Welcome to our conversation with titled security versus security. We welcome Monika Bickert of producte head policy and counterterrorism at facebook. We are here to do a review of a new movie because no news has broken since then, in m onikas orbit. We met at the aspen security um, and my main focus was why no one ever puts likes or comments up when i post pictures. Will address some of the news of the day, but it want to do that at the end, because i want to make sure we spend a lot of time at the beginning talking about the great and incredible ika and facebook are doing in the counterterrorism space, which is the goal of this country goal of this company. The frame we wanted to lay out here is, i know many of you have likely been to panels in which it is titled, security versus liberty. Security versus privacy. And my view, shared by many others, sometimes that is in it is an inappropriate lenso view this debate. And i would suggest it is inappropriate for two reasons. One, it implies a mutually exclusive balance. You know in our football or sports cultures, one has to be winning or losing. Up, for some us really complicated things. So we titled this, security versus security because there are a lot of things that fromtry is doing, whether and encryption standpoint, because it is equally important from what Law Enforcement is doing, fulfilling their obligations. Second, we will spend some time at the end, is there are some really important things facebook is doing to preserve free speech. We will talk about that. If you look at monikas biography, and incredible career in public service, a federal prosecutor, worked in thailand, southeast asia, where else monika . Chicago, d. C. , as a federal prosecutor. Is a real leader. It is great to have her here. Without any more intro from me, title,alk about your head of product policy and counterterrorism. I think that is an industry first. When i told people i was doing that interview, people said what . Facebook as a what . Been the head of our product policies for more than four years now at facebook. That entails overseeing our people candors, what advertise, how people can advertise and target it. Basically, any way people can use our products. But about a year and a half ago, when people can we were trying to double down on terrorist content, propaganda and terrorists attempting to use social media, we felt as a company that we needed when leader of those efforts. Because what you have our on technicalrking tools to remove terrorist content. And reviewers, who have to be specialists in recognizing terror propaganda, and the groups pushing this. You have government requests and former Law Enforcement agents, that in the wake of an attack, they were all working on counterterrorism but it was not unified team. So we decided to launch that position. I became interested it in it and asked if i could do both, and i was really lucky and i am now eating both of those. Though i have product policy and counterterrorism, separately. Little at thes a outset, about facebooks mission to make the world more open and connected, and protect freedom of expression and privacy. How do you address those issues . Monika sometimes those issues are intention, and sometimes they are not intentioned. Facebook was created to connect people. Our ceo, mark zuckerberg, has talked about the value in bringing people together and trying to establish immunities. Establish communities. Part of that means we have to protect speech and the ability for people to express themselves how they want to express themselves, and connected very freely with each other. Some of that will only happen if you have privacy. At the same time, we know people wont come to facebook if they dont feel safe. So for us, it was changing the mission to bring people to a place where people could Exchange Ideas and feel safe. Privacy means you have the ability to control who sees your content, and when. It also means, facebook adhering to privacy laws, which are different in different parts of the world. And, make sure we are only providing data, whether it is organic data or ask, when we are required to. Security means we dont have our site used for things like, running terror attacks are sexually exploiting children. And there were many other things, that those privacy and Security Issues will bring to mind, but those are some areas, there is no tension. We can really strike to have both in those areas really work together. Andyou mentioned encryption yption encryption is something we use in a variety of ways and facebook. It doesnt mean we want to our part to support the Legal Process or government requests. Terrore is a crime or a attack, we can and do provide data to Law Enforcement. It doesnt mean we also wont use encryption to make sure we keep peoples data safe. There are reasons that that protect, in addition to privacy, protects security. Whether it is protecting health or sensitive financial information, or sensitive government information. To say it is too easy that privacy and security are at odds with one another. I want to circle back on some of the point you made. I dont want to drill down in more detail about the specific effort you are focused on, over the last two years, especially the last year, utilizing human moderators and algorithms. So there is a human side, and a tech side, when we are talking about this content online. Tell us how you utilize both of how you balance that in furthering your interests . Monika when it comes to enforcing our policy, im going to focus now on our content policies. Policies about terror propaganda. You have policies against hate speech, sharing personal information, intellectual property misuse, the list goes on. When we enforce our policies in any one of those areas, we use a mix of human viewers and automation, or different types of technology. Sometimes artificial intelligence. Sometimes it is a little more rudimentary. But theres always a next. I will give you an example of where this works really