Democracy. The question is, are we there yet . It seems like we have reached an Inflection Point about privacy. More people are concerned about the issue. We could see it covered in the press more. A computing factor was the petraeus affair about for which this event is case. It seems like in the case, the fbi did have warrant. The investigation made people realize that emails were not that private. Privacy advocates took advantage of that moment to put forth the concerns they had talked about for years. Two other things that happened over the last year, which have privacy at the Center Agenda one is the decision of the u. S. Supreme court in the jones case where the court found attaching a gps device to a car for tracking movement for months was not like following someone on the public highways. We have seen articles in the press about the eyes in the skies, Surveillance Drones hovering over cities that zoom from 20,000 feet to a sixinch object on the ground. These issues are part of the public debate these days. Back to emails and cell phones we have an Accomplished Panel to discuss these issues. I will introduce him in the order in which they will speak. We have judged danny boggs of the sixth Circuit Court of appeals. He is the author of the decision of the warshak case, which held that government agents violated the defendants Fourth Amendment rights by compelling his Internet Service provider to turn over his email without first about a search warrant based on probable cause. Ken wainstein served as the First Assistant attorney general for National Security and Homeland Security adviser to president georgia w. Bush. The head of the aclus Washington Office laura murphy. David lieber, Privacy Party council for google in washington, will bring us the isp perspective. I will ask the panelists questions and then, we will have an half an hour for questions and answers from the audience. I will start with judge boggs. Tell us about the war shack case and your decision on the e mails the government obtained without a warrant. Let me say that i do not profess the expertise that some of my colleagues do here. This was one of 200 fully argued cases we had that year. We decided the issue was before us and that was it. I will tell you about the case. I will not go further than what was in the case. I will not opine on any other things that may come before me. Mr. Warshack ran a successful business in herbaceuticals, things advertised for male enhancement among things. It had a variety of financial activities with banks and customers that led to a 112 count indictment of bank fraud, mail fraud, money laundering, and other things. We had a 110page opinion, of which one dozen pages h have to do with this issue. The government obtained his e mails under various statutory bases emails that have to do with activities within the company. Under the statute, of probable, it was not necessary. The first attack on this was it violated the Fourth Amendment under doctrine that did he have a reasonable expectation of privacy in the contents of the emails. Contents was a good bit of the analysis. I authored the opinions. The three judges agreed. It went through past analogies. The contents of letters are secure in the sense you have a reasonable expectation of privacy. Telephone call, the content have a reasonable expectation of privacy, though the government may get a record of fact the call was maid how long it lasted. A courier who carries a message, the government may be able to watch the courier, but it cannot get the contents. We decided that it was not a stretch to say that similarly, the contents of emails were protected. The actual language in the opinion was given the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection. Email requires strong protection under the Fourth Amendment. Otherwise, the Fourth Amendment would prove an ineffective guardian of private communication and its central purpose. In our discussion of this case, we said, we relied on the analogy to a letter or to a phone call. That remains controversial. Even though the isp can access the emails, we analogized hotel guests, for examples, have a reasonable expectation of privacy in their rooms even though the maids enter the rooms to replace towels and tidy. There may be a difference between the governments right and your right against a private person. If a maid, in tidying the room, finds a dead body or a meth lab, doctrine would say that the maid can report what is found to the police. The police could not barge in, in most cases. The issues on the table Going Forward have to do a lot with traditional doctrine as it would apply to the recipient of e mails. Normally, the recipient of letters can do whatever the recipient wishes. Is that the same with email . That was not before us. We left many other questions that we did not have to opine on in that case. We did not go any further. Things will come out later on. Those who are looking for doctrine, the Supreme Court has before it now a case that seems different, which is about a dogsmith on your porch. That may Say Something about what the Supreme Court thinks about what we would say as formalist a doctrine rather a broader view. In the dogsmith case, a policeman can go on your porch without violating your privacy. If marijuana smells are coming out of your house, a dog can smell that. You do not have a reasonable expectation in privacy of what is coming outside the house. The other side says it is not what people usually think. The dog is an enhanced device. We should take a broader and less formalistic view. I am not getting any view on how that will come out. You may want to watch that clues on for how the Supreme Court is thinking about the Fourth Amendment in novel context. Thank you, judge. Ken, tell us a little about where the government is coming from with this issue. Thanks very much. I am going to take the government position on this, even though i am not in government anymore. I spent time in the National Security arena in government looking at this, especially after 9 11. I would pivot off of the analogy you had about Civil Liberties and environmental erosion. You have to be concerned that as we are focusing on threats and crime and the prevention of crimes and National Security threats that we do not compromise our Civil Liberties. There is a difference between environmental erosion and our protections of privacy. In environmental erosion, it is hard to perceive on how there may be of benefit to that erosion. It may not be offset by another benefit. In privacy protections, the protections often come at the expense of effectiveness of Law Enforcement and National Security operations. What we have seen since 9 11, this is an ongoing process, a constant calibration of investigating tool. The revision of those authorities as new technologies, online, we have seen that over the decades. That process has been pronounced since 9 11. 