WEBVTT 00:00:01.333 --> 00:00:04.870 >> Good afternoon again and welcome to GW. 00:00:04.870 --> 00:00:08.340 My name is David Dolling and I'm the Dean of the School 00:00:08.340 --> 00:00:10.543 of Engineering and Applied Science here 00:00:10.543 --> 00:00:13.379 at the George Washington University. 00:00:13.379 --> 00:00:16.415 I don't think it would be news to anybody 00:00:16.415 --> 00:00:19.718 that there's been a lot of documents out there recently 00:00:19.718 --> 00:00:21.520 with respect to cyber security. 00:00:21.520 --> 00:00:25.024 We've seen the White House's executive order aimed 00:00:25.024 --> 00:00:27.960 at protecting our critical infrastructure. 00:00:27.960 --> 00:00:31.464 We've seen a report from the Security Company Mandiant 00:00:31.464 --> 00:00:34.733 that exposed a Chinese military hacking group. 00:00:34.733 --> 00:00:37.903 And very much in the news now although it's faded 00:00:37.903 --> 00:00:41.540 after the press conference yesterday afternoon have been 00:00:41.540 --> 00:00:44.810 documents related to NSA's prison 00:00:44.810 --> 00:00:47.813 and telephone surveillance programs. 00:00:47.813 --> 00:00:49.849 Well today, we are very fortunate 00:00:49.849 --> 00:00:51.684 that have several experts with us 00:00:51.684 --> 00:00:55.721 to discuss their various view points on surveillance 00:00:55.721 --> 00:00:59.291 on cyber security and the future of the internet. 00:00:59.291 --> 00:01:04.063 As we try to be secure while protecting privacy, 00:01:04.063 --> 00:01:08.534 we do need to be guided by knowledge from many disciplines 00:01:08.534 --> 00:01:12.238 and in fact, this was stated quite explicitly last December 00:01:12.238 --> 00:01:16.308 at the launch of the GW Cyber Security Initiative. 00:01:16.308 --> 00:01:18.210 The initiative's chairman, 00:01:18.210 --> 00:01:22.581 former DHS Secretary Michael Chertoff spoke of the need 00:01:22.581 --> 00:01:26.385 for university's like ours and others 00:01:26.385 --> 00:01:29.622 to give students an understanding of the triad 00:01:29.622 --> 00:01:33.726 of technology, business policy and how they interact 00:01:33.726 --> 00:01:37.897 to create difficult cyber security challenges. 00:01:37.897 --> 00:01:41.066 While I'm on the podium here, I'd like to just take advantage 00:01:41.066 --> 00:01:44.837 of a captive audience because I know you all too polite to cheer 00:01:44.837 --> 00:01:49.341 or get up and move out to say a few things about the School 00:01:49.341 --> 00:01:51.911 of Engineering and Applied Science here at GW 00:01:51.911 --> 00:01:55.881 which is a very thriving and growing enterprise. 00:01:55.881 --> 00:01:58.484 Our Department of Computer Science 00:01:58.484 --> 00:02:01.954 in fact anticipated Secretary Chertoff's remarks 00:02:01.954 --> 00:02:05.724 by launching last fall the Master of Science 00:02:05.724 --> 00:02:09.728 in Cyber security in our Computer Science Department. 00:02:09.728 --> 00:02:10.930 It's the first program 00:02:10.930 --> 00:02:14.366 in Washington DC designed specifically to respond 00:02:14.366 --> 00:02:16.936 to the large and fast growing need 00:02:16.936 --> 00:02:20.573 for technical cyber security experts locally, 00:02:20.573 --> 00:02:24.310 nationally, and internationally. 00:02:24.310 --> 00:02:28.981 Underscoring our commitment here to cyber security education 00:02:28.981 --> 00:02:32.218 and public service, our NSF 00:02:32.218 --> 00:02:36.488 and DHS sponsored CyberCorps scholarship programs. 