well, and an example of where it doesnt. If you think about terror began to, or Child Exploitation or child pornography, often this is image space. We can use Technology Like recognizephoto, to child born images at the upload very because that technology matches a new uploaded image to an image we already know about recognize childerie and we can say, we knw image is bad, we can october ported to the National Center for missing and exploited children, and it never hits the site. No person at facebook even has to see it. So, that can be a very good use of technology. Thinking about hate speech, our speech byround hate the way, are increasingly nuanced. To 2s to be applied billion peoples posts around the world. So we are talking about a lot of different cultures, a lot of different languages, a lot of different ideas about what is ok to share. Our hate speech policies aim to remove any attack against a person or a group of people, based on that persons protected characteristics, like race, religion, gender, gender identity, and so forth. There are many ways that you could use words that could be a could be an attack, and use them in a way that is not attacking anybody. Like, this morning on the subway, somebody called me, x. I think we need to have a conversation in our society about the word x. That is something where automation has a much harder time. Iu can use Machine Learning, love for in these terms around like i am some sort of engineer, im not, i just learned from engineers. But, you can use Machine Learning to build a pacifier. You take a whole lot of data about good uses of this word and bad uses of this word, and you feed it through this machine and wild, a while, fromand aftea you can use that classifier to say, this is good or bad. They will send that to human reviewers. Up for them the stuff that is likely to be good or bad. When it comes to a lot of our policies, especially hate speech and harassment, human review is important. Now, you had a 4500 member team working on that. You have made a commitment to increase that to 7500. Is that right . Is, whenlain what that we use words some people will call, moderators. That gives the impression of people are looking at everything posted on facebook. That is not the case. The way that the process works is anytime you see something on facebook you think should be there, you can report it, whether it is a photo or a post. You can use information 12 these are people who sit around the world in a different locations. Decide whether or not the content that has been violates policies. If it does, they take it down. Message to the person who reported the content saying, here is the decision. Sat a year ago it is now it now has 3000 more people. Facebook has 21,000 employees. 2 billion users. If a piece of content is reported, we will use a combination of automation and human reveal. If it is reported to us 500 times, we dont review it 500 times. We will review it a few times. We will put protection on it so we dont content continue to review it. Like, i like this sports team and my team won, and you are angry. This post gets reported a lot. Can you talk about jesus standards the reviewers are using yet the standards the reviewers are using . Dozens of languages. The guidelines for reviewers have to be objective. Used tors, we are looking at criminal law. Case, we will look and see whether or not standards were met. You are using reviewers around the world and need decisions to be the same on a specific piece of content. Fromer that photo is someone in the United States or india or ireland, you have to try to take that person any bias out of it. The review guidelines we write our intentionally are i ntentionally objective. If you look at our policies the standard you would want to have would be, if it is sexual, we will take it down. Artistic, we will leave it up. That is the ideal standard. If you sit people in a room, they will not agree. You end up writing guidance that and wontecific necessarily reach the right result in every case. You were sometimes going to look at a photo and say, our policies leave that up . You will always have edge cases. But there is value and objectivity. We write guidance for these , at leastand updated every week. Sometimes more frequently if there is something in the public we are responding to. We will make decisions and provide ongoing guidance. Most facebook members are outside the u. S. More than 85 . A myriade faced with of International Laws. T,lk about how you balance tha and how those run against u. S. Constitutional laws. This is a really interesting landscape. And a challenging. We have seen a number of lawsries either pass new or become more rigorous about online speech. Standards their standards are tighter almost always been u. S. First amendment standards. You have the First Amendment protections, the Facebook Community standards. There are other things we do under our standards that are not illegal under us law. You often have International Laws around things like hate speech. Or sharing of propaganda supporting a terror group. Where it is criminal speech. Cghave seen the german net law that requires social Media Companies to delete from their illegal any manifestly content. To understandd and enforce these german laws on the site. It is an interesting landscape because it draws into tension having one of borderless community, which requires having one set of standards, where, if i am sharing it with friends, we all see the same thing and share it together, versus a set of standards where you are satisfying different governments and cultures. Maybe even individuals. System or thisat uniform, global system. You cant have both. We have been trying to walk that wereor years, by saying going to have one global set of community standards. If a government tells us about a piece of content and they say, wes is a legal, illegal, review it andteam see if it is consistent with their laws, and then we will decide whether or not we shall comply. There are a lot of