Skip to main content

tv   Forum Focuses on Overseas Data Warrants and Social Media Privacy Concerns  CSPAN  July 15, 2017 3:30pm-4:35pm EDT

3:30 pm
jack kennedy had charisma. i think he possibly could have tipped the balance. >> for our complete american history tv schedule, go to c-span.org. >> c-span's washington journal, live every day with news and policy issues that impact to you. morning, reports on the security of the u.s. energy grid and recent hacks the systems. then lawrence noble discusses how u.s. election laws apply to interactions with foreign nationals or governments. and former u.s. ambassador to iraq will talk about the significance of iraqi forces retaking the ice is held city of mosul. be sure to watch c-span's
3:31 pm
washington journal. join the discussion. >> a look at opposed rules that would give foreign police quicker access. privacy advocates and legal scholars discuss how the proposal would be implemented and its potential impact. from earlier this week on capitol hill this is just over hour. this event is hosted in conjunction with the congressional internet off internet caucus.
3:32 pm
-- congressional internet caucus. this caucus is with the support of the cochairs from the house side, concentrationman bob goodland andcongressman anna and senator patrick leahy. just a couple of housekeeping things before we begin. we are live streaming thisevent online. the audio and video will be available shortly afterthe net caucus.org. don't forget to follow us on twitter and use the hashtag cross border warrants. before we begin, wewill be having our next event balancing national security and privacy, a panel on fisa 702 this friday at noon in this room. we hope to see you all here this friday. without further adieu, i like to hand this over to cary, she was
3:33 pm
formerly at the department of justice. she'll be moderating this event today. thank you for joining us. >> thanks everyone for joining us today. we welcome our audience of staff members and others in civil society here with us on capitol hill. to c-span for bringing this discussion to a wider audience. the congressional internet caucus has assembled a terrific panel of experts to discuss the -- legalvacy and policy and privacy issues , involved. involving cross board data request and court order. i will briefly introduce the panelist. they are full bios are onavailable on the congressional internet caucus website. each of them have experience in government, academia and civil society and issues related to capitol hill. downing,t is richard who is currently the deputy
3:34 pm
assistant in the criminal division of the united states apartment of justice. also an associate professor of law at american university. next is giuliani, who is legislative counsel at the aclu. at the other end of the table is a coalitionith it of leading technology companies. thanks for being here today. i'm going to proceed with our discussion. are all aware of the interconnectedness of our global communications. the communications of the store data is no longer fixed. data lawrence from across the pond, fighting crime while
3:35 pm
preserving privacy. painting a legal mechanism through which a foreign law can obtain agency stored data held by u.s. communications companies. can a u.s. company help another government's investigation and still adhere to u.s. law? currently if a foreign law-enforcement investigator identifies that a subject of an investigation is using a u.s. based provider, that government needs to work through a mutual legal assistance treaty process. the communications privacy act actually precludes u.s. companies from handing over certain data to other countries. that limitation is grounded in protecting the privacy of users.
3:36 pm
challenge of foreign governments ability to access data by u.s. companies is one issue. what to do about the laws lack of clarity and how the u.s. government can't access data held by u.s. companies when that data is physically stored outside of the united states is a another related issue. issue involves the modern interpretation of the 1986 stored communications act. as which is working its way currently through the courts. its next stop in a case brought by microsoft is currently next going to be with the united states supreme court. there are equities on all sides of these issues, including how to ensure law enforcement can do its job consistent with fourth
3:37 pm
amendment, how to protect the privacy of global users with a network communication infrastructure and how to do right by private industry in a way that doesn't stifle innovation, lead to data localization and respect the challenges, like global communications companies that may be caught in competing laws of different countries. probably all of the participants in this discussion agree various challenges exist and concerns that are expressed our legitimate. address?ion is what to what would those legislative changes potentially look like? the discussion started i'm going to invite up just for a few minutes chris randall and jed smith.
3:38 pm
legislativeis the director and counsel for representative jefferies from new york and jed smith is legislative director and counsel for representative tom marino of pennsylvania. they will describe the legislative efforts that there members are facing. >> sorry about that. boss has been working to find a solution for the legal questions raised by law enforcement. or current legal framework the electronic munication's privacy act was enacted in 1986 and is woefully inadequate for the world we live in today.
