About how wealk ought to be preparing them for us. [applause] we are going to go live now to capitol hill for meeting of internetessional Caucus Advisory Committee to easier rules to make it for Foreign Police agencies to access social Media Information citizens. Live coverage here on cspan. If this caucus is the support of the cochairs from the house side, concentrationman bob goodland and senatorman anna patrick leahy. A couple of housekeeping things before we begin. We are Live Streaming this event online. Audio and video will be the nete shortly after caucus. Org. Follow us onto twitter and use the hashtag border warrants. Before we begin, we will be our next event balancing Privacy Security and and fisa 702 this friday at noon in this room. Here this see you all friday. Without further adieu, i like to this over to cary, she was formally at the department of justice. Be moderating this event today. Joiningu very much for us. For joiningeryone us today. We welcome our audience of Staff Members here with us today on capitol hill. Thanks to cspan for bringing wideriscussion to a audience. The congressional internet caucus has assembled a panel of to discuss the legal, policy and privacy issues involved. Cross board data request and court order. Introduce the panelist. They are full bios are on on the congressional internet caucus website. Each of them have experience in academia and Civil Society and issues related to capitol hill. First to my left is Richard Downing, who is currently the assistant attorney general in the Criminal Division of the United States department justice. Is jen dascal,t associate professional of law at university. Nema guiliani. You, thanks for today. Ere i will give a couple of opening remarks. Just to frame the conversation. Aware of the interconnectedness of our global communication. Location of people, their communication and their stored fixed. No longer our focus of todays discussion, thats are the title of this data warrantses from across the pond fighting privacy. Le preserving our legislative policy proposal exist to facilitate foreign obtaining a Legal Mechanism through which a Agency Law Enforcement can obtain storied data, held by company. Unications in other words can a u. S. Governmentp another investigation and still adhere to u. S. Law . Currently, if a foreign Law Enforcement seventh identifies u. S. Lawof including the Electronic Communications privacy act, precludes u. S. Companies from handing over other countries. That limitation is grounded in protecting the privacy of users customers who use those services. Foreignlenge of governments ability to access u. S. Companies is one issue. What to do about the law lack of clarity and how the u. S. Can access data held by u. S. Companies, when that physically stored outside the United States, is issue. Related that issue involves the modern the 1986ation of act. D communications which is working its way courts. Y through the its a case that was brought by microsoft and concerns data that held in ireland is currently be with the university Supreme Court. There are equities on all sides of these issues. To ensure that Law Enforcement can do its job consistent with the Fourth Amendment, how do protect the privacy of global users of a communications infrastructure. How to do right by private way that doesnt stifle innovation, lead to data localization and respect the faced by Global Communications companies that maybe caught between competing laws of different countries. Sides to this issue. Probably all the participants in this discussion agree that these various challenges exist and concerns that are expressed are legitimate. Question then is what comes next in terms of how to address these issues. Changes, if any, needs to lawade to the United States in order to accommodate these whatiples and objectives would those legislative changes look like. Discussionst the started, i invites up for a few and juddhris randall smith. Is the legislative director and counsel for representative Hakeem Jefferies york. Ew describeng to speak to the legislative efforts that members are [indiscernible] to find the solution for the by lawuestions raised enforcement access. The current Legal Framework provided, or the Electronic Communications privacy act was in 1986. Over 30 years ago, when congress enacted this legislation, the internet was infancy and emotional Communication Technology left the law behind. It is time to bring the outdated law to address 21st century problems. Until we address it, this issue continue to rise in the court. Last years decision from the circuit in the microsoft clear direction. At the same time, he recognizes the importance of of law andhe rule preserving privacy. Introducedess he International Communications act icpa. We have also been working with senator hatch and senator coons. Trual bipartisan effort. It is important that all parties advocates, thecy d. O. J. And industry stakeholders have voice in this discussion. Our goal is to find a solution interests. These 1986. A come to us in theres a lot that changed then. And whatnication law we have as a scenario where Tech Companies are in a place why they have to figure out whether to adherey are going to certain Privacy Protections or others. They have to make these choices. Foreign consumers are wondering whether or not Tech Companies able tog to be adequately protect their privacy interest. Congress has the responsibility as we did in 1986 to decide thesethe law goes under circumstances. Recently, the Microsoft