the standard and i will than -- the standard [inaudible] the first is the idea of individualized review. doj takes a look at that request and looks at it to examine whether it complies with human rights standards. reviewire individualized does not exist under the new framework. question whether companies have the ability and the resources to do a robust individualized review. the do not necessarily have the
incentive to do the same robust review. they are not on the hook monetarily, other than the reputation. replacinghat you are individualized review in and of itself is a flaw. we spoke about the congressional rules. i don't think a 60-day notification is as robust as it could be. fromy by in action congress certain agreements can go into place. the congressional role needs to be more robust. a lot of the standards are articulated in the legislation. ofmy mind it leaves a lot wiggle room for the u.s. to enter into agreements, particularly with countries that may have inconsistent or spotty
human rights records. with india or brazil, some of those laws largely aligned with the u.s., but in other cases, we would have serious concern. i think we should take a step back -- for years they have used the internet and used u.s. providers with an expectation that their communications would be subject to a certain level of privacy, not just from the idea that privacy is important, but because their life is on the line. we think about putting framework that leaves room for a lower standard to apply. that is something we should have to examine from a human rights perspective and think about the effect that could have on people all over the world. up in a fewpen it minutes to questions. --ant to ask the professor
most of this conversation has focused on the issue of this u.s.-u.k. agreement and what a foreign government wants to access data from a u.s. company. we mentioned the microsoft-ireland case. as you are thinking of questions, could you take a minute and distinguish the issue at play and the legislative proposal and how that is different and what is known as the microsoft-ireland case which the department of justice recently said is appealing to the u.s. supreme court? >> sure. the two-second summary, it is a case decided a year ago by the second circuit. the issue is the u.s. government served a warrant on microsoft. microsoft refused to comply on the grounds that the data from the u.s. government was located on a server in maryland.
had said it only territorial reach and could not reach data outside the united states. the government's position was that they can access it all the time, there is nothing extraterritorial about it. exercise territorial because it is being served on the authority but it can do everything the u.s. government would like it to do from the united states. the second circuit reversed it, they thought that it was microsoft and said at least according to the circuit, the only reach the data that is physically located within the united states. somehas been described by as a privacy victory. that for disagree with a moment.
for the whole conversation about the robustness of the u.s. war authority, in this case the u.s. government accessed the data based on probable cause which is standardally higher than other places around the world. if the net consequence is the u.s. would like data located around the united states it needs to go to that foreign country and access it based on its own rules which may be less privacy protected. microsoft organizes it self anymore location-driven approach and was able to say that it is an ireland. other companies, not as much. able to say was not it was what the u.s. government wanted. itis fixed the problem but
doesn't provide the information about where outside the united states. in some cases there may be no government that has access over the data with legitimate prosecution. there have been at least eight -- five magistrate judges that have ruled in favor of the government. as kerry just said, this case may be heard by the supreme court. i will say one more thing which is i think it would be unfortunate. i think that this case is more complicated than can be resolved in a simple, microsoft is right or the government is right. ideally, we would see the legislation we have already been talking about coupled with a fix to this problem of microsoft,
ireland that would basically set the default that the u.s. government, pursuant to a warrant, based on probable cause can access data without regard to the location but with some caveats that are meant to take into account the interest of foreign governments in citizens, their own not basin where the data is but the equities of foreign governments with their own citizens and own residence. do could require the courts what is known as a comedy analysis, taking some of these countervailing factors. otherare a couple approaches that have been discussed as well. audience to turn to questions. if you have a question, i will ask that you stand and waved to me.