3:39 pm
when congress debated and enacted legislation, the internet was in its infancy. and most were a far cry from the interconnected world we depend on today. it is time for congress to bring the outdated line to the present to address the for century problems. this issue will continue to arise in our court. a clear directive for congress to act. as a former district attorney and u.s. attorney, understand -- need of law enforcement in a timely and efficient manner. in the 114th congress he introduced the communications act, or icpa. we have also beenworking with senator hatch and senator coons.
3:40 pm
this is truly a bipartisan effort. commerce needs to act in order to clarify the law. i am hopeful congress will be at the come to an agreeable solution. i look for to hearing the insights from the panel today. >> good morning, thank you for having us. as my colleague just said, icpa come to us in 1986. over 30 years ago. a lot has changed in telecommunications. tech companies are in a place where they need to figure out whether or not they're going to adhere to certain privacy protections or others. they have to make these difficult choices.
3:41 pm
congress has a role and a responsibility to decide where the law goes under the circumstances. thaticrosoft case decided it cannot be used to commit extraterritorial search warrant and colleagues at the doj are now seeking the supreme court's decision. regardless of the high court's decision, it is our goal to decide what the law is and how it will make for law enforcement and tech communities. you have congressman -- from new york. and senator hatch and senator kunz to find a solution that
3:42 pm
will reflect today's realities, that will balance our fundamental privacy rights and our law enforcement needs. we look forward to a lively discussion and we will take back all that was discussed here to our bosses and we hope soon that we will have a product that will move for everybody. >> thank you for your remarks. we are going to turn to our panel of experts. i'm going to start by asking richard downing from the justice department. could you first described, starting with the issue that has been of interest to the united states and united kingdom on foreign government and foreign company cooperation. what is the issue from the perspective, from the justice department, what is the problem you are trying to fix? the -- andm what is
3:43 pm
then what is the current status of moving this issue forward? it is important to start with the problem. the. i'm case is a serious crime imminent or it has happened in the foreign country. and they are trying to solve the crime. they are waiting to do almost all of the investigation but there is a piece of evidence, a chunk of the case which is not located in the u.k.. in that situation they would normally have to go through the and lack process. universally is andled of being too slow
3:44 pm
not up to the needs of speedy and important investigations that are going on. the providers are also in a jam. they see the u.k. needing this data. the u.k. could issue their own legal process and direct providers to comply. the u.s. providers are aware if they did that for data stored in the united states, it would be in violation of u.s. law to disclose it. which has certain requirements. yet, it's a very weird situation. why should u.s. law be controlling in the situation. it's pure happenstance. some have suggested that we andld take that far away let u.k. lost control completely and not worry about the location of the data. we have taken a slightly different approach. to us somers came time ago and asked if we would work with them to come up with some sort of arrangement where the blocking statute, the u.s. law that provides compliance
3:45 pm
would be listed in certain circumstances and certain countries. that is the genesis of this arrangement and framework. we need to have congressional action to change the law. you will see of course that idea was spawned in the last administration and now in this administration it has been taken up again. proposal we released a and perhaps an identical proposal was released this year by this administration. it is a practical useful thing. it supports the providers, it gets us out of the provision of being between the country's laws. it introduces this incentive for data localization. countries that would like to
3:46 pm
sign-up have to meet a series of robust privacy protections. it has the effect of raising privacy ideas across the world. it has also reciprocal benefits to the united states and the situations where data may be stored in the u.k.. >> what are the two parts of the proposal? is an agreement that has to take place between the two countries and there is a legislative proposal. this is in just a matter of congress passing a matter of congress passing law, there are pieces that have to it together. >> in order for this to be that does in a way respect the need for a robust set of have a cc guards and robust civil liberties, there has to be a system for evaluating which country around the world would be appropriate for evaluating this.
3:47 pm
the mechanism would be a bilateral agreement between the united states and that foreign country, and we would work out the terms of that. there has to be legislation that lifts the blocking of its in current law. what the legislation says is if there is a bilateral agreement and it meets a set of robust aredards, providers entitled to court orders. those court orders are stringent. it requires orders be based on articulable and credible facts so they are specific to individuals and there's a real basis for them. they are not allowed to target u.s. persons. targeting u.s. persons and they wanted the target u.s. persons they would have to use persist -- use existing procedures.
