Foreign Intelligence Surveillance act, legislation that gives Government Authority to monitor internet activities of nonu. S. Citizens. The Stanford UniversityHoover Institute hosted this event. This panel is an hour and 15 minutes. Tiny little table. All right. We are about to get started again. There are still a lot of seats in the front, too, so i encourage people to fill in as much as possible. Im russell wald, the manager manager here at the Hoover Institution. For our next portion of todays conference, we will focus on the law and Civil Liberties of section 702. Im going to do a very brief introduction of the esteemed panel and tush it over to the moderator. First i would start with Julian Sanchez whos a senior fellow at the Cato Institute where he focuses on the intersection of technology and privacy. Alex abdo is senior attorney with columbia universitys knight First Amendment institute. Formerly a senior staff attorney at the aclu where he has argued cases before the federal before federal Court Related to nsa surveillance. Next we have susan hennessey, she is a fellow at the Brookings Institution and the managing editor of law fair, previously she served in the office of general counsel at the National Security agency. And closing that out we have the general counsel with the federal bureau of investigation, thats james baker. And our moderator for this session is shane harris who is a Senior Writer on intelligence and National Security and Cyber Security related issues at the wall street journal, also author of fantastic book on Cyber Security issues titled war. Im turn it over to shane. Okay. Thanks, everybody. Can you hear us okay . Okay. Were here for a cozy panel this afternoon. Thanks very much for having us here. Ill say personally as a journalist covering section 702 and related issues, the civil liberty issues have been top of mind, i think certainly more most americans and my readers has long been a top of mind so im very pleased to moderate this panel and we have a terrific group of people up here so im going to talk and moderate a discussion here. For the first 45 minutes or so and then were going to open it up to some q a. Please think about questions that you want to ask and well get to as many of them as we can towards the end. So i actually want to start with jim baker. I think not to put you in the spotlight or anything. I think you might be most senior and you get to stand in for the interests of Law Enforcement maybe and national zurt in this. I just want to start with a sort of basic first order question which is, can you just explain to us, you know, in plain english why section 702 authorities are important for the work that the fbi is doing. I mean, what is the sort of baseline that you come at of why this is an important capability that i presume you will say needs to be reauthorized. Well, shane, thank you. Thank you to the Hoover Institution for having us here so i appreciate that. 702 as matt olson was saying in the last panel is vital to the fbi and to the Intelligence Community. It provides us with wide range of foreign intelligence information, especially including actionable intelligence, stuff that we can actually do something about and so thats critically important for us. It is something that the fbi takes in and combines with other information that we have lawfully acquired just as we have lawfully acquired the 702 information and we pull that together in order to connect the dots. This is what everybodys heard since 9 11. It was one of the key findings of the 9 11 commission. Telling us that one of the flaws was that the government did not adequately connect the dots and so the fbi combines 702 information with all of the other information that we have and we check our databases against it and try to figure out when we get a tip, a lead information from different sources what do we have in the existing holdings about a particular matter, a person, an email address, this kind of thing. And so we use that to guide our investigations, to ferret out what it is we need to focus on, what the threats are and move forward. So its vital to our daytoday operations. Well get to this, im sure but something you would argue without it, what would it look like without it . Well, we could talk about im not going to propose other legal methods that we could its taken away today, whens the landscape look like for the fbi . So if its completely taken away, then you are the fbi is losing a vital source of collection on very important targets. We try to be very focused at the fbi. Im speaking just for the fbi. The fbi is very focused on which targets it asks the Intelligence Community to target. Or to what selectors we ask the community to target because we well, first of all, we have to make sure its required that any of our selectors, are associated with a full investigation, meaning the highest level of pred case that we have in order to open an investigation. And so, if we were to lose it altogether we would lose vital collection on a range of very important targets. It would also deprive us of dots. Right . It would deprive us of lead information. It would deprive us of an ability to connect people to threats, to connect threats to particular individuals and to ferret out exactly whats going on. Susan, recently the nsa has amended some things of the 702 program, particularly the collection of socalled about information. Walk us through a little bit of what that means and what you think the practical reasons for doing that were and what the effect of that may have been. So im nervous to say this. I see some familiar former colleague faces so hopefully they wont be shaking their heads on getting it wrong or something. Right. So this is a highly publicized decision that the nsa announced a month ago, a few weeks ago at this point to voluntarily end about collection. Under 702 there are two forms of collection, upstream and downstream. Within downstream theres only two and from collection and in upstream theres another category, about collection. I think im citing the numbers correctly that upstream accounts for about 10 of 702 collection and about collection within that is 0. 02 . The former Deputy Director of nsa chris ingless wrote a comprehensive paper on that and i think those are the statistics he cited. Nsa announced following compliance incidents they decided to voluntarily end this practice. So this set off a series of controversies. First, because nsa had in the past represented that this was important and vital and necessary. And so, there was some criticisms that that was somehow not an accurate representation because now they didnt need it anymore. I dont think that thats quite the right way to view this. We know about collection does pose a potential heightened risk of collecting Domestic Communications and Domestic Communications that happen to mention the particular target, this might not just be a u. S. Persons name but a u. S. Entity, right . So American Airlines or you can imagine the particular utility of that form of collection. In recognition of those heightened risks there were additional safeguards created in order to try and mitigate against the risks. There was a series of inadvertent compliance incidents. They occur, serious. The fact theyre accidental is not doesnt minimize their significance. Although it is quite relevant to the current discussion. Those were self reported to the court. So were seeing exactly the process we want to see, compliance incidents being detected, self reported and then a determination was made that rather than invest the cost of coming into compliance, right, doing the things that were going to be necessary to ensure those compliance incidents wouldnt occur again moving forward, it was better on a costbenefit analysis to eliminate this form of collection. Nsa has said that theyre not able to eliminate this form of collection without also losing other important information. So theyre saying that there is a cost here. This is about risk management. So again, this is a process that we want to be seeing. We dont want intelligence agencies to sort of take a collect it all lets just get everything we can. We want this kind of voluntary and ongoing assessment because this is such a critical area. Theres that said, theres a i think its a