4 p. M. Eastern. Next how to counter online which extremist groups use it to recruit new members. We will hear from technology and Security Officials plus remarks from the british minister for internet 80 and security. George Washington University posted this event. Hosted this event. Good afternoon, everyone. I am the president of the george Washington University and im delighted to welcome to you does welcome you to this twoyear Conference Today conference entitled how to counteonli right elevation online radicalization and online extremism. I would like to welcome members of the department of state, justice and Homeland Security and the fbi as well as officials from a number of allied governments and guests from the internet, technology and year sectors media sectors. This conference was two years in the planning. I discussed this with our minister of internet safety and security for the United Kingdom in may of 2015. You will have the privilege of hearing from her in just a few moments. The idea we discussed was to convene a global conference that will bring a conversation forward about the challenge of a globalation as phenomenon specifically driven by the internet. A poignant conversation in light of the events in london last week. I extended to the ambassador our condolences for the tragic events that took place in london just last week. Washington i will say the conference builds on in ourreaking work center foryber and Homeland Security. Expertregularly testify capitol hill and are featured in both top Academic Publications and numerous Media Outlets and Deputy Director say misuse was hues waswed shamas interviewed on cbs 60 minutes. We have identified the need for policies that will counter radicalization when it is still in its infancy and to take fully into account the International Scope of the problem. I welcome the director of the program on extremism, dr. Lorenzo. An expert on islamist movements in europe and north america and his research focuses on policies countering radicalization and the mobilization techniques of the jihadist networks. He earned a law degree from the university of milan and a doctorate in international relations. He has held positions at harvard university, at the Kennedy School of government and at the u. S. Institute of peace, and the inserty Center Studies in zurich. He was appointed by Prime Minister matteo renzi as a coordinator on the National Commission of jihadist reactivation radicalization. Please welcome me please join me in welcoming him. Very kind words. Thank you for trusting us. I would like to welcome you all to this two day event on countering online extremism and radicalization. Since two years ago we have been focusing on issues related to this topic. We look at all forms of extremism and we do a lot of reports on the rightwing extremism and how those groups use of the internet. As well as the dynamics of online extremism, we study various extremist movements and ideologies. Weve come to two major conclusions, nowadays of the internet plays a major role in radicalization processes. We did a setting which we launched here in this very room about isis in america and about cases of americans who have radicalized and then recruited for isis related activities. In the cases we have countered so far theres not a single case where the internet did not play a role. It plays a role from the First Encounter the individual has with the ideology to them becoming a main threat. All the way to when they plan attacks. The episode we showed last night showed a case in which individuals were talking online to people in syria as they were about to carry out an attack. The second conclusion we have reached is the importance of the internet should not be exaggerated. Radicalization happens in many cases both online and offline. It in mosttriggers cases. Providing balance in fact based analysis for solutions. That hashe spirit guided us as we planned for this conference. Controversies surrounding online radicalization. There is a big debate taking place in the United Kingdom on the aftermath of the London Attacks and the government that access to the conversations of the perpetrator of the attack. Saw reminiscent of what we a year and half ago here in the United States in the aftermath of the San Bernardino attacks, the fbi making the same demands. All countries have to deal with issues of travesty, secrecy, encryption. Are struggling to find cntarrative t diminish the appeal of propaganda, another topic we see to govern this conference. To go forward in combating extremism is to bring to the table and eight neutral environment to key players in debate, in particular the industry and government. That is what we are doing today at tomorrow. You have it in front of you the program. We engineered every panel in a fromhat includes as people government and industry. Im glad to say we have an amazing array of speakers coming from three continents that includes to ministers and many other highranking policymakers. Three representatives and and three very important journalists who will help us. These are important debates that need to take place in public and in more reserved settings. That is why this conference is open to the public. It is actually being broadcast as we speak on cspan and will be broadcast for the cspan tomorrow. Plus, feel free it goes without saying on a conference on social media to posted, do whatever you want to do on social media. We actually have a. Poeies. We are hoping to provide a that heto practitioners ended the general public who are interested in the subject. Before introducing our keynote speaker let me thank a few people. Staffs forl, the support. Gw withschool here at whom we have the privilege of partnering and organizing this event. I also want to thank the entire staff of the program and extremism. Everybody has been fantastic and coming together to organize what is a big event forth and Everybody Needs to big knowledge but i want to particularly mention three people who have provided and conceived a lot of a lot of thed Organization Goes behind that. I am very grateful to all of them. It is now my honor to introduce our keynote speaker. The speaker is a British American technology veteran and parliamentarian, recently reappointed to her second term as u. K. Minister for internet safety and security and undersecretary of state by theresa may. And 2014. Her responsibilities include extremism recruitment, eradicating online crime including child abuse and ensuring safe and open access to the internet for everyone. Before joining the government, johannes spent over 25 years working for the worlds bestknown Technology Companies and has held senior positions at google and facebook. Among other things, she was involved in helping develop technology in storage and christian. Johannes served as a nonexecutive director of several boards including the London Stock Exchange group as a trustee of save the children and other boards including the American School in london. Has done work at george Washington University where she in 1987. Her mba please welcome me and joining her. In welcomingn me her. Thank you for the very warm welcome. It is wonderful to be back at george Washington University, a place i am happy to go home. I would like to thank and congratulate the team here at george Washington University for convening this important hovering. To come together to discuss the Global Partnership to combat extremism online and all of its forms. It is ironic that one of humanitys greatest inventions comments most liberating invention, the internet, is being misused in this way as a vessel for violence and hate. Longer a matter of speculatn thaterrosts and extremists use these applications to inspire violence, spread extremist ideology and plan and execute attacks. Each tragic event in incident reconfirms this. Today we come together following yet another graphic attack, this one in london around the houses of parliament. My home and place of work. Five people tragically lost their lives. 50 word injured. 30 work hospitalized. The victims came from 12 different countries. Hours, isis claimed responsibility. We know how extremists of the seeds of discord in our society and use propaganda to reinforce grievance, ignite hatred. We know how they convince people to give up their lives and to join the fight. They target those who are vulnerable, marginalize, invisible, feeling left out. The pool from which they recruit is expanding exponentially and billions are connected with social networks. Unlike in the physical world where government can take 30 and firm action to keep people safe and secure in their homes and communities, virtual spaces a different domain. It is a domain of commercial companies and we must rely on them and their cooperation and support to keep people from harm. If we are to keep people safe in world,ermore connected we need a new model of shared responsibility and this is the conference i would like to have with you today. Had we move from reacting to crisis and incidents to prevention and full acceptance of responsibility on all sides. Holdstern societies we sacred democratic values. Freedom of speech, right to privacy, rule of law, safety and security. These apply to the internet as well which will believe must be free, open, and accessible. Growing public sentiment that not enough is being done to tackle extremist use of the internet. It comes to the question of what to do about it. We are at an impasse. The voices of consumers and brands are loud and clear and the recent exit is of top advertiser sends a strong message that products and Services Must not be promoted next to deplorable extremist content. Recently, germany propose legislation that sets out finding new standards for how social Networking Company should delete, content. The challenge with this approach is that to regulation creates a new set of National Rules for these businesses which are by borderlessglobal and and there is significant complexity around any regime activity,ns online not least keeping up with the thegation current, given speed and evolution of technology and the aterritorial jurisdictn that applies. A critical moment when united action to tackle this threat is the only way forward. Governments and experts can provide Extensive Knowledge and rigorous understanding of the threat, but industry is best to innovate on Technical Solutions that address this threat specifically on their commercial platforms. Automate innovate and their response to identify and remove this violent hateful material so together we can make sure Everything Possible is done to stop it from infiltrating and poisoning the global audience. Increasingly, we see a potent cycle of eight across multiple groups and ideologies. As all sides of the extremist spectrum feed off each other, escalating tension. We saw this in the post London Attack when this image appeared. The photographer did this pictures that he posted it because it showed a young woman