9 11 woke us up to the need to take a look at the tools we use to make sure they are up with the times. The patriot act come out six weeks after 9 11. It strengthened the tools we had to being them more along the lines of todays technology. We saw that with the f. I. S. A amendments act that came out in 2008 where we try to get electronic surveillance statutes for National Security operations to bring up to the times with email and modern communication. That is the issue we face today. We have a 1980s statute. Does that work with todays reality . It is outdated. Should Congress Take a meat cleaver or scalpel to it . And how much of change we make to make sure we are protecting the stored email communications, which is the critical piece of the statute. That is the question of whether the statute allows the government to get stored e mails that are over 180 days old and get them with something short of a search warrant. They can get a court order showing the information is relevant or use a subpoena without a courts involvement. They can use a court order or a subpoena. That does not work under the Fourth Amendment. We could have the legal debates. We need to think about the reallife implications of what a new standard that you have to use. You have to probable cause to get a warrant every time the government wants to get stored emails what those implications be. That would be serious. One would say, if you are going to get a court order any way to get access to those communications, you have to show those communications are relevant to an ongoing investigation. What is the difference between that and showing possible cause that there is criminal activity and making that demonstration to the judge . There is a difference. There are situations where the government needs to look at those emails and will not have probable cause but it will be critical to build the case or predication, which would allowed more serious steps later for to which you would need to get probable cause for a search warrant. There are agencies that do not have search warrant authority, like the sec and ftc. They would no longer be able to go and get emails. You have implications that we need to think through before making drastic changes to legislation. There has been debate. Senator leahy has been in front keying this up for debate. The government has been testifying making its case. It has not been resistant to change. It is recognizing that this is an old statute and technology has changed and we need to change with times. The one message i have be careful and make sure we make changes in a calibrated way. The ability to get stored e mails in the National Security is a vital tool. We have to make sure that you do not make the process overly difficult by requiring everything to stop, get probable cause, and go to a judge first. Thank you, ken. Talk about the thirdparty doctrine. It is the idea that is email the same as regular mail . Isps access our emails. This is used for advertising purposes to target advertising to particular users. Does the fact thats happening somehow make email different from regular mail . What is the difference between a private party accessing our e mail and a private party accessing our email . Go back to something that ken said about the comparison to environmental degradation and there is no comparison when it comes to being able to observe the damage. There is a great deal of damage going on because of the third party doctrine. People still operate in this country with the belief that their communications are private. Whether they get through the internet or whether they go through the mail, people believe that. Why . The Fourth Amendment says, the right of the people to be secure in their persons, houses, papers, and effect against unreasonable searches and seizures shall not be violated and no warrant issued but upon probable cause supported by oath or affirmation and describing the place to be searched and the persons or things to be seized. What is happening now is that the government can surreptitiously look at your e mail without a warrant, without believing you are engaged in criminal activity, and suck up that information. We do not know how it is stored, whether it will be destroyed, with whom it is shared. This is personal information not only intellectual property, Health Records, deepest, darkest secrets. Even if you ask the American People to come to city hall on the day and say, the government wants to have a printout out of all the websites you visited, and please print out for the last six months what the websites are, they would be deeply offended. Whether or not it is legitimate in the eyes of Law Enforcement, is not the question. It is whether or not people have a reasonable expectation of privacy in their communications. It is time to revisit the thirdparty doctrine. That developed before the World Wide Web is what it is and before Cloud Computing. There was a time when we got our emails, downloaded them from servers, and they ceased to be on servers. Now, email is stored indefinitely. When the government was to take a vacuum cleaner and suck up your email history beyond 180 days, that is a very invasive search. It goes against the spirit of the Fourth Amendment. It cries out for review by congress in update updating the Electronic Communications privacy act. Judge boggs hit it right in his decision in warshack. When you look at the facts in that case and how many documents were seized, it was an amazing amount of personal information and business information. One of the concerns i have about Law Enforcement is not that they are unable to get the information they need in a timely fashion. How often do you hear about judges refusing to sign search warrants . It does not happen that often especially in