little bit of an illustration of some of the potential perils here and evaluating the difference of nsa saying it was a necessary program, and worth it, previously and in this instance deciding to no longer go forward with it, its in examining the costbenefit analysis, as we add costs, eventually costs will outweigh the benefits. We know thats true for everything. Even if you take sort of those core vital parts of the program that matt also was talking about, if we put enough costs there, that will outweigh abe so i think this is why in this instance i think it was a prudent decision. The appropriate judgment. But i dont think that we should sort of take for granted the notion that there arent real costs here and there arent costs as we putt on additional reporting and technical requirements. Just one more question on the compliance incidents. How do we know they were accidental and inadvertent . There was a declassified Court Decision that while it was extremely critical of the nsa on a series of metrics, was quite clear that it had no indication that there was any sort of intentional malfeasance. Alex, let me turn to you. So, we have a program that the Intelligence Community says is vital. Responsible for a large amount of intelligence. But it appear that is the Intelligence Community is willing to i guess they would see it as amend the program when they feel its made mistakes or gone too far. When you look at this amendment and about collection srks that satisfying to you from the Civil Liberties perspective or is that would you read it more as a token gesture considering that this is a susan said responsible for a fairly negligible amount of evidence in the Overall Program . You know, i think its hard to know what exactly to make of it given that the nsa, for example, hasnt disavowed to in the future reseek this authority. They havent complained technically whats changed about the way in which the nsa is engaging in upstream surveillance. There are technical questions that go along with that. And it raises i think a different question. I have a slightly different take of susan on what it says of the prior representations relating to the vitality of this part of the program to section 702 more broadly. Whether the pclob examines privacy and civil liabilities oversight board. Right examining for the report it issued it focused pretty heavily on about collection because its a controversial form of collection and based on represent takes of the board by the nsa had a report that it said it was a technical necessity to conduct about surveillance in order to be comprehensive and even to from surveillance and made it sound as though its vital so while i agree with susan its a question of cost benefit analysis, the nsas previous representations made it sound as though, you know, the benefits were too high and the cost of losing it were too high to ever consider losing that and now, you know, almost on a dime they flip and eliminate that authority. But again, its hard to know what to make of it given they havent disavowed an intent to seek it in the future. And, you know, susans right to point out that the reason we know about the compliance incident with it is from this court order. The only reason why the court order knew what to publish about the compliance incidents is because it was self reported by the government so we have the governments representations of the scope of the problem and whether it was accidental or not and we dont have i think a full sense of the story. Does it feel to you that the modification which was obviously portrayed as a very big concession is actually just a token gesture . You say its hard to know but what does your gut tell you . My guess is that the temporary cost, the kind of present costs of bringing the program into compliance with what the fisc wanted it to be, you know, the nsa decided were too high at the moment an preserving flexibility and my guess is that if Congress Suggests codifying the end of about collection, if Congress Suggests amending 702 to prevent the nsa from restarting about my guess is nsa will vigorously oppose. Thats the test of being a gesture or something more. Julian, you are one of the i think better explainers of not just intelligence policy and surveillance law but articulate the Civil Liberties component of this, as well. What are we really worried about here . We are hearing about a program that provides the massive capabilities, huge compliance, as jim baker said, very targeted, very focused. From your perspective right now heading towards the end of the year, and the question of reauthorizing this, what are the top of mind Civil Liberties issues that you think that, you know, people in this room in particular have to confront . Sure. I mean, i think the central concern always with intelligence authorities is the political misuse of intelligence thats gathered. Somewhat different set of concerns than from what primarily arise in this with the criminal surveillance context and there are sort of two halves to that. One is a sort of insufficiently accountable Intelligence Community serving its own interests using the data its collected and we think here, of course of sort of image of j. Edgar hoover with the personal and confidential files essentially. Yanking the leash on his nominal overseeing using the power of the information he had amassed about them and the other issue, of course, is the insufficiently autonomous intelligence agencies staffed by loyalists to the administration in power using as a tool to gather political intelligence about their opponents or torpedo political adversaries and one reason i think 702 sort of raises special concern about that is just the scale of everything has magnified dramatically. If you think back to the intelligence scandals exposed in the 1960s and 1970s, these involved first sort of lever intensive deliberate targeting of Martin Luther king and antiwar activists and civil rights leaders. And also, because it involved specific targeting of that kind abuse that was after the fact, the sort of thing you were likely to notice. I think one point in the 70s and then attorney general levy noticed a decadelong wiretap on the naacp and said are you indicting . What is it there for . And so were able to at least shut that down. One reason 702 is so disturbing is youre talking about every year somewhere between 90 and 100,000 people dumped into a massive repository, probably on the order of some billions of communications annually now. And then being stored for years at a time so the concern isnt just will there be improper targeting of someone of the kind easy to detect and then trace back if that information were misused. Its do you trust that this sweeping kind of black hole capture sucking in which you have is not only not improperly targeted in the inception but not properly used after the fact and especially when you have these kind of indemonstratic compliance issues, that is when the formal procedures to constrain access to the data are being routinely ignored as it seems increasingly is the case of court informed months or years after the fact it is very difficult under those circumstances to detect abuses when they do occur because the abuse part under circumstances where you have got that massive database is about what someone knows when they leave with that information and what they do with it after they leave the office. And thats the sort of thing that half the fact is extraordinarily difficult to track so my concern is the potential of a reprieve of the bad old days of intelligence angt but to detect it when it happens. Lets kick it over to jim an susan on this particular point because julians raising this issue of compliance routinely ignored and precisely the fear of people on the Civil Liberties side, yes, you have this extensive, exhaustive some might say Compliance Regime and an ability to ignore so respond to that idea s. This something thats routinely ignored . Is that an unfair characterization in your mind . Completely unfair. Nobody ignores the law. Nobody ignore it is policies and procedures that exist under 702 or other parts of fisa. It is not the culture of certainly at the fbi. Thats not the way we operate. Thats not the way we manage. Thats not the way we lead and people are expected to comply