Case decided that the effort cannot used to permit search warrants. The d. O. J. Areat seeking to get the Supreme Court decision. At regardless of the higher court decision, it is our role here in congress to decide what the law is and how were going to make enforcementr law for tech communities and for privacy. With that said, you have jefferiestive hakeem from new york working with congressman marino from colleagues over in the senate, senator hatch and coons to find a solution that will reflect todays realities that will balance our rights and privacy our Law Enforcement needs. With that, we look forward to willy discussion and we take back that is discussed here to our bosses. That we will have a product that we can move that everybody. Ense for thank you. For your remarks. Were going to turn now to our panel of experts. Start by asking Richard Downing from the Justice Department. Could you first describe starting with the issue of that have been of interest to the United States and united governmentforeign and Foreign Company congresses. From thet is the issue perspective from the Justice Department from a Law Enforcement perspective. What is the problem that youre trying to fix and then two, what thehe current status of Justice Departments efforts to issue forward . Sure. I think its important to start you pointroblem as out. The paradigm case that i think we should be thinking about is a where there is very serious crime imminent or has happened in a foreign country. Lets say the u. K. They are trying to solve that crime. A murder that opens an investigation. And questionouse witnesses. Theyre and to do all the investigation except theres a chunk of their case that is not itsed in the u. K. But located in the United States. Its a social media account or email account. In that situation, they would normally as i was mentioned through thee to go mlap process. Process is universal thats being too slow and not up to the speedy and important investigations that are going on. A jam. Viders are also in they see the u. K. Needing this data. U. K. Could issue their own Legal Process and direct providers to comply. U. S. Providers are aware if they did that for data stored in the United States, it would be u. S. Law to of disclose it. Which has certain requirements. Yet, its a very weird situation. Be should u. S. Law controlling in the situation. Pure happenstance. Such suggested that we should away. He bar and let u. K. Law control completely and not worry about the location of the data. Weve taken slightly different approach. The providers came to us some ago during the last administration and asked if we would work with them to come up an arrangementof where the blocking statute, the prevents the provider would be lifted in certain circumstances and certain countries. Thats the genesis of this u. S. , arrangement. We need to have congressional the law. Change spawnedee that idea was in the last administration and now in this administration it has been taken up again. Year, we released a and almost identical proposal released this year by administration because it is practical, useful thing. Helps our foreign partners, its important that we support the needs of the u. K. And protecting its public safety. Is supports the providers. It gets them out of this position being in between two country laws. Incentives for data localization. Because countries that would toe to sign up, would have meet a series of robust Privacy Protection. Of raising privacy world. Cross the it has benefits of the united maybe in situations data stored in the u. K. Thehat are the two parts of proposal . Theres an agreement that have twoake place between the countries. Then theres the legislative proposal. Explain this isnt just a matter of congress differentw, theres pieces that has to fit together in order for this to be worked out in a sort of way that for aespect the need robust set of privacy safeguards Civil Liberties and what not protection. Fores got to be system evaluating which countries will be appropriate for this. The mechanism that we proposed there would be a Bilateral Agreement between the United States and that foreign country. Work out the terms of that. In order to have that happen, there has to be legislation that the blocking of current law. What the basic legalization says, if there is a Bilateral Agreement and it meets a set of robust standards, in that situation, providers are entitled to disclose information in response to Foreign Court orders. Actuallyuirements are fairly stringent. It requires that orders for individualized. Theres no bulk collection. It requires that orders be based credible facts and particularlity so they are specific to individuals and for them. Basis they are not allowed to target u. S. Er. S. Persons. Its not about targeti. Persons. Its a lot of stuff designed to sure countries qualify for this and we entered in the with ones we share Civil Liberties and Legal Systems that we can respect and agree with. Let me ask professor jennifer. Gascall up. Looking for background reading. She done lot of academic work, including long form articles and website. Rity professor, can you then take what richard has described and explain for our audience what he just described sounds perfectly reasonable. To the initial observer. Who are the sticky issues . Points . The sticking of where there are areas that worked throughe in order for congress to feel comfortable passing some type of legislation on this issue . Thank you. A very that this reasonable