National Security. What concerns me is the effectiveness of Law Enforcement when they scoop up so much information about individuals and they increase the haystack. If you are trying to find the needle or the terrorist, you have Government People combing through volumes of your information. How is that a focused search . How is that the best use of taxpayer resources . We are seeing that the government is gathering information about chat rooms involving arab muslims and south asians. We are seeing the department of Homeland Security are targeting people. Where is the information going . What is being done with it . It is very different than if a private entity wants to use that information. The government has the power to punish you. The government has the power to make determinations about your loyalty. The government has the power to leak. Look at the petraeus affair and how the kellies lives were destroyed because of government leaks of what they thought were private emails and what Law Enforcement purpose was served by that . We put our lives at risk when the government can surreptitiously monitor all of our communications on the internet. There are not safeguards and there are not wellunderstood protocols. The thirdparty doctrine needs to be revisited. Law enforcement has the tolls it needs at its disposal. They had the tools before the patriot act. They do not need new tools. Their tools need to be circumscribed to balance the civil liberty issues at stake and restore the reasonable expectation of privacy to the way people communicate, which is more by email than by snail mail. Law enforcement has the tools it needs but they dont need new tools and their tools need to be circumscribed to balance the Civil Liberties interests at stake and restore the reasonable expectation of privacy to the way people communicate now which is more by email than by snail mail. Let me pick up on something you touched on which is the issue of secrecy and the secrecy surrounding government requests through isps and the isp efforts in promoting transparency. Perhaps you could talk about that. Thank you for having me here today. Transparency is something that is really important to us. We think the current debate is lacking good data about the volume and nature of government requests which we think would help inform the broader debate about updating. Theres no question that government has legitimate interests in this data and legitimate needs. We also think our users in the broader public could benefit from good data about the nature and types of requests we receive. The types of data that we respond that we return in response and how we push back is important. There is a percentage of times where we will not give any date in response to a government request. We released the first iteration of our transparency report in 2010. Since then, we have seen a significant increase in the number of government requests that we received from governmental entities in the united states. Since 2010, we have seen a 136 increase in requests. With the latest iteration of our transparency report, about five days after we released the report, we published a detailed user faq so our users in the broader public and get a better understanding about our posture when we receive government requests. We try to provide more insight into the types of data that we might give to governmental entities depending on the types of protocols they are using. In response to a sabena would be be different than a court order or search warrant. We tried to provide data about the types of requests we are receives from governmental entities in the u. S. The second half of 2012, 68 of the requests we received weexpa from governmental entities were subpoenas. These are generally request for useridentified information. They were issued through subpoenas so they tend to be the easiest types of data to get that because there tends to be no judicial review. On the opposite side, 22 of the requests we receive from governmental entities in 2012 or search warrants and those due involved judicial review under probable cause. The remaining 10 were from court orders which are commonly referred to as 2703d. That includes other forms of legal processes that were more difficult to categorize as they are included in that 10 in number. Were certainly not the only ones talking about this issue of transparency. About six months ago, judge William Smith who is in the Southern District of texas offered a piece in the harvard law and policy or is due in which he deposited the data that exists. That is largely attributable to the fact that expa orders are often filed under seal and the orders to unseal those orders tend to occur when there is a criminal case. Absent that criminal cases being filed, the underlying edxpa order remains sealed. In the case of worshak, that case was not sealed but there are many other cases where it would be similarly compelling. It is useful for the public to know about but the public does not get the benefit of seeing what might happen with District Court for appellate review because the underlying order remains sealed. We are looking to reiterate in our transparency report and improve the way we share data with our users so they can get a better understanding of how we handle government requests and the type of data we provide. What percentage of ecpa orders are kept secret . That is a difficult question to answer. Judges met ventured a guess at that. Judge smith ventured a guess at that and said there was somewhere in the area of 30,000 that remained sealed. Some of them are perfectly legitimate and magistrate judges have a certain amount of documents and requires an act to conceal those documents. We were talking a little bit about the electronic salary the stored communications and you said there needs to be some serious thought given to the governments ability to access be stored communications. Does the concept of stored Communications Actually make sense anymore . Can we distinguish between stored communications in which people might have less of an interest, less of a privacy interest, and Realtime Communications . You see this distinction, real time vs. Stored communications. You see it in the store to indications act. There are different rules for the governments ability to procure emails depending on whether those emails have been