with the law and comply with directives and the rules basically. People make mistakes. I mean, we are human enterprise involving complex technology so tell me where else in society there are not mistakes of humans and technology. Right . So the key is that there are multiple overlapping layers of compliance run by a variety of different folks. So for the fbi, right, we have department of justice. We have the odni. We have the Inspector General of the department of justice. We have the fisa court, obviously, most importantly and we have congress conducting oversight, having hearings, Staff Members come and get briefed an enso on so there are multiple levels of oversight that are there to prevent exactly what julian is worried about and i understand why people are worried about it and, you know, whenever the government does anything with respect to the collection of communications regarding americans, people should focus on that. People should think about it and make sure that American People should make there are adequate protections in the place and the right people running the organizations so thats true. But what i would say is its just not how we operate. Mistakes are made. We try to correct them. We try to identify them and then figure out what went wrong and correct them. Susan . Yeah. So i do think its a tremendously unfair sort of characterization. Certainly of the current sort of discussion. Right . So the entire set of rules that were debating right now are designed to prevent exactly the kinds of abuses that julian describes, recognizing the seriousness and the gravity of sort of those historical abuses and part of the reason the laws were passed in the first place. So, the first i think sort of mischaracterization is the notion that there are all of these citizens or foreign citizen and the United StatesIntelligence Community just kind of collects them willy nilly. While thats not a constitutional issue, theres something inherently wrong and indiscriminate about that. It takes place for a foreign intelligence purpose. Its highly articulated. This is not warnsless surveillance. Its a best of a modified warrant requirement because of the operation aleckties. So its not, you know, 90,000, 100,000, you know, what the number that is collected. Those are collected for a purpose and for important purposes and purposes that congress and the courts and the executive branch all recognize and agree are important purposes. Right . Thats the functioning of our system. The other sort of thing that i think is misunderstanding is to think that compliance is really just nsa figures out they made a mistake and decide whether or not to tell the court. Compliance is a multilayered apparatus, right . Theres baked in technical elements of compliance designed to avoid mistakes occurring in the first place and create conditions when mistakes occur or when intensal violations occur theyre detected. Thes also daily reporting that occurs between overseers and doj. Theres entire level of rather sophisticated an i think some might even say intrusive congressional oversight. And then, of course, on top of that there is the annual certification process to the courts. Thes also Inspector Generals. Right . So theres a quarterly reports produced for the Inspector General. So, there are despite sort of the characterizations that occurred after the stone disclosures, there actually hasnt been a sort of credible allegations that nsa has ever not approached those mechanisms in good faith. And so i think this really is a debate about everybody is approaching in good faith. There are these the possibilities for very serious abuses. Everyone recognizes that and the question here is how do we best design a system to prevent exactly this sort of situation. So, again, good faith. No ones doing this right and were in this together. Whats wrong with that . A couple of points. You know, few people are in a position to question the good faith of the way the programs are implemented. The one institution thats perhaps in the best position is the fisa court and the fisa repeatedly questioned the good faith of the nsa and fbi. Two sentences of the most recent opinion of a few weeks ago. The court nonetheless concerned about the fbis apparent disregard of minization rules. The improper access seems to have been the result of deliberate decision making. You can find sentences like that throughout the opinions related to this. For me, the biggest scandal is not failure to comply with the processes that we have but the bigger scandal is permissive in permitting, you know, wide collection of u. S. Persons communications. You know, the capture that julian pointed to aluos the nsa to collect in a warnless fashion and i think it is in fact warnless and almost any foreigner could be the valid subject of surveillance under 702 because the requirements are extremely minimal. Think need to be a foreigner a broad and expected of having information about the Foreign Affairs of the United States. That could cover journalists. Human rights activists, the colleagues you may work with internationally or the sources you report on internationally and for the american who is are swept up in that wide apperture, the procedures and riddled with exceptions. Not the least of which is one that we havent really discussed yet today and back door queries. By the fbi and other agencies. In part for things unrelated to spend a little time on that and what is the evidence if any thats occurring . The fbi has the data. They get raw data and the authority to query the records that are collected for identifiers associated with specific known u. S. Persons so they have the enormous data base and the julian described and then dip into that database and query it for any u. S. Americans name, not just, you know, highly predicated criminal investigation but a threat assessment and look for evidence of criminality unrelated to foreign intelligence. And i think that, you know, thats a in my view, an end run around a Fourth Amendment and the primary defense thats often offered i think its a phrase that jim used a minute ago and similar phrases used earlier today is once the government lawfully acquires information it can do with it whatever it wants and i think thats a myth. Its closely tied to the purpose of the collection in any context of surveillance. The Supreme Court a couple of years ago addressed the question of local Law Enforcement to collect dna of arrested suspects. And the Supreme Court ultimately blessed this dna collection but it was critical to the Supreme Courts ruling that this dna was being used only for identification. Not for, you know, looking into the Genetic Health of people for detecting familial connections with other suspects and if the fbi said we use the dna for a different purpose, i dont think anyone would say thats like the consistent with the original purpose or, you know, blessed just because theres some notion that, you know, once in always in. So that to me is a bigger concern than even the compliance instance and significant. So i think theres sort of two points if i can respond. So the first one is characterization of the language of the opinion which i think is, right, its accurate. This is a highly critical and in some cases quite fairly critical opinion that i think reveals a rather robust and muscular fisc despite charactereristics of th being rubber stamps. One time there is serious and any time there is failures in the system thats areas that the executive branch should be held accountable for that. Whats not alleged in that opinion is that as i have gotten deeply versed in the underlying circumstances which i dont acknowledge that within an essay about it but the essential concern here was that the rule said that databases had to be segregated that we are only allowed to search particular databases under certain conditions and those databases were searched under the wrong conditions. There was never an allegation that anyone knowingly search the database, that they knew they were supposed to be doing but this goes to the basic sort of questions of good faith and within that its important that we have this really sort of searching and critical inquiry to ensure that all the steps of the process are occurring correctly. A quick question, what is your