proposal. Does mediateit between the various privacy and security and sovereignty concerns. It is an approach that ought to endorsed. There are critiques of it. Ill talk about those in a second. That . I say i say that for some of the reasons that richard talked about. About a situation in which a Foreign Government needs access for solving local serious crimes and previously the Foreign Government used to be able to get that according to their own rules from their own telecoms. Their own because of the changing nature the internet, because u. S. Companies control so much of the increasinglyheyre finding themselves in situation where they need access to data be u. S. Held and stored. These countries understandably frustrated. Is leading to a number of different incentives bet i think really need to to sed. Its leading it incentivizes companies to localization. They get it according to their own rules, however privacy or not. D its also incentivizing foreign to increasingly seek data, extra territor territorially without regard to u. S. Law. Its putting companies in the middle. They have to decide i can comply with one law. Its not just a hypothetical concern. Executive whon have been arrested and detained comply of failure to with foreign demands for data. Foreign governments get frustrated, they seek out other accessing data. I think we see here a link between the debate that were now andabout right to decrypt. Respect why i think the legislation offers pretty very reasonable response to this. Does notoes, it require a u. S. Company to provide data to Foreign Government. It lifts the bar in those situations where the u. S. And enteredgovernment had into agreement. It sets a number of really limitations. The governments the foreign by the have be certified executive branch as satisfying basic rule of law standards. Then each request in addition has to meet a number of criteria richard talked about. Most importantly, these Foreign Governments cannot get access to a u. S. Citizen or legal permanent resident or any locatedrson physically in the United States. They also cannot get the data the intent of then sharing the information with the United States and if they access the of u. S. Persons, they are required to put in certain place. Ion in in addition to specific request, they have to be targeted. Theres limits under duration. Theres a requirement of judicial review. Think where the critiques come in are with the specifics of required. There are suggestions that some reviewlanguage judicial were oversight. Not clear what that means. It requires judicial review. Theres other questions about predicate factual standard. Theres some who think it should higher than that. I personally think one thing that should be included any my final bill would be some explicit mechanism that protects the company. Any question about whether or not request meets those standards, it would allow them tond kick it up to the department of justice and kick in the other Legal Assistance treaty process. Theres minor modifications i think that can be made to this piece of legislation. The whole, i agree with basic premises. Jen. Anks nem guiliani from aclu. Should we concerned about creating a legislative framework for a Foreign Government to request Communications Data from a u. S. Company . You for having me. Im glad that were discussing this issue. Outset, isay at the think that the aclu and largely many privacy and human rights groups, disagree with the proposal. Humany international, rights law have come out in opposition of the proposal. Think off the top of my head of u. S. Based Privacy Group have done full throated endorsement of the d. O. J. Proposal. Reasons are for couple of major reasons. Is, we hear richard said this and jen said this, persons. T about u. S. This is about targeting people overseas. Of ank that that is a bit fig leaf. If im an individual in the u. S. , we communicate with people overseas. Obviously the standard that is targeting ofy to that overseas person affects mylection of my data, conversation with somebody overseas. I think this idea that simply a target cannot be someone in the u. S. That u. S. Isnty interest implicated its false. Lets say the u. K. Government wanted to collect a conversation i had with somebody in the u. K. They were investigating that citizen of the u. K. For a crime that had occurred. Under todays system, they would with essentially which require them to generally comply with a warrant standard. My data, my conversation with somebody in the u. K. Is protected under u. S. Constitutional standards. If that standard is dropped and requirements are lessened and weakened. That affects my privacy. Creating a system where incidentally you can collect the information about people in the u. S. , citizens and green card holders, under standard that is standardn a warrant and under standards it that are to u. S. Uld apply government itself. That i think is a significant concern. Its also a significant concern because the proposal as drafted prohibit Foreign Governments from voluntarily sharing information with a u. S. Cases. Ent in certain information then can make its way in court and be used against somebody. That i think is major concern. The second concern has to do it allows. Y what the proposal doesnt just affect Communications Like email, text messages, etcetera, it also involves realtime interception, wiretaps essentially. In the u. S. , under federal wiretap, congress, obviously the perception of the public, put in place very stringent requirements