stored for more than 180 days or not. Another example is the penn register trap and trace. You have to go through a process to get a judge to issue an order to authorize the government to record outgoing and incoming calls in real time. You can get that Historical Information with a subpoena. You see that distinction built into a number of different statutes. We wonder if it ever made pristine sense especially now with email and Cloud Computing whether it is a live concept and justifies a distinction. I think there is a practical side of it which is when you look at the stored Communications Act of 180 days. Until they change it, congress has presumably made the determination that you have more interest in those communications which are current but you have not taken the step of the leading which result of deleting which is a whole nother issue. That as a whole nother concern, as opposed to those emails which have been allowed to sit there. I have not looked at legislative histories to whether that works. You can abandon property in a storage unit for two years and maybe that is abandonment. You leave your emails for six months like all of us do, i dont know if that is abandonment. Your question is a good one as to whether one could actually make an airtight logical argument for why that distinction is still good in the law. When you are getting it a live feed a phone numbers, that is more intrusive maybe that just knowing when somebody called group called somebody in the past. When this gets litigated, as it has and debated up on that hill, that distinction will be tough to be justified. Do folks on the panel of something they want to add . The 180day rule is outdated. You look at what we do in our daily lives i belong to a book club and i remember someones address and was not in my contacts and one of the members sent out a mailing list of all the book club members. I think we have come to expect that we are able to retrieve e mail but i think we also talk about email nowadays in several different ways. Someone will ask you if you send something to your personal or work email . Why do we have personal email . Why dont we have an email address assigned to every individual . We have personal email because we have some expectation that we can talk about things that are more intimate on that email account then we can honor work email account. I dont think the length of time, given how long the storage life is on a cloud or on a server for email, makes any sense right now. What we really need to look at is a warrant requirement for all of it. Of course, allowing for special circumstances. We also have to have a suppression remedy so that if e mail is improperly seized, it can be excluded if you are being prosecuted. The contents and all of these things deserve modern day protection similar to the ones that we have four male that goes for the postal service. In terms of the 180 day limit, the government takes the position that it can access a lot of your emails that are less than that time as long as they are open. The 180 days limit itself is quite permissible. Permeable. I want to move a little bit from how you get into email to what happens when you get to email. Coming back to the name of the panel, when the fbi was investigating the relationship between Paula Broadwell and general petraeus, it was able to access her regular email account and pershare email account. It was then able to look at all emails she had in her regular email account. Miss kelly who started off this whole scandal and complained about the cyber stalking, gave the fbi access to her email and looking at her email, they discovered her communication with general allan and that story took off from there. Should the government be required to minimize its invasion of privacy even when there is a warrant . I think the title might be under false pretences in the sense that petraeus may draw an audience. As an appellate judge, the fact that to have are all set in stone in the record. As far as i was able to tell just reading the news media, the facts of this event may not be set in stone at all. But a want to say anything that relies on a review of facts that may or may not be correct. The main thing is that assuming that i am correct that most of this investigation was consentual and the accounts indicate that many of the people involved, once there were contacted, gave consent, it really would not address most of the doctrine as to what is protected from a compelled disclosure to the government or when there is a warrant, we have a welldeveloped a document as to what you can do with the warrant and what happens when you stumble on it. If i have a search warrant for an elephant and i go into your house, i cannot look into your jewel box for your diamond ring. If i have a search warrant for a diamond ring and i go into your house and i see an illegal elephant, there is no violation. The question here would be, from the way you put it, did the government compel anyone to give us any information that someone else had a reasonable expectation of privacy . From the facts from the news media, im not sure that i could point to that. The thing to remember is the general doctrine that if i send you a letter, once you get it, you are the possessor of it. I no longer have a reasonable expectation of privacy. It seemed to me that most of what you are talking about mike, and under that doctrine. The specificity of the Fourth Amendment is that you have to specify in a search warrant, you have to have specifics as to what it is to be searched. This would be where an issue arises. Ive got one case from one magistrate in kansas who denied a search warrant or required to be limited saying you have to tell me something about what the subject matter is which you want so that if the facts or that you had a search warrant that said we are investigating cyber stalking and we dont want to limit it to something that has something to do with that, then you might have an issue. If it is consensual, or if it is within the basis of a search warrant that has been granted, im not sure there would be a problem. The facts of this are all in newspapers and not in a court record. This comes back to the one magistrates opinion. One can imagine that a search warrant would be restricted to certain terms. In the worshak case it could have been related to terms