describing an inadvertent error was discovered where the databases in the system change so that would not happen again i mean, what is the correction mechanism that takes place after a compliance incident is noted . So again, this is getting into sort of particulars of which im not just not qualified. The ordinary process is when a compliance incident is detected, it is investigated. It is reported through various obligatory compliance mechanisms. Theres an understanding of whether or not technical changes can be made to make sure the incident doesnt occur again or training instances or other elements in this case instead of deciding that the prior protections were insufficient and that new protections should be created. It was decided whatever the cost of those new protections were going to be, changing the way systems were designed, i dont know. But in this case it was better to just simply stop that form of collection. So i think thats sort of why i really think its important to focus on the inadvertent nature, not to underscore or pretend as though its not very serious but to be fair about what were talking about. The other sort of element is the characterization of incidental collection. We really we talk a lot about incidental collection in 702 that is where the Constitutional Rights of persons are implicated. But there is a presumption that incident collection is specific to foreign intelligence. Or it is inherently bad. Even when you go to when the fbi not operating as an Intelligence Agency or doj goes to a judge and gets a warrant and targets a particular individuals communication, they collected the other part of that communication as well. Its an inherent feature. And so then in that context a series of protections are applied in order to ensure that incidentally collected part of the conversation is handled properly and that the rights of those people are recognized. The same thing is occurring here. This is a different context. There are different constitutional obligations and there are different operational equities. But what we are seeing is the same that same instinct, an attempt in order to recognize the rights of people and to protect the rights of people that are swept up, not as sort of a Necessary Evil but just because thats part of how surveillance works. I want to go back to alex quoted from the fisa court opinion, talking about, i forget the exact language but a willful disregard of the compliance procedures by the fbi. Jim, you are the fbis lawyer. How does the bureau, how do you respond to that . In general, if theres evidence of some like that, i wont speak about that particular instance today, but we take appropriate action internally. And that can range from a variety of things. If theres some type of intent or malfeasance of that nature that could result in some type of personnel action but well also look for is a retraining problem here, is there a management problem . Is there a technical problem . And with go through it and try to figure out exactly what is the problem . Try to address it, fix it so it doesnt occur again. These things are not acceptable to us in any way, shape, or form. Theres no way. Period, full stop. Theyre just unacceptable but its a big authorization with a lot of things going on and in a highly changing environment because the technology is changing and how the adversaries use technology is changing and so were adapting to that. And so as far as the fisa court says in that opinion, its a large and complex operation, the 702 operation. And so there are things that happen and we dont accept them and we try to fix them. Julian, you got a start on the final debates want to give you a chance to respond to some of the things you have been hearing. A couple things. One is just in particular domains you find a pattern of noncompliance that rises to the systemic level that isnt one or two mall formed queries but is a systemic problem. So pertaining to dissemination of Data Collected under the 215 bulk and the Metadata Program where they found the procedures, restrictions on dissemination of u. S. Person information had been so systematically violated that the overall regime that was imposed to govern that data has effectively never functioned. In the most recent opinion there was an appendix of compliance issues. But one of them finds a particular query tool that was accessing some of these databases, queries pertaining to 704 and 705 and two other sections of fisa, pertaining to this tool, 85 of the queries were noncompliant. That is to say, much more noncompliant querying was going on and compliant. Thats one particular domain but it suggests the problem, responsive to susans comment because of the scale and complexity of this, errors tend to scale. What are the other things the fisa Court References is the issue of not being able to quantify some of these problems, precisely because not of the tools used to query these databases are interfacing with nsas audit system, an audit system that not everything everything, that doesnt cover all the tools used to query is not that useful because thats the first thing is going to get used when something untoward is happening. Yeah, i dont wasnt this to be an argument about what we think of the good faith of the large majority of people currently employed in the Intelligence Community. Im going to accept that. When we look at these problems, they are a function of the size and the complexity of the operations. But when surveillance is being conducted as a large and complex that you have these repeated and systemic failures the rules put in place to govern them, that needs to be looked at if we are comfortable with these existing at all. Because that precisely that kind of complexity and that kind of frequency makes it so much easier to conceal when actual wrong doing happens. We know that previous abuses were not done with that measures taken to conceal what was going on. Abusers of Intelligence Authority in the past were aware of oversight mechanisms and took steps to invade evade them. So when you have a scenario where either complexity or error are causing systematic violations, we can expect thats what intentional violations are likely divide and unlikely to be detected. Sorry. Are you done . The last thing i will say is incidental collection is like universal in surveillance. Right, when you are physically searching someones house you might find correspondence with other people. I think the scale of collection here makes things different. Because at least in the criminal context when that surveillance happens usually there is minimizization in realtime. Theres an effort upfront to filter out whats actually stored. You dont usually have this massive federated database where all of the fruits of the searches pertinent or not pertinent to the subject of investigation are stored in indefinitely. The scale of collection and the searchability of the data in massive volumes makes the issue incidental collection much more pressing. Jim . Just real quick before we leave this topic. In this lengthy analysis, 99 pages i think it is, of the fisa court that weve been talking about in which they take us to task for these compliance incidents in very blunt terms as alex was reading, very blunt terms, very critical. Nevertheless, in light of all that or notwithstanding all that or in recognition of all that the fisa Court Concludes that the Program Overall as run is lawful and constitutional. I mean, they see whats happening. They understand whats happening. And nonetheless, conclude that what were doing is permissible under the constitution and laws of the United States. Thats what they conclude. Thats a good pivot. We spent the first part of this discussion looking at the utility of the program, the debates about it, the issue of compliance, whether its robust enough or not, all of which are important things that people in congress are going to have to grapple with when reauthorization comes but its now i want to talk about the real thing thats going to suicide reauthorization which is politics. And particularly a lot of i think the optics that event surrounding surveillance law that had to say as a journalist covering this for a long time, i find kind of head spinning. What am i talking about . The phrase unmasking entered the lexicon