3:48 pm
it's a lot of stuff designed to make sure that these countries that qualify for this, and that we venture into the agreement with our ones that with we share libertiesline civil and legal systems that we can respect and agree with. professor -- the if you're looking for any sort of ground reading on this issue the professor has done a lot of academic work on this issue, including long form articles and a number of posts on the just security website. can you then take what richard has described and explain for our audience what he just described sounds perfectly reasonable. to the initial observer. who are the sticky issues? who are the sticking points? of where there are areas that still need to be worked through in order for congress to feel comfortable passing some type of legislation on this issue?
3:49 pm
>> thank you. thanks for putting on this terrific panel. i agree that this is a very reasonable proposal. i think it does mediate between the various privacy, security, and sovereignty concerns. there are critiques of it. i'll talk about those in a second. why do i say that? i say that for some of the reasons that richard talked about. we are talking about a situation in which a foreign government needs access for solving local serious crimes and previously the foreign government used to be able to get that according to their ownrules from their own providers, their own telecoms. and because of the changing nature of the internet, because
3:50 pm
u.s. companies control so much of the world data, they're increasingly finding themselves in situations where they need access to data that happen to be u.s. held and stored. these countries are understandably frustrated. that frustration is leading to a number of different incentives that i think really need to be addressed. it's leading to -- it incentivizes companies to mandate data localization. they get it according to their own rules, however privacy protected or not. it's also incentivizing foreign governments to increasingly seek access to data, extraterritory territorially without regard to u.s. law. it's putting companies in the middle. they have to decide i can comply with one law. it's not just a hypothetical concern. there have been executives who
3:51 pm
have been arrested and detained because of failure to comply with foreign demands for data. when u.s. law for hibbitts them from doing so and when foreign governments get frustrated, they seek out other surreptitious means of accessing data. see here athink we link between the debate thatwe're talking about right now and debates with respect to decrypt. that's one of the reasons why it this is so important, and why i think the legislation offers a pretty very reasonable response to this. what it does, it does not require a u.s. company to provide data to foreign government. it lifts the bar in those situations where the u.s. and foreign government have entered into agreement. it sets a number of really critical limitations. the governments the foreign partner have becertified by the executive branch as satisfying
3:52 pm
basic rule of lawstandards. then each request in addition has to meet a number of criteria that richard already talked about. these foreign governments cannot get access to data or any person physically located in the united states. they also cannot get the data with the intent of them sharing the information with the united states and of the axis the data from a legal residents they are required to put in certain protections in place. they have to be targeted, there are limits on duration. i think where most of the critiques come in, the specifics of what is required, there are suggestions that some of the oversight, require actual judicial review.
3:53 pm
the there are questions about the predicate standards. there are some who think it should be higher than that. i personally think one thing that should be included in any final bill should be some --licit in that can is him explicit mechanism, so they have any questions about whether or not the request meets the standards it would allow them to pick it up to the department of justice and taken the other mutual legal assistance treaty process. there are clearly minor modifications that can be made to this piece of legislation. the basic premise. >> i'm going to turn to giuliani for the aclu. i'm going to ask you to weigh in on the privacy and civil liberties concern that may exist with this proposal. should we be concerned about
3:54 pm
creating a legislative framework for a foreign government to request communication data from a u.s. company? >> i'm really glad we are discussing this issue. i want to say at the outset that i think the aclu and many privacy and human rights groups us agree with the proposal. international, the aclu has come out in opposition of the proposal, i cannot think on the top of my head of a u.s. based privacy group that has done a whole endorsement of the doj proposal as it is written. i think for a couple of major reasons. the first is, when richard said this and jen said this, this isn't about u.s. persons, this is about targeting people overseas. i think that is a bit of a fig leaf. if i am an individual in the
3:55 pm
u.s., we communicate overseas. obviously the standard that can apply interpreting that overseas person affects the collection of my data, my conversation with somebody overseas. idea that simply because a target cannot be someone in the u.s., u.s. privacy interests are implicated is simply false. let's have a concrete example. governmenthe u.k. wanted to collect a conversation and their investigating that person for a crime they -- they would have to comply with the process that would require them to generally comply with a warrant. my data, my conversation is protected under u.s. constitutional standards. drop and theard is
3:56 pm
requirements are lessened and weekend, that affects the privacy. we are creating a system where incidentally, you can collect the information about people in under a standard that lower, andotentially under standards that are lower that would apply to the u.s. government itself. that is a significant concern. drafted and has dozens are prohibited from voluntarily sharing information from the u.s. government. that, i think is a major concern. the second concern is exactly what it allows. the proposal doesn't affect email stored communications. it also involves real-time
3:57 pm
interception. congress obviously reflecting the perception of the public, putting in place when the yournment can do a wiretap. can do a wiretap for certain types of crimes. there are robust procedures. that is part of the wiretapping infrastructure. you generally use wiretapping as a last resort. all of those are not required governments using the apparatus in the geo pay proposal.