of his business and therefore potentially x good personal e mails or Health Records or maybe Tax Information or things of that nature. It certainly could be. That would be up to the issuing magistrate and did they do indeed deny search warrants that require them to be limited. On the other hand, you have the general doctrine that you cant look for what you want anywhere it is reasonable to look. If you are looking for a drug dealers and drug records and you have a search warrant, you may be able to look at every book in his house to see if there are records hidden inside. You have this back and forth between those two doctrines and people can then say youre execution of the warrant was too broad. I dont render any opinions on those because the facts are not before me but you have a doctor and that goes both ways. You have limitations and you can say you are required to look in my diamond ring case if you have a search warrant for the diamond ring. You can look in each jury box even though it may turn out that one may have drugs or Something Else. Thank you. I want us to talk a little about prospects for reform. David, perhaps you can start us off since you have been involved with google working on ecpa reform. And if you could look at geo location as well. Before it was enacted in 1986 and is beginning to show its age, the legal distinctions that ecpa may have made sense in 1986 but it is currently be lying users reasonable expectations of privacy in 2013. Law enforcement does have legitimate needs for this data to prevent and prosecute crime. We fundamentally believe that the same procedural protections that apply when police want to search your home should apply when police want to search your online accounts for the same types of content and documents. There is no compelling legal or policy rationale in 2013 for making those types of distinctions. We believe that the updating ecpa should be the number one policy priority for the 113th congress and i think there is tremendous momentum right now behind that initiative. That is driven in part by the general petraeus incident which awakened users to the real gap that exists between rebel lot is and where there is reasonable expectations of privacy. There are now over 80 members of the Digital Due Process Coalition which includes consumer advocacy groups, trade associations, and corporations. A fair number of those organizations and corporations and advocacy Groups Joined in the last four months. These organizations are not always organizations that always agree with one another on Public Policy issues. Many of them disagree on Privacy Policy issues but we are united because we think this is a law that genuinely need to be updated. There is reason for optimism in that respect. I think we are seeing more Companies Enter into the transparency debate. I think that has been a Healthy Development in the broader framework of updating ecpa. Twitter, the drop box, and linked and have their own transparency reports and that has a salutary effect as far as in informing users and their posture in handling those requests. Last year, under senator leahys leadership on the Senate Judiciary committee, an ecpa bill was passed in a was a clean content rule and others are realized that at the end of the last congress, it was unlikely to move beyond the committee stage. Its still established an important precedent going until the 113th congress. I am hopeful it portends well with what will happen for updating ecpa this congress. The chairman of the House Judiciary Committee indicated th housee tradition our committee will explore this issue. There is reasons to be cautiously optimistic about where ecpa 44 miss added. As users become more aware of law were where law actually is and the contrast with where the privacy laws, i think they will become more engaged in this debate on the location issue, the senate side has dealt more with the warrant for content issue. The houses had more history with the location issue. We dont tend to receive as many Location Request as the carriers do. Some of the privacy interests with Location Privacy courts have had different views about this. There are distinctions that some courts have made between historical verse as prospective data and even some raise questions about whether there should be distinctions made between initiation and termination date set like when you are engaging a cell hour or information that a phone is continuously sending to wait cell to our even when you are not using the phone. Courts are still wrestling with this but we have been focused to having that scalpel approach that senator leahy has taken which clarified that nothing in that bill was intended as a rule of construction to conflict with or modify other areas of electronic surveillance. I think that would include fisa and the wiretap act. I think that is right. It is currently envisioned that this would have a National Security components. I will give you the last word on this. What would you like me to talk about . You can continue with ecpa and how you see prospects for its reform. The National Security exception seems to be a means to talk about ecpa. Many times when they talk about it, they talk about National Security and Law Enforcement in the same breath. In fact, ecpa would not actually applied to National Security cases so you would be looking at a situation where it would be four straight criminal cases. Where do you guys come out on that . We would like to make reforms to the patriot act and fisa. The position on ecpa is a bed of a compromise for us because we dont think there are adequate due process safeguards in the patriot act and in fisa. One area where i think it is less controversial is in the area of keeping track of how many, um, warrants are issued, how many subpoenas are issued, for what kinds of investigations. I think what we all want is a limit on fishing expeditions. We also want to feel that the basis of any law or update to ecpa is that we have this fundamental right to privacy. Right now, because of the third party doctrine, i dont think we can really tell people that there email is private from the government. I think probable cause is still a very good standard. I think the government will be able get the information it needs for National Security but i think it would be good to know how many subpoenas if you get