before covefefe took it over. Cant resist. So this issue of u. S. Person showing up in intelligence reports and their names being unmasked for whatever purpose in trying to understand them has been brought up in a number of hearings in the context of whether or not Obama Administration officials in a properly unmasked people who were identified in surveillance reports and to have now been had the names leaked to people in my profession. I find this sort of kind of head spinning for two reasons. One, they kind of surveillance in which this is alleged to have occurred did not involve 702, as far as im aware. Lawmakers who are bringing up these concerns are saying were going to have to look at this when we consider reauthorizing section 702. And you find many of the people who are very skeptical about these authorities now are pretty much on the camp of people who eight years ago were very much rushing to enact section 702 and amend the foreign Intelligence Surveillance act. So theres been a bit of a shifting nature in the political alignment here. Let me just start with, julian, let me start with you. I mean, what do you make of the fact that now this issue around unmasking, which is its own issue and is very much embedded in all of these surveillance capabilities that we talk about, has become this kind of political hot button at this point and what does that poor tend for months from now when debate is up on whether to reauthorize this particular authority . Its very surreal to watch a series of legitimate concerns about surveillance authorities being raised for what are in the particular instances usually frivolous or bizarre reasons. So i think were watching, this is kind of odd train of that. With respect to unmasking in particular, at least in terms of the question of whether rules were followed here, the specific circumstances here seem like its exactly the kind of circumstances in which its pretty easy to understand why unmasking might be appropriate. That is to say, if youre talking about reviewing transcripts or intelligence reports about agents of a foreign power discussing their attempts to suborn or influence someone incoming into senior position in u. S. Government yeah, of course its relevant to assess the significance of that intelligence to know who they are targeting. So thats not particularly surprising and im not surprised at least the internal reviews have found that the unmasking that occurred was mostly appropriate. That said, in a broader sense i do think we ought to even if youre not particularly enamored of the Trump Administration and think there may well be something meriting serious concerns about the relationship with russia, whether thats collection or something else. Ought to be concerned with seeing almost constant drumbeat of obviously selective leaks targeting members of the administration that the folks who are reporting them are usually hardpressed to evaluate the significance of independent whatever context is provided by people who are choosing to leak. It may be that that is something people are choosing to do because the process at this point has been so compromised that theyre fearful that legitimate investigation wont be able to proceed otherwise but the idea that, you know, unelected persons have the power to so effectively derail the administration, even if you think maybe in this case, its the extraordinary circumstance where it is justified, the idea of that becoming normal ought to really concern people. Because you know, a lot of politicians have something embarrassing to hide, and so it should be concerning that there is this subset of the government bureaucracy that has the power to decide whose skeletons end up on the front page. Is that just do you consider that to be just the next iteration of the kinds of abuses that we saw that led to these surveillance laws in the first place . Government authorities using their extraordinary power to punish people essentially, as punitive kind of actions . I mean, theres a range of different things. One thing i think to worry about, yeah, the freak out in some of the fever swamps of online media about deep state coup or conspiracy against the Trump Administration or obama holdover seems pretty overheated. On the other hand, when you see this onrush of leaks right after the firing of comey, you have to look at this and say how much of this is maybe lengitimately people who now think this investigation will be compromise, the only way to get that out is to leak it. Although still illegally. On the other hand, how much of this flood of new leaks is about a peremptory firing of a beloved fbi director in a manner that many people i think a properly directed saw as insulting . Motives are often mixed that way. Mark phelp who turned out to be deep throat, was obviously exposing serious wrongdoing by people affiliated with the nixon administration. It is also probably substantially motivated by annoyed at having been passed over for the directorship which he expected to fall through. Its very often difficult to disentangle public spirited from the motive for that kind of leaking. Let me turn to you. Youve written extensively and you and i talked a lot about you know, the leaks that have come out, what it shows or may show or suggest about the way that this administration is operating before came into office, i think inarguably things in public interest. They seem to be issues that may be imperiling the passage of 702, sort and make it more difficult which you clearly believe would be a very bad outcome. So how do you see the political sides taking shape as we go into this sunset period . I think theres a few things. First, theres no indication whatsoever that any of this information is 702 information, not to say its not relevant to sort of the general protections, but it becomes important in how we think about the various risks of these programs. We should be candid. U. S. Persons information, that is, incidentally collected in the course of foreign Intelligence Surveillance is collected for a particular purpose. Leaking to the media is an abuse and leaking into the media in order to gain a political advantage, even if its to harm a president that you really think is a bad person, thats an abuse. Its not wrong in like this violates classified information sort of technicality. Its actually wrong. Its violating not to Security Protection of Civil Liberties protections. The people who care about Civil Liberties should care about that. Its not as clear to me i would not want to imply that this came from the fbi. Theres lots of part of use, including political components that have access to that information. But we have to be candid and clear and accountable in how we talk about it. That said, sort of related to both the focus on leaks and sort of, i would say manufactured unmasking controversy, certainly it appears manufactured given the information that we have now. That it has actually begun to undermine important elements related to 702. And thats particularly whenever we look at members of congress, including members of intelligence committees, asking questions in hearings that evidence that they dont understand the difference between section 702 and title i of fisa. Very, very different programs with very Different Levels of protection. It starts to become more difficult to offer as a defense of these programs well, theres very robust congressional oversight. The reality is members dont always know everything and they have very, very competent staffs. But whenever we asking congress to serve as proxies for us and these really important areas to be our eyes and ears and then they are demonstrating a lack not just of sophistication but a basic knowledge either they are doing it cynically for political purposes and thinking that this unmasking thing is real or even more troubling, to actually dont know the difference. Thats what i think it starts to bear on the 702 debate because that such a critical component of the protections here. Alex, whether or not these lawmakers are arriving at the conclusions, their suspicions about the way that surveillance is operating because of an ignorance or of an opportunistic kind of moment here. This is raising the kind of head spinning possibility of the spectacle of trey gowdy and devin nunes