for what applies to when the government a wiretap. For example, in the u. S. , you foronly do a wiretap certain types of crime. There are very robust procedures data. Ing the handling of you see on tv, someone shuts of phone off, irrelevant conversation happens. That is part of the wiretap infrastructure. There are noted procedures. You use wiretapping as a last you exhausted other means of obtaining that kind of information. Notof those protections are required for Foreign Government who wants now to wiretap using apparatus created by the proposal. Foreign governments like the u. K. Or other countries who may these arrangements may not have to comply with the wiretap act of the that the u. S. Government would with. O comply what youre talking about is generally, potentially lowering that doesnt apply to individuals overseas including the conversations they in theaving with people u. S. Great. Thats excellent outline of concern. Back there to come to question of stored data. Before we do that, i want to turn to stephanie marks with reform government surveillance. That stephanie can explain to are the equities and interest from the u. S. Based Technology Sector in these issues of creating a frame work for compliance with foreign request. T thanks to the internet caucus event. Ting this i think this is i actually think theres a lot of agreement what theanel about principles that we need to be protecting when were talking difficult issue of when Foreign Governments can get data about people can get the that lives outside borders, often about people who are not their own citizens. Implicates complicated matrix all talk todont each other very well. I think the main disagreement is to accomplish that while ofimizing the ability legitimate Law Enforcement need to get material thats related to help keep us all safe. Maximizing the Privacy Protections of all the people who use the internet on a daily basis. Foreign government surveillance see group of 11 companies that the companies who make this make the operating system for this. All the apps that you use on this. To enable us to communicate with daytodayon a basis. Shortly after the snowden disclosures to support u. S. A. Freedom act. Even more to provide a forum for companies to have detailed conversations about what exactly those reforms should look like and to make sure that everybody was really pulling on the same and get the important reforms to section 215 done. Going forward, the companies similarly been concerned about other issues that implicate government access to data around the world and flip privacy course the rights of the consumers that use these internet platforms all the world. We have have been very involved about encryption. Weve been involved discussions and safe european harbor. Involved in all kinds of issues that have risen in the congress over the last would view as we attempts to sometimes water down protections for individuals. Inhave been involved suggesting reforms to section 702 this year. Think, the most important priority for the rgs Company Solution is to find a issues. Cross border much in favor of the language that the department of regards toposed with removing the block to allowing d. O. J. To enter into agreements. There are five pages of requirements in the bill along includingover limiting those reciprocal arrangements to serious crimes or terrorism. Daskal there, theres ways we can improve that language. To make sure what were doing internationally is lifting up Privacy Protection for people all over the world. This, the line is material that all these internet actually have, its not theres. Its a communication of consumers all other the world. At solutionsoking to figure out what governments andget this information under what circumstances and what law should govern their that information. What we have to focus on is much. Not so is it strictly speaking and is the inquiry over when we know a u. S. Company . Belongta doesnt microsoft or google. This data belongs to the people who are having the considerations. These people expectation of privacy, what tos do they think are going govern when a Foreign Government decides they want certain kinds information. Its a Tech Companies at the of that. Theyre the ones who have data overr here and customer here and government over here. Data. For that they trying to figure out which law applies when they should comply. What the due process really is that backs up the government received and receive mlap process. Looking fore another right protective way to mlap process. That were not talking about mlap completely. These proposal will apply to andain kind of crimes circumstances. They will only be available to government who are right protective. This seems like a good solution situations where governments get a legitimate need to Important Information quickly. Great. Thank you. Inike to thats helpful term of giving the perspective of why this issue is so important to the Technology Sector. I want to come back and i invite all the panel to weigh in. An issue come back to that n eema raised. Which is electronicf surveillance. And the realtime, the ability of governments to request from u. S. Companies realtime surveillance results. Turn back to our department of justice representative Richard Downing. Two things that came neemash stephanie and reremarks. Is this proposal geared towards Law Enforcement challenges or asphanie mentioned terrorism well. Is this a National Security problem . Between thealance two . Thisquestion two, does