factors that would go into that, including, is this political speech against government . How many people would be affected . If we decided to remove it, we do it only in that country. We then publish that fact in our government to request report, which we put out every six months. If you look at this government request report, we have had an increasing number of requests from a number of countries. That forld talk about hours. I want to go back to domestic Law Enforcement. And your work with government. The San Bernardino events, ofsaw a ramping up government versus industry. I would like to talk about your work with Law Enforcement. Talk about those efforts and what you have done. There are two primary ways. Request, we go through a solid Legal Process. And when we will proactively provide information. Weh regard to responding, have a mechanism through which Law Enforcement requests user data, if they provide the appropriate legal plot Legal Process for their country. There are restrictions around what we can provide and we only provided this user data when compelled. That is requesting user content from a country outside the United States, the appropriate avenue for that would be the legal system. They submit their process. They might have to go through u. S. Authorities to get content. A Team Response to those requests. Manned. Nnel is we sometimes get emergency requests. If there is a terror attack, missing persons, and Law Enforcement submit something, we need to respond right away. Manned. Nnel is always there is a box to check if it is an emergency. We will respond right away. Sometimes we will become aware of an imminent threat of harm on without a Legal Process. Someone planning a terror attack. We wouldve proactively refer to Law Enforcement. Any other comments or andghts on the encryption, from an industry perspective whyhy in encryption that is so critical to the role of protecting privacy . Hopefully people in this room have some familiarity with encryption and why it is important for protecting privacy. We hear about hacks all the time. What i hope will happen in the near future is that people will become more knowledgeable about the different types of encryption and the values and costs. It is not as simple as saying encryption is always good and there is no cost. It is not as simple as saying any use of end to end encryption is bad for security. Nuanced topics. All do aswe can people who work in the field is get the word out that there are different types and uses of encryption, and pros and cons especially with ended to end encryption for National Security. Facebook has been in the subject of a commander in chief tweet about the situation going on relative to news and the accuracy of news that is out there. The influence of foreign powers in our collection. Mark zuckerberg in our election. Mark zuckerberg highlighted nine taking afterk was out theueller pointed out 3000 advertisements purchased by the russian entities. Yourt for us a little bit efforts in this space. Founder our founder posted about this last thursday. I would ask you all to go watch it. What you will come away with is we take this seriously. We want facebook to be a place where there is political discourse. Where candidates are free to discuss their views and ideas. And where people can challenge that and engage in the sort of speech you should have. Service to beour exploited. That is why we did this initial investigation. We undertook this on our own two undercover any abuse of our service during election. Our chief Security Officer put a post up about disinformation on facebook. He talked about the efforts we were undertaking to try and identify any abuse of the platform during the 2016 election. And now we have come out with our findings. And now we have come out with our findings. We are still looking and we will keep looking, both at what is happened in the past, and make sure we are Getting Better at stopping any abuse. We are cooperating with governmental authorities. That means disclosing the advertisements. We are cooperating with the special counsel into the congressional inquiry and the congressional inquiry. We are going to focus on a transparency on transparency in our advertis ements. You create a facebook page, your page is about your bakery. From your page, you can run advertisements on facebook, where you dont necessarily have to link back to your page. Were going to start moving towards improving our transparency, so that when you see an advertisement on facebook, you can see who is behind it. You can see the other advertisements that page is running a. Is running. We are ramping up engagement with election commissions, around the world, so we can understand some of the issues they think they might encounter. And we can get ahead. We hired more content reviewers. Specialists at facebook working on election integrity. We have committed to doubling that number and tiring than hundred new people on those ng severalnd hiri hundred new people on those teams. You talk a little bit about the actual process to purchase advertisements . We have millions of advertisers. Most ads are self serviced. Page, and set up a they can promote a post. You are prompted to enter payment information. Onhave a check in place payment to make sure we are compliant with laws. Pick to whom you would like to target your ad. That ad goes live. It is reviewed before it goes live, with a combination of and some systems manual revealed. If you tried and some manual review. If you try to upload an advertisement with the word cocaine, that will trigger revealed. But ads are dynamic. Very small advertisers. A lot of small businesses. Important landscape. When it comes to political anyone can run a political advertisement. You can go on facebook and run it. We want to make sure we are being transparent. This might be the last question. To get at preventing the impersonation and the fake questions. How do we deal with that . Butjust the transparency, how do we make sure people are who