wearing a huge job who was traumatized by the events around her. A hijab who was traumatized by the events around her. It was represented by the anmunity as a woman who was different to what was happening around her. We have seen this in terms of means such as refugees they use on social media that stigmatize those fleeing the atrocities at me middle east. The far right is using groups to frighten, Cell Division communities, and make narratives more palatable. Social networks algorithmically nnect such individuals which amplifies their passions. This is the core of the Online Business model but these connections can channel people into echo chambers were highly motivated passionate content amplified babies idle rhythms reinforces the messaging. An illusion of strength in numbers one infects these groups are fringe. Over the past year we have seen usedevelopments such as the of social media live during attacks that complicates disruption efforts. Theirists document unspeakable actions and they bask in a nihilistic personal moments of fame and notoriety. Furthermore, the footage is later released and used in an structural video transpiring and incite more islands, perpetuating a vicious cycle. The president for realtime sharing during a terrorist inack was tragically said 2016 in the broadcast of a french policeman and his wifes murder on social media while there little boy looked on it or. We saw this used again a few weeks ago during a horrific attack in kabul on a Military Hospital where the attackers posted live photos as the events were unfolding. Terrorists use of the internet as a sphere of influence will continue to evolve and adapt. We need do methods to quickly identify and remove terrorist morent and to deliver ca evidencebased. Narrative too often ware reactionary and we do not adequately reveal what the complex these are that are faced. Particular produces material to capitalize on tensions and hostility in the west. This further isolates groups away from mainstream society. The messages that every muslim has a duty to fight. That is jihadi is in fact legal is well as global. If they are able to travel, there are legitimate targets they can execute in their home countries. Following the attack in the Christmas Market in december, iesh released a statement telegram in arabic, french, and english encouraging their supporters to carry out lone actor attacks in the west during the holiday. Particularly telling them to parties, clubs, shopping centers, and movie theaters. Attack on aed the nightclub in istanbul on new years eve. Year, a spokesman called on Group Supporters to carry out terrorist attacks during ramadan. At the time, analysts regarded this call as less persuasive as the previous that was but in fact approved deadly. It was the bloodiest ramadan this century. Other narrative themes and daesh heotalanda include societies. F lgbtq precluded other attacks. This directional shift and daesh pause official online publication is wellknown. To the left of your screen it shows the encouragement of supporters to embrace the caliphate and come to build a new state. The second shows a newer publication which calls on followers to carry out acts of terrorism wherever they live, whenever they can, reflecting the new reality of its survival as an ideology. Let me go over some of the atrocities it has inspired as each contains graphic instructional videos. The second edition calls for lone actor attacks using knives, with a full demonstration on a frightened hostage. It was replicated on a french priest in normandy. And i attacks in a minnesota Shopping Mall last year. The third edition advised supporters to carry out lone actor attacks, praising the best deal dale attack that we best deal dale attack and the attack at ohio university. Recently, a video showing how to dnad a shrapnelfilled i. E. Kitchen was disseminated. More than 100 links to this video were posted across 29 platforms in one hour. Organize on telegram, distributed up in twitter, and the video was hosted on youtube, dry. Ve, and google part of the terrorist ecosystem used by daesh to ensure their impact. Da has maximum 24 hours after the video release, despite best efforts, half of the links were still active. We should not be full by daeshs ability to distribution propaganda or that daeshs ability to produce propaganda lossescrease as military mount. According to research the u. K. Government has undertaken, the daesh has been degraded and defeated and their infrastructure compromised but its unofficial Brand Ambassadors have become prominent distributors of its propaganda. These create their own material which they promote and discuss networks. Idle is a of lone actor terrorists and murderers for the cause feeds and increasing identity of attacks and offers members a chance to gain fame, glory, and status. We now see other terrorist groups mimicking daesh pause attacks wh devastating consequences. We see an escalang competitive dynamic among terrorist groups. It is a savage game of oneupsmanship. In the past week weve seen the syrian al qaeda link franchise launch a magazine. It is a professional media brand that he uses for online communication and videos. In midmarch they released their first englishlanguage statement rebuking the United States for its selfish policy and syria and the quantity and quality of must not lose site of other extremist groups seeking to increase their online presence. In the u. K. , neonazi group called National Action was recently glorifying terrorism. Having built up a fan base through the use of explicitly useoriented material to reach new recruits. The ability for other terrorist groups to incite violence and in taxes no longer your reticle. As evidenced by the brutal murder of a member of Parliament Last summer. The threat we face continues to grow. In and rapidly deliver an everstronger response. Some progress has been made. In the u. K. Wind developed an approach to tackling terrorists and file and use of the internet that focuses on two areas of work. We work on industry to allah terribly remove extremist content online to the counterterrorism interne referr unit. We bring communication groups and Civil Society together to develop and run targeted and effective counter messaging campaigns that provide compelling alternative voices to this extremist rhetoric. Working together with industry in 2016, the u. K. Counterterrorism internet referral unit, run by our much of Politics Police department, secured the removal of over 120,000 pieces of terrorist content. We supported the setting up a of this model and that you working with our partners and their unit launched in 2015 in july which also works to secure the removal languages. And other this unit has reported a successful statistic of 90 of the referrals have been removed. Following the paris attacks, telegram acted swiftly to suspend the account of 78 published public channels used by daesh and its supporters and 12 languages. Telegram recently responded to a u. K. Request removing this language daesh propaganda. We saw a leading Internet Companies come together in december in a proposal to build cachet of terrorist content at the you we forum. At the you reform. It seems like a lot but it is also a little bit too little too late. The terrorists have reached their audience. Majorityarch shows the of those links to terrorist content are shared within the first two hours of release. They also anticipate shakedowns and to theions instructor reporters to return to the open internet with strategies to reconsent both and reconfigure and be back online. This must change. We need a new approach, new partnerships. Governments across the worlds are agitated. Eyre looking for legislation to enforce more timely removal of content by social Media Companies and this is reinforced by other sanctions. I do not believe this approach alone will succeed. It is incumbent upon industry to drive this change. They must build new capacity that goes ballistic, targeted, and dynamic to address these threats and reclaim from those who seek to exploit them, to incite violence, or push dogma and repression. Finally, in terms of conditions that govern these sites, these are based on corporate philosophies, fires, and believes that surely the goalpost can be moved. While these extremist groups seek to undermine the very ideals and values that the internet was established to advance, we must reinforce this capability to be the answer to hatred and intolerance rather than a vehicle for it. We must understand the influence anderrorist groups online deployed the use of strong daytoday analytics to recognize her terrorists and full flight their messages to recognize how terrorists amplify their messages. We need solutions that classify the language of terrorism, automatets removal, and great tools that better tackle automad bots and other techniques that support these propaganda machines. We must take a stand in solidarity against terror dates terrorism. The internet is universal and it is imperative that developers consider these dangers alongside. Ther internet harms we must empower the Global Community with better tools to respond and report harmful content. To speak out and take action. Every person has the ability to recognize bias, hatred, and intolerance and say no. Not on my profile. Not on my name. We cannot let the world to retreat into ignorance and prejudice. We must stand up for what we believe in. Freedom, peas, democracy, understanding, exclusivity. Freedom, peace, democracy, understanding, inclusivity. To make something greater than ourselves. I would like to leave you with a quote from Prime Minister theresa may the day following the London Attack. She said coming yesterday we saw the worse of humanity. But we will remember the best. She said, yesterday we saw the worst of humanity. What we will remember the best. Remember thel best. [applause] give we will lead each opening remarks after we introduce each of them. You will see how they come at it from their unique perspectives. Then we will have a discussion and we will take questions from you. Be thinking about questions you want to ask. We will have microphones. Hand or a microphone. Is the general federal bureau of investigation. Thank you for taking the time to be with us. Then luigi, at the european commission. And the senior counsel for the information association. Mr. Baker will leave us off. The fbi has a lot to say about the challenges o encryption. When not you help set the table for us about how you think of this challenge from a policy standpoint. Kick us off. Mr. Baker thank you. We appreciate it. We are a bird talk about the topic as much as possible to get out the information the public needs to understand the issue. The complexity and subtleties and for us to contribute to what we hope is a more informed, educated debate and discussion about these topics because they are important to all of us. If i could just go through the perspective and set the table with