00:02:36.488 --> 00:02:39.925 These programs fund students who are going to be future leaders 00:02:39.925 --> 00:02:42.995 in the federal government on cyber security 00:02:42.995 --> 00:02:46.131 and indeed some of them already are. 00:02:46.131 --> 00:02:49.668 Each week, the CyberCorps students meet in class often 00:02:49.668 --> 00:02:52.671 with current or former federal employees as well 00:02:52.671 --> 00:02:54.807 as industry experts to learn 00:02:54.807 --> 00:02:58.510 about the major cyber security issues so they're prepared 00:02:58.510 --> 00:03:00.980 to meet the challenges that will certainly great them 00:03:00.980 --> 00:03:04.183 after they graduate here and take jobs. 00:03:04.183 --> 00:03:06.885 This course which was previously only available 00:03:06.885 --> 00:03:11.423 to CyberCorps students is now available to all GW students 00:03:11.423 --> 00:03:14.760 as a hybrid cause conducted mostly online 00:03:14.760 --> 00:03:15.961 with the short intensive 00:03:15.961 --> 00:03:18.897 in person learning experience or the beginning. 00:03:18.897 --> 00:03:22.635 Starting next year, some doctor or students 00:03:22.635 --> 00:03:24.336 in the graduate school of education 00:03:24.336 --> 00:03:27.406 and human development here at GW on human 00:03:27.406 --> 00:03:31.243 and organizational learning will also be taking this class a 00:03:31.243 --> 00:03:34.647 required part of their cyber security focus. 00:03:34.647 --> 00:03:37.049 Well, let me say that today's event which looks 00:03:37.049 --> 00:03:39.218 to be very well populated and looks like it's going 00:03:39.218 --> 00:03:41.553 to be very interesting is sponsored 00:03:41.553 --> 00:03:44.890 by the cyber security policy in research institute. 00:03:44.890 --> 00:03:48.227 We abbreviate that around here to CSPRI of the School 00:03:48.227 --> 00:03:50.396 of Engineering and Applied Science. 00:03:50.396 --> 00:03:54.166 In addition to overseeing the CyberCorps program, 00:03:54.166 --> 00:03:58.337 it facilitates and execute into disciplinary research 00:03:58.337 --> 00:04:01.740 in education in cyber security across GW. 00:04:01.740 --> 00:04:04.810 One example of this is its work with the graduate school 00:04:04.810 --> 00:04:07.680 of education in human development supporting the 00:04:07.680 --> 00:04:10.983 national cyber watch center in a joint project 00:04:10.983 --> 00:04:14.687 to develop the nation cyber security workforce. 00:04:14.687 --> 00:04:16.922 More information on that program 00:04:16.922 --> 00:04:20.526 on CSPRI Cyber Security Scholarships and School 00:04:20.526 --> 00:04:22.594 of Engineering and Applied Science can be found 00:04:22.594 --> 00:04:26.999 in the material available the registration desk. 00:04:26.999 --> 00:04:29.368 We're happy to have as a cosponsor 00:04:29.368 --> 00:04:34.473 of this event today the internet society and it's my pleasure 00:04:34.473 --> 00:04:37.209 to now introduced Paul Brigner, Regional Director 00:04:37.209 --> 00:04:41.680 of the North American Bureau at the Internet Society to come up 00:04:41.680 --> 00:04:44.116 and tell you a few words about it 00:04:44.116 --> 00:04:46.618 and its role and in today's event. 00:04:46.618 --> 00:04:49.488 So, on behalf of GW, the School of Engineering 00:04:49.488 --> 00:04:51.657 and Applied Science, CSPRI and the Department 00:04:51.657 --> 00:04:54.159 Of Computer Science, welcome to GW 00:04:54.159 --> 00:04:56.061 and I hope you have a great afternoon. 