Congress. For example, the usa freedom act and similar initiatives. You have as part of that also the proposal to create an advocate of some kind,e. Here again, an attempt to influence or affect what are the rules that the intelligence agencies are expected to follow. And then a different part of that question is, what oversight mechani mechanisms, what assurances do we have that the agencies are following the rules . And you are part of that. I mentioned the congressional committees, and then all the layers within the executive blanche itself. So i think i hope that the public discussion has been shifting a bit from whether or not were following the rules i think what i perceived in the public discussion is a greater acceptance that where he in fact trying our best to follow the rules. Were not perfect and we make mistakes. But were trying to follow the rules as best we can. And now that the discussion has been shifting to what should those rules be . What are the rules . And what should those rules be . I think we can and must provide Greater Transparency into both sides of that equation and were working on that. I would also say that another thing that i know the board has been pursuing, which is the recommendation that the board made in the 702 report regarding efficacy. To what extent are the programs effective and to what affect do they provide value is a key part of the transparency equation. We have to figure out ways to identify the specific value associated with particular programs and activities and then be more transparent so the American People can render a judgement on the need or desifo. The Intelligence Community is not built for transparency. Its built for the opposite, of course. We train, provide policies and systems and reminders to our work force of the importance of maintaining secrets the sources and methods that the Intelligence Community uses. And this is vital. We have to do that. Were reminded of that need all the time. But at the same time, we have to find ways to enhance transparency. Its going to involve some changes in culture, training, a look at policies and processes within the Intelligence Community. I know you may want to ask questions about that. I look forward to that discussion. Thank you again. I appreciate it. Turning now to erika brownlee. Shes the chief privacy and Civil Liberties officer of the department of justice. In that capacity, she is the principal adviser to the attorney general on privacy and Civil Liberties matters affecting the departments missions and operations. As part of the office of Deputy Attorney general, miss brownlee oversees the departments privacy and civil liberty programs implemented by Department Components and component privacy and civil liberty officials. She reviews and evaluates Department Programs and initiatives and provides departmentwide legal advise and guidance to ensure compliance with applicable privacy laws and policies including the privacy act. Thank you for coming. Thank you. Thank you to the board for inviting me here to talk about what is a very important topic. You asked about private sector experience and other government experience. I also come from the federal trade commission, which in particular the division of privacy and identity protection, which the federal trade commission is a very different orientation toward the commercial side of privacy but nonetheless an important perspective and an interesting one to bring this to position. Counterterrorism is significant part of the departments mission. Since my colleagues on the diaz will be talking from more of an intelligence lens, i thought i would orient my remarks towards the departments efforts to fight terrorism from within the criminal Law Enforcement context. The department has an elaborate architecture that protects privacy in our counterterrorism work. Since i only have a few minutes, i will focus on the lead agency and those efforts, which is the fbi and focus in a little bit more on the efforts with their counterterrorism activities. But stepping back for a minute, of course, as we know, off 9 11, it was recognized that in order to address the current threat environment f bis functions needed to be expanded. But it was not intended that the expansions would come at a cost of Civil Liberties. So in 2008, the department issued the attorney general guidelines for domestic fbi operations and later that year issued the domestic investigations Operations Manual and combined those two documents provide significant guidance for fbi activities. But what i wanted to talk to on i know i dont have enough time to get too far into the weeds is just to explain how privacy sort of is imbedded throughout the stages of an investigation from the initial phase throughout the process. So, for example, one of the key tenants of both documents is the least intrusive method. So in other words, in any activity that the fbi engages, thats the baseline. Within the counterterrorism context, its calibrated against the threat to National Security in which case more intrusive methods would be used. But in terms of a little bit a little bit more detail from an operational context, when an fbi conducts an assessment, for example, which necessarily not necessarily, but often times is proactive, that would involve doesnt require a factual pred i indication but it does require a clearly defined objective. The least intrusive methods in that context would be even starting with publically available information to voluntarily provided information in that perspective. And