joint arm in arm with the aclu to modify section 702. How do you feel about that . I will say this but im not as deep and politics of it but i will say that one benefit of the kind of rapid change in the last couple of months is to very vividly instill in people or very quickly instill in people a measure of distrust in government that i think is essential in democracy. I think it is important for citizens to have the distrust necessary to hold their leaders to account, to want to hold their elected and an elected official to count. And i think too much distrust can be corrosive especially if not grounded in fact, and i think that is, you know, thats not something that i find beneficial to anyone. But a sufficient measure of distrust is important. The truth of the matter is that the surveillance authorities that weve enacted since 9 11 have been extraordinary surveillance authorities. Its an extreme amount of power weve given to the executive to spy on people, including americans. And the people who will exercise those authorities are not just elected officials that you will always trust. Its important to build those tools in a way in ways that are robust enough to withstand the possibility of political abuse. While i agree with julian that it seems as of the vast majority of the problems that have been identified with the implementation of 702 and other programs are likely a result of complexity and not the result of bad faith, the question isnt what any particular administration is going to do with the authority, its with the next one, the ones you dont know. Right now we had that one that nobody knows anything cuts of people are so concerned. If we are breaking it down to brass tacks, is the Civil LibertiesCommittee Going to be okay with finding allies what it would not of naturally expected them. I think all the committees that act in this very havent opportunistic in their own. When i was at the aclu, the nra supported one of our key nsa lawsuits. We welcome the support of the nra because they had shared fundamental principle on this issue and it made sense to have that alliance. So to the extent people are coming to the prospect of surveillance reform because of this distrust, i think thats a good thing. To the extent that they might be broader consequences for our society in a more corrosive distrust because of the spread of misinformation, i think that can be a real cost and thats not what im blessing. I want to give the last question to jim before move to q a. And youre not a politician either, right . And eventually the new director and the director of the nsa and other officials will have to go to the hill and make these arguments about why they feel reauthorization is important, assuming they will. As your job as in all of this, as the general counsel of the fbi, what is your job in that whole process . To make sure that the fbi receives excellent legal advice thats the main thing. I mean, i think, i guess i would say a couple different things. Obviously 702 is a law and so theres a heavy legal element to all this and so i will be heavily involved in all that process both within the fbi and within the interagency. At the end of the day, just sort of to wrap up some of these things, look, ive said this before, director comey has said this many times. You should not trust the government. The American People should not trust the government. You should not trust the fbi. We have a lot of power and authority that youve given us. Lets keep that straight. You have given it to us but its you need to hold us accountable. Hold us accountable for what it is we do. I would say to you on this program there a lot of mechanisms that exist to do exactly that. Our effort i think at the fbi is to try to explain to folks what this Program Means for us, how we use it, and to inform the American People and congress that if you make certain changes, what will happen, and so just, not to go into too long, but if the coverage of the 702 were to be completely repealed, for example, or if there were this warrant requirement thats been talked about imposed, in particular on the fbi with respect to the database checks that we do, that would have significant Operational Impacts on us. That would make it much more difficult for us to connect the dots that would increase the risk of something bad happening to the people of the United States. And so i think what congress and the American People have to decide is okay, given that, is the benefit that we would obtain from a Civil Liberties perspective, does that benefit outweigh the potential cost that are difficult for potential that where difficult to quantify sitting here today. But we can tell you in our judgment as professionals, they would be there. The cost would be there. It would be harder to do our jobs. Its up to congress and the American People to decide whether they want that or not. And our job, my job is to try to explain what that is to so that congress and the American People can make an informed decision as this debate goes through for the rest of the year. So we have about 20 minutes now for q a, for discussion with all of you. So please raise your hand. I saw your head first and we will come this way. Do we have mikes going around . No. Okay, please let us know who you are when you ask the question. Thanks. [ inaudible question ] we have a mike for you right here. Sorry. Say your question again. Discussion for both attorneys and the fbi on the spill over into domestic issue, that is, you collect foreign intelligence and the fbi uses it for something that is purely a domestic potential domestic crime. I would like to get some sense of assuming that the this is going to pass the 702 is going to pass what are your major priorities for changes . Jim, do you want to take the first part of that . Sure, okay. [ inaudible question ] live without doing what . [ inaudible question ] could we live with it or not . I dont i would tell you that it would have a negative impact on our ability to protect the American People. I can tell you that flat out. So let me just back up and try to explain this concisely, all right . So post 9 11 the edict to the fbi is connect the dots. One of the things, one of the things we need to do was trying to figure out at a sort of fundamental level how to enable our analysts and agents with one database check to check all of our databases. So overtime at the cost of a lot of money and time and effort, we have done that. And so we figured out a way to make our various and sundry databases, more than 120 of them, accessible to an analyst or agent by a database check. One database check gets you through all that material. We have put into that fisa information including 702 information. So that if we are worried about something and we encounter something, we dont miss that dot that might be there. And so, so thats what we do. Thats how we operate. You have to remember that the fbi operates mainly inside the United States, and we mainly encounter u. S. Persons all the time. We encounter u. S. Persons, people in the United States constantly. Thats different from any of Intelligence Agency to operate mainly outside the u. S. And mainly dealing with nonu. S. Persons. And so when we do a database check, we are probably doing a database check on a u. S. Person. We often cant tell who that is. We dont know the identity. We are checking an email address or some other type of identifier. But we check it. Its probably having to do with a u. S. Person. So if there were to be this warrant requirement, it is unlikely, a work requiring probable cause before we can you do the check, right . Thats what that means. Thats a High Standard of proof. We would not be able to function in that way in our National Security cases or in our criminal cases because you do these databases checks. That would mean that the 702 material, we couldnt access it in the same way it would have to figure out some way to wall off, less and make available to us, increase the risk that something bad could happen. Take the second part of the question. I hope that the solution would be a relatively simple one, technically, less the databases have been designed in such a way that they are inextricable, but that you would have a separate box you would check for warrants. I hope that would be the