respect to how we are confronting encryption. We confront and encryption everyday in a lot of different ways. As ive said, as i inked the director has had multiple times, the fbi support strong encryption. Encryption has very significant benefits for society across a whole range of issues and across a whole range of protections of the data we all care about. Personally identifiable information about us. Commercial transactions. It protects our health data. It protects a whole range of very important data that is esntial for us to function as society and to have a functioning economy so it is really important. I sense we are beginning to acknowledge is a society that encryption also has cost and what we are experiencing in the thatpronounced way is encryption has costs for Public Safety for those involved to the Public Safety. With respect to the constitutional laws. What i mean by that is, it in ,ertain circumstances encryption has cost for our investigative efforts in a variety of different ways. In particular, it means in some cases, in some instances that information or evidence certainly will be unavailable. It is encrypted in motion or on adevice and we do not have queue to get into that information and therefore it is just not going to be available to us. Obviously, that does not stop us from conducting investigations. We will still pursue. Are intrepidtors in creative and they will figure out ways to solve problems of confronted with a problem. It will then, because they might not be able to use sort of a electronic surveillance or electronic search means, they will do other things and those other things have costs. They can slow investigations down, makehem or company do, mark risky. For example, we might have to use a confidential source or in go into a agent to situation, including circumstances where there might be physical danger to the agent or the source. So that is risky. It is just risky. In doing all of these things risks the integrity of the investigation as well. So, that is really what we are trying to say, that encryption is good. Encryption has huge benefits, but it is not costthree. Have to figure out as a society how we have to deal with that. Historically we have thought in the United States that the balance between sort of privacy and security, if you will, or security and security, however you want to frame the discussion, was settled more than 200 years go by the Fourth Amendment which discusses renu reasonable expectations of privacy and if we go through processes and adhere to the Fourth Amendment and get a warrant with approval to get evidence for material. So that as i will done that, how were settled that balance for more than 200 years and so encryption is creating, however you want to phrase it, it is changing that balance. It is making things harder for us. It is making information and so we have to think about what to do in those circumstances. It is an issue across Law Enforcement, federal, state, local, across the intelligence community. It impacts us in railways. From october until december of last year, all of the devices that were brought to fbi technical experts to be up and whether they came from federal, state, local authorities, we could not open or access 40 of them. So, a significant number of devices. Transport you by Law Enforcement . Mr. Baker brunch was by some state and local agencies, fbi. We could not get into about 40 of those. So that is an issue. The data on those devices is simply not available to us. We do not have a solution to this problem. Were not trying to impose a solution on the United States or any part of the world. We are not advocating a backdoor or a golden key. What i mean by that is where not trying we do not want a solution or a solution that somehow in a significant way undermines Cyber Security and undermines the security of our devices and our communications is therefore not a solution. Any solution we come up with us mind,ropriately in my balance the needs of Public Safety folks, but also protect our privacy and protect Cyber Security and protect the right to expression, free association, encourage our companies to be innovative and competitive in a Global Marketplace where they have competitors, users, and regulators from the world that we have to make sure this is addressed in a global way in and where encryption is available in a global way. The genius of the bottle, and is not going back in. We know that. Were well aware of that. So any solution has to balance all of these things. Corporations in america for example solve this problem of the day in way they feel comfortable with because they maintain access to the emails of their employees for a variety of different purposes. Internal, monitor and is going on, being able to reconstruct things if an employee leaves. They havbeen abltoigure out a balance acceptable to them taking on some Cyber Security risk but having access today and protection and a meaningful way. That may be fruitful down the road. At the end of the day, the fda fbi works for the American People to protect them from a variety of threats simultaneously across the board. A lot of threats we face on any given day. You want us to do it in a certain way, obviously consistent with the laws of the United States, but with certain tools available to us. You give those to us by law and by regulation and my finding and we will make full use of them. The question is, in confronting this problem what tools do want us to have available to us. What tools do want us to have available to utilize in order to protect you . We will do what you want us to do yet what we feel is incumbent upon us to make sure you understand our current situation. You can put it through appropriate democratic means to figure out what it is we should have. So, we work for you. The question is, what you want us to do . I will pause there. Host you were coming out this obviously from the point of view european perspective. I wont ask you to try and speak entirely on behalf of european views on this but one are you give us your introduction and how you approach this challenge. Let me think all of you at gw. It is a privilege for me to speak on behalf of the European Union, specifically the european commission. What james just said, two continents but the same problem. Encryption is considered good for Cyber Security. But for privacy. Did for the economy. Good for the users. It is a key feature of the general Data Protection regulation that will apply to theg like next year 28 Member States. It is a key feature of our privacy framework, where confidentiality of communication is the most important objective. But, as james said, any like was said before, the situation in europe, the debate is easing up on the need for Law Enforcement and other authorities to perform andes against terrorists organized crime to counter a , inlem with encryptions progress of criminal investigation, and stored communication. The encryption is on the rise. We have 27 of the smartphones in europe encrypted. 47 here in the United States use encryption. Going back, as some but he has said . I do not know. Probably certainly not. That there is a need to study options. James was saying there are options being assessed or developed through the interception requirement that goes back to the ordinary mobile communication, now to extend to the ott or over the top providers. What we have to do with encryption has moved the debate from access by design to privacy by design. Europeanh of the union, of the european commission, is an inclusive one. And we created a phone comingave a solution from one only of the constituents. The intelligence says we cannot solve alone the problem. The privacy advocates cannot solve the problem. Law enforcement industry cannot solve the problem alone. So were putting place a mechanism that allows us to and discuss with all the different stakeholders, first of all to define the problem. Because it is has been said, we have to understand what we can do without compromising privacy but allowing Law Enforcement to move forward. And we have to affect the option gives anthat fundamentalend rights are respected. We have to ensure Member States have access to data they need. Companies have to do their part. They have to pick up the social responsibility. Which is tood there the security of sessions. So we havent set up a specific structure. The uinternet phone. This brings together all of the Law EnforcementMember States. The major social Media Companies , some of them are present here. They can come back on this. And clearly, our own agency. A are trying to identify solution. Which is fine. Well speak about time necessary frontid entering from the door. We have to find a solution that allows entering from the front door. There are challenges. We are a continent working to create an environment. We are only one part of the whole support. We have the challenge of the enforcement of the law. States are other heating up at the national level. How to unfold this law . Jurisdiction . The so far, the law has always given Law Enforcement the ability to instruct judicial order. But how do we do with the internet . And how do we do with the . Oncepts that is another big issue we need to discuss. That is also a challenge that could be counterproductive for the economy. Do we need an International Framework . Do we need to make sure that all states share the same instruments and how to make this possible. This is an inclusive approach which at the moment does not have a solution because we do not have a solution today. We want the solution tomorrow. Knowing encryption is a world of secondbest solutions. Host you cant agree with you that these guys. I think we all have opinions. Thank you again for having us. Takeaway,d be the industry and Law Enforcement on the same page. Feel free to go home now. Laughter] i think many people in this room have been to a panel on encryption in the last three years, maybe in the last 35 years, when encryption became publicly available to the United States. Like feel not for me, im a little young. But i think the industry perspective is that we regularly i think solutions and the American Public users worldwide regularly come to the same conclusion. Benefits, theh cost of Law Enforcement and Public Access and the cost of sort of healing potential solutions to the encryption solution across what is now a the ultimate i think answer from the perspective of at least Internet Users is that that question has been answered. The costs are too great. Secondbeste solutions to encryption across the internet puts too many users at risk either from a financial perspective, it expression perspective, perhaps on a oneup instance it may be necessary but i think it makes it a very tough secondbest solution to put forward. So that is where industry approaches it from. The users right respecte aunt technological perspective. On the usersrights perspective, think remarks i been made in the past that characterized the