we have a microphone that needs to make its way to you, so we can make sure that your question is heard. while someone is thinking of a question, i will propose a quick question to the panel. if you signal me, i know someone will have a question. a couple of times for the panel, we have mentioned data look all is asian. localization, and why is it bad from the government perspective and perhaps from the industry perspective? talking towe be congress about the legislative fix where one potential outcome is that we avoid global infrastructure moving toward data localization? >> it is when the government passes a law that requires the data be stored in a certain location. generally within that country's
borders. it can require that the data stay and not move from the servers in that country, or it can require that some copy of the data remain in that country. the problem is that can potentially rake the >> makes it difficult for cloud providers to be business consistent a better model and in a way that is consistent with how they useand their data, especially in an enterprise setting, where, you know, there are consumers, business enterprises, all kinds of different ways people are doing business internationally, on the internet, and that would eventually break the model and dictate the company is an unhelpful way to store their data bureau number two, there is a whole trove of data available in companies like -- in
countries like russia, for the russian government to get their paws in at will. no one is in favor of that. >> i think that we have heard a lot of talk about how these opoposals will stub data -- st data localization. i want to provide another perspective. to be clear, i'm not saying it would stop data localization. it would help disincentivize data localization. >> we have to realistically a proposal ont the its face is not necessarily prohibit data localization, and that is something to consider. the segment is that i think the issue of data localization is more complex. we have seen concerns over u.s. surveillance practices lead sun country to talk about data localization or some foreign companies to use that as a selling point. i does raise it to say that i questions surrounding
get a localization, while i agree with the concerns, are more complex, and we should not assume that this, in and of itself, will stop that from happening. more needs to happen. the congressional internet caucus tries to keep its events on time. i will give one a chance of someone have got a question. >> we have one question over here. if you could please identify yourself? >> robert thompson. my question is about masking what i'm going to call third parties who are in contact or who have been contacted by people overseas. the example is, you know, we can filter our linkedin contacts or facebook friends requests, but we cannot readily filter the on port or,ollow us cannot readily filter the people who send us private messages. how would your productions,
years -- protection, your safeguards, prevent innocent bystanders who have been contacted by someone from eastern europe or wherever, contacted by a criminal? how is the innocent bystander protected from being caught up? what masking techniques are available? or whatever else? >> thank you for the question. i will ask richard downey to speak briefly on the incidental collection of individuals who are not targets are subjects of investigation. >> sure, i think the scenario we should be thinking about is something like the u.k. needs to get a wiretap order to solve the out,crime and it turns they have someone in the u.s. with contacting them. i do not know that there is a single silver bullet way of answering this. i think it would be one of those
things that has to be worked out in the details, a protocol to make sure they were not , andtionally doing it investigators are looking to materials that have been intercepted, and they would be alert to the idea that there would be a u.s. person and if that were discovered, that would have to be minimized. would not be used except under specialized circumstances. right, minimized later. >> thank you. >> thank you very much. so, i know that we are -- i think we have reached the limit of our time. thank you all very much for joining us today. join me in thanking our panel. [applause]
[chatter] >> the white house is facing questions after reports this weekend that president trump tilde son met with the russian election,ing the 2016 who is believed to have damaging information about democratic presidential candidate hillary clinton. after some members of the senate intelligence committee expressed interest in meeting with donald trump junior, he indicated he would cooperate, saying in a tweet he would be happy to work with the committee to pass on what he knows. debbie white house press secretary, sarah huckabee about theas asked meeting which took place in early june. here is part of the exchange she had during today's off-camera
briefing. >> when did the ms president learn that that meeting had taken place? >> in the last couple of days is my understanding. >> are you concerned about that that they would take a meeting with the russian lawyer promising to give -- been on several campaign, and people call offering information. as i know many of you received similar called the people offering information. he took a very short meeting from which there was absolutely no follow-up. frankly, i think it may make sense that they coordinated research with the ukrainian industry. that is on the record action they took. if you're looking for an example of a campaign coordinating with a foreign country or a foreign
source, look no further than the dnc, who actually coordinated opposition research with the ukrainian embassy. no one in this room to my knowledge had a big problem with that. the only thing i see inappropriate about the meeting with the people of at least the information on the meeting after it was voluntarily disclosed. at this point, i would like to add that donald trump junior made a statement on this. the president outside counsel made a statement on this, and now i have as well. i will not add anything further. c-span, where history unfold daily. c-span was created of the public service by america's cable television companies, and is brought to you today by your cable or satellite provider. >> after returning from the g 20 summit in germany, prime minister theresa may addressed the house of commons about her visit with the world leaders. the prime minister reaffirmed
the u.k.'s commitment to the ands climate agreement personally urged president trump to reconsider pulling out of the accord. she also took several questions on trade relations with the e.u. and the u.s. after brexit. this is just over one hour. >> thank you. order. statement? >> the prime minister. thank you, mr. speaker. i would like to make a statement on the g 20. summit, we showed they played a key role in international responses. climate change, international development, migration, modern leading, conservation on issues that critically affect our national interests, but which can only be addressed by working together with our international partners. have, on terrorism, as we seen for the horrific attacks in manchester and london