3:58 pm
foreign governments who may enter into these bilateral arrangements may not necessarily have to comply with the stringent requirements of a wiretap of the u.s. government would have to. is ayou are talking about lowering of standards as it applies to individuals overseas. >> that is an excellent outline of the concerns. we are going to come back to this question of stored data versus wiretapping. i want to turn to stephanie. the equities? what is the interest from the u.s. based technology sector in these issues of creating a framework for compliance with foreign >> first ofequests? all thanks to the internet caucus for hosting this event.
3:59 pm
i actually think there is a lot of agreement on what the principles are that we need to be protecting when talking about the issue of when foreign -- canents can get data get data that lives outside its borders, often about people who are not their own citizens. implicates a complicated matrix of laws that don't always talk to each other very well. i think the main disagreement is how to accomplish that while maximizing the ability of legitimate law enforcement's needs and to help keep us all safe, while also while also maximizing the
4:00 pm
privacy protections of all the people who use the interneton a daily basis. foreign government surveillance see group of 11 companies that are all the companies who make are this -- make the operating system for this. have all the apps that you use on this. to enable us to communicate with each other on a day-to-day basis. rgs formed shortly after the snowden disclosures to support the passage of u.s.a. freedom act. even more to providea forum for companies to have detailed conversations about what exactly those reforms should look like and make sure that everybody was really pulling on the same and get the important reforms to section 215 done. pulling on the same oar get the important reforms to section 215 done. going forward, the companies have similarly been concerned about other issues that implicate government access to data around the world, and the flip side, of course the privacy rights of the consumers that use these internet platforms all over the world. we have been very involved in
4:01 pm
fault in discussions about encryption, the european safe harbor and i've is a shield in existence. we have been involved in all kinds of issues that have arisen in the congress over the past few years. downose would water privacy protections. we have been involved in suggesting reforms to 702 this year. the most important priority is to find a solution to these cross-border issues. we are very much in favor of the language that the department of justice proposed regarding moving the blocking and entering into a bilateral agreements on a limited basis. emphasize that there
4:02 pm
are five pages of requirements in the bill language. including limiting those reciprocal arrangements. there are all kinds of ways that we can improve definitions in that language and processes in that language. to make sure that what we are doing internationally for ibis -- the material that these internet companies have is not theirs. it is the communication of consumers all over the world. when we look at solutions to figure out what governments can get this information and under what circumstances and what laws should govern that ability to have tormation, what we focus on is not -- is it -- is the inquiry over when we know it
4:03 pm
is a u.s. company? the data doesn't belong to microsoft or google, the data belongs to the people having the conversations. think thedo they people are going to govern when a foreign government wants certain kinds of information? it is what sits at the crux of that. they are the ones with a data center here and a customer over here asking for that data. the ones trying to figure out which law applies, when they should comply, what the due process is. process -- emet lat process such asc it is, companies arespan talking about
4:04 pm
replacing it completely. they would only be available for governments that are rights- protective, substantive and procedurally. this seems like a good solution for situations where governments througheed to get important situations quickly. thek selecting through issue of why it is so important to the technology sector. i want to come back to an issue that giuliani race which is the issue of electronic surveillance and in real-time the ability of foreign governments to request from u.s. companies real-time surveillance results. i will turn back to our department of justice representative and ask him two things.