and how many warrants you get. I think the public needs to understand the interaction between the government and privatesector. The private sector holds so much of our personal information. Thank you very much. It is time for members of the audience if they would like to ask any questions. We have a couple of mics so please raise your hand and make yourself known you are saying a judge needs to look at a request to go into a house or an email. Im saying the same procedural protections should apply when a judge in a criminal context when Law Enforcement in a criminal context wants to get access. Same rules should apply in the online environment when a search is conducted with respect to the online account. Are you saying google has an obligation for that information in court . There are legitimate needs that Law Enforcement has. Some of these subpoenas are issued as Building Blocks to investigations and enable Law Enforcement to obtain dat that helps them ultimately in investigations. What we are trying to do in the ecpa update we supported is to get a merrill carve out that would focus on our users communication. We think that is achievable and theres a broader debate about other issues including circumstances under which a subpoena can get at user identification. We focus on ensuring there is a warrant for content role with respect to all communications regardless of how long they have been stored or whether they have been opened. [inaudible] when i talk to people about google, they were surprised that google did not challenge more about handing over information. There are circumstances where we push back on government requests. We dont always provide data when the Government Asks us for it. There are circumstances where we do push back on those requests but when Law Enforcement make legitimate requests under existing law, as a lawabiding company, we have to provide that data. It is not whether we choose or not. We are obligated under law to provide it. I think we provided some data in the neighborhood of 12 where we dont provide information to government requests. I am from npr. [indiscernible] i was hoping you could provide a hypothetical what it is difficult and Law Enforcement circumstances to get a warrant from a judge and show probable cause . The question as i take it is why is it more complicated or difficult for Law Enforcement to have to go to a judge and establish probable cause and get a warrant that it is to do something shy of that and still get access to the information . One answer is time. Whenever you have to put together showing probable cause to establish this, it has to get passed by an attorney that will agree and then goes to a judge and all that takes time. If that were the Silver Bullet argument, it would write the Fourth Amendment right out of existence the. That is a real concern and if you look at fisa or the patriot act, people on both sides of the debate realize that is a real concern. When you place more burdens on investigators especially in the security context, it means there are more steps behind the bad guys. Sometimes you are trying to prevent a crime in the future. That is what the burdens and the times those burdens take have an impact on the success of your operation. That is one answer. The other answer is there might be situations where you can i get probable cause. There is government testimony from the Justice Department that talked about a scenario where they had a child pornographer who was swapping child pornography on an email account and he had another e mail account. They did not have any probable cause that the other in malakal was conveying child pornography that the other email account was conveying child pornography. That is the burden of showing probable cause. It is there in the right cases for the right reasons. Go back to bubble thirdparty argument the Third Party Document applies as a constitutional matter. That is the end of the story. The question is whether congress should put additional requirements on top of the constitutional foundation. If that is the case, and it is not a constitutional requirement that there be probable cause for all content, you need to think about whether those burdens you have to weigh the balance of those burdens against the additional privacy. If there is a carve out for the patriot act and fisa, then we are talking about more routine criminal investigations. I think the probable cause arguments has as serve the the test of time. You would not have someone just kind of like knock on your door, like a police of sir, and to say you are acting suspiciously and let me come in and go for your personal possessions. Why is it different for your personal communication . Why do we have to lower our standards . White why cant we increase privacy and if we have this standard in ecpa we are seeking, and Law Enforcement comes back and shows us cases where they have not been able to prosecute, vandal can be revisited. Vandal look and be revisited. I dont think we should lower the standard in routine criminal investigations to make it easy to get our email records by subpoena. As an historical matter, it was not until cast that the court recognized privacy and telephone calls. You should keep that in mind in terms of whether we say there should be probable cause for all emails. Cats was 1967, right . It has been a pretty solid standard. Im not picking on that. I get that. My point is, we dont have an unbroken line. All emails should have a probable cause standard before the government gets it. The main point is that if you have a car out for National Security, does that address a carve out for National Security reasons, the ability to get the information quickly is when you have a hot investigation is important. It is not necessarily a Silver Bullet. In the post9 11 era, it is not clear what a Law Enforcement operation is as opposed to a National Security operation. You can take what were relatively segregated operations all Law Enforcement and National Security and integrate them. Now you have more of a continuum of operations from an intelligence operation through Law Enforcement where in order to take down the potential terrorists, you might use fisa or other National Security tools but you might also use a good old criminal investigation. All the tools can be married. It is not as easy as it used to be to