d. O. J. , this proposal, administration proposal, would cover realtime surveillance . Foreignity of a government to request the cooperation of a u. S. Company in realtime surveillance . Is that correct . Correct, why is that part of the proposal . Sure. Way that the u. S. U. K. Frame frames t it covers serious crime including terrorism. Depends how you want to put that in the National Security bucket or not. Its certainly a terrorism often regarded as ay, National Security matter. However, about spying on other country or sort espionage side of the National Security. This is about serious crimes terrorism. Of course threats and bombings not. Hat second anything is absolutely yes. This proposal would cover and wiretap act. I guess i have a disagreement my fellow panelist about why that is important and how significant that is. Remember thate to the basic paradigm that we should be thinking about is a thee thats occurring in u. K. And that the u. K. Is trying to solve. Crimen imagine organized need ton the u. K. They wiretap that individual to see what the plan is or commit a murder. Interception point for that communication has to be in the United States. Why thes hard to see u. S. Would have much interest in apply. That law would before the current model of the way that these communications are routed, that interception would be done under u. K. Law in be solved ifwould u. K. S going to be by the principle. In that situation, i would say thats the default. A u. S. Person were to call in and get caught up in the wiretap thing, that u. S. Person had zero rights at all. Its whatever the u. S. Or u. K. Apply. Ld this situation, they would have a lot of rights. Targeted, secondly there are a lot of baseline protections that are similar to to. Law that u. K. Would have comply with. Particularl s and particularlity and exhaustion of alternatives. Limited duration. These other rules that we have law. R in that end, they have to thatize any u. S. Person get involved in that conversation. Evidence. Use that we would then have an audit what they are doing. The u. K. Use, wiretapping as a critical part of protecting public safety. If they dont have the opportunity to have this type of arrangement where they can get access to it, it does not solve problem, which is on theey will insist capability or other problem. Rightly so. They need wiretapping to do that. This is a fire and balanced approach to deal with that to unnecessarily inpinging on u. S. Person right. Theat the same time giving u. K. Legitimate needs of the u. K. Anyone want to respond that was so effective. Have an answer. [inaudible] act requiresp notice. It also considers the parties. Ons of third not just the target of the wiretap but third parties are with. Icating allowing discretion for judges notice information to those third party. Were creating a frame work that havementally, doesnt those same set of robust requirements as it pertains to beire taps that will permitted by Foreign Government. In a way that could have very in thetions for people u. S. Who communicate with people overseas. Information that can be collected by a Foreign Government and make its way to and make its way into criminal proceeding. Even though it has not complied the the requirements of wiretap act. Or potentially the Fourth Amendment. We keep saying, theres a robust set of requirements that apply into thesewho enter agreements. The reality is from our requirementsthose dont seem very robust at all. That. Me follow up on to other panelist. The proposal has been described thearily in terms of u. S. U. K. Relationship. The First Agreement that the department of justice has work the u. K. H theyre an ally. They are close partner in enforcementin law and now security matters. But the legislative change requested, correct me if im wrong, is not country specific. Happens for the rest of the world . Maybe theres a few other countries either in north america or in europe who perhaps, have more similar to the United States. Not exactly. They dont have the same constitution or fourth have more but might similar judicial requirement. What happens when other countries come knocking on the door . To have this same type of and wanting same type of arrangement companies . Its a great question and important question. Back for onep second and think about this little bit from a level. Is because ofing the way the internet is structured because the dominance companies, which i think nation, we cop a to promote. Two things,hose there is this really disconnect between territorial government and things that used to be exclusive to their jurisdiction. Theres this data that moves around. It is not physically located territory. Theres really, i think, fundamental questions about who the rules. Do you u. S. Rule should u. S. Rules,pecifics of u. S. Apply simply because the data happens to be located here . The same exact problem we talked about earlier with the microsoft ireland case. Guyld irish rules apply a happen to be in ireland, if ireland not have any other any other equity in the case. Itsnk stepping back worthying as some of those bigger questions. As the countries that is the home of so much of the world extent, at least for now, set some of the ruins. Heres a real opportunity to demand baseline standards but harmonize approaches borders. To your real question. If thisthat the idea legislation to pass, hopefully ands passed, theres a u. S. U. K. Draft agreement. That there hope is would be other countries that andd meet the standards perhaps adopt minor