4:05 pm
is this proposal geared toward law enforcement challenges? stephanie mentioned terrorism as well. is this a national security problem? at his question one. and question two, does this doj administration proposal -- would it cover real-time surveillance? the ability of a foreign government to request the cooperation of a u.s. company in real-time surveillance? is,hat correct, and if it why is it part of the proposal? >> the way that the proposal frames it is that it covers serious crimes including terrorism. terrorism is often
4:06 pm
regarded as a national security matter. about spies spying on other countries or any classic espionage. this is about serious crimes including terrorism falling into the category of criminal to the tea. this proposal would cover wiretapping and the wiretap act. we have to remember that the basic paradigm we should be thinking about is a crime in the u.k. and that the u.k. is trying to solve. you can imagine an organized crime figure in the u.k. and the need to wiretap that to see what their plan is or if they will commit a murder or something. it is fortuitous that the
4:07 pm
communication has to be in the united states. model of therrent way they are routed, that would be done under u.k. law in the u.k.. that situation, i would say that is the default. if the u.k. person would call in and get set up on the wiretap, that person would have zero rights at all. in the u.s., they would have a lot of rights. the u.k. cannot target them, and there are a lot of regulations that they would have to comply with such as credible facts, particular richie, exhaustion of alternatives. end, they have to minimize the u.s. persons to get
4:08 pm
involved in that conversation. have thethen -- the bottom line u.k.ike the u.s., the views this as a critical part of protecting public safety. if the don't have the thistunity to have arrangement to get access to it, it has the -- it does not solve the underlying problem where if they will insist on decryption disabilities or data regulation, or something else, they are facing serious terrorism and criminal threats. this is a fair and balanced approach for how to deal with that to avoid unnecessarily impinging on anyone's writes, but meeting the legitimate needs of the u.k.
4:09 pm
>> does anyone want to respond? >> that was so effective that no one has an answer. >> i will just reiterate. if the u.s. government [inaudible] the wiretap act -- was it not on ? sorry. the wiretap act requires notice. the implication of third parties. allowing discretion for judges to order notice and information to those third parties and we are creating a framework that fundamentally doesn't have those that willuirements now be permitted by foreign governments. it's a way that could have very real implications for people in the u.s..
4:10 pm
for information that can be collected by a foreign government and can make its way to the u.s. or a criminal proceeding even though it has not complied with the requirements of the wiretap act. robust saying there is a set of requirements that apply to countries. from our perspective those requirements do not seem very robust at all. been far, you have described primarily in terms of the u.s.-u.k. relationship. they are an ally, they are a in collaboration and national security matters, but the legislative change is not country-specific. so what happens for the rest of the world?
4:11 pm
maybe there are a few other countries either in north perhaps or europe, who have -- similar to the united states, maybe not the constitution, but similar judicial requirements -- what happens when other countries come knocking on the door wanting this same type of arrangement with u.s. companies? >> it is a great question about scalability. i want to step back and think about this problem a little bit. what we are facing, because of the way the internet is structured and the dominance of the u.s. companies, something that we as a nation have an , becausein promoting of those things, there is a the characterween
4:12 pm
of governments and things that used to be specific to their jurisdiction and things that move around and are not specifically located to their territory. there are fundamental questions about who gets to set the rules. should the specific supply because the data happens to be located here? it's the same problem that we spoke about earlier with respect to the ireland case. should irish rule apply because it happened to be in ireland? ireland may not have any other equity in the case. stepping back and is worth asking some of those bigger questions. homee country that is the of so much of the world data, and has set some of the rules,
4:13 pm
there is a real opportunity to demand baseline standards and to try to harmonize the borders, with legitimate access and legitimate cases, so we do not end up with increased falcon is asian. you might -- vulcanization. we might see a reduction of -- to your second question, if this legislation were passed, hopefully it is, there would be a u.k. draft agreement that would be implemented pretty quickly. my hope is there would be other country second meet the standards and can adapt minor changes to meet these standards. time, -- there are some interesting proposals that some people have started to talk about. peter swire has been writing
4:14 pm
about this that some countries can have specialized points of contact. you can have units in the country that would not be explicitly required to deal with those standards. even if you do not trust all of india, you may trust a unit for that request. >> if i can turn to stephanie from the industry perspective, how are the companies who will be on the receiving end of these requests from other governments. how are they looking at the issue -- if this legislation work to pass, and this would serve as a model for other arrangements with other governments, how would the industry view the potential
4:15 pm
request downstream for agreements with other countries? industryens from the perspective when they might be facing requests from india china come a brazil or other types of countries that have different legal and judicial systems. >> i don't foresee that several of the countries you just listed would meet these standards to enter into an agreement. i don't think that china will be high on the department of justice's list. that would enter into an agreement to go directly into technology company. upset if weould be were presented with such an agreement. there are other countries that could meet the standard and the most exciting thing about this
4:16 pm