say this is a National Security matter. It is not to say that it cannot be done but since the patriot act, there had been that distinction but that distinction was done away with. That does not necessarily mean that we use the National Security to bootstrapped into lower standards across the board. You look at how many of the tools that have been developed for nationalsecurity reasons are now being used and routine i am from the Discovery Institute and i want to go back to an article the anposner wrote in the wall street journal. He talked about establishing probable cause with a terrorist that has not committed an act of terrorism. He recommended that the evidence in a terrorist investigation would be inadmissible and a court of law. Im wondering what the panelists think of the advisability and practicality of that. I think that goes back to my last point. It would cause some problems because the scheme we have developed since 9 11 is one that integrates Law Enforcement with National Security operations, for obvious reasons. You use the terrorism paradigm, the threat is emanating from overseas and therefore we can use fisa and other National Security tools. They will either carry out that threat against our Assets Overseas or they will come here in which case, if we try to follow them here, we need to use the tools that apply domestically. We need to use Law Enforcement. It needs to be integrated. If you were to say that anything you get from fisa could not be a wiretap or used in a criminal case like in the british case you might be affected and identify the bad guys but when you need to use criminal tools to arrest and prosecute them, you would not have your main evidence against them. If they are here, the way to neutralize them, we cannot fly drones around here so we end up arresting them. Are you arguing to do that . [laughter] for the record, i am not. We need to use criminal tools arresting and prosecution and we would not be able to do that with the richest evidence we have which is what we pick up from fisa. That is a very interesting question. Here we have this continual. There are those of us that believe that terrorism acts are just a series of extreme criminal acts and so terrorists should be prosecuted in criminal court and not in military tribunals. We should come up with a separate kind of standard. We have seen the government make a lot of mistakes. Weve seen them invest enormous resources in prosecution of people who were accused of terrorist crimes but who are really the keystone kops of terrorism. We have seen people end up on watch lists and nofly lists without due process. It seems we are in an era of history where we will look back and we will say, wow, how did we slap everything with a terrorism moniker and therefore bypassing our values about due process and lawful searches and seizures . I think your question is appropriately provocative but it would not passed the lab testing congress. I think we do need to challenge this presumption that we are living in an age of terrorism and weve got to change everything about our laws and come up with new systems. We need to have a system regardless of checks and balances. Law enforcement makes mistakes. Judges and juries wrongly convicted people. There ought to be appeals. There ought to be some level of transparency. This is just going to make as a more just and fair society and people around the world will look at us and say, they really are prosecuting the right people. They are not doing a fishing expedition. They are not claiming all arabs and moslems in south asia are terrorism suspects. I think we need to clean up even in the terrorism or realm the notions of due process and invite more due process in there. If we continue to allow this Mission Creep of terrorism into our routine criminal investigations, then Law Enforcement will have enormous tools that the public will not have any chance of fighting because of the presumptions. My question has to do with gmail. It says global can read the contents of emails in order to serve advertising. It says google can read the contents of the mills in order to serve advertising. How does this affect privacy . I dont think it affects the reasonable expectation of privacy. It is part of the service. The technology is what we used to scan for malware and viruses. We dont think it affects our users reasonable expectations of privacy or diminishes their rights under the Fourth Amendment. Do you care to comment on that . Not really, i think the opinion was accurately stated. We addressed this in part whether it had to go through a third party. The part that i read addressed that. It does not in and of itself take away the Fourth Amendment protection. Like all good opinions, we try to limit it to what is before us instead of hypothesizing on every angle. In the opinion itself, we said the type of access given their to nuvox did not eliminate the Fourth Amendment protection. In the front . Im a law student at boston college. You have talked about the viability of the 180 days distinction. Looking more proactive blade, looking more proactively, the content distinction that is there which is severely implicated by conversations about the location data, isnt that a distinction about what can be included as noncontent of data . Us. Vs jones, during the retrial, the judge who heard it said that she was helpless to suppress location data which the prosecution was able to get in through noncontent the exceptions. On the noncontent data, you can find out an awful lot about a person how often they go to worship services, whether they make stops on their way to work, you know, whether they are heavy drinkers. We still have a problem with the noncontent issue with regard to privacy. Your email titles and subject lines and the to and from and your web searching, that can reveal a great deal about an individual. I think there are challenges there. Do you want to weigh in . There is an obvious point that that distinction has been drawn for quite some time. The Supreme Court has made it clear there is not a reasonable expectation of privacy. My other function on this panel is to focus on the implications for Law Enforcement. That is the Building Block material for so many investigations. When you are trying to decide if you have enough to go forward with the case against a person, having that