changes in order to be able to meet the standards. I think over time, ideally you expand that out farther. There are some interesting proposals that some people to talk about. The idea that maybe some countries could have specialized point of contact even if the entire country couldnt be certified meeting all the legislation in the you can have units in the country required to ensure the request for the standards. Even if you didnt trust all of adia, maybe you can trust unit within india to review particular request to make the request to u. S. Companies. Can turn to stephanie the industry perspective, how are the companies who potentially will receiving end of these governments,other how are they looking at the if this when we legislation were to pass and the agreement with the u. K. Were to model potentially for other arrangements with other governments, how then would view the potential request downstream for countries . With other industryens from the perspective when they might india or requests from china or brazil or other types have differentat legal issues. I dont foresee that several you listedtries there, would meet these standards with the department of justice. I dont think china will be high the department of justice list to be entering into an agreement to let the chinese directly to a u. S. Technology company with a Law Enforcement request. I think we would be upset if we presenting such agreement. Countries that could meet the standards. The most exciting thing about otherroposal is there are countries that cannot quite meet might raises but their game so they can. Its important for them to be get information from u. S. Companies which are frankly companies that have the bulk of the information that travels the internet. Thats something thats really important to the companies. Is to make sure that were creating a regime that not only for legitimatele Law Enforcement asks to be met and efficiently. But to make sure they are met in arights protected manners. Collateral consequence to raise the bar on Privacy Protections all other the world. Know were going to disagree thisbly on exactly whether particular proposal accomplishes that. Byhink if you go to point point through the proposal, i think that it is it sets the now. Igher than it is it would be beneficial to consumers all over the world because it will help to discourage counts that are close to meeting this standard from laws and blocking enacting data localization law. To peopleive clarity about how their data will be ed. Dl we do have very stringent due thisss requirement here in country. There are plenty of other thats that have dont view the procedural part do. Ue process exactly as we but they nonetheless have a fair oversight and independence i in the way they review and handle law requests. T i think its legitimate to consider those while at the same time, were wanting other countries to honor our Law Enforcement request. Trying to maximize privacy onment and both size of the table here. Of theounds like part confidence thats trying to be instilled in this legislative proposal and potential agreement at least to start between the does rely onu. K. , in thejudicial oversight foreign country or some type of thattutional oversight would take place in the foreign thetry to ensure that request thats being made, offorms with the principles what we could call Fourth Amendment and privacy principles order to know theres process thats involved. Richard downing talk about how would that play out . What would that judicial, institutional oversight look like to the extent that we can envision a little bit. Provide some comfort to those who might be concerned from the privacy and Civil Liberties . Hit it on the helped head. Layer of protection will be based on the foreign law. The foreign country crime involving its citizen and its getting Legal Process. Targeting United States person. In that situation, the legal procedures and protections that in that set of rules, would be the first sort of line of privacy defense if like. In order to make sure that the agreement is being lived up to, additional layer of oversight that is done on a bilateral basis under the agreement. Mentioned briefly before. There are provisions where the United States would have the sure that the Foreign Government is not intentionally targeting u. S. Persons. That they are indeed, minimizing those communications. That they have protocols in place and the practice is that is being done correctly. A provision that the whole agreement has to be reuped years. Ive its a sun set provision to make sure theres a robust oversight. If as also provision provider receives piece of Legal Process from a foreign iternment, it could raise with the United States. Theres a provision in there may says the United States block any particular order if it finds it is not in keeping with the agreement. It it came to our attention by the provider, that could then be blocked. The other thing i want to emphasize is the congressional role here is strong. Both on the front end of this those rulesetting and then at the backend of the various that is provisions notice that will be provided to congress before any effect. T goes into if congress wanted to act at that point to block it or do different. This is the idea that weve been trying to work in post partnership with congress to make sure that we are doing the thing, which is the is we are trying to solve problems. From the perspective some of the other panelist. Sound those safeguards libertyrivacy