proposal is that there are other countries who can not quite meet the standard, but with some changes they can. it is important for them to get with u.s. companies that have the bulk of the information that travels the internet. that is something that is really important to the company, something that makes it possible for legitimate law enforcement asks to be met quickly. a make sure they are met in rights-protective manner and to raise the bar on privacy protections around the world. i know we will disagree on whether this particular proposal a couple shows that. if you would go point by point i thinkthe proposal --
4:17 pm
it sets the bar higher than it is right now. it will be beneficial to consumers all over the world. it will discourage them from blocking laws and enacting data localization laws. it will give clarity to people all over the world. we have very stringent due process requirements in this country. there are plenty of other companies that do not view the docedural part exactly as we , but they have a fair amount of inrsight and independence the way that they review and handle law-enforcement requests. to see if we can get other law enforcement to honor our
4:18 pm
requests. we are trying to maximize law-enforcement and privacy. >> it sounds like part of the confidence trying to be instilled in this legislative it does and agreement, ory on judicial oversight some kind of institutional oversight that would take place ensureforeign country to that the request being made conforms with the fourth amendment and privacy principles to know that there is a process that was involved. how would that play out. allow the oversight so we can envision it a little bit to
4:19 pm
provide some comfort for those he might be concerned of the privacy and civil liberties per spec if. first layer of protection would be based on the foreign law itself. the foreign country investigating a crime involving its citizens. legalt situation, the procedures and protections inherent in that set of rules would be the first line of travesty defense. to make sure that the agreement is being lived up to, there is an agreement of oversight done on a bilateral basis. where theprovisions united states would be able to make sure foreign governments are not intentionally targeting u.s. citizens. they will have the protocol in place in the practice is that it is being done directly.
4:20 pm
and the whole agreement must be ped everyry -- reup five years. if a provider receives a piece of information from a foreign government, it could raise it with the united states. the united states may block any particular order if it is not in keeping with the agreement. the other thing a went to emphasize is that the congressional role is quite strong. there is a provision notice that would be provided to congress before any agreement goes into effect. this is the idea we happen trying to work in close partnership with congress all day long to make sure we are
4:21 pm
doing the right thing. that is the baseline, we are acting reasonably and trying to solve problems that meets the larger circle of equities holders. those safeguards sound to the other panelists? >> i think that the standard and i will than -- the standard [inaudible] the first is the idea of individualized review. doj takes a look at that request and looks at it to examine whether it complies with human rights standards. reviewire individualized does not exist under the new framework. question whether companies
4:22 pm
have the ability and the resources to do a robust individualized review. the do not necessarily have the incentive to do the same robust review. they are not on the hook monetarily, other than the reputation. replacinghat you are individualized review in and of itself is a flaw. we spoke about the congressional rules. i don't think a 60-day notification is as robust as it could be. fromy by in action congress certain agreements can go into place. the congressional role needs to be more robust. a lot of the standards are articulated in the legislation.
4:23 pm
ofmy mind it leaves a lot wiggle room for the u.s. to enter into agreements, particularly with countries that may have inconsistent or spotty human rights records. with india or brazil, some of those laws largely aligned with the u.s., but in other cases, we would have serious concern. i think we should take a step back -- for years they have used the internet and used u.s. providers with an expectation that their communications would be subject to a certain level of privacy, not just from the idea that privacy is important, but because their life is on the line. we think about putting framework that leaves room for a lower standard to apply. that is something we should have to examine from a human rights perspective and think about the
4:24 pm
effect that could have on people all over the world. up in a fewpen it minutes to questions. --ant to ask the professor most of this conversation has focused on the issue of this u.s.-u.k. agreement and what a foreign government wants to access data from a u.s. company. we mentioned the microsoft-ireland case. as you are thinking of questions, could you take a minute and distinguish the issue at play and the legislative proposal and how that is different and what is known as the microsoft-ireland case which the department of justice recently said is appealing to the u.s. supreme court? >> sure. the two-second summary, it is a case decided a year ago by the second circuit. the issue is the u.s. government
4:25 pm
served a warrant on microsoft. microsoft refused to comply on the grounds that the data from the u.s. government was located on a server in maryland. had said it only territorial reach and could not reach data outside the united states. the government's position was that they can access it all the time, there is nothing extraterritorial about it. exercise territorial because it is being served on the authority but it can do everything the u.s. government would like it to do from the united states. the second circuit reversed it, they thought that it was microsoft and said at least according to the circuit, the only reach the data that is physically located within the united states. somehas been described by
4:26 pm
as a privacy victory. that for disagree with a moment. for the whole conversation about the robustness of the u.s. war authority, in this case the u.s. government accessed the data based on probable cause which is standardally higher than other places around the world. if the net consequence is the u.s. would like data located around the united states it needs to go to that foreign country and access it based on its own rules which may be less privacy protected. microsoft organizes it self anymore location-driven approach and was able to say that it is an ireland. other companies, not as much.
