So americans at data are not indiscriminate research by intelligence authorities. This event was hosted by the association of former Intelligence Officers. Okay. Im up here during my tap dance. It is a pleasure to introduce hate is the chairman formal general counsel to the National Security agency. He is going to introduce our first speaker do it. Okay thank you. Jim. I am really delighted to be able to introduce matz olson. As you know we advertise and we did until the events over last weekend and she is obviously tied up permanently or at least for some weeks. We asked who can talk about this topic of pfizer . Her suggestion and the suggestion of the white o house wass that we ask matz olson to o it. Matt, we are grateful to you for doing this on short notice. Matt is perfect for this topic. He has a deep experience in the Intelligence Community. It was general counsel at the oe National Security agency, in between there before he came back to the Justice Department he now runs the national nationl security division. He was general counsel. He has a long and deep experience and has been one of the principles for renewing section 702. Why dont i just start by asking you matt, what is the 702 program for everybody they may not know as much as you or i know. I think they would really like to hear what is the 702 program . Where does it come from . And thanks. Thanks everybody. Im really pleased to be here it is great to be among such a committed group of folks to talk about this. I have to say i walked in the room and am shocked to see a full crowd consider the director of National Intelligence you have a lawyer from the Justice Department im kind of shocked you guys all still showed up. Maybe he didnt realize it until now and you are stuck there was a lawyer. [laughter] but obviously its totally occupied with the events of our time. I will say shes is a great friend and a brilliant leader we are lucky to have her in that role during perilous times like this. But i am happy to fill in for her as best as i possibly can. So yes section 702 is a part of the point of surveillance actives added in 2008. Most importantly it expires in two and half months at the end of the year december 31 at midnight it will cease to exist and has a sunset built into it. It is without question the single most important Legal Authority we have at this point. It has proven since its passagey indispensable and irreplaceableg foreignti intelligence. Some of the people here may remember coming in days or weeks after 911 a president ial program. Can you give us a feel for the ultimate origins i was adopted . It really did grow out of the program in some ways the following 911. It was a recognition but we had with fisa which was passed in 1978 and is initial form was not up to the task of collecting foreign intelligence at the time we focus on al qaeda and counterterrorism. So basically a law passed in 1978 before the internet passed beforere fiberoptic cables in e may communications are carried that is technology dependent. We were using pfizer the traditional fisa getting probable cause warrants for targets designed for people in the United States we were using that same tool to target people outside of the United States. That was necessary because they pfizer was written it was not designed to keep up with the times. And the type rate of 2005, six, seven, eight there was recognition is not up to the task and it was not necessary because were given protection to target in pakistan without a u. S. Person getting the same rights as u. S. Person in the United States in terms of how pfizer was being applied. I was part of the effort back then and you are tracking this and working on this or at least the benefits of it we convince congress at the time to change pfizer and amended with section 702 to allow us to have a mechanism to target people without rights but people using u. S. Service providers. The challenge was we had a lot of targets using infrastructure our infrastructure second to none in the world they were using that but we did not have any way to assist the government. So we change the law to have a programmatic approach we go to the fisa court once a year with the procedures that we are using to determine if someone is anth appropriate target overseas and the court looks at those procedures and determines whether or not they are consistent with the statute, consistent with the Fourth Amendment and the constitution. They are the Court Authorizes the director of National Intelligence and attorney generalra together due to the Service Providers the nazis with the directive that requires them to cooperate with the government. Status 2008, focus on counterterrorism this has proven to be absolutely indispensable. But across a range of targets and threats generating intelligence these statistics are quite shocking and impressive like 60 of a pdd article has some 702 collection in them. Because you are talking about u. S. Service providers if you access to gmail for foreign intelligence this is what the government is likely to use. Lik. There are other ways to get around some of that but everybody is providing services. Every communication that goes is also subject to surveillance under this program. Theres a lot of stock there. Why is it controversial . Thinking about section 702, they are always controversial. We are always trying to balance the National Risk protection. Thats true with pfizer in 1978 which grew out of the church committee. It was true certainly true in 2008 when we passed section 702. Its controversial because whats at stake, National Security interest, protecting the country, all sorts of things. How do we do in a