they say they are . Facebook is somewhat unique among social media platforms. We require people to use their real name. If you set up a facebook account and use mickey mouse as your name, we will try to detect that. We will look to see if that is your real name. We may ask you for identification. If we determine the account is fake, we remove it. Even if the content on the profile is completely fine, we will remove it. The ads we have been talking about the reason we remove those is because they were coming from inauthentic accounts. Tollis a really powerful for us, requiring authenticity. Not all social media platforms do that. We need to make sure we are integrity ofe conversations on elections. That is something we will talk about. This will take us a while to figure out. We would like to invite you to come back next year and give us progress on where you are at. Time is up. We could spend another hour with monika. Please join me in thanking her. [applause] were going to transition to tom. Let kenoing to introduce our special guest. I wanted to express thanks to tom for taking the time to join us. We appreciate it. We have had a good conversation so far. We will certainly be contributing to that. Eye of literally in the several storms. I will leave you in moderately good hands. And i i took 12 steps to recover. Ken. Let me turn it over to introducece and guest. Cial good afternoon. I had the distinction of trying to it is a bit of a misnomer. It is a treat to be here. To be here with my friends and colleagues. It is a pleasure to be here with tom. He has deep experience in the Homeland Security area. In 2008, whenhim i came on as Homeland Security adviser. I came in as the guy who would do something about Law Enforcement. Little about resiliency. Theoked around at people in Homeland Security council who i thought would be helpful, and could help me get up to speed. Part way through my tenure, tom became deputy. I relied on him. It was a particular pleasure for me to see him do a fantastic job. Being here. Ou plate,he things on your which is always fall, always full. With everything from my enforcement to counterterrorism to Natural Disasters from Law Enforcement to counterterrorism to Natural Disasters. That makes it particularly complicated during hurricane season. Thank you for being here. To tee up some t opics. I am still in the denial stage of my 12step recovery. If you introductory remarks. A few introductory remarks. It is my honor to speak to this group. A lot of you here have taught me what it is i think i know. I will be respectful of giving you my opinions here. You probably still no more than me. Know more than me. Monika does a great job. What they do to take terrorism related information off of the open internet is breathtaking and remarkable. Kudos to them and the other social media sites. Monika and i took a picture of ourselves in front of a bar that has been named isis. We jokingly said we should post this and see if the odd rhythm algorithm can detect this and take it off the site. Efforts withika support her being nominated for a a lot of accolades. Would it support her being nominated for a lot of accola des. Did you end up going into the bar . No. We did not. Yesterday, was the 70th anniversary of the national Security Council. Today, we commemorated that inside the building. 250person, h. R. Mcmaster and i, let this conversation. It struck me the national Security Council and its staff has evolved quite a bit. Anniversary is interesting now to note in 2001, it made more changes in the previous 16 years than in the prior 50. It includes hurricanes, Cyber Threats. It has been interesting to watch that team. Us tee up some topics. Something right in the heartland of your response abilities. The nfl. [laughter] i prefer to stand. Hurricanes. I prefer to stand. The national Security Councils slate of nowhere as much as the Natural Disaster recovery response effort which is now an essential part of the national Security Council operations. Given your deep experience, dating back to the trina, if it if you would give us an idea of the particular challenges presented to you by each of these hurricanes. Even with an eightyear break in Government Service, i have been in some management role since 2003. It did make me an equally competent, im not sure about qualified, to sit and manage this process. I could not the any happier with the federal government response. It was an unprecedented hurricane season. We have a long road to go. With puerto rico. I do not want to do a victory lap. The fact that we have done it backto back to back to i could not be any prouder. There is a bigger observational answer. The nsc structure has always been staff organized around regions. Even when you and ive look at the history even when you and i look at the history of it, we look at regional problems. The regional governments present as the biggest National Security threat. Realized that we needed a functional organizational model. The Homeland Security counsel concept and it up with a aunterterrorism director and Cyber Security directorate and the preparedness and response directorate. These are functions that are translatable skills that can move to any region in the globe and they are transnational in nature. They include this all hazards concept. A number of things can be large consequential that they literally threaten the National Security, and our ability to maintain our economy. Consequential that they literally threaten the national the Biggest Challenges to contain the of facts of going into a spiral. With hurricane katrina, we came close to losing that handle. There were Power Outages that twost led to the loss of big pipelines that supply the east coast. That cascaded into the oil markets. Two big pipelines thatwhat we try tn first. Take sure the president is aware of those big picture items. And make sure there is a competent and organized federal government response. The idea of supporting the jobrnor and not doing his is paramount for