4:27 pm
able to say was not it was what the u.s. government wanted. itis fixed the problem but doesn't provide the information about where outside the united states. in some cases there may be no government that has access over the data with legitimate prosecution. there have been at least eight -- five magistrate judges that have ruled in favor of the government. as kerry just said, this case may be heard by the supreme court. i will say one more thing which is i think it would be unfortunate. i think that this case is more complicated than can be resolved in a simple, microsoft is right or the government is right.
4:28 pm
ideally, we would see the legislation we have already been talking about coupled with a fix to this problem of microsoft, ireland that would basically set the default that the u.s. government, pursuant to a warrant, based on probable cause can access data without regard to the location but with some caveats that are meant to take into account the interest of foreign governments in citizens, their own not basin where the data is but the equities of foreign governments with their own citizens and own residence. do could require the courts what is known as a comedy analysis, taking some of these countervailing factors. otherare a couple approaches that have been discussed as well.
4:29 pm
audience to turn to questions. if you have a question, i will ask that you stand and waved to me. we have a microphone that needs to make its way to you, so we can make sure that your question is heard. while someone is thinking of a question, i will propose a quick question to the panel. if you signal me, i know someone will have a question. a couple of times for the panel, we have mentioned data look all is asian. localization, and why is it bad from the government perspective and perhaps from the industry perspective? talking towe be congress about the legislative fix where one potential outcome is that we avoid global infrastructure moving toward
4:30 pm
data localization? >> it is when the government passes a law that requires the data be stored in a certain location. generally within that country's borders. it can require that the data stay and not move from the servers in that country, or it can require that some copy of the data remain in that country. the problem is that can potentially rake the >> makes it difficult for cloud providers to be business consistent a better model and in a way that is consistent with how they useand their data, especially in an enterprise setting, where, you know, there are consumers, business enterprises, all kinds of different ways people are doing business internationally, on the internet, and that would eventually break the model and dictate the company is an
4:31 pm
unhelpful way to store their data bureau number two, there is a whole trove of data available in companies like -- in countries like russia, for the russian government to get their paws in at will. no one is in favor of that. >> i think that we have heard a lot of talk about how these opoposals will stub data -- st data localization. i want to provide another perspective. to be clear, i'm not saying it would stop data localization. it would help disincentivize data localization. >> we have to realistically a proposal ont the its face is not necessarily prohibit data localization, and that is something to consider. the segment is that i think the issue of data localization is more complex. we have seen concerns over u.s. surveillance practices lead sun
4:32 pm
country to talk about data localization or some foreign companies to use that as a selling point. i does raise it to say that i questions surrounding get a localization, while i agree with the concerns, are more complex, and we should not assume that this, in and of itself, will stop that from happening. more needs to happen. the congressional internet caucus tries to keep its events on time. i will give one a chance of someone have got a question. >> we have one question over here. if you could please identify yourself? >> robert thompson. my question is about masking what i'm going to call third parties who are in contact or who have been contacted by people overseas. the example is, you know, we can filter our linkedin contacts or facebook friends requests, but we cannot readily filter the
4:33 pm
on port or,ollow us cannot readily filter the people who send us private messages. how would your productions, years -- protection, your safeguards, prevent innocent bystanders who have been contacted by someone from eastern europe or wherever, contacted by a criminal? how is the innocent bystander protected from being caught up? what masking techniques are available? or whatever else? >> thank you for the question. i will ask richard downey to speak briefly on the incidental collection of individuals who are not targets are subjects of investigation. >> sure, i think the scenario we should be thinking about is something like the u.k. needs to get a wiretap order to solve the out,crime and it turns
4:34 pm
they have someone in the u.s. with contacting them. i do not know that there is a single silver bullet way of answering this. i think it would be one of those things that has to be worked out in the details, a protocol to make sure they were not , andtionally doing it investigators are looking to materials that have been intercepted, and they would be alert to the idea that there would be a u.s. person and if that were discovered, that would have to be minimized. would not be used except under specialized circumstances. right, minimized later. >> thank you. >> thank you very much. so, i know that we are -- i think we have reached the limit of our time. thank you all very much for joining us today. join me in thanking our panel. [applause]

7 Views

info Stream Only

Uploaded by TV Archive on