then moving up from there, with regard to predicated investigations, which, of course, by which implies their title. They requires a factual pred indication to open that investigation but that has to have supervisory approval. And both types of investigative activities, whether assessment or predicated investigations, require or are subject to oversight. Alex mentioned doj oversight on the intelligence side but also on the Law Enforcement siede fo counterterrorism. The National Security division has Oversight Authority for those kinds of activities. Now, beth mentioned and asked us to talk about or think about how this apply. If you are looking for the acronym, there are lots of them in documents. Its not actually in the aggdom or the diog. They are imbedded throughout the principals. If you think about even just from a transparency perspective all that im discussing with regard to the diog, all 700 pages of it for Light Reading for anyone interested, its on the web with certain redactions. But also we have privacy Impact Assessments that are available. One that i wanted to mention in particular regards is the e guardian system because that is a specific system or Incident Reporting system that is designed as a platform to share terrorismrelated information across Law Enforcement, federal, state, local, tribal, territorial jurisdictions. So eguardian. I dont have time to go into much detail about it. But it has an entire architecture Privacy Protection regarding how things are shared across entities, how it is stored and how its retained. Individual participation, thats more of a challenge in a Law Enforcement context. Its not realistic to be able to obtain individual consent for in order to pursue criminal investigations. But nonetheless, the privacy act provides some measure of review in the sense that if access or amendment to records is denied, there is judicial review of an agencys decision and subject to court order records may be amended or access may be granted. On the minimization side, i mentioned the least intrusive means already. Theres also a prescriptive measure in the diog with regard to evidence collected, that if the evidence collected through an assessment or through a predicated investigation has no foreseeable future evidentiary or intelligence value, it should be returned and destroyed and then marked in the file. In terms of the disposition of that piece of evidence. Otherwise, information is retained according to the schedule set by nara, the National Archives records administration. And it proved through which department of justice would seek approval for. With regard to use, i think thats also a challenge. On the criminal side, of course, willful disclosure of protected information under the privacy act are not something that any agency can exempt themselves from. And to the extent that information is released thats not subject to a routine use or other permitted disclosure, and, of course, routine uses are subject to a compatability standard that tracks language. If the information is disclosed or even shared in violation of that, thats potentially a wrongful disclosure subject to not only civil damaged but criminal penalties. And then as in terms after count built, i mentioned oversight from the National Security division but also the fbi has the National Security review National Security law branch which conducts National Security reviews. And thats a significant review process in that they go out to all of the field offices and review the investigative activities i mentioned, the assessments, the predicated investigations and look to see whether, in fact, supervisor approval was obtained, whether there was a clearly defined objective for the assessment. And its written up into a report. That report actually comes through fbi channels, of course, but then also comes for review by the chief privacy and Civil Liberties officer. And i look at those, obviously, through a privacy and Civil Liberties lens. As alex was mentioning, theres lots of layers that are applicable. I know i dont have much time remaining. In my in conclusion i guess i would like to leave you with a couple of take aways. One is that fips quite to the cop trarry of certain statements is not dead. Its just imbedded. I would also say that the processes can always be improved. Certainly, i work with the components d s there are ove in doj. Each has a senior component official for privacy. I host regular meetings. Were having a Privacy Forum next week that will cover privacy related activities focusing on Law Enforcement but other components as well, activities common privacy issues across components. It is internal. None of you are actually invited unless you happen to get a job by monday. At the doj. Thats also something that is a way to improve i would also say that while privacy Impact Assessments are very important and a critical part of a program because theyre this tangible proof that we actually evaluate privacy, that we mitigate the risks that we take into account security and accountability, they really only form a part of the architecture for the department of justices Privacy Program. I welcome your comments. Thank you, erika, for that nice education about the fbis operations. Becky richards is the National Security agencys Civil LibertiesPrivacy Officer in this relatively new role. I think its fair to say. She provides expert advise to the director of nsa on all issues pertaining to privacy and Civil Liberties protections. She conducted oversight of nsas Civil Liberties and privacy