me to stress. We have had governor abbott, Governor Scott do a bang up job and the governors of alabama and georgia as well. Now, we havewe have had governo, two governors in territorial islands that could have easily folded under this pressure, and they did not. The governor in the Virgin Islands is working around the clock. He is showing every leadership instinct. It is pretty inspirational. Marshaling the resources of 12 navy ships and all of the Marine Support that you would a threestar general to marshall and he is doing it effortlessly. Same goes for the governor of puerto rico. And he is dealing with unique problems. What we have done with puerto ricomarshall and he is doing it effortlessly. , the governor has not lost control. We have a our business model. Not because they are incompetent or because they lack some skill or leadership quality. But because they have lost capacity. If you look at the energy andoration workers there, the emergency staff that support the local municipalities, 80 lost their homes so they are victims as well. They are survivors but they have suffered. We are augmenting their capacity. Not at a state level but a local level. We are helping them pull resources. Pool resources. That is something we learned after katrina. That is where we are. We are doing well. The governors are doing well. Citizens arecan showing resilience and compassion like the people of texas. Were criticizing the Administration Today for not leaving the jones act for not waiving the jones act. Whether you agree with the merit of the law come it has been in place for a long time and we often waive it when we need excess capacity. To augment the u. S. Fleet and bring needed commodities into the affected areas. We did that with texas and florida. The entire florida peninsula requires shipment. We did not do it for puerto rico. Some areing saying that we are being less supportive of the puerto rican people. Not true. Problem is capacity and requirement. We have plenty of u. S. Flag vessels. That that is in your way. Had thelem was once you refined product to the ivan, you distribute it on the ground. But the problem is not getting it to the island. The message here is that we have american supplies being shipped i American Flag vessels to help american citizens. Puerto rican citizens are american citizens. This is a good news story and for people thinking otherwise, i commend you to the jones act. Fair enough. Take a couple of minutes and give people a sense of the role of the national Security Council. And the lifecycle of a disaster. Im not sure people really understand the centrality of the role. In any context, cyber, orrorism, or in the domestic concept it is not just domestic. We had an earthquake when we were in unga and hurricanes. You balance it and there has been some evolution in the last 70 years. The idea is that the national is to getouncil staff over the policymaking hell. Options for the president. And make recommendations for the president. Two different things. They have to be feasible options and wellinformed suggestions. And then we have to help the president , once he makes a decision, on the other side of the hill, track implementation. That is where you can get in trouble. Tracking implementation and getting on top of it can be done properly. We can have a sustainable number of meetings to do that. And we cannot metrics of trust or of distrust. Everyones in a while, you will have a staffer that decides they can direct operations out of the white house. When they get away with it, it is annoying. The trick is to coordinate at my level, i coordinate the cabinet. The deputy secretary and below that, the assistant secretary and under secretaries. You coordinate that and note their positions and serve your role as coordinator, you are doing the president a service. Can, Ken Wainstein excelled at this. President s can get cranky. I have worked now for two. They are inpatient at times. Ken was pretty good and he taught me this really well. Dont tell the president what he wants to hear. Dont engage in confirmation bias. President the opinions of his cabinet members. At the end, sometimes frustrating process, he will say what do you think . And then only then is it appropriate for me to give him my personal view. There is a lot that goes into it. I learned today that two worked to death in the early history. I am sure there is some other causality. [laughter] they worked so hard that they died on the job. Stafftell you that the works 18 hours a day and they cannot afford to make a mistake. One young staffer came up to me my first day, i had an opportunity to go in and briefed the president. I did not know where i was. Thinking itsentence was innocuous. 10 seconds later, the president of the United States was on the phone to putin uttering it. Environment stress and you have to constantly be on top of what you are thinking and theg the as you are near most powerful people in the world. It is a great honor. I can see the next all hands meeting that tom has. I know you guys have tough work conditions that you are not working yourself to death. At the risk of being too inside can you talk about the changes to the national Security Council. You had the nsc. The nsc. Ve president obama and commissioned john brennan to do a review of the structure and make a recommendation. The recommended folding Homeland Security advisor into the nsa. Nsc. How do you think it is playing out now . There are different concerns at play. A constituency that came before katrina. There has always been a concern registered by then that may be Homeland Security concerns might be subordinated by the more traditional ones. That is a real concern. Oo hot to tootw cold, to just right. We were constantly functional here in regional here for the most part. In some form of separate cooperation. It was frustrating at the staff level. I was the director, senior ap. Ctor, and the did was obama team combine the two staff structures into one unified Staff Support model. They