Absolutely superb and it is a privilege both to be here and i really want to applaud the board for taking up this, i think, really difficult but fundamental issue about what is privacy and how in practice might we go about protecting it within the private and public sectors. I want to really just offer observations as oppose to any specific if you will recommendations or conclusions. This touched some of the last panel. I think the fips are frankly not interest mendously useful. Im not suggesting abandoning them which is a big change for me. Ten years ago, a chapter called the death of fips but unfortunately ive gained a little bit of college here but i think we used them almost, like we can roll out these eight principles or depending on which list of fips you use or that will get us somewhere. And that far too frequently both in the private and in the public soerkt they really dont get us anywhere. What we end up is we end up just like talking about in the last panel looking for substitutes for the fips. We cant have consent, what could we have. Rather than asking what is the purpose to be served in the first plis and maybe no longer rel havent as tool to achieve that purpose, rather what are we trying to do here and really the question youve been asking all day, what are we trying to protect, what do we think protecting privacy really means. I say this by the way about the fips in part because im not sure that they have ever worked terribly well and certainly in the environment where they are largely noticed and im not sure that they work well in a world of massive data whether we call it big data or just high volume data. But the notion of a sort of fips like approach particularly with the focus on the individual when the broader issues are frankly societal. Maybe the impact on the Civil Liberties. Not of one person but everybody. I dont know that the fips help focus on the way and frankly the fips led to some silly results. I would just mention ive been surprised by example by the department of Homeland Security privacy Impact Assessment on border searches of electronic devices. Which focus a lot on notice adds Privacy Protection. At the point that your device has been seized from you and its contents cop ooed, it is difficult to think that notice is meaningful protection. It may be necessary but whether its protection or not, i think its not. Second point, one of the things we are seeing emerging in the debate in the private sector and we see this especially in europe and the context of discussing the general Data Protection regulation there is greater focus on Risk Management or Risk Assessment and Risk Management. I dont mean to use this because it is the jargon of the day but rather because Risk Management is an incredibly valuable tool that in the private sector we are far behind on. We have a clear idea what it means. Part of the reason is we dont know what risk were guarding against. We are very unclear what are the harms, what are the impacts, what are the negative effects we think we are balancing, if you will, of what are the positive outcomes of the use of data or what have you. One reason i think the Risk Management approach offers value in both the public and private sector is it makes us stop and say what is it we are trying to accomplish. What are the positive benefits and negative impacts not measured in terms of fips but measured in terms of actual impact on individual or on society or on the economy. As we think about it. When using Risk Management or if you hate Risk Management, in either case, third point, i think theres a lot of reason to focus more attention on use of data. And this has been a real weakness of the u. S. Legal system. Those of you who have suffered through law school know that Fourth Amendment has almost nothing to say about use of data whatsoever. You can have illegally seized data that the court acknowledges is illegally seized. There would be no disincentive for the collection only the collection of the Fourth Amendment in Supreme Court juris prude yens has been focused on. And for this reason i think we really would be better to think more about reasonable and effective limits on use. And i think thats what the public most commonly cares about. And one of the practical reasons is there is almost always a legitimate reason to collect the data. Always some employment reason or security reason. There is some private sector reason. You know, verizon had a reason to collect the data. And then the question was who could access it and how could it be used. But our legal system is focused enormous attention on collection and once the data are in the governments store house then we feel that the data are more commonly out of control and i think that is a critical area to focus on as well. Fourth, as i mentioned, i think the Fourth Amendment while a critical legal limit and i certainly incur thats yellow, right . For the rest of you, you will know, i just got a yellow card. I think the Fourth Amendment is critical legal limit and we must of course observe it. It is not a very useful guide for telling you what to do in the future. For a positive analysis of privacy issues. And i think we should again be careful about that. Too often in our rhetoric we say, its permitted under the Fourth Amendment, as if that tells us anything. Other than it is not illegal under the Fourth Amendment but doesnt tell us anything under the ethics or desirability or what have you of doing it. And fifth, i would just say, it almost all of these areas, and i understand in National Security this is particularly odd, i think redress is something we need to continue to