00:04:56.061 --> 00:04:57.529 Thank you. 00:04:57.529 --> 00:05:00.966 [ Applause ] 00:05:00.966 --> 00:05:10.042 [ Pause ] 00:05:11.043 --> 00:05:12.644 >> Thank you Dr. Dolling and thank you 00:05:12.644 --> 00:05:15.514 to the George Washington Cyber Security Policy 00:05:15.514 --> 00:05:17.249 And Research Institute for partnering 00:05:17.249 --> 00:05:18.884 with us on this event today. 00:05:18.884 --> 00:05:22.187 And thanks to all of you for joining us 00:05:22.187 --> 00:05:25.924 and that means not everyone here in the room but also to those 00:05:25.924 --> 00:05:28.761 who are at a remote hub in New York City. 00:05:28.761 --> 00:05:30.062 That remote hub is being sponsored 00:05:30.062 --> 00:05:32.364 by the internet societies New York chapter. 00:05:32.364 --> 00:05:33.932 I know we don't have a good view of them 00:05:33.932 --> 00:05:35.968 with the camera right now but what's going 00:05:35.968 --> 00:05:37.503 to happen is they will walk up to 00:05:37.503 --> 00:05:40.239 that camera and ask questions. 00:05:40.239 --> 00:05:42.508 And by the way, they've been meeting 00:05:42.508 --> 00:05:44.276 on this topic already this morning. 00:05:44.276 --> 00:05:46.044 They've had their own meetings today, 00:05:46.044 --> 00:05:49.314 so maybe that gives you an idea of how passionate that group 00:05:49.314 --> 00:05:52.050 of individual is about the topics we will be 00:05:52.050 --> 00:05:53.419 discussing though. 00:05:53.419 --> 00:05:56.221 So, thank you to the New York chapter for getting together 00:05:56.221 --> 00:05:59.425 to join us as remote hub. 00:05:59.425 --> 00:06:01.794 And definitely, thank you to all those on live stream. 00:06:01.794 --> 00:06:04.296 We have a very good crowd already gathering on live stream 00:06:04.296 --> 00:06:08.634 to watch us from all over the world. 00:06:08.634 --> 00:06:11.570 My first order of business today is makes sure that you're aware 00:06:11.570 --> 00:06:12.971 of the internet society. 00:06:12.971 --> 00:06:15.974 If this is the first time you're joining from one of our events, 00:06:15.974 --> 00:06:19.011 we are a global nonprofit cost driven organization 00:06:19.011 --> 00:06:21.013 with a very straight forward vision. 00:06:21.013 --> 00:06:24.383 That is the internet is for everyone. 00:06:24.383 --> 00:06:26.618 We work to achieve that vision 00:06:26.618 --> 00:06:29.288 by promoting the open development evolution and use 00:06:29.288 --> 00:06:30.289 of the internet for the benefit 00:06:30.289 --> 00:06:32.658 of tall people throughout the world. 00:06:32.658 --> 00:06:36.628 Some of our key functions involve facilitating the open 00:06:36.628 --> 00:06:39.665 development of standards, protocols, administration 00:06:39.665 --> 00:06:42.768 and a technical infrastructure of the internet. 00:06:42.768 --> 00:06:47.039 Supporting internet education in developing countries. 00:06:47.039 --> 00:06:49.775 Promoting professional development in community meeting 00:06:49.775 --> 00:06:52.578 to faster greater participation and leadership 00:06:52.578 --> 00:06:55.547 in areas important to the evolution of the internet 00:06:55.547 --> 00:06:58.650 and fostering an environment for international cooperation, 00:06:58.650 --> 00:06:59.952 community and a culture 00:06:59.952 --> 00:07:03.589 that enables internet self governance. 00:07:03.589 --> 00:07:07.292 Well, I saw staff lead specific projects on these topics. 00:07:07.292 --> 00:07:09.761 Much of our work is achieved through the work of our members 00:07:09.761 --> 00:07:12.364 and chapters around the world. 00:07:12.364 --> 00:07:14.299 And speaking of chapters, 00:07:14.299 --> 00:07:16.034 I would like to give special recognition 00:07:16.034 --> 00:07:18.604 to the local DC chapter. 