industry perspective on encryption is one of marketing or business practices. This is something that cap is cell phones or get more users on two key platforms or social media. I dont think anyone realistically knows thats the case for industry. Industry is doing this because it is under pressure from users and regulatory authorities to provide the best possible protection for users of the cn security as possible. Encryption is the Gold Standard in this regard. It is not perfect. Implementations of encryption are difficult to design. Versiont to design os two os version. So i think the perspective from industry is that rather then, you know, looking to Technical Solutions and i understand that no Technical Solutions have been suggested from industry or Law Enforcement, we should look at Law Enforcement was investigation. See what they have no toolbox now and see what we can do to facilitate additional tools, use of those totals, there has to be recognition from both sides that there is not going to be a perfect solution to cracking the case of encryption. It may be that we have to live with encryption becau the benefits are too great and to the extent that an users and the public are able to help the government recognize that, i think that is where we would like to go moving forward. Host so if you watched 60 minutes last night, you saw a really smart terrorism analyst from a place you maybe familiar with. You saw Shamus Hughes standing in front of a Bulletin Board with this great diagram of drawnist faces and lines between them, looking very much like something you would see in homeland. Right . There were two interesting takeaways. Terrorists who were in touch byh isis, talking to them encryption. It would seem that clearly these groups of adopted this is a communication channel which must be very frustrating to Law Enforcement intelligence. It was also the cases was a pretty sophisticated diagram and even despite their use of encryption we were able to understand a fair amount of who these people were and how they are communicating. I wonder if we can take this realworld example. If we know terrorist groups are clearly using this to communicate, that has challenges to Law Enforcement intelligence but it seems there are surmountable and some instances, problems. I wonder if we can provoke each of you with that idea. Mr. Baker, maybe we will start with you because think so obviously fall into your lane. Talk about that challenge. Obviously, terrorist are using the stuff that were finding out to know how they are connecting with each other. Can you give us some insight into how that looks when you are grappling with these communications . Mr. Baker i saw that story as well. You think about the diagrams and social network, if you will. Of can see that network sort writing at means. Talking to people, having sources, understanding what is going on. Metadata,k at the the dialing data between people to try to understand what that network looks like. Who they are in touch with the end how often. And importantly, does not tell you what they are planning to do. It does not totally what they are thinking. It does not tell you about their capabilities or activities, plans, intentions, that kind of thing. You do not understand what the intent is. Understanding that robust picture is critically important from both a foreign intelligence perspective as well as a Law Enforcement perspective. We need to have evidence of weret of what people doing. Their mental state and so on. Even to the extent we understood what the network looked like, we did not know, as we said in the theand shooting, nonshooting, it was stopped by Law Enforcement officers. Terror suspects arriving at the scene clearly intent on killing a lot of people. In that particular instance, we have talked publicly before, about if the fbi had public surveillance of those homes, and we knew, we were able to see they were having, i think the number was over 100 communications directly from the person who showed up in garland, texas, and foreign terror operatives overseas. Right of an operation within we are at war, right . Into are trying to provoke and inspire people in the United States to kill other people in the United States, right . A of operation. 100 or so messages were encrypted so we could not tell what they were saying. We can see the network, but we did not have an understanding of what they were planning. That is the gap. That is the cost of encryption. That is what we are talking about. And so, that is the cost. Costs that society is going to have to bear those terrorists were successful, that would be borne by the victims of that attack. The families, and so on. So who is excepting that . What concerns me is that society is sort of moving along and decisions are being made, choices are being made, all by default. I just letting things happen. If that is what the American People want that is what the American People will get. It is incumbent upon us, as i said earlier, to make sure they understand those issues. It is not for the fbi to be deciding what kind of country, you know, were going to be living in. And frankly, do stuff for companies to decide that either. It is for the American People to decide that through their representatives. All host would you like to get in on that . Ranks i could probably mention following the London Attack. Someone mentioned it, that is why i can. Two minutes she sent a message [indiscernible] she clearly mentioned this in writing yesterday. The company has a whole to take up the responsibility to cooperate in this context. As jay justxactly said. The responsibility of the company to contribute to thetify where the trend of the use of the device by the terrorist is going. It is very relevant to allow the law intelligence to have the means to assess and make analogies and analysis of where the terrorists are going and unfortunately why we know some companies are cooperating and we are they are and we grateful to them, others are not and we have to make sure in a balanced way we are able, the Law Enforcement are able to decrypt the direction that is being taken by the terrorist through using the device. Of you have essentially said we need to find a way to do this but it is ultimately the job of legislature to do that. Going back to what director comey introduced this phrase not marryk, he did that with a legislative proposal to do what anything so wheres the energy for doing that coming from . It seems to me and does not necessarily going to come from companies, it will have to come to you all. We are a couple of years into this is a policy issue right now. Where you looking for the solution to come from . We will talk about what the solutions might be in a few minutes but where is that going to come from if not from the people who are grappling with this problem that seem to be confronting it on a daily basis . S i am not here policy. Not here to make the Obama Administration decided not to pursue legislation some members of Congress Said they do not legislative solution to it right now in so, you know, were not putting forward a legislative proposal ourselves. We are trying to make sure that the debate remains alive. It remains current. Because the problem is current and the implications for us are gnificant. In other words, do not have a proposal for you. Host do you think director comey has said all he is going to say on this topic . Mr. Baker a comes up february go so we will keep talking about. We want robust, honest intellectual discussion about this in a cooperative and constructive way so well keep doing it. Shane we saw a vivid example i think in the 60 minutes brief last night. Obviously, the obstacles but the way you can overcome it seems to me with being able to analyze terrorist groups just by their using encryption. I think specific entity is a good example of the fact that this encryption conversation as part of a wider conversation. It is not just the issue of encryption, right . We appreciate there are apps that are sort of unfilled gaps that are sort of unfilled and we cannot access in the course of the investigation. The today all of the interactions from metadata simply did not exist before. So the picture is never going to be whole for Law Enforcement and seems to me but it is always shifting. Which parts of it are being filled in by new technology and which are not. So i think appreciating that, you know, in the last few years we have noticed that and we have had disclosed to us that Law Enforcement sort of filling ability isnes greater now than it has ever been before. Someone described it as the golden age of surveillance. I am sure you all read that paper. It is not a zerosome game of more encryption unless Law Enforcement. It means there are other tools in the old box of Law Enforcement the do not necessarily provide all the content that data would but it can provide additional context that yearsces ago back when were not living in a total digital world, we just did not have. So there is i think tradeoffs to encryption and tradeoffs on those connections that are being made that simply were not before and i think the recognition of that as part of this Law Enforcement access and supporting investigations and wanting the companies to help us important because companies are also cooperating with Law Enforcement with the authority to allow be made soctions to that wider web effort and intent. This person talk to this person is he hasersons role previously been a runner for some purposes or he worked for some different groups. There is information that can be inferred that does not necessarily come from the content of munication. So that is one fees the diagram sort of shares you. Not just a conversation about encryption but a part of a whole. I think responding to one thing it, ir. Akers said about sympathize some because the proposal here is a difficult one to make it has encryption is not just i mean, we have panelists who say encryption is not something that the e. U. Or its Member States or the u. S. Congress or state legislatures can address because the internet lobal. Companies operate globally. In our internet operators use platforms from every corner of the world. So legislating on this panel is difficult. That is why there has not been that kind of central proposal. I mean, if we could come i am sure director coming wouldve directed it. Have directed it. Proposal would have to be seen in a wider context. You are here and the u. S. The internet Major Companies are here at you should look at the europeanation from the perspective. Lets assume, and we dont, we to do that butg if we did we would face the problem of jurisdiction. How do we enforce a jurist dont jurisdiction from rome while the location of the data is outside the jurisdiction of that specific judicial area should the judicial area be for the . Hole European Union this is why we are convinced we have to look into other options of other availability instruments from the front door and that is where the companies should help us, is the best way forward. Host go ahead. I was wondering what sort of front door instruments you might have been mind. Well, you know there are options being assessed. Too early to mention it. But somebody talked about lawful interception 2. 