Foreign Intelligence Surveillance act, legislation that gives Government Authority to monitor internet activities of nonu. S. Citizens. The Stanford UniversityHoover Institute hosted this event. This panel is an hour and 15 minutes. Tiny little table. All right. We are about to get started again. There are still a lot of seats in the front, too, so i encourage people to fill in as much as possible. Im russell wald, the manager manager here at the Hoover Institution. For our next portion of todays conference, we will focus on the law and Civil Liberties of section 702. Im going to do a very brief introduction of the esteemed panel and tush it over to the moderator. First i would start with Julian Sanchez whos a senior fellow at the Cato Institute where he focuses on the intersection of technology and privacy. Alex abdo is senior attorney with columbia universitys knight First Amendment institute. Formerly a senior staff attorney at the aclu where he has argued cases before the federal before federal Court Related to nsa surveillance. Next we have susan hennessey, she is a fellow at the Brookings Institution and the managing editor of law fair, previously she served in the office of general counsel at the National Security agency. And closing that out we have the general counsel with the federal bureau of investigation, thats james baker. And our moderator for this session is shane harris who is a Senior Writer on intelligence and National Security and Cyber Security related issues at the wall street journal, also author of fantastic book on Cyber Security issues titled war. Im turn it over to shane. Okay. Thanks, everybody. Can you hear us okay . Okay. Were here for a cozy panel this afternoon. Thanks very much for having us here. Ill say personally as a journalist covering section 702 and related issues, the civil liberty issues have been top of mind, i think certainly more most americans and my readers has long been a top of mind so im very pleased to moderate this panel and we have a terrific group of people up here so im going to talk and moderate a discussion here. For the first 45 minutes or so and then were going to open it up to some q a. Please think about questions that you want to ask and well get to as many of them as we can towards the end. So i actually want to start with jim baker. I think not to put you in the spotlight or anything. I think you might be most senior and you get to stand in for the interests of Law Enforcement maybe and national zurt in this. I just want to start with a sort of basic first order question which is, can you just explain to us, you know, in plain english why section 702 authorities are important for the work that the fbi is doing. I mean, what is the sort of baseline that you come at of why this is an important capability that i presume you will say needs to be reauthorized. Well, shane, thank you. Thank you to the Hoover Institution for having us here so i appreciate that. 702 as matt olson was saying in the last panel is vital to the fbi and to the Intelligence Community. It provides us with wide range of foreign intelligence information, especially including actionable intelligence, stuff that we can actually do something about and so thats critically important for us. It is something that the fbi takes in and combines with other information that we have lawfully acquired just as we have lawfully acquired the 702 information and we pull that together in order to connect the dots. This is what everybodys heard since 9 11. It was one of the key findings of the 9 11 commission. Telling us that one of the flaws was that the government did not adequately connect the dots and so the fbi combines 702 information with all of the other information that we have and we check our databases against it and try to figure out when we get a tip, a lead information from different sources what do we have in the existing holdings about a particular matter, a person, an email address, this kind of thing. And so we use that to guide our investigations, to ferret out what it is we need to focus on, what the threats are and move forward. So its vital to our daytoday operations. Well get to this, im sure but something you would argue without it, what would it look like without it . Well, we could talk about im not going to propose other legal methods that we could its taken away today, whens the landscape look like for the fbi . So if its completely taken away, then you are the fbi is losing a vital source of collection on very important targets. We try to be very focused at the fbi. Im speaking just for the fbi. The fbi is very focused on which targets it asks the Intelligence Community to target. Or to what selectors we ask the community to target because we well, first of all, we have to make sure its required that any of our selectors, are associated with a full investigation, meaning the highest level of pred case that we have in order to open an investigation. And so, if we were to lose it altogether we would lose vital collection on a range of very important targets. It would also deprive us of dots. Right . It would deprive us of lead information. It would deprive us of an ability to connect people to threats, to connect threats to particular individuals and to ferret out exactly whats going on. Susan, recently the nsa has amended some things of the 702 program, particularly the collection of socalled about information. Walk us through a little bit of what that means and what you think the practical reasons for doing that were and what the effect of that may have been. So im nervous to say this. I see some familiar former colleague faces so hopefully they wont be shaking their heads on getting it wrong or something. Right. So this is a highly publicized decision that the nsa announced a month ago, a few weeks ago at this point to voluntarily end about collection. Under 702 there are two forms of collection, upstream and downstream. Within downstream theres only two and from collection and in upstream theres another category, about collection. I think im citing the numbers correctly that upstream accounts for about 10 of 702 collection and about collection within that is 0. 