focus on. We see many uses of data in the government setting and in private sector. Which are done without regard to redress. With just sort of well, if it affects the person inaccurately every now and then, what does it really matter . We will deny boarding to people on airplanes or provide extra security for the wrong people. This is not an efficient use of government resources. And it is not a good way to think about privacy. And i think we should be very clear in those rare exceptions where we say, there might be no redress available here for the individual in which case we now have to provide it through other means inspector generals or the other ways of approaching it. But at all times we should think about redress, not just because of the rights of the individual but because of the interest in insuring that the system works as advertised and as it should. Thank you very much. Henry giegler focused on civil liberty, computer crime and cybersecurity. Thank you for being here. Members of the privacy and oversight board, thank you for inviting me to speak at your meeting today. Thank you for your excellent work for ensuring protection for privacy, Civil Liberties and terrorism programs and congratulations on having one of the best acronyms in town. When it comes to evaluating Privacy Protection, the center for democracy and technology believes that fair information practice principles are a very important framework for both government and the private sector. Now you can add other privacy frame works on top of that. We do not disagree with professor kate that societal impact is in use and protection focuses on the purpose of Data Collection are also useful but we view the fips as indispencible framework for evaluating privacy collection for Data Collection practices. The individual principles as you know are overlapping and mutually dependent on one another. It is a framework. An smorgasbord that you can choose and pick. And there is obviously some discussion in the private sector about doing away with Data Collection limitations or the data minimization principle of the fips seeing as how we are in an age of big data. But in the time you have given me, i want to address this head on in the context of government surveillance. First, cdt believes that there still should be collection limitations on private sector Data Collection. And that data minimization principle of the fips should apply to the private sector. Second the government should not take its cues entirely from the private sector when it comes to noogs national surveillance. It is fundamentally different from National Security surveillance and therefore even if the private sector were to collect data in some other man fer an alternate universe, then they should not follow suit. National security arms are not as transparent or responsive and are not likely to be. Major companies in addition allow or are required to allow the collection of information about them. More and more services are differentiating themselves on the basis of strong Privacy Protection and of course individuals can choose ton participate in a commercial service as a means of limiting direct Data Collection about them. But Data Collection for National Security purposes does not permit any meaningful choice. So this is not to law the private sector Data Collection practices because cdt does view them as generally inif you fishant protection of privacy. Buzz of the differences i just broefly listed and other reasons, even if the private sector fails to robustly apply the fips, government amg encys should not follow suit. If anything, because of the differences government should strive for more strict and consistent application of the fips than that of private sector date why collection. So i have a small set of broad recommendationes it make. First, the government should place greater emphasis on implying the data of the fips. Back in to minimization procedures alone are not sufficient. Front end is also critical. Trust is breached at the point of collection. Once the government collects information nonstatutory internal restraints on access and use can fall away like sand castles on a beach. We saw this happen with the 702 loophole. So surveillance should be restricted at the front end by narrowly limiting to what is directly needed to accomplish a specific purpose. Date why should then be retained only as long as necessary to fulfill that purpose. And the data should be destroyed unless a determination is made that the data are needed to accomplish the specific purpose. Specified purpose of Data Collection itself should be subject to meaningful restriction. For example, limiting the scope of what is relevant under section 215 or definition of foreign intelligence and executive order 12333. So goal should be overall to move from mass Data Collection to targeted Data Collection of both u. S. And nonu. S. Persons. A fair reading of the statute does not seem to grant them with this authority. So with order or when necessary summaries of opinions would substantially boost transparency. We should not be a nation of secret laws. Third the government should have scope and request for data under National Security authorities. The government should authorized the private secretarier to make similar reports. Information is power and privacy is control of information. And entity possessing information about an individual has power over that individual. Large scale government collection of information about individuals threatens the relationship between citizens and the state because it upsets the balance of power that supposedly exists in democratic society. Therefore, cdt