00:07:18.604 --> 00:07:21.440 I am very fortunate that our headquarters is just not far 00:07:21.440 --> 00:07:24.676 away in western Virginia so I'm able to interact personally 00:07:24.676 --> 00:07:27.513 with our DC chapter on a regular basis. 00:07:27.513 --> 00:07:28.747 And I can attest to the fact 00:07:28.747 --> 00:07:30.716 that they are really a first class group of people 00:07:30.716 --> 00:07:34.386 that regularly hold very interesting meetings related 00:07:34.386 --> 00:07:36.488 to the internet societies mission. 00:07:36.488 --> 00:07:38.724 So, if you're a local and you're not involve, 00:07:38.724 --> 00:07:41.693 you're really missing out, I do hope you will get involved. 00:07:41.693 --> 00:07:44.129 And if the leaders who are here 00:07:44.129 --> 00:07:47.432 from the internet society DC chapter would stand briefly, 00:07:47.432 --> 00:07:50.102 I just want to make sure that you're recognized. 00:07:51.069 --> 00:07:52.571 So, great. 00:07:52.571 --> 00:07:54.072 So, you know who they are. 00:07:54.072 --> 00:07:55.908 Please make a special effort to talk 00:07:55.908 --> 00:07:57.409 to them today during this event if you'd 00:07:57.409 --> 00:07:59.511 like to get involve with the chapter. 00:07:59.511 --> 00:08:03.181 [ Pause ] 00:08:03.181 --> 00:08:06.385 One of my key functions at the internet society is 00:08:06.385 --> 00:08:08.587 to work closely with our chapters in the region not only 00:08:08.587 --> 00:08:12.324 to plan iNET events like this but to assist with their events 00:08:12.324 --> 00:08:16.695 and to have an open dialogue on policy issues. 00:08:16.695 --> 00:08:19.197 That dialogue in turn helps me and my colleagues 00:08:19.197 --> 00:08:22.501 at the internet society to form our policy positions and help 00:08:22.501 --> 00:08:24.503 to set the agenda for our regional meetings 00:08:24.503 --> 00:08:26.638 like the one we are attending today 00:08:26.638 --> 00:08:29.341 and that brings me to today's agenda. 00:08:29.341 --> 00:08:31.743 The topic of this iNET has really been driven 00:08:31.743 --> 00:08:33.278 by the interest of our members 00:08:33.278 --> 00:08:36.347 in the North American region and around the world. 00:08:36.347 --> 00:08:39.918 It so happens today that one of our panelist is the President 00:08:39.918 --> 00:08:41.186 and Chief Executive Officer 00:08:41.186 --> 00:08:44.623 of the internet society that's Lynn St. Amour. 00:08:44.623 --> 00:08:46.658 So, she will have the opportunity 00:08:46.658 --> 00:08:50.262 to address the concerns of our constituency today. 00:08:50.262 --> 00:08:53.065 Now, without further delay, 00:08:53.065 --> 00:08:56.134 I would like to introduce Professors Lance Hoffman. 00:08:56.134 --> 00:09:00.772 He is the Director of the Cyber Security Research and Policy-- 00:09:00.772 --> 00:09:02.774 I'm sorry, the Cyber Security Policy 00:09:02.774 --> 00:09:06.044 and Research Institute here at George Washington University. 00:09:06.044 --> 00:09:10.315 I first met Professor Hoffman when he sponsored a debate 00:09:10.315 --> 00:09:14.286 on PIPA and SOPA and I knew that he was, 00:09:14.286 --> 00:09:16.922 based on that experience, I knew that he was game to talk 00:09:16.922 --> 00:09:19.358 about some very controversial topics. 00:09:19.358 --> 00:09:21.927 So, I guessed right, he was interested in talking 00:09:21.927 --> 00:09:24.596 about this one as well and it's been really a pleasure 00:09:24.596 --> 00:09:26.198 to partner with him on this event. 