chose to take the position they had john brennan be a deputy to the National Security adviser. To avoid the concern that counterterrorism would take a backseat. Other people have opined that is the case. I think you could just as easily attribute any policy decisions to the president and not to the organizational structure that he a doctor. Key adopted. What President Trump did was to take the current position and t to the position you hell. What we have is a major combined hsc and nsc staff. And it is led by two people. H. R. Mcmaster takes a special role and prominence here. If there is any disagreement between he and i, i will often cede to his judgment. Generally not. Generally, the president wants to know my view and his and generally he and i speak the same language and we can take two different positions without being argumentative. What is need about this is the matrix staff has a place to go. If you end up feeling like maybe my point of view will be dismissed routinely because one of the principles do not agree with my point of view, now we have to principles. The president is very comfortable with that. At the beginning, we had to i do notm sir, handle north korea. And h. R. Mcmaster says i do not handle cyber or hurricanes. I think now we have demonstrated that this is the just right model. I would advocate it for the future but personalities dictate that. You just mentioned cyber. Are anaccounts, you expert in cyber matters. You have been working with them for years. I know you worked on cyber matters quite a bit in your eight years outside of the government. Just want to give you an open ended question. Where do you see Cyber Security . In terms of where the government is going and what plans you might have for bringing Cyber Security forward . The easy question is how do i see the cyber threat . I see it going in the wrong direction in a bigtime way. It is a shared responsibility between government and private actors. International and domestic. And individual accountability which sometimes gets lost in the conversation. The thin line on Cyber Threats is going in the wrong direction and the capabilities of the bad guys are rich regulating out into what we would have smaller orbefore a lesser threat. There is no such thing anymore. We have advanced cyber enemies in small countries or in nonnation organizations. We have talked about this quite a bit. Worth ofven pages dozens and dozens of recommendations coming from us, the administration in the form of a strategy. Miss framework update. At the strategic level, let me see if i can answer the second part of your question. Thinkk it is time, and i this president will lead in this fashion, to articulate a better and different vision. Instead of putting forth a strategy that knits together our current capabilities, i think it is time for us to start having a conversation as a country regarding what we can tolerate our government doing. Tohink our government needs be more involved in protecting a broader set of national interests. We have certain Critical Infrastructures that are so critical to the functioning and survival of our country and the economy that we have to do more to protect them from foreign adversaries online. I think it is also probably a time for us now to concede that there is a low level, low intensity, constant conflict going on online every day. There is no way around that. Malefactors. Lear at this point, we have to take the rhetoric of increased defenses and a library. Increased defense will impose a cost on the bad guy, the malefactor. But it is also going to do something a little bit different. It will impose costs which serve as a deterrent but it will protect us in a baseline way that does not make of the most vulnerable country on earth. Right now, the United States is great for a lot of reasons. We invented the internet and we use it for a great purpose. We have created conveniences but we have also put ourselves enable liberal position. I think it dictates that we need to act a little bit more together. Somethingn articulate to this audience that i hold in my worldview. The ideal here is that the is the multilateral efforts to develop norms are good in a lot of ways. From my perspective, we have lost a little bit of the civil liability calculus. There is a Property Analysis here. We have talked about it as a crime or an act of war. Member that we have the ability to exclude others from using our property. Use our the right to property. This is a fundamental part of the bundle of Property Rights that leads to capitalism itself. That ability to trade and use property as we deem fit without hurting those around us and excluding others from using it, the useful way of thinking about government. We never object his civil courts enforcing contracts between two businessmen or women. We never think about that as get out of our lives, government. We have designed our government buteparate it from religion we have intentionally designed our government structures to support our socioeconomic preferences and capital. Because of that, i think we should recognize that and embrace it and rely on our government. I went to israel and announced our first bilateral Security Agreement with the israelis. In their country, if there is a cyber attack, almost everyone of their citizens asks where is the government . Is a fundamentally different think of you. They have a different view of their government protecting them. I call it a virtual iron dome. There is a lot of benefit there but they have a small country and the capacity to do that. Tocant, even if we wanted and i wouldnt advocate that. But, i think we can take some lessons from what the israelis have done. And i think the british have led the way in this. Extended some government led defensive measures to those very critical components of their society that require some extra defenses in the name of National Security. I think we should come to i think we should start contemplating the same. T path of deterrence model the