technical solution. More broadly, what you described, the coalition of multiple different source of information coming from different programs and different purposes. Thats the Mission Creep i fear most is the idea, the fact that this is a program that was sold to the American People as being primarily about collecting foreign to Foreign Communications base on a technical change in the Way Communications were being routed. That then shifted into being a program in large part about getting oneonone u. S. Communications but its dont worry, its still primarily about foreign intelligence and terrorism. Now its part of a database use routinely by fbi to check for evidence of any kind of crime in the u. S. , whether significant or not, whether it relates to foreign intelligence or not. Thats the world i fear. But answer the second part of the question quickly, i think probably the top two items for most Civil Liberties organizations and i wont pretend to speak for them. One would be to codify the end of data collection. If its true now the nsa itself thinks that about collection is not worth the effort, then should relatively uncontroversial to put an end to it, legislative and not just rely on the willful change, voluntary change. And second, would be to close the backdoor loophole that we have been talking about. Close unwarranted access to u. S. Persons communications. Julian do you want to comment . Largely endorse alexs comments. With represent to the creation of the 702 database. Seems and this is the one thing the fbi is the one agency that has been kpecexempt from t. Frequent user of such queries. The bare minimum so we can actually discuss this in a useful for informed way would be to get the baseline, the frequency with which a u. S. Person identifier is used to query the database by the fbi. If you dont want to count queries that come up with nothing, what i care about is how often are they pulling up something in response and what is the frequency that information is used to or relevant to a nonNational Security crime. Thats, i think, baselevel data we need to discuss in a useful or intelligent way. If it turns out that number is very large i think the results are different than if it turns out to be quite small. I suspect its likely to be reasonably large. In general terms, while agreeing with the specifics, the hard core of 702 that no one has a problem with is the idea that you have this problem that was solved by 702 of transiting communications, foreign to Foreign Communications that pass through the u. S. Because of the way the internet works looked like twooneu. S. Wire communications. Theyre ultimately foreign to foreign but dont look foreigntoforeign and no one really thinks you should need a warrant for foreign to foreign intercepts. The solution wasnt narrowly tailored to solve that problem. Id like to see whether through front end restrictions on collection or more rigorous back end restrictions is getting closer to a solution for that problem without providing broader access to u. S. Person communications. Just a quick followup on the idea of codifying. I think this is a little bit misunderstands what the nsa said when they announced this decision. They didnt say it wasnt useful and didnt say there werent costs. They said given the circumstances in the covet benefit analysis this was the right decision. It would be entirely possible that there would be changes in technology that would allow compliance to be resolved more easily. There might be changes in legal authorities or there might be changes in operational circumstances such that that information suddenly becomes more important for the United States to see. And so i think we shouldnt view this as one directional where we reach a decision and we codify it in law and thats an acknowledgment that something isnt important. It should be this ongoing reassessment. So i worry about overinterpretationing decisions. The world changes and technology changes. You had the next question right here, wait for the mike. That way the folks at home can hear you better. Im from the l. A. Times. If the fisk is going to be protecting Civil Liberties in the context is it constructed and devised the right way . Should it be a specialized permanent court, not a collection of rotating federal judges plucked from different parts of the country, and should the judges be appointed specifically by the president and confirmed by the senate for that court so you build up expertise around these issues . Jim, i feel like you should get the first crack at that question. Thats they last thing i want to comment on. Im not going comment on any particular legislation. To me, i think that would be a negative outcome. One of the positive features of the fisk is that you have regular article iii judges making these decisions. These are people who are deciding reasonable arcticuable decisions in an ordinary and open context we all understand and doing that in a secret context and that rotation is a positive things makes it more likely the standards and analysis were leaving in a classified context more like what we see in an open context. I dont think the fisc is a rubber stamp. My complaint is way it is structured onesided situation. Its difficult to meaningfully test programs like this is in a onesided way. And i think thats why compliance incidents dont come up earlier and theyre not as thoroughly examined as you would like them to be. But a broader point. You look at this decision from april and another very lengthy one from november of 2011, these dont read like ordinary article iii decisions. They read more Like Committee reports. They read more as though the court is being asked to fashion rules of the road for the nsa. And then theres this interchange between the government and the court. There is informal exchange. Looks like the back and forth that happens in committees. The opinions read like legislation. It wouldnt be a bad thing to have most of the ground rules set at a different level with a more open forum and input from a broader set of stake holders than we have it now. I think part of the problem here is that the fisc was defined to do something it still does. Which is evaluate the adequacy of a showing of probable cause and application of a particular wiretap and has taken on a second and more systemic policy Evaluation Task that is probably not that well equipped for i dont know to what extent this effects it that when you bear in mind that second function that these people are all uni unilaterally selected by the chief justice of the Supreme Court. Have a mix of republican appointees and democratic appointees who were part of a horse trade is not the setup you would have if, from the outset, you had thought this was going to be basically policymaking body with a kind of weird paradoxical body of secret common law guiding its deliberations over time. Over to this side of the room. Sir, in the back. We talked about the black door search loophole and i wanted to get your thoughts on a specific reform that is the metadata warrant reform to the back search loophole so you have the fbi able to search database using u. S. Person queries but it would only return metadata until the point they get a warrant. Do you think that is a good compromise, or are there pitfalls to that approach . Can you let us know who you are . Austin mooney. Okay. Who would like to take that. If jim is able, he is i would just comment, its the same answer i gave before, which is that would have a significant negative Operational Impact on our ability to respond quickly to the threats, to the threats that we have to face today. I mean, youre adding on just to talk about the terrorism reality for a moment. The terrorism, the Way International terrorist groups operate has changed significant he over time, especially isis and especially their methodology of just doing sort of lowtech types of dangerous and harmful attacks around the world. And so what we call the flash to bang, the time from when someone is radicalized is much more compressed than it used to be. So layers upon layers of reviews reviews and break bounds you have to consider the impact on that. Its not up to me to tell you what the law should be. The more layers you have, the more requirements you have, the more its going to slow us