0 to make sure are made instruments. Vailable specific cases judicial order and therefore judicial oversight. This needs to be further assist what we company but know from our discussion with all the constituencies is that none of these solutions will be fully satisfactory for the full benefit of Law Enforcement and that is why i mentioned this is in many cases the secondbest solution. So, most corporations in america i would expect want to their own access employees in males. They most likely have emails encrypted while they are in transit. Somebody has a key. If you have an insider problem or somebody is ill, cant access the data or for whatever reason they want to be able to access their own corporate emails they have a way to do that. And so corporations around the world have made a decision that the balance between security of the need to have access they can figure it out and solve that problem in an acceptable way. It is not legislative or required by anybody. It is just what they do in order to conduct their business in a sensible way. O that is one possibility. The point is were making choices and balancing Different Things against each other but in a sort of default kind of way. Encryption is just spreading. Excellent encryption by default is growing and spreading across the sort of Technology Ecosystem and it is becoming more and more easily available to consumers who are law abiding and also more easily available to criminals and terrorists and people like that. Right . They can make use of it. It is difficult to do it by yourself but when high quality American Companies do it for you who really know what theyre doing youll have success as well. Following on that point certainly there are companies that can secure their data in such a way that somebody effectively has the master key. If im wrong, anyone here, most of the popular Encryption Technologies were talking about right now that people are using certainly the ones i gravitate toward as a journalist who could be subpoenaed are ones in which the company by design does not have the ability to unlock it. If what were talking about here is coming up with some solution that might look like that, one possible solution, does that mean then passing a law that says you cannot build encryption systems that way . It seems like we kind of had a little bit of this debate way back in the 1990s and what were kind of dancing around here is saying if there is a legislative solution might it look like saying there are certain kinds ofncryption designs you can do and certain kinds well simply say you cannot do . I dont have the technical answer sitting here. But that is what we would have to try to figure out together, together, right . The corporations have valid points. They are populated by good citizens who dont want bad guys using their systems. We know that. It is not a question of anybody on this panel good or evil or anything like that. Its the bad people we all collectively agree we dont want them to use it but we want to protect the data and privacy of law abiding americans and other people around the world. Maybe youve already thought of this. A system in which you have that balance. Maybe it is Something Like a kiosk system or requiring the companies to have a way to unlock the data. Is that going to work . It depends what we define as a risk. Is that a system the companies are going to agree to . Is apple going to say, sounds great . Well, i mean, as good in the Global Market place as slapping an f. B. I. Certified or n. S. A. Certified sticker on an iphone and sending it out to the rest of the world and suddenly discovering were not quite as competitive as we are here. Its a risk, right . The same problem that is a result, that we havent had a legislative proposal made is anything domestically or for a domestic product, necessarily makes them less were ng and so if willing to have the competitiveness of American Technology companies then that is the conversation we have to have. Right . Obviously industry comes from one perspective. Having experience in 2014 or 13 with the revelation, we are aware that, you know, any sort of patina of sort of, these are Law Enforcement our Company Cooperates regardless of what engineers think but any companies being Law Enforcement stooges without, you know, a considerable discussions going to affect the prospect internationally. It has affected them internationally and with the privacy shield. There are consequences we have to deal with if we decide to go that route. Can you pick up on this, too . From the european perspective, f a markets, competition, company is known to be operating in a company in which it has to give over access to data and its information it is going to make another countrys product potentially more effective. It seems one reason why from my perspective solving the problem is so hard is we could outlaw strong encryption in the United States. Someone is going to do it in switzerland and ill get it from them. Absolutely. Kind s exactly the same of thinking we had in europe. It is not the way forward, not y imposing to companies to void encryption we solve the problem. This is clearly coming out from. R debate in europe there is a strong sense of the companies, we want to inspect their ability to run the market but we have to find a way, and i know it is not satisfactory to work with a company to allow more Law Enforcement to have the ability to identify the information they need. For example in the context of our forum we have Law Enforcement to announce their exploit the abilities that still exist in the system even for zero days because then immediately the company there is no, i reat probably a repetition. There is no solution or one soti to this problem and certainly we do not advocate legislation that imposed on companies to avoid encryption. There is probably not one solution for all these problems. The issues with data in motion are very different than data at rest. Maybe a thing to do is take one part of that and focus our efforts on that. Lets say data at rest on devices that the government has lawful possession of pursuant to a warrant or some other sort of the San Bernadino case. Something like that. Take that for example and try to work through scenarios, technical scenarios that would have legal implications or perhaps require some changes to law and see if we can build a consensus around those around some part of this because trying to figure it all out is just too complicated. All of the different parts of it and one solution to deal with everything is probably too much. So that is a potential way forward to pick one part of the landscape, focus on that, and see what we can do. Quite frankly we want to do this now. We dont want to do this in the aftermath of some serious event. Right . When well be under pressure to make decisions and might not make perfect decisions of very important and relevant equities. We want to get this right and we dont want to do it in a hasty way. We knead to stay focused in a sustained way. I want to pick up on this idea, this notion lawful hacking. A couple weeks ago we saw Wikileaks Dump this tron g of information that it claims are packing tools essentially it called it the hacking arsenal that the c. I. A. Uses to break into electronic devices. I dont think it comes as a surprise to anyone that an Intelligence Agency tries to find ways to Access Technology that it is presumably legally trying to gather information from. One thing that struck me in this this might be a fairly vivid illustration of all the ways that an Intelligence Agency has to try to find to get around encryption to find ways to get on to penetrate the operating system of a phone so they can see what someone is typing rather than trying to break encryption. And it shouldnt be surprising at all that as we see the rise of encryption youll see a concurrent rise in very dedicated, deliberate, well funded efforts by the intelligence communities around the world. To get around to find another way to skin the cat. For this to be is that how comfortable is industry with that, which seems to be an undeniable consequence . You press on the one side of encryption and youll get more hacking by the intelligence agencies. I think industry realizes the reality of building a complex system with no implementation of encryption ever perfect. And so advising against any sort of lawful hacking would be we would be remiss to say that is just off the table entirely. We want Law Enforcement to have the tools that they need. And to the extent encryption, vet more fundamental to systems and systems that are already deployed worldwide, to the extent that there are chiverages in thermor tt the that Law Enforcement agencies are able to eloit, if that is done in a way that legal ged by appropriate process, appropriate disclosure requirements, appropriate notice, i think there is at least some solution, not a perfect solution obviously but of all he sum solutions is there. Is it unrealistic to expect a system that is lawful, errs on the side of disclosure. From the Intelligence Agency standpoint they want it lawful and regulated. They arent interested in disclosure but in finding vulnerabilities they can exploit before you guys can fix them because now they have to get over the giant encryption mountain. Is it actually not more in your customers interest to find a compromise on encryption rather than creating this massive motivation for the c. I. A. And the f. B. I. To find ways to hack your products . I think given the sort of different Law Enforcement agencies, taking care of criminal equities, and i think the ability for certain classes of investigation to be facilitated by lawful hacking, the if you wave larger youre at risk of finding some compromise on encryption, that affects all users worldwide as opposed to those where lawful hacking can be employed by intelligence agencies i think the tradeoff is probably a better one there at least from the perspective of the company. Fveragets i may, because we talk about investigation and when i was mentioning this i was referring to criminal investigations, specifically, a specific case. And thats what we are aiming t. National security, the European Union, our Member States, so when we train, help Law Enforcement to train the abilities in order to have what is necessary for a specific investigation under a specific judicial order and oversight, i want to clarify this. Sure. To be able to have those capabilities they need to be developed. Yeah. Basically sitting on the shelf for when you might have to use them. To put you a little bit on the spot, the San Bernadino case, you had a physical device lawfully in the possession of Law Enforcement. You