or civil perspective . [inaudible] ofthe first is the idea individualized review. Under the current process if a request comes in through the mlap process, someone in the d. O. J. Takes a look at it. Compliese whether it with human rights standard, and up. R issues that may come that entire individualized review, doesnt exist under this new frame work. It only exist the companies. Companies ier question whether the companies have the ability and resources a robust individualized review. Dont necessarily have the incentive to do the same robust review. On the hook monetarily or other than their for reputation for doing that review. Youre placing individualize review and countries its a flaw. Second thing we talked about the congressional roles. A 60ctfully i dont think day notification is as robust it could be. This is the designation the branch can make. Simply by inaction from congress, certain agreements can place. I think thats a problem from perspective. Congressional role needs to be more robust. Even lot of the standards legislationin the only say there are factors that need to be considered by the executive branch. Mind, that leaves a lot of wiggle room for the u. S. To enter into agreement particularly with countries that spottye inconsistent or human rights record. For example india or brazil, where in certain cases i think, of their laws largely in line with the u. S. Think weher cases i would have serious concerns. We talked about taking a step back. Take a stephould back and think about the human rights activist in india who uses the internet. For years they have used u. S. An expectation that their communications would be subject to a certain level of standards. Certain not just out of the idea that privacy is important because on the line. If were thinking about putting a frame work, that is have examine from a human rights perspective and thinking about the effect that thehave on people all over world. Were going to open it up in to questions. Before we do that, i want to ask professor daskal, most of this conversation has focus on the of this u. S. U. K. Agreement. Government want to access data from a u. S. Company. Weve also mentioned couple of times the microsoftireland case. Can you take a minute as you guys are thinking of questions, take a minute and just play inish the issue at the legislative proposal and how thats different from the issue known as the microsoftireland case, which the department of justice recently set appealing to the u. S. Supreme court. Sure. Summary. Two second i assume everyone in the room knows the case. Decided ae that was year ago by the Second Circuit. The issue in the case was the a warrantnment served on microsoft. Microsoft refused to comply on data thats that the was sought by the u. S. Government was located on a in ireland. Microsofts position was that the u. S. Warrants authority only reach. Ritorial it could not reach data that was outside the United States. Governments position was actually microsoftireland can access this data from washington. Does it all the time. Theres nothing extraterritorial about this. A territorial exercise of the warrant authority because its being served on a u. S. Do everythingan the u. S. Governments wanting it the unitedwithin states. The Second Circuit, two Lower Court Judges sided with the government. The Second Circuit reversed. It sided with microsoft. It resulted, u. S. Warrants authority only reaches data the unitedted within states. Described by some and in the process kind of a privacy victory. Fornt to disagree with that a moment for some the warrantss of the u. S. Authority and the requirement probable cause. The u. S. Government tried to access the databased on justble cause which as we discussed, is a High Standard potentially higher than a lot of place in othern currents around the world. The net consequence of the opinion, is that the u. S. Wants to get data located outside the United States. Go to that foreign country and ask that country to access it according to its own which maybe less privacy protected than the warrant. Having prettylso big security consequences. Organizes itself in a more location driven approach. Other companies not as much. Google is moving its data around time. E initially it was not even able to say whether the data that the wanted wasment inside or outside the United States. Sticks that problem it now necessarilyesnt provide information about where outside the United States. There maybe no government for a combination of reasons that has access over in a legitimate prosecution when theres been a warrant based on probable cause. Crime. Serious theres been at least five judges ruled in favorite of the government. Circuitsecond obviously. Hard by theght be Supreme Court. I would say one more thing. That would be unfortunate. Morenk that this case is complicated. It can be resolved in a simple theosoft right or governments right type situation which is what the ultimately have to do. That ideally we would see the legislation, already been talked about, coupled with a fix to this problem of microsoftireland that would basically set the default that the u. S. Government pursuant based on probable cause and the investigation of a legitimate crime can access data without regards to the location. Caveat that are meant to take into account the interest of Foreign Governments their owning citizens. Not based on where the data is the equities of Foreign Governments with respect to their own citizens and residents. Theres different a quick question