activities. She developed america you are se security. She worked as the senior director for privacy compliance at the department of Homeland Security. Thank you. Thank you for hosting us. I am very honored to have been selected to be the first nsa civil liberty and Privacy Officer. This is an exciting member to be a member of the civil leb irties privacy community. O our community is growing and evolving. Changes in the nature of the threat to our National Security alongside Rapid Advances of technology as was discussed earlier make my job both interesting and challenging. Technology provides is us with both opportunities and challenges but ultimately we must guide and shape its use to ensure the fundamental rights we hold deer ar as a nation are maintains. I would like to describe our programs both in of the past, present and a few thoughts on the future. Part of nsas mission is obtain foreign intelligence worth knowing derives from Foreign Communications in response to requirements and priorities validated and levies important us by the executive branch. One is counterterrorism, but there are other threats to nation as the spread of nuclear, chemical or biological weapons or cyber attacks. Nsa works directly with and supports our troops and allies by providing foreign intelligence for military operation operation abroad. Its important to think about how the threat technological and society landscape in which nsa conducts its mission has changed. First, the threat has changed. Nsa previously operated in a coldwar era when the focus of collection was directed as nation states, structures military units and foreign intelligence services. Threats remain from nation states, they now also come from nonstate actors, which require nsa to look at more smaller and decentralized targets to protect the nation. The technology has changed. Nsa previously operated in an environment where the communications between foreign intelligence targets were conducted over isolated governmentowned and operated Communication Channels and equipment. Now foreign target communications are interest spersed with commercial and personal communication. Additionally, the volume and ability to analyze and manipulate big data, which occurred as a result of significant advanced in information technology, can expose information of a personal nature that may not have been previously discoverable and may not be of any interest. Third, how society thinks about Civil Liberties and privacy have changed. We have come a long way in thinking about what ought to be private. Personally identifiable information was not a mainstream issue 25 years ago. For example, Social Security cards numbers were put on student i. D. Cards. There was no thought of hipaa. Executive order 1233, foreign Intelligence Surveillance act, this is a natural framed nsas Protection Program by asking where and how the data was collected, usually overseas, and the status the individual or entity being targeted, is it a u. S. Person or not. Nsa is consistently conducted legal analysis as it considers new types of collection answering these types of questions. It has built a Strong Compliance Program based on these with compliance activities imbedded in our technologies and systems. As i have learned more about nsa and its compliance, it became clear while this is one way to address privacy concerns, it is somewhat different from how privacy concerns are addressed outside of nsa. Over the last 15 years, congress has passed a variety of laws to pretekt privacy and other parts of government in the commercial sector. These policies and laws focus more on the nature and content of the data, not where it was the nature and content of the data and where it is used not where it was collectioned or the citizenship of the individual. I believe we have an opportunity to bring together nsas current Civil Liberties and privacy analysis. This supports the president s ppd28 mandate to recognize our intelligence activities must take into account all should be treated with respect. To address a broader set of Civil Liberties and privacy interesting, im testing an assessment process to include consideration of frameworks the private sector and nonintelligence element of the government use. For the first time in its history, nsa is using the fair information practice principals for considering civil liberty and privacy. It can analyze protechs they have in place for personal information. While traditional nsa Civil Liberties and privacy questions center or citizenship and location of foreign intelligence targets as well as collection techniques, questions boil down to follow the data, data means privacy officials ask a different set of questions. What is it being collected and how will be ee used . We have designed a standardized template. We will refine the questions and process to ensure we are building a repeatable, meaningful and helpful process to identify and mitigate Civil Liberties and privacy risks. A critical part is to make sure were not merely checking off boxes but weighing the risks associated with the activity to form a holistic proposition. In essence, were ask, should nsa conduct a certain activity . As part of the assessment process, nsa is documents standard protections and control on ywho has access as well as tools to protect Civil Liberties and privacy. Much like in the private sector and the government, we are using this as a basis for analyzing what protechs are in place. As we look to the future, i want to think i would like to spend time talking a