way that protects the protects the Civil Liberties and privacy and true to constitution. Its particularly controversial right now because of the way that section 702 works which is while we are targeting somebody overseas who is not a u. S. Person there are certainly occasions and not infrequently that that person is in communication with somebody the United States. The person in the us is not the target, their communications will be collected because of course we are talkingll about communication with two people a least. So we need to be we need rules in place to protect the people in the United States and what we see in terms of controversy there is particularly how the fbi the one agency that operates inside the United States has access to system of the data, how they are able to use it. I think much of the focus of and concern has been on not so much nsa and cia use of this data as a foreign intelligence tool but the fbi. Yeah, and the fbi only actually getting access of 3 of the take and its the 3 that is tied to a predicated fbi investigation. They raise their hand, we are investigating this target, please put him on 702 coverage and then it goes that collection goes into a database. Exactly. It often gets lost in the debate. Nsa is responsible for implementing 702. They review all the targeting decisions and i cant tell you how great it is to talk to a group like this, i dont have to go back and explain targeting to such an informed group. They inform the targeting decisions. As you said exactly, stewart, the fbi is 3 . They focused on targets that relate to theirn investigations and those investigations can be counterterrorism. They can be counterintelligence intelligence, cyber and you have written about this, increasing cyber investigations. So they get that subset and then they are able to work with that but onlyt that person, 8,000 target. So the privacy if i can channel, if i could channel my libertarian, the government without ever getting a warrant to carry out a wiretap has collected all of these conversations of americans, they werent the targets but they are in there and now the fbi hey, you know we are actually interested in the americans and conversations of foreign targets. Its those queries that have particularly been of concern. And i will say the fbi has no nice way to put it. They are screwed up pretty badly in administrating the limit that the law imposes on those searches and that produced the biggest flop of renewable cycle. Yes, i will talk about the screwups is the right word. And to take a step back the way it works and the way its worked since the beginning and still works is that imagine theres a collection against somebody in syria, right, isis member in syria. And that person is on coverage on the section 702, nonu. S. Foreign that has foreign intelligence outside of the United States in syria. Theyn may have they may be talking to a lot of different people, people in syria, people in iraq, right, but they may also be talking to somebody in the United States. And in reviewing the collection, nsa makes that that person is talking theyre communicating by email, for example, by somebody in the United States. You see that one end of the communication with the person of the United States but in order to target them or focus in the person in the United States, which theres a reason to, we certainly wouldnt want there could be a real concern if theres actual planning or or recruiting of something in the United States. The fbis. Would have to get a traditionall warrant. They cant focus without them going through title fisa, going to fisa court and getting probable cause. That would happen all of the time. Its the incidental of u. S. Person that triggers them focusing on the person in the United States. I guess i would say we should talk a little bit about the focusing on u. S. Targets but a big chunk of what got the fbi in trouble is during what i would call low probability high risk searches, right, they say, this im going to treat this person as a confidential source or we are going to bring this person for a meeting with a top official. I better check to make sure they are not in communication with a foreign right. I will run their name through the system and that is not consistent with the rules that have been set up for the database. Exactly. Here its important, again, to get a little bit more in the weeds. Theres the targeting decision, who we are targeting, who the government is going after and then what we are talking now about with the fbi, what youre mentioning is a query. The fbi has that collection based on the targeting decisions they do withcan the 3 and they can query it using search terms and there are many cases where too many cases, the fbi queries lawfully collected data that the government got through the targeted where they queried without meeting standard. The standard is a basic one, is the query is searching the data with a search but is it reasonable likely to return foreign intelligence. So instances where this is going back a few years where the fbi didnt fully appreciate need to demonstrate the standard. Yeah, they might have a meeting where theres a u. S. Government official was going to attend a broad meeting or Something Like this. We will make sure everybody that is attending that meeting doesnt have isnt a risk. Well, theres no reason to believe in that scenario, foreign intelligence in the 702 database. So that would be a compliant incident. We found as compliant incident. My team, the lawyers at the Justice Department do compliance checks at the fbi to make sure and in the last couple of years have taken real serious remedial steps to address them. And