information helps to identify that there really is provocation to go forward to the next step. It also helped exonerate people. At an early stage, you can say there really are not connections between that person and bad actors. So we will not investigate that person. If you dont have that information there is noncontent information and you can think about other records like bank records which are the Building Blocks for investigations. If you were to have probable cause, it could be crippling. Many times, you get on lists you never signed up for. I have gotten on lots of lists from lots of people why dont want anything to do with and yet i am constantly getting emails from them. If anyone was looking at the tos and froms they will seek a lot of emails from people i dont care to be associated with. If the government investigate me, how will that look to them . They will think she is really into, i dont know jihad direct or whatever. How does that work . I have a nextdoor neighbor involved if you have the misfortune to be involved with the next door neighbor that is involved in criminal activity the government does not take action on the prosecution unless there is intentional criminal association. If youre looking at the government taking noncontent communication information and putting it into a scene that connection with other people, potential bad actors, the government has to account for the possibility that these are innocent communications. You are right but if you were to take that concern as a reason to deny Law Enforcement a tool, maybe i am not talking about prosecution because there are collateral consequences that happen when you get on the governments radar as being potentially connected to potentially bad actors. Whether it is a watch list for a potential immigration consequence, there is a lot of things out there that one might worry about because of those kinds of connections. It strikes me as being a little bit troubling. It is a very real concern. Think about what the push has been since 911, to be more intelligencedriven. You connect the dots by getting more of those dots so you can put them together and see patterns and identify threats. The more data you pull together, you might see a datapoint that looks troubling but actually isnt. That is the cost of having an effective intelligence operation. That is what you have strict guidelines and every intelligence agency, oversight, making sure that the operators are thinking about the possibility that not everybody is guilty, not everybody is a terrorist. I would love the fbi to be that painstaking and careful in the context of the program of racial mapping where it has sent people into mosques and other houses of worship to track what is being said and where peoples conversations are being put into a file. You dont have to get to the issue of criminal prosecution to get into the difficulty of the government keeping data about people were you dont have a chance to know what is being said about you, or you dont have a chance to review the inaccurate information and, in an effort to root out terrorism, what we have done is alienate communities because they are under such surveillance without end. I think this is damaging to a free society where you believe you have a right to worship how you see fit and you believe you have a right to privacy. You believe you have a right to express political beliefs that are not popular. All this stuff has a chilling affect on our ability to participate on a free and open society. I find a lot of the surveillance programs that the government uses to be very troubling. Most people in the room had to agree through their Internet Access providers terms of service to allow themselves to be surveilled. It has made many people in the room start using encryption and store their data were vague and where they control the encryption keys. Doesnt that make it harder on legitimate Law Enforcement . Absolutely, thats a very real concern. Law enforcement is doing its best to make sure they have the Technical Skills to deal with the encryption but it is a problem. It is understandable why and people encourage their communications. It does not mean they are hiding something nefarious but when you have the fbi or any agency that gets email and it is encrypted, it is a challenge. It goes back to the point were talking about getting information earlier. A question in the back . Briefly, do you taken issue with any of the four principles that the Digital Due Process Coalition state has united around . Can you put faith in transparency and oversight and accountability . Do you think we have enough . What do you think we need in terms of more accountability and transparency to make sure when we trust Law Enforcement we have reason to make sure they are doing what we think they are doing and not Something Else . Let me step back and take a broader perspective. The patriot act was hardly put in place because it had to be so it is not perfect. Then we have the patriot act reauthorization process and fisa you saw a growing recognition that some of these safeguards and processes like the appeals process, the additional oversight from congress and the fisa court, that is a price worth paying. I think the executive branch recognize that it might be painful and burdensome but there is a real benefit for that extra safeguard to be in place because it gives the Public Confidence that there is a tool that they have been trusted to Law Enforcement that is being used responsibly. I think you have seen that play out. I think you saw that in the fisa amendment act. That is just the reality. That is the only way the National Security tools will be provided. People have a healthy and understandable skepticism about these tools. I can i give you chapter and verse of which safeguards were put in place but i would imagine that you would hear from the executive branch of willingness to listen to those safeguards as long as they can have a tool they can utilize effectively. And in terms of subscribing to the four principals, i have not committed them to memory. Someone could list them for me, i would give you my position. We have been fairly focused on the first one, the warrant for content rule. My recollection is one of the other principals dealt with requests about a number of users requests about a number of users in a single request