faced exactly for which we had a warrant. Absolutely. And what is undeniabley an act of terrorism and pertinent to a relevant investigation of one. You face exactly this challenge of having to go to a company and saying cant we find some way to work it out . And then at least reportedly and i think the director may have confirmed this at some point you guys found a way around it which i think everyone takes to mean you found a way to hack the phone and get what you needed. Reflect on that experience. It is the most vivid one and the most public one that we have and it seems to sort of, you know, kind of encase all of these dilemmas were talking about here. Sure. There are a lot of points on this. An entity came to us with a solution. And, you know, we use with appropriate legal authority, we use lawful hacking. But lawful hacking is slow. In that situation it was slow. It took a long time for that to happen. Its expensive. It is very fragile because if we find a vulnerability in a device and then the company x, if it is, you know, depending what kind of vulnerability it is, it gets fixed with the next software upgrade, then thats gone, right . Just not a method we can use anywhere. Any time again. And so theyre highly unreliable is the point with respect to these things. I do your question is a thought provoking one. I believe that for companies to think about whether the world they exist in with the lawful hacking that goes on or the unlawful hacking that goes on, is better than trying to figure out some way forward that raises the security level in a good way of all these devices. Look, i mean, these are challenging dilemmas also. Because if we do find a vulnerability, weve got to we are in a bit of a pickle, too. We want to protect the devices, right . Because the f. B. I. In particular is in the business of investigating cyber hacking by bad people and trying to prevent it and working with the victims. We do this every day across the country. And so if we find vulnerabilities, its a difficult choice to decide whether to exploit that, because we can use it in certain circumstances to find information about what terrorists are doing or something. Or does this pose a threat to the ecosystem, itself that is so great we need to be public about it and tell the companies this vulnerability exists and so to fix it . So it is a very uncomfortable and challenging dilemma. We engage in lawful hacking. I would say we dont relish it. We dont like it. It is a very it is not as useful as you would think and it poses the other dilemmas. There is a process, the vulnerabilities equities process, that is designed to essentially review what these vulnerabilities and technology are that the government is aware of and make a decision on when to disclose and notify the manufacturers and the users ultimately of those products versus to keep that. Can you talk about whether that process is working in a satisfactory way . Well, it works. We do it. But is it satisfactory . I dont know. I think these are challenging decisions that people, reasonable people could disagree about. And that, you know, people inside the government are doing their level best to get it right. You can have a debate about that. Do you all have any thoughts on how you see that playing out whether it be in the u. S. Or maybe the european context . Are we getting that balance right . Or is it just still, are we too early in trying to make those calculations to know if its working . The industry has sort of limited insight into how the process works. Which in some ways is right because it is one that is National Security but we, i think there is something to be said for it, because it is an i the executive branch having that codified in some way might be good. We have no position on the legislation but we saw a bill that came out last week from, with the Senators Office that looks at sort of taking the existing vulnerabilities equities process and ensuring all of the appropriate stake holders, the representatives from the department of commerce and state but also equally ensuring that conversation when it does happen, you know, there may be a presumption but ensuring Law Enforcement equities are fairly voiced. And the foreign power equities are fairly voiced which we also have, you know, concerns about the state department has long advocated for secure Communication Technologies ensuring their voice is being heard as part of the process and its very important to us. Very simply, how long are we going to wait . Need time to find one solution, a different solution. We are giving ourselves to the time of this inclusive process. We hopefully, we want to share this with our partners because we have to be clear about it. We cannot solve the problem. We have to find a way to Work Together with our partners and the first ones are of course the u. S. Colleagues. At the same time Law Enforcement intelligence services, locally they face an issue and would continue to do what they can in order to get the information. At the moment the only announce y, where you your ability and you try to overcome the problem. But we knead to find a spectrum of solutions that allows us in the medium term to identify the best way forward. James alluded to this. In the case of the San Bernadino case, in that investigation, ultimately an entity as you said came forward to the f. B. I. With a solution. Are you finding more entities coming forward with more solutions to problems they think you might have . A lot of people want to sell us stuff, yeah. For sure. I think were i dont want to say too much about this. But we, you know, we have tech noll gist that we have inside technologists inside the government focused on this issue and there are groups of people and corporations on the outside that are invested in this, too. Corporations themselves are trying to figure out what the vullnernlts are in their own systems what the vulnerabilities are in their own systems. They have a range of people out there looking for this. It is a very active environment. The thing i worry about a bit in terms of thinking about this pros answer how well handle it in this process and how well handle it is this stuff is moving very quickly. Technology is changing constantly. Things are being updated. Those are detected by governments and also detected by malicious actors and exploits are developed and theres a lot of them. And so any time you have a process that gets, you know, im worried about any process that is too bureaucrat in terms of making these assessments. The American People have to think about that because this stuff is moving at a very, very rapid pace. To that point were sitting and talking about this environment in which we find ourselves and it is easy to forget this is a relatively new environment. I dont think that two or three years ago i had many any encrypted apps on my smartphone. Today i have nine for various purposes and various forms of communication. This is a foundational question we might even have started with. But why did this happen . I mean, why did we suddenly go from an environment in which i think most people were probably not as familiar at all with these kinds of technologies to being able to down load them from the app store and use them in any way that you want . Is it the snowden revelation . Is it a fundamental breakdown in trust . I mean, why are so many people putting signal on their phone . I know why people i talk to are but presumably a lot more people than just those engaged in the profession i am are doing this. Why is this happening now . What unleashed this . I dont want to say the snowden revelation was the sole cause. That might have precipitated a larger conversation and folks are more aware because of access and not just government access but whoever might be interested in reading what youre writing or looking at what youre purchasing or whatever. I dont think that is whatever, you know, i dont think that is the precipitating event. I think just a larger recognition of sort of the regularity of breaches going on. They have been sent. Think the sort of recognition , the individual basis youre not as secure on the internet as you thought you were has nothing to do with, you know, snowdens revelations, just a wider understanding by the population that the internet wasnt designed to be secure but to connect folks and so protecting yourself on that environment is sort of incumbent upon yourself. Thats why youre seeing it i think. What do you all think . Only one comment. All of us discovered the internet and the beauty of the internet, hopefully what you have called the bad guys they have discovered the internet and the ability to collect. In europe we have clearly this problem where the social media more and xploited , re and therefo the need to for the corporation and for the users to protect themselves also from this, there are a series of issues that bring us to this. I think it was happening anyway. And the snowden revelations accelerated it. That is the basic answer. And then later on top of that i think concerns that people have about their government. Weve said before you shouldnt talk, trust the f. B. I. That makes sense. So, anyway. I think thats the basic explanation. We think weve reached a point where if companies arent offering encryption their customers are somehow going to think theyre irresponsible if theyre not leading. Having to sort of put that out there like a Good Housekeeping seal of approval now. I dont know that necessarily theyre customers but it is a reasonable best practice under section 5 of the s. E. C. Act. So companies are always looking as they can iant be with regulatory authorities that are interested and theyre also interested in i dont think it is sort of an advertising tool but it is something that users have come of the on the part companies. It is not something also that make it seem lake, im going to make an exaggerated statement here for the purpose of effect, that youre somehow a stooge of the government. I think back to when apple and the f. B. I. Were trading various briefs in that case and the first one that was written there was an acknowledgment by apples lawyers that if we give into the f. B. I. On this it is going to hurt our marketing. We cant be seen as giving an inch on this. I think they were making a personal argument rather than one directly about marketing. It was in the first brief. They left it out of subsequent briefs. Certain Companies Might treat it as a marketing ploy. Apple is not a p. C. I. Member so i cant speak on their behalf. My Member Companies suggest to me that it is either an issue of users want tog trust the company that theyre choosing to provide them with services r its an issue of basic security. You dont want to be offering products to customers that are eventually going to break. Or eventually going to leave them vulnerable. Thats not, you know, a good way of doing business. Here or anywhere else in the world. Just being seen as a responsibility