02 . The former Deputy Director of nsa chris ingless wrote a comprehensive paper on that and i think those are the statistics he cited. Nsa announced following compliance incidents they decided to voluntarily end this practice. So this set off a series of controversies. First, because nsa had in the past represented that this was important and vital and necessary. And so, there was some criticisms that that was somehow not an accurate representation because now they didnt need it anymore. I dont think that thats quite the right way to view this. We know about collection does pose a potential heightened risk of collecting Domestic Communications and Domestic Communications that happen to mention the particular target, this might not just be a u. S. Persons name but a u. S. Entity, right . So American Airlines or you can imagine the particular utility of that form of collection. In recognition of those heightened risks there were additional safeguards created in order to try and mitigate against the risks. There was a series of inadvertent compliance incidents. They occur, serious. The fact theyre accidental is not doesnt minimize their significance. Although it is quite relevant to the current discussion. Those were self reported to the court. So were seeing exactly the process we want to see, compliance incidents being detected, self reported and then a determination was made that rather than invest the cost of coming into compliance, right, doing the things that were going to be necessary to ensure those compliance incidents wouldnt occur again moving forward, it was better on a costbenefit analysis to eliminate this form of collection. Nsa has said that theyre not able to eliminate this form of collection without also losing other important information. So theyre saying that there is a cost here. This is about risk management. So again, this is a process that we want to be seeing. We dont want intelligence agencies to sort of take a collect it all lets just get everything we can. We want this kind of voluntary and ongoing assessment because this is such a critical area. Theres that said, theres a i think its a little bit of an illustration of some of the potential perils here and evaluating the difference of nsa saying it was a necessary program, and worth it, previously and in this instance deciding to no longer go forward with it, its in examining the costbenefit analysis, as we add costs, eventually costs will outweigh the benefits. We know thats true for everything. Even if you take sort of those core vital parts of the program that matt also was talking about, if we put enough costs there, that will outweigh abe so i think this is why in this instance i think it was a prudent decision. The appropriate judgment. But i dont think that we should sort of take for granted the notion that there arent real costs here and there arent costs as we putt on additional reporting and technical requirements. Just one more question on the compliance incidents. How do we know they were accidental and inadvertent . There was a declassified Court Decision that while it was extremely critical of the nsa on a series of metrics, was quite clear that it had no indication that there was any sort of intentional malfeasance. Alex, let me turn to you. So, we have a program that the Intelligence Community says is vital. Responsible for a large amount of intelligence. But it appear that is the Intelligence Community is willing to i guess they would see it as amend the program when they feel its made mistakes or gone too far. When you look at this amendment and about collection srks that satisfying to you from the Civil Liberties perspective or is that would you read it more as a token gesture considering that this is a susan said responsible for a fairly negligible amount of evidence in the Overall Program . You know, i think its hard to know what exactly to make of it given that the nsa, for example, hasnt disavowed to in the future reseek this authority. They havent complained technically whats changed about the way in which the nsa is engaging in upstream surveillance. There are technical questions that go along with that. And it raises i think a different question. I have a slightly different take of susan on what it says of the prior representations relating to the vitality of this part of the program to section 702 more broadly. Whether the pclob examines privacy and civil liabilities oversight board. Right examining for the report it issued it focused pretty heavily on about collection because its a controversial form of collection and based on represent takes of the board by the nsa had a report that it said it was a technical necessity to conduct about surveillance in order to be comprehensive and even to from surveillance and made it sound as though its vital so while i agree with susan its a question of cost benefit analysis, the nsas previous representations made it sound as though, you know, the benefits were too high and the cost of losing it were too high to ever consider losing that and now, you know, almost on a dime they flip and eliminate that authority. But again, its hard to know what to make of it given they havent disavowed an intent to seek it in the future. And, you know, susans right to point out that the reason we know about the compliance incident with it is from this court order. The only reason why the court order knew what to publish about the compliance incidents is because it was self reported by the government so we have the governments representations of the