president put out an executive order to also concede that we have to practice what we preach and start at home. Personal accountability. Protect your own systems. If you are running a company, protect your company. I see some people who are cyber experts preaching what everyone else should do and they are sitting on top of that systems and integrated software and hardware. Hypocrisye kind of that does not sit right with me. We started here with the federal government and decided that we needed to improve the security of the federal networks. That is an effort underway right now. It started with a clear minded idea that we have to stop supporting antiquated technology. Sharedneed to Purchase Services and getting on with the fact that we cannot replicate and antiquated cyber model. The thing about an aggressive executive order saying that shared services and modernized i. T. Networks and i am thrilled that people with a lot of business background like Jared Kershner have taken the mantle to handle the implementation coordination. We have put that in place and hopefully, we will get better there. As an antidote, you will mention the opm you will remember the opm breach. If we had defensible software and hardware, we would have been able to prevent that breach. I think that was the most costly breach. End with where i started in terms of the shared responsibility model. How are we going to handle the Critical Infrastructure . Bolster theinue to department of Homeland Securitys role, the fbis role in the secret service role. Partnering with the Intelligence Community when appropriate. We will further narrow what is critical. There are so many sectors that it became everyone becoming eligible. We have narrowed it down to section nine entities. That is the roadmap of where i think we will end up. Out the other half of the coin, deterrence. Defense butr with also by taking a kinetic or punitive step in trade practices or sanctions. When that is merited, i think we should reserve the right to act unilaterally. Acting prefer to explore in a bilateral way between now and the great future day when we can have a group of multilateral thinkers or shared allies. We have different ways of referring to it. It is a great unilateral body. We have agreedupon norms among the likeminded. Multilaterals that organizations are not very good at enforcing when there is a violation. If you take the un Security Council as a model, there are always other considerations that prevent a group body to reach a consensus to punish one of the members. I think we should reserve the right to act unilaterally when punitive measures are necessary. We are not quite ready yet. Evert think we would publish our playbook. It is my sense in the sense of the cabinet that we have to start doing and developing a record of conduct examined as opposed to thinking. Otherwise, we will never settle upon a subjective sweet spot. That we willesting dabble in an irresponsible way. When it isting that necessary to smack someone in the nose for doing something that is wrong, we will do so. And that is it on cyber. Did you get that . That is how i would reef you. Brief you. I think that is the first time i have articulated my view in public. I would encourage each of you to look at what we are doing because the number of interlocking paws and liabilities and considerations and motivations from the private sector tend to create odd effects. That is what we always fear in policymaking. That we do something that makes sense and it turns out to be a bad idea. That was a great overview. And a feast of food for thought. On thefollow up International Body and the enforcement theme to deal with cyber offenses especially by nationstates. Do you see that as being a real possibility . It seems like the natural way to address this. I know there are some companies that advocate for a Geneva Convention type of model. That there are some attractiveness to it. When you look into the implementation and you think about some of our friends and enemies who come out and say with great indignity i cant believe you will share with us all of the information, intelligence, and data to determine that someone did something wrong. It is almost galling. I think what you have to balance is our own National Self interest with the appealing but problematic notion of Group Consensus in an international forum. In the cyber arena, i dont think it is right for international consensusbased enforcement right now but that is the objective. Ok, let me pick it over to counterterrorism. We have heard some very interesting and insightful remarks earlier today about where things are in terms of counterterrorism efforts or the terrorist threat in general. We have focused on the fact that isis has a shrinking base and that is causing changes in its mode of operations. Where do you see isis going . Where do you see the broader terrorist threat . Taking the president s guidance to annihilate isis from the face of the earth. I know that sounds shocking. But the idea is that it has two implications. Annihilation strategy is the difference in what we have done previously which is to approach them and drive them out of a city to a, surrounding them and killing them. That is gruesome but it is merited. That is how we cleared mosul. How i believe we are going to drive isis from raqqa. That said, we still have a significant landmass of the middle east governed by isis socalled caliphate. It will take some time to operate to shrink their physical control and space. Shifting ise it they will shift from physical to virtual space. Will have to decide where our social sensibilities are and what is viable online. I dont believe there is a First Amendment problem. Terrorism speech should be removed. A beheading isof easy peasy in my point of view. Lisae stayed in touch with who i suspect spoke with you about this. There are going to be isis movers that are resilient. A have demonstrated resilience previously and they will find different places to operate. Different safe