down. And you may say thats a good thing, but its going to slow us down and its going to make it harder for us to do our job to protect the American People. Im just saying that. I think one thing that jims comments reflected and is a little misperception is that a warrant requirement is very easy. Put this standard in and it seems like a simple fix and in the executive branch, very wide sort of body of Legal Compliance grows out of all of those new policies and procedures, and so what in pure legislation can look like, not that onerous of a standard, whatever you actually Start Talking about implementing it in practice youre talking about lots of lawyers, multiple offices, needing to have lots of communications and so what seems like you should be able to resolve in 45 minutes, were talking about days or weeks or sort of beyond. And thats i think thats some of where the anxiety comes from in placing what seems like a reasonable operational compromises on sort of the actual functioning of the system. I would say its a step in the right direction, but the scheme that i would favor would be one where at the outset the government is obligated to avoid the interception of American Communications and if the system is imperfect, which inevitably will be, it should avoid reading the communications without getting a warrant and for either period of time might be a coupleday gap to get a warrant. That scheme is fairly similar to one proposed by former senator russ fieingold in an amendment o the fisa act when it was first considered. That is closer to the theme i would find acceptable. Think thats a step in the right direction. I think i dont want people wasting time crafting applications and going through the hoops to submit a warrant to then find out the answer is theres nothing there. Im okay with them at minimum knowing whether there is something responsive so they have some sense of whether it is worth their while to craft a warrant application. I think i could live with that. I know liza is much more down on proposals of the sort but she has a whole keynote to tell you about why its a bad idea. One more question. Yes, in the back. I have a question for mr. Baker. What are the subplot surrounding the 702 debate whether whether or not the Intelligence Community will disclose the est of number of u. S. Persons who are implicated in 702 surveillance. As you guys mentioned its mental to be a foreign Intelligence Program but it does ensnare many u. S. Persons. The former number two at the nsa said he did think that an estimate would be provided to congress and the public by the end of the year. They thought they would get an estimate early enough to perform debate but still waiting. It continues to be something that privacy advocates have pushed for. Does the fbi support a disclosure of the amount of u. S. Persons implicated by 702 or as the agency in any way tried to push back on that effort or resist it . Thank you. Well, first of all, not our job to go counting what it is that nsa has collected. So they have to figure that out. And it is a significant challenge. In part and this has been said publicly before, we often dont know who these people are that were intercepting the communications of. So just from looking from the outside of a communication. And even if you look inside of it in terms of what people are talking about, how do you know whether they are a u. S. Person or not . Theyre using a particular email account . Even ip addresses are not always a perfect analogy in determining who is a u. S. Person and whos not. What one of things we have to grapple with is how much time do you want us to devote to this . And how intrusive do you want us the Intelligence Community how intrusive do you want us to be . You have to do in sometimes mean investigations to justify the identity of the commune communicant. Becomes very difficult to provide an estimate that you would have confidence in where the margin of error would be sufficiently low or small that you would say that you would be confident that the estimate means anything. [ inaudible question ] im saying there are significant challenges to trying to do that effort that we understand, yeah. Just to follow up. So theres the question of you know, what presumption you afford to people where you dont know. Theres a risk of producing a number that is misleading in some way. So if we have transparency efforts they should inform the public. The other is a question of whether or not a number metric is actually the thing that most or best informs the American People. Right . Is knowing that number, an imperfect estimate under the best circumstances of that number, does that really help the American People make a decision, a better judgment about how they want these programs to be constructed . I think there are other forms of transparency more related to process that go to you as an american citizen, how is your information collected, how is it used . What are your how are your rights protected . So getting additional transparency into those types of processes, to me, strikes me as a more meaningful form of transparency. If were going to be pushing on those efforts which i think are laudable, there are other places to put our energy and that these numbers have really become sort of symbolic in ways that are not constructive to the debate . Do you want to respond . I think those numbers are enormously important. Thats why privacy advocates have been pushing for them for a while. Its why the nsa asked for the permission to do this. It actually is now consistent with the minmization procedures of the nsa with an estimate for the congress. The most controversial aspect of 702 has been the incidental collection of u. S. Persons communications and the in the war of terminology the nsa has won by virtue of the fact we use the word incidental in some connotation even if not in explicit meaning minimizes the problem and makes it seem as though its incidental, its at the fringe when in fact it may be a large number of communications that are swept in. I think we should care about fail saves. I care about the procedures in place to protect the u. S. Personal information and also want to know what is the scale of the damage or the potential damage if theres a failure in those layers of security. So im interested in the number and i dont know if the number were 150 i dont know if we would be hearing the same level of sort of suggestion its irrelevant. Wed be hearing, see how small it is. I want to thank the audience and the panel, hopefully as this debate unfolds it can be this thoughtful and respectful and engaging. Thank you to the four of you and thank you to the audience. [ applause ] cspans washington journal live every day with news and policy issues that impact you. Coming up wednesday morning, new york republican congressman john fasso on president trumps budget, the gop agenda and efforts to combat lyme disease. Then former james comeys upcoming testimony before the Senate Intelligence committee. And president trumps proposed travel ban and the recent terrorist attack in portland. Be sure to watch cspans washington journal live at 7 00 a. M. Wednesday morning. Join the discussion. Wednesday, the Senate Intelligence committee holds a hearing on the foreign Intelligence Surveillance act. Witnesses include the former director of national intelligence, acting director of the fbi, nsa director and the deputy general. Live coverage begins at 10 00 a. M. Eastern on cspan3, and the cspan radio app. Thursday well have live coverage of former director jim comeys testimony been the Senate Intelligence committee. And if youre on the go, you can follow the former directors testimony live on our cspan radio app available free in the Apple App Store or for android devices, available on google play. Cspan, where history unfolds daily. In 1979, cspan was created as a Public Service by americas Cable Television companies and is brought to you today by your cable or satellite provider. Now more from the Stanford University conference on the future of the foreign Intelligence Surveillance act. This panel looks at the history of the legislation and what happens when it expires in december. This panel is 45 minutes. Were going to get started again. This is our last session, our keynote speaker. Liza is