to make Safe Products at this point, too. Why dont we turn to questions from the audience right now. Please put up your hand if you have a question. I will come down the first row, two people in the first couple rows. Wait for the microphone to come down to you. There you go. Lets go here. Yes. Thanks. Im mike nelson. Ive been working on encryption policy for about 25 years since i was at the white house cochairing the Interagency Group trying to figure out how it could work. It didnt because people didnt deduct it. I think we all agree technology has to be something that both industry and customers want. And i represent now a west coast based web security firm. So let me share our thoughts from the west coast. Our thought is there is this magic technology, it would have been invented five or 10 years ago and somebody would have made billions of dollars off of it. All the technologists say there is no way to build a back door or a front door that people are going to trust and that arent going to introduce new problems. So we have to look at what really will work. And it seems to me that the sken arroyo none of you have mention the scenario none of you have mentioned is where we have the government doing things to make sure we have strong encryption rather than undermining it and youve already mentioned the cases where various leaks exposed efforts by the government to promulgate ineffect of encryption. If instead we have strong encryption you would have a thousand times more data to use to go after the bad guys. Today we have the technology where everybody could practice selfsurveillance. I could have a device in i would do that if i knew the data estate under my control. 100 million homes could have that. More wou be a lot difficult. There are l the ways in which we could be employing stronger technology if individuals have control over the data. That data could then be used to fight crime. It can be used on streets, banks, all these places. But it will only be used if we trusted. Right now, we have no reason to trust it. Is, how can we have a higher level of transparency and trust . How can government actually reveal the vulnerabilities so that the industry can deploy the internet of things, the cloud of things, so surveillance, all these ways we could give you data to prevent crime, and prevent millions of crimes rather than give you the data you need to investigate if you hundred crimes . Isnt that the billiondollar idea. I am not sure what type of data you are talking about. It sounds like you are talking about meta data. Im talkingber about setting up a system in my own home rise set up a data pattern. With a more, we could come and have access to that data is what youre saying . Encrypted,t being but it is encrypted with a key that you maintain . About an operative of is using and of is two and encryption overseas . Audience member they have to do things. This internet of things, we will have 1000 times more data. You will be able to get that data isil you have two operatives in syria to each other using unamerican messaging app, they will be able to carry on those communications and plot whenever they are plotting, and we will not be able to the that. The data will not exist. If the company does not have a key, they are not about to give it to us, and we are not going to tell them we are looking at them. Audience member there is a huge amount of new data you are going to have. The American People have to make a choice about how much data they want generated about themselves. Im not going to try to preach about that across the entire country at this particular moment. We are trying to say that there is data that will be available. Asr system will have costs well. Every single activity within our homes is recorded and is available to Law Enforcement, the American People want to think about it they want to live in that kind of world . Is only member it available if the individual who owns the house makes it available. How do you remember the 50,000 passwords you have to remember . I think your point, there is a lot of data available. I disagree. What you are talking about is a solution because we have to deal with global threats. Audience member that is the point. There is no way we are going to have global government. There is a book that describes a world where everybody can watch youybody, but in the end have the control over your own data. It is the scenario no one talks about. We all talk about the one used case about the isis person talking to the other isis person. I work at the fbi so i had to think about that. I had to about people killing other people. That is the scenario that we are dealing with, the dangerous scenario. Audience member if you build the infrastructure to deal with that scenario, you miss the 99 you could have if you trust the ecosystem. We are not sitting here with a technical solution. There is a question right behind you. Audience member from new america. My question regards the particular threat you are talking about. Material how deadly or how organized attack plot inside the u. S. Have you seen because of communications . Is that increasing . Elsewhereurope and where they are mobilizing existing networks. Do we really have that problem now . Or isooking forward it already here . The problem is it has been here for some time. Outside of the United States directing people inside the United States to move to unencrypted messaging platform and then having communications about that communications about whatever it is they are talking about and we cannot did. This is been an increasing problem overtime. There are examples that we are able to talk about. There are other examples that have been on a regular basis that we do not talk about, because those matters might still be under investigation or it i take the point about transparency and that the government needs to be transparent so the government knows what is going on. There trying to figure out balance of that we do not tell the bad guys what it is we are capable of and what we are not capable of. It is a real problem today. It is going to increase over time, but it is a real problem today and has been for several years. You in the blue shirt. The gentleman with the beard first. Audience member my name is john. I was surprised you mentioned no proposals from the fbi in terms of legislation. How are we going to go forward if you do not make a formal expressing what your requirements are to the appropriate committees in congress . There are a lot of legislative proposals i could give you. The way it works is that the fbi is part of the executive branch. We are determining whether the executive branch will put forward a legislative proposal. There are a variety of different ways you can go about dealing with this problem. This is not so hard that you cannot write a legislative proposal. The challenge is getting a legislative proposal writing a law that achieves what you want to achieve. That is a hard thing. Figure to as a society out what we want to achieve. Once we have figured that out, then writing the words on the page is not that hard. We do not agree on how to balance all of these different equities. You can see reasonable people are appear discussing it and do not have the same view. Reasonable people out in society do not agree on this. We are trying to figure it out. Consensus, the a writing of the words on the page is not that hard. Can you imagine a world in which we dont even bother with a law, but the industry develops certain standards and codes of conduct and says under certain circumstances, we will corroborate with Law Enforcement if the set of circumstances, true, like terrorist attack etc. Get health cannot care right, we cannot move to encryption. Bypass the lawto in trying to come up with an ethical code of conduct. With you think about that . Industry collaborates as much as it can with National Security. Res a previous a position predisposition in industry to cooperate. Sometimes they disagree with Law Enforcement investigations. Whether companies would get together and develop a code of conduct to decide when to provide local access to a groups system, i cannot imagine. We would run into the same problem. Companiese a bunch of that are selling products that are less good than the other products. Market pressures would prevent that i think. I think your question is very interesting. Within theriencing European Union in our relation to the social media exactly is kind of framework. When it comes to removal to of terrace con plan terrorist content on the platform. To remove the terrorist content according to the terms of condition. Some of the companies, i will not name them, have changed the terms of condition in order to make sure that the process ising from the referral unit immediately taken down. The concept is the same. The authorities discussing with the companies inviting them to take up their own social responsibility in changing the flagler in which they work. Under the voluntary initiative, they will make sure to intervene when is next area, assessing themselves under their own terms and conditions. It is something that we are exploring in europe. Thank you. I think your microphone is off. We will get you a new one. There you go. Audience member im the president of National Dialogue in afghanistan. I come from the nation where tens of thousands of people have been massacred. Contender consider daesh as beasts. Appreciate the fact that you are going through the technical thing about finding a solution for encryption. Even if you do resolve the encryption problems, you will not that these people from killing and doing what they are planning on doing. Worldesnt the the people on funding the operation. The person that comes and does the killing in the United States is being supported by somebody above him who is being supported by somebody above him. There are many steps that have been taken above known terrorists that are funding this. We go afterhy dont those people who are planning the operation and cut off their funding . Funding, off their they will not have the opportunity to create the suicide bombers and they have to pay suicide bombers. They paid him 20,000. This is a bit outside the scope. If anybody wants to tackle the large question. There is a concerted effort to take out the people funding these groups. The United States government is using all implements of National Power to try to deal with the threat posed by isis. There is no doubt, including trying to deal with their finances. There are aggressive, creative, and have a lot of funding sources. I agree that cutting off the funding is a significant way we can damage the association. We aggressively do that, it is just hard. A question over here . I want to major people on this site are taken into account. Raise your hand on the side if you have one. Audience member i have a simple question. Estimated time of arrival when you might solve this encryption problem . [laughter] that is the big