urges to recommend that the government recommit to robust application of fair information practice principles as well as other considerations regardless of what the private sector does. With much more targeted Data Collection and greater transparency. Thank you. Thank you. Our next panelist is john grant. Mr. Grant is a Civil Liberties engineer and he previously served on the staff of the senate Homeland Security committee where among other things he oversaw the department of Homeland Security. Thank you for being here. Thank you for the invitation to speak today. As i never tire of telling people, i was a staffer on the greeting club. So i take a parent of the board and im sure it is every parents dream to one day testify in front of their children. I will spare everybody the commercial, just suffice it to say, building a data platform, that works with data, starting with the Law Enforcement intelligence space and extended to deployment around the world and in a variety of context and the Financial Sector and elsewhere. Our technology isnt successful if in the course of achieving an organization we are not able to be deployed in a way that protects privacy. That is something that founders of the company instilled from day one and that is why my job exists a Civil Liberties engineer. One thng i learned, and this is different from the hill certainly, when you walk into a room and say to engineers, im worried about this thing youre building. It creates a privacy problem. The response is oh, okay, how do i fix it. Which is not often what you get when you ray these things other places. So it is our job as an Engineering Team to come up with suggestions for how to fix it. Im a lawyer. As you may have guessed. So i do not necessarily possess a lot of technical skill. So the main role for us is to translate between the lawyers and engineers. So what i want to focus on today a little bit is some of the technology at a high level and then i had actually suggestions for moving forward that i think are actually fairly low hanging fruit. So just briefly to provide context, as i said, Data Management and data analytics. Were not dealing with the collection of data. This gets more to professor kates point about the use of data. And we have two sort of high level categories of technology that deal with manage willing or protecting privacy with the oou use of data. There is Access Control and oversight mechanisms. I want to start by pointing out and this is something to keep m mind just as technology expanded, power of surveillance and the amount of data collec d collected, it is also significantly expanding the leflt of Privacy Protection that isvilleable at the agencies. If you imagine 50 years ago if there was an fbi file, this is probably pieces of paper in a red well, sitting on a desk somewhere or maybe locked in a desk drawer. Hopefully locked. Or maybe in a dusty basement archive or Something Like that. And there is probably limited tracking of where the log book was. And anyone accessing the file can see whatever is in the red well. You can just rifle through it and you can see everything even if it isnt directly relevant to what you need. It o would be nonexistents you couldnt see who added information to the file. Who deleted informing from the file. And deletion is hopefully burn bag or shredder. Probably just crumb pling it up in the trash. Or a black magic marker redacting a few points of information. Today we do a lot more management data and oversight. And management at a grander level. Thats what axis control point. Which you can now build axis controls to manage data very prenicely on data point by data point basis. Can you do it in a more nuanced way. You dont have to choose between access or not access. Can you make the Access Controls dynamic and so there is a lot of options and sort of the way the many options you have to configure the Access Controls give you a near infinite variety options in how to manage data. Who can see the data and what they can do with the data. The other point is oversight pecknisms. And this is really you think a lot about audit logging and also using technological electronic work flows to control exactly how data flows around an organization and who can see data and what kind of analysis they can do with it. Or hard wiring an approval chain for use of data and things like that. And these can be very detailed. So the or the hard wired approval process and things like that. That can be very complex and involve multiple actors. And then the auditing of how data used it self can be incredibly granular and incredibly detailed. And i want to get to other point. Just these two capabilities are a significant improvement of what existed before and can get us a long way. And there are things that exist today. Now im obligated to say that poll intier does this best but this is not exclusive to poll intier and they can be deployed and can be used in a lot of different context. So what is the problem today . Why arent these capabilities being used more . A couple things. One, issue and technical awareness. Lawyers dont know technology and engineers dont know law. And you need people who know both of these things to be able to make the decisions as how to use these technologies. How to incorporate them into programs. Lack of resources. You need people who can actually manage the data. You talked about this in earlier panel. Alex joel has a very small staff. Erica has a very small stafkcaa. They need resources and infrastructure do this. Resource is hard. How do you use an audit log. How do you use it effectively. How do you Access Controls especially wh