scope of the problem and whether it was accidental or not and we dont have i think a full sense of the story. Does it feel to you that the modification which was obviously portrayed as a very big concession is actually just a token gesture . You say its hard to know but what does your gut tell you . My guess is that the temporary cost, the kind of present costs of bringing the program into compliance with what the fisc wanted it to be, you know, the nsa decided were too high at the moment an preserving flexibility and my guess is that if Congress Suggests codifying the end of about collection, if Congress Suggests amending 702 to prevent the nsa from restarting about my guess is nsa will vigorously oppose. Thats the test of being a gesture or something more. Julian, you are one of the i think better explainers of not just intelligence policy and surveillance law but articulate the Civil Liberties component of this, as well. What are we really worried about here . We are hearing about a program that provides the massive capabilities, huge compliance, as jim baker said, very targeted, very focused. From your perspective right now heading towards the end of the year, and the question of reauthorizing this, what are the top of mind Civil Liberties issues that you think that, you know, people in this room in particular have to confront . Sure. I mean, i think the central concern always with intelligence authorities is the political misuse of intelligence thats gathered. Somewhat different set of concerns than from what primarily arise in this with the criminal surveillance context and there are sort of two halves to that. One is a sort of insufficiently accountable Intelligence Community serving its own interests using the data its collected and we think here, of course of sort of image of j. Edgar hoover with the personal and confidential files essentially. Yanking the leash on his nominal overseeing using the power of the information he had amassed about them and the other issue, of course, is the insufficiently autonomous intelligence agencies staffed by loyalists to the administration in power using as a tool to gather political intelligence about their opponents or torpedo political adversaries and one reason i think 702 sort of raises special concern about that is just the scale of everything has magnified dramatically. If you think back to the intelligence scandals exposed in the 1960s and 1970s, these involved first sort of lever intensive deliberate targeting of Martin Luther king and antiwar activists and civil rights leaders. And also, because it involved specific targeting of that kind abuse that was after the fact, the sort of thing you were likely to notice. I think one point in the 70s and then attorney general levy noticed a decadelong wiretap on the naacp and said are you indicting . What is it there for . And so were able to at least shut that down. One reason 702 is so disturbing is youre talking about every year somewhere between 90 and 100,000 people dumped into a massive repository, probably on the order of some billions of communications annually now. And then being stored for years at a time so the concern isnt just will there be improper targeting of someone of the kind easy to detect and then trace back if that information were misused. Its do you trust that this sweeping kind of black hole capture sucking in which you have is not only not improperly targeted in the inception but not properly used after the fact and especially when you have these kind of indemonstratic compliance issues, that is when the formal procedures to constrain access to the data are being routinely ignored as it seems increasingly is the case of court informed months or years after the fact it is very difficult under those circumstances to detect abuses when they do occur because the abuse part under circumstances where you have got that massive database is about what someone knows when they leave with that information and what they do with it after they leave the office. And thats the sort of thing that half the fact is extraordinarily difficult to track so my concern is the potential of a reprieve of the bad old days of intelligence angt but to detect it when it happens. Lets kick it over to jim an susan on this particular point because julians raising this issue of compliance routinely ignored and precisely the fear of people on the Civil Liberties side, yes, you have this extensive, exhaustive some might say Compliance Regime and an ability to ignore so respond to that idea s. This something thats routinely ignored . Is that an unfair characterization in your mind . Completely unfair. Nobody ignores the law. Nobody ignore it is policies and procedures that exist under 702 or other parts of fisa. It is not the culture of certainly at the fbi. Thats not the way we operate. Thats not the way we manage. Thats not the way we lead and people are expected to comply with the law and comply with directives and the rules basically. People make mistakes. I mean, we are human enterprise involving complex technology so tell me where else in society there are not mistakes of humans and technology. Right . So the key is that there are multiple overlapping layers of compliance run by a variety of different folks. So for the fbi, right, we have department of justice. We have the odni. We have the Inspector General of the department of justice. We have the fisa court, obviously, most importantly and we have congress conducting oversight, having hearings, Staff Members come and get briefed an enso on so there are multiple levels of oversight that are there to prevent exactly what julian is worried about and i understand why people are worried about it and, you know, whenever the government does anything with respect to the collection of communications regarding americans, people should focus on that. Peop