question. Audience member you are the experts. That is a reasonable question. There are a lot of assumptions embedded in this discussion. Is there a time horizon on Something Like this . Somethingoing to take else . No is the direct answer. Know when this will be resolved. As i suggested earlier, a way to proceed might be to focus on a part of the problem, such as the data on devices for example. , try to focus efforts on that and have a robust technical discussion trying to actually sit down with Technology Experts and say, if we did this, what are the costs. If we did back, what are the cost, whether the tradeoffs, how do we think about that . I do not agree that all technologists think this cannot be done. There are risks in everything that you do. There are risks in the systems that we had today. The systems that we have today are not perfect by any stretch of the imagination. They are filled with polar abilities. You have data that is acquired out of lots of different companies. We have no clue where it is or what is happening to it. Risks of bounds in this area. Focusing on one part of the problem may be a way forward to see if we can build consensus. It does require to college that Law Enforcement to eat to acknowledge and move forward with a dialogue to see if something can be done. Odds on etas lay for solving the problems . We launched this debate last year. We are putting together the technical people, the lawyers, the Civil Society, and politicians to have a discussion. Exhaust ouring to preparation until the end of this year. Will pick up the option for debate. Already, Society Needs to decide where is the balance. Through the political representative democratically elected in our society, there must be a discussion about where to put the demarcation line. How far we want to go between National Security and privacy, or security versus security. No odds from me. ,s far as coming to a solution i think it is not going to happen in the near term. Medium toobably be a longer term conversation. If i were to put money down on something, i think the solution would be a recognition that looks at these technical problems and balances equities. Insufficiencythe might affect the public. We have a question right here. Put your hand up so we can see you with a microphone. They go. There you go. Question isber my for mr. Baker. I guess you do not want to advertise capability gaps to the bad guys, but the challenge for policy makers is that transparency helps provide legitimacy to provide political will towards action. I think we are lacking that transparency. I know the fbi used to produce publicly available reports on the domestic terrorism situation until 2005. That data is hard to come by these days. Gw university has been great in providing a lot of publicly available analysis on this issue. Im glad to hear that the fbi is more willing to talk about investigations like that. Niceg forward, it would be from a policy makers perspective to have a bit more transparency or coordination. I would like to know how the fbi plans to do that . With respect to trying to tolect data about this explain what the problem is so that people can have a sense of what it is, it is a totally legitimate point. We are trying to collect data that is meaningful and reflects the problem. The listed earlier, we look at different time. Period periodsme we had 2500 devices brought to the fbi from around the country for analysis. We cannot open 40 of those. We had no technical means to deal with those. . Hat kinds of cases those were we have the data on that too sort of a degree. One of the challenges is that Law Enforcement officers and Intelligence Officers are busy doing investigations. Whatquickly figure out type of phones they can access in which kinds they cannot. They do not waste their time seeking a title iii order for a fisa on the intelligence side. Those are laborintensive processes. They will not waste their time if they know the thing is encrypted anyway, why do i bother . That is one of the most significant dilemmas we have had in terms of trying to count the when people are not going to waste their time with that. It is a data point that is missing. Any data that will not go forward does not reflect the true nature of the problem because people are still censoring out in the field. They are not bothering. Those cases never make it to headquarters. They never make it to the Justice Department across the street from the fbi. It is an incomplete picture. We are struggling with that. That is why we have focused on this one collection point in terms of data that we know is available to us. Were going to try to collect more data. We have people actively thinking about how we are going to do that. From the curious persons perspective, whether the cases out there that would attract an fbi agent . The ones with 40 of devices. What percent of those cases were able to move forward to a prosecution or investigation . We keep moving forward. Were not going to give up. Cost . Sue is what is the it might be risky or dependent an agent in harms way to get the data. What is more expensive . All of the costs go along with it, even at the end of the day if we are able to solve it. The gentleman in the third row. This is the last question. Audience member i wanted to have been views that underrepresented so far. But it has been a great conversation nevertheless. Is that people that might need encryption to keep byir data from being hacked malicious actors like criminals, terrorists, cyber actors. They have not been adequately represented at conferences like this. The other set of views is we need the human rights activists overseas who face autocratic governments. We have to have discussions about democratic deliberations within the u. K. , u. S. , antie. U. , but the issue is that these views get demanded by the governments overseas. If u. S. Companies have cooperated with local Government Agencies in the u. S. And the eu, then the issue becomes should they also cooperate with foreign governments as well. , what measures are you taking in each of your legislative policy conversations to make sure the views of consumers, human rights activist, and Civil Society activists are actively represented . It turns out there is a conference in brussels that is happening this week. There may be some live streams. Most of the human rights activist in bc and brussels are there. They were invited because they are and could not it because they are on planes right now. When it comes to the collaboration with those ournizations, i know industries have robust relationships with folks in the human rights and Consumer Rights communities. Eu have the fbi and similar interactions. You, the civil of our are part discussion with us it in the present the views. There was also another point on how we deal with the possibility that other Foreign Countries would use the abilities. That is something that we discussed. We are potentially can earn about it. That is why the point in jurisdiction is so relevant. We have to be very careful to talk about legislative proposals that will push the companies to make available, not only to ourselves, but to other foreign ability to the decrypt those systems. That is something that we really take care of. Last word . We are hopeful to a solution to this problem. A solution that results in more peoples data being vulnerable and more Cyber Security threats and more consumers being exploited is not a solution. If it does that, then it is not a solution. If it does not protect innocent from abuse by repressive governments, that it is not a solution and we agree with that and we know that. What we hope for some type of solution that appropriately balances all of these things in the right way. That protects innocent people and enables Law Enforcement to do what they need to do. That allows companies to be innovative and competitive in a Global Marketplace. We have to try to get all those together, or it is not a solution. It will not be acceptable to society. There will never be a visa legislation that was forwarded you cannot get enough people behind it. And youre not going to if you cannot deal with all of these things simultaneously. I want to thank the panel for being here for a great discussion. Thank you all. Great questions. [applause] thank you very much. Absolutely great conversation. I cannot think of a better way to kick off this a bank. This advance. If i would think of the three words i have heard consistently, dilemma, balance, and discussion. I think those will be the three themes we will be exploring tomorrow. I will be brief. , we will be starting again tomorrow morning at 9 00. We have coffee outside. At 9 45, we will have a keynote by a professor from the eu. I look forward to seeing you tomorrow. This was the fantastic appetizer to the larger conversation we will have tomorrow. We will be speaking again about encryption and privacy. We will be talking about counter messaging. I look forward to seeing you tomorrow. I want to thank you for coming tonight. Thank you. [applause] the American Israel Public Affairs committee, known as a pack, is meeting in washington this week. Of thatbring you some conference including remarks from House Speaker paul ryan. Thats next. Jeff sessionsal said the Justice Department is following through on an executive order to withhold federal grants from the socalled sanctuary cities, which are places where local in force meant limits cooperation with federal authorities on immigration enforcement. Ambassador to the u. N. Nikki haley said today the u. S. Will boycott u. N. Talks to ban nuclear weapons. Later, the Senate Judiciary committee postpones a vote on Supreme Court nominee neil gorsuch. A senate panel will look into how Sexual Assault against Young Athletes is investigated. A representative from the u. S. Olympic committee. That is live from the Judiciary Committee at 10 00 a. M. Eastern on cspan3. You can also watch online on cspan. Org or listen on the free cspan radio app. Legislation that is live from the house ways and Means Committee at 4 00 p. M. Eastern, also on cspan3. Cspans washington journal, live every day with news and policy issues that impact you. Coming up tuesday morning, economists will frame the upcoming congressional debate on and examined democratic, republican and bipartisan proposals. Then, North Carolina republican congressman walter jones California Democratic congressman John Garamendi will join us to discuss a bill they cosponsored calling for a complete withdrawal of u. S. Troops from afghanistan. Cspanso watch washington journal live at 7 00 a. M. Eastern tuesday morning. Join the discussion. Coming up, u. S. Ambassador nikki haley and House Speaker paul ryan address aipac, the u. S. Israel policy organization. Speaker ryan spoke about the importance of the u. S. Israel relationship. These days it is a rare sight to see a democrat and a republican standing next to each other. Let alone sharing a stage. [applause]