youve gone through at least 3 stages. Try to bring bring these the procedures. I have to tell you, i think the law is wrong and the fbi is right. There are a lot of times people coming to meet the president , i want to know whether they are talking to terrorists or not and even if i have no reason to believe they are talking to terrorists i would like to check. I would like the fbi to check. Thats not what the law is and thankfully you ought to be revising that. I think that is what is motivating the fbi. The think to think about, though, they do have a lot of databases to check. They can check open cases, they can check public information. Theres a lot that they can but we are careful and concerned what we call raw fisa has the kinds of communication and we really doun now, now we really putting that off, that requires special permission to check even in those circumstances. That makes all the sense in the world. 98 of the searches produce no hits, they were checking to see if something terrible was going to happen and 98 or 99 there was nothing to worry about. Well, almost all of the searchings turned out to be violations and when you hear about surveillance of americans by the fbi and shocking numbers of searches that are done aimed at americans, its those kinds of searches, almost all of them. Right, and sort of reflect back on i testified in the Senate JudiciaryCommittee Hearing this past summer on section 702 and reauthorization and i was there with the the Deputy Director of the cia and Deputy Director of nsa along with the Deputy Director of the fbi. Leaders of the Intelligence Community open hearing and i was sating Deputy Director of nsa, previous general counsel, so im sure we have the same reaction, probably 3hour hearing where the number of questions to nsa, Deputy Director, zero. Zero. Zero questions for the nsa. Unless youre the fbi. Youre absolutely the target, you know, of their strong questioning and distrust. So it is the fbi has got work to be. I will be the first to say. These are screwups, this is a real problem and we cant have the fbi where theres lack of trust with the fbi and thats why when we found the problems two years ago the leaders, the attorney general, the fbi director with our lawyers worked to implement some changes in the way theke fbi does the queries, the searches of the data. Very simple one that made huge difference. The way fbi was doing it two years ago and previously was they would do, they would conduct a query, queer write of all the databases and automatically by default included raw fisa. Including raw section 702. That was if they wanted to check their open cases, that at the same time they did that it would automatically run that query against raw fisa and so a simple simple flip of a switch and has reduced queries by 93 . Inadvertently thinkly search the datas, early in the case, open new counterintelligence case on poc spying, i will run the name and the name would check all of the database and they didnt meet the standard for searching the raw fisa. We just changed the one setting you have to affirmatively opt in and you have to write your reason and and record your reason for searching it and weve seen not only a dramatic reduction in the number of u. S. Person queries but now the compliance rate is in excess of 98 . There are a lot of people on the hill and Civil Society and the like who would like to help you with solving this problem and the solutions are good deal and why dont we take fbi out of this. One of them is probable cause two others and secondguess that determination. Your thoughts on these other recommendations . Yeah, so on the first one, stewart, i will talk about first, section 702 will just be available, the collection is available to cia and nsa and not the fbi i think is deeply flawed and actually really dangerous. And probably dangerous for everybody in this room. Nobody wants to be looking at u. S. Personal. Concerns of u. S. Person data and anything that touches u. S. Person data when youre an foreign intelligence like nsa or cia. Beyond that, to me its a its abasically forgetting one to have fundamental weapons of 911 that you cannot have a law between a foreign intelligence focused agencies and the one agency, the fbi that has authority to act in the United States. I mean, really 20 years addressing 911 is the need for the fbi and cia and nsa to work close together when it comes to National Security. The transform thation of the fbi, focused on making sure that exist but exist in a way that still protects Civil Liberties and privacy. You cant have from my Vantage Point working at nsa and fbi, you cannot have a system where the one organization with responsibility for acts inside the United States with the authority to arrest fbi, nsa do not have the authority to arrest people in the United States, the fbi does to disrupt a threat. The fbi is, you know, the organization with the mission to understand those that emanate whether its a cyber threat and to take steps inside the United States to stop it. That could be like i said in the last it can be going and knocking on the door of an American Company and say, we have seen prc efforts to compromise your network. Here is what you need to do to stop that. Thats the fbi job. You cannot stop them if we were to take them out of the ability to have access. Deeply flawed suggestion to remove the fbi. So the Oversight Board have different recommendations. I want to cut the fbi out but do want them to get a warrant at least when they were at the point of something in the database that they wanted to see and i just did a podcast for those ofof you who are itlle distributed later or tomorrow i