havens. The first principle is that they have expanded into, and this is we meant to be alarmist, but and alis who spreads qaeda and boko haram into 18 different nationstates in various degrees. Say it isint, i would a comparative analysis problem. I came back into Government Service after eight years and discover that we have terrorism spread across africa, north africa, and rub the middle east. And now, we are tracking Ongoing Operations to take isis fighters out of the philippines. In the seeing operations philippines right now where there are still 6070 fighters taking mosques back block by block. A have decided to take constant and applied pressure here. This is not too complicated of a strategy but it is an increase in pressure, sustained applied pressure. Instead of taking out a high valued target here and there, this administration is pursuing networks and their support. That is how i think we will take it back from spreading. That said, we cannot just do this militarily. We will need the support of other nationstates. They will have to start contributing to picking up the phone and asking for help. We need to make sure that we balance domestic and international concerns. We are demonstrating leadership. The president knocked it out of the park at unga. The foreign leaders i spoke with were thrilled. It was a masterful stroke. The speech was good. People did not analyze that the president spent the entire week their meeting all day and all night with foreign leaders. He showed some leadership there. A unanimous vote at it the un Security Council regarding north korea is also laudable. It is terrorism. He is demonstrating a consistency that people can get behind. Everyone is on board with defeating isis. Member coalition. And it is breathtaking in its collaboration. At the risk of getting the hook because of time constraints, i want to put a held petfor a jointly issue which is 702. Acth is shorthanded for the passed in 2008. Which allows the Intelligence Community to survey all nonus overseas for counterterrorism and other National Security purposes. All the more important given the situation that you are diagnosing now where you have isis metastasizing and spreading out. You have a particular need for surveillance to be nimble. To move from one target to another. Without having to go back to the court to get an order every time you do that. The 702 you see reauthorization going between now and the end of the year . What can we do to make sure it gets passed . The administrations position is a clean and permanent reauthorization. Period. I am sitting next to the guy who is an expert on this. You were behind the scenes. You were in front of the effort. And quite seriously, on behalf of the nation, we should be very thankful to you for getting that modernization to go through. An understandable sunset provision causes that authorization to expire at the end of the year. The lehmans authority is that this allows us to surveilled foreign, legitimately targeted National Security targets. Foreign terrorists on foreign lands. This is not about surveilling americans. We are prohibited under this authority from targeting a foreigner in the u. S. Or a u. S. Person in the u. S. Or a u. S. Person in the foreign land. Foreign threats in foreign lands and if you understand it that way, and start explaining that to those in the decisionmaking cycle, you will help the cause in. Itigating confusion where people tend to focus on some of the news of the day. Ais is about separately tificate that allows us let me back up. The reason this exists is because the United States is very good and lead the way in the internet. Now, it can be used against us by a foreign terrorist in a foreign land. We should not handicap ourselves from being able to surveilled that person in a foreign land. The way iss it is that i believe that the senate will demonstrate the leadership put in place to put in place a clean and permanent reauthorization of the law. Then we have to go out and educate to ameliorate concerns that we might miss treat or unintentionally target americans are miss treat the information that might get unintentionally collected on an american. Let me address that directly. Most of you know the wiretap history in this country. There are practices in place to mitigate the handling of information of innocent third parties. If you have a wiretap on a mobster and the grandmother down the street calls and asks him to take out the trash, there are mitigation efforts in place to not record that conversation. Andave similar prohibitions mitigation practices in place for incidentally collecting on a thirdparty american that might be in email communication with a legitimate terrorist target in a foreign land. If we can explain that and you can get yourself to a place where you agree with that, you can help us educate the lawmakers who have to reauthorize this authority and encourage them not to think about a secondary kind of requirement where they say you have to get another warrant to search the data you have already collected. Go out and do your educating job with those that feel that way. There is no need to have a separate authority to make us do what we have already done lawfully, a second time. Do you agree . Ditto on that. Let me say this. You, tom, for taking the time to join us. Thank you to all of you for having us. And also, and i mean this in the early, thank you to tom for his service. We always thank people for their Government Service but there is a cadre of professionals that. Tep into the toughest jobs tom is a prime example of that and we all owe him a debt of gratitude. [a plus] applause i ask you not to go anywhere. Saying ot regret staying. Tom bossert, thank you very much. Very much. You great job, guys. A short time ago, President Trumps health and Human Services secretary and former georgia congressman tom price has resigned. After it was revealed that he repeatedly chartered private planes for government travel. Asretary price took as many 26va