00:09:26.198 --> 00:09:30.268 So, I want to sincerely thank you for that. 00:09:30.268 --> 00:09:32.170 It's really been a great experience. 00:09:32.170 --> 00:09:35.173 I'd also like to thank all of our fantastic panelist 00:09:35.173 --> 00:09:36.642 who have agreed to speak here today. 00:09:36.642 --> 00:09:38.810 We really have an all star group of people 00:09:38.810 --> 00:09:41.513 who have taken their time out to share their views with you. 00:09:41.513 --> 00:09:44.783 I'd like them all to come up and take their sits on stage now 00:09:44.783 --> 00:09:47.152 if they would and I will turn this event 00:09:47.152 --> 00:09:48.987 over to Professor Hoffman. 00:09:48.987 --> 00:09:53.325 One thing I forgot to mention is that if you want to Twitter 00:09:53.325 --> 00:09:54.559 or tweet about this event, 00:09:54.559 --> 00:09:59.164 please use the hashtag iNET DC, iNET DC. 00:09:59.164 --> 00:10:01.500 Thank you all over much. 00:10:01.500 --> 00:10:07.005 [ Applause ] 00:10:07.005 --> 00:10:16.081 [ Noise ] 00:10:18.517 --> 00:10:27.592 [ Inaudible Discussion ] 00:10:35.867 --> 00:10:37.269 >> Good afternoon everybody. 00:10:37.269 --> 00:10:43.375 Let me add my welcome to that of Dean Dolling and to Paul Brigner 00:10:43.375 --> 00:10:46.178 and let me also thank the internet society, our cosponsor 00:10:46.178 --> 00:10:48.447 for this event for their programmatic 00:10:48.447 --> 00:10:51.049 and financial assistance in making it possible. 00:10:51.049 --> 00:10:55.754 I also want to thank from CSPRI, my Associate Director, 00:10:55.754 --> 00:10:59.458 Dr. Costis Toregas and our intern and research assistance 00:10:59.458 --> 00:11:02.694 who have worked on this and are helping here today tray hair 00:11:02.694 --> 00:11:03.929 [phonetic] Dustin Benanberg [assumed spelling], 00:11:03.929 --> 00:11:04.896 Jaime Moore [assumed spelling], 00:11:04.896 --> 00:11:06.698 and Greg Ziegler [assumed spelling]. 00:11:06.698 --> 00:11:11.069 My role today is to set the stage for our excellent panel 00:11:11.069 --> 00:11:14.406 and into moderate that panel discussion on cyber security 00:11:14.406 --> 00:11:17.976 in the future of the internet given the recent revelations 00:11:17.976 --> 00:11:20.812 about prism and other surveillance programs. 00:11:20.812 --> 00:11:23.915 The panelist of each degree to summarize their thoughts 00:11:23.915 --> 00:11:26.952 in a four minute statements so we could have lots of time 00:11:26.952 --> 00:11:29.955 for questions from the audience including the audience 00:11:29.955 --> 00:11:31.590 in cyber space. 00:11:31.590 --> 00:11:36.228 After the audience question and answer session in a short break, 00:11:36.228 --> 00:11:39.030 participants will return for a very interesting session 00:11:39.030 --> 00:11:42.667 around table discussion where we will see their world views 00:11:42.667 --> 00:11:45.170 on this, where there world views agree, 00:11:45.170 --> 00:11:50.542 and where there are tensions and talk about this in a round table 00:11:50.542 --> 00:11:52.477 which will be informed by their previous statements 00:11:52.477 --> 00:11:54.980 and the audience questions before hand. 00:11:54.980 --> 00:11:57.215 I'm delighted that for this event, 00:11:57.215 --> 00:12:00.318 we will have an experience moderator Professor Steve 00:12:00.318 --> 00:12:03.121 Roberts leading the round table discussion. 00:12:03.121 --> 00:12:06.124 Many of the students and faculty here may recognize Steve 00:12:06.124 --> 00:12:07.659 as the superior professor of media 00:12:07.659 --> 00:12:10.529 and public affairs here at GW. 00:12:10.529 --> 00:12:12.998 But others including those viewing on this 00:12:12.998 --> 00:12:15.267 on the internet maybe more familiar with him 00:12:15.267 --> 00:12:17.002 from his appearances as a commentator 00:12:17.002 --> 00:12:19.671 on many Washington based television shows, 00:12:19.671 --> 00:12:22.707 as a political analyst on the ABC radio network, 00:12:22.707 --> 00:12:26.311 and as a substitute host on NPR Diane Rehm Show. 00:12:26.311 --> 00:12:29.514 Another rule where he-- this is material from experts 00:12:29.514 --> 00:12:33.785 and clarifies it to facilitate informed public discussion. 00:12:33.785 --> 00:12:36.087 But before the round table, 00:12:36.087 --> 00:12:38.056 let me identify the participants on stage. 00:12:38.056 --> 00:12:40.792 We will not have lengthy introductions here 00:12:40.792 --> 00:12:44.329 since their bio sketches have been made available to you 00:12:44.329 --> 00:12:48.700 in the brochure which you have gotten or can get 00:12:48.700 --> 00:12:50.702 at the registration desk. 00:12:50.702 --> 00:12:55.841 But anyway, let me introduce very briefly 00:12:55.841 --> 00:12:59.411 and you see their name tags in front of you, 00:12:59.411 --> 00:13:02.480 Danny Weitzner is the Director and Cofounder 00:13:02.480 --> 00:13:04.216 of the MIT Computer Science 00:13:04.216 --> 00:13:07.252 and Artificial Intelligence Laboratory. 00:13:07.252 --> 00:13:10.255 >> Not the whole lab. 00:13:10.255 --> 00:13:13.024 >> Not the whole lab? 00:13:13.024 --> 00:13:15.260 >> I'll explain. 00:13:15.260 --> 00:13:18.430 >> OK. Lynn St. Amour is the President and CEO 00:13:18.430 --> 00:13:20.432 of the Internet Society. 00:13:20.432 --> 00:13:23.335 Let's see, who's next. 00:13:23.335 --> 00:13:25.604 Laura, Laura DeNardis is professor of School 00:13:25.604 --> 00:13:28.573 of Communication at American University. 00:13:28.573 --> 00:13:32.611 Melissa Hathaway is President of the Hathaway Global Strategies. 00:13:32.611 --> 00:13:33.912 Let's see. 00:13:33.912 --> 00:13:35.747 Who's down there? 00:13:35.747 --> 00:13:38.183 I don't have you on my list. 00:13:38.183 --> 00:13:39.618 >> Oh no. 00:13:39.618 --> 00:13:40.886 >> I apologize. 00:13:40.886 --> 00:13:42.020 >> That would me. 00:13:42.020 --> 00:13:43.088 >> Oh Randy, of course. 00:13:43.088 --> 00:13:45.757 Randy from-- I don't have here. 00:13:45.757 --> 00:13:47.826 I mean, OK. 00:13:47.826 --> 00:13:50.295 Randy-- where are you from? 00:13:50.295 --> 00:13:51.363 I'll let you introduce yourself. 00:13:51.363 --> 00:13:51.997 I'm sorry. 00:13:51.997 --> 00:13:53.098 [Inaudible Remark] 00:13:53.098 --> 00:13:53.999 >> I'm the University IT Security Officer 00:13:53.999 --> 00:13:54.933 at Virginia Tech. 00:13:54.933 --> 00:13:56.134 >> I didn't want it to get it wrong 00:13:56.134 --> 00:13:58.270 and say something wrong-- wrong university. 00:13:58.270 --> 00:13:59.638 Sorry Randy. 00:13:59.638 --> 00:14:01.573 OK, let's see. 00:14:01.573 --> 00:14:04.809 Leslie Harris is from Center for Democracy and Technology. 00:14:04.809 --> 00:14:07.512 And last but not the least, John Curran, President and CEO 00:14:07.512 --> 00:14:10.615 of American Registry for Internet Numbers. 00:14:10.615 --> 00:14:15.687 OK, so without further ado, I am going to suggest to be each go 00:14:15.687 --> 00:14:19.257 down the-- I have to decide, I'm going to leave it 00:14:19.257 --> 00:14:24.896 to I guess either Danny or John on who wants to go first. 00:14:24.896 --> 00:14:25.397 >> No, no, no