to our panel. If you signal me then ill know that someones got a question. I know someone in here has to have a question. Whats better about what is it, data localization . Why would we be talking to congress about legislative fixes with one potential outcome is avoid infrastructure, move to data localization . It can ment require that they stay there and not move servers from the data remain of the data remain within that country. Number one, it could it it makes it very, very difficult for providers to do business istent with this model their Business Model and do business in a way thats completely consistent with the way their clients lose their setting. There are different ways people are doing business internationally on the internet and that would potentially eally break that model and take the companies in an unhelpful way how they manage and store their data. Number two, then theres this whole trove of Data Available in countries like russia for the russian government to kind of get their paws in at will whenever they want and no one is really in favor of that. Yeah. I was just going to add, we heard a lot of talk about how these proposals will stop data localization. I want to sort of provide another perspective. Not to say this issue to be clear, i am not saying it would stop data localization. It would help disincentivize localization. Disincentivize, to be more accurate. We have to realistically realize, one, the proposal on its face doesnt necessarily prohibit data localization. Thats something to consider. The second is that, you know, i do think the issue of data localization is more complex. We saw concerns over u. S. Surveillance practices leads some countries to talk about data localization or lead some Foreign Companies to use that as a selling point. I raise it to say i think the question surrounding data localization, where i agree with the issues stephanie raised, we shouldnt assume will stop of itself that from happening. That more needs to help. I know the congressional internet caucus tries to keep its events on time. I will give somebody a chance for one last question. Ok. We have a question over here. If you could please identify yourself. Robert thomas. Journalist. My question is about masking what i am going to call overtaps, the third parties who are in contact by people overseas. The example is we can filter our linkedin contacts or facebook, the people who follow us on twitter cant readily filter the people who send us private messages. How would your protections, how would your safeguards prevent just innocent bystanders, lets say, you, you, you, whos been contacted by someone from Eastern Europe or wherever, contacted by a criminal . How is the innocent bystander protected from being caught up what . What masking caught up . What masking techniques are available or whatever else . I will ask Richard Downing to speak briefly how this proposal might deal with the sort of incidental collection of individuals who are not targets, subjects of investigations. Richard sure. I think the scenario we should be talking about is the u. K. Needs to get a u. K. Wiretap order to solve the u. K. Crime and it turns out they have someone in the u. S. Whos contacting them. If i understand your proposal correctly. There is a single Silver Bullet way of answering this. It is one of the things that has to be worked out in the details. They werent intentionally doing it. Investigators are looking through materials that have been intercepted. They would be alert to the idea there might be a u. S. Person and if that were discovered that would have to be minimized, put aside, sealed, not used except under specialized circumstances. [inaudible] it would be sealed . Richard thats right, minimized later. Ok. Ok. Well, thank you very much. So i know that we are i think we have richard our limited time. Thank you all very much for joining us today. And please join me in thanking our panel. [applause] [captions Copyright National cable satellite corp. 2017] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] the u. S. Senate returns to session today at 3 00 p. M. Eastern. Today senators will consider several of president trumps nominees. Later in the week were expecting debate on the Republican Health care bill. Majority leader Mitch Mcconnell thursday released a discussion draft of the bill to replace the Affordable Care act. The Congressional Budget Office this week is expected to release its estimates for the cost of the bill and the number of people who will lose their Health Insurance if the bill becomes law. You can follow the Senate Health care debate live on our companion network cspan2. Also online at cspan. Org and listen with the cspan radio app. The Senate Judiciary committee will hold the confer mation hearing wednesday for christopher wray, nominated to be the next f. B. I. Director. Will he relace james comey. That confirmation hearing gets under way 9 30 a. M. Eastern wednesday morning and you can see it live on our companion network cspan3. Cspan, where history unfolds daily. In 1979, cspan was created as a Public Service by americas Cable Television companies and is brought to you today by your cable or satellite provider. Greta this week on newsmakers we are joined by the president and ceo of the American Hospital association, rick pollack. Thank you for being here. Rick thank you for having me. Greta we have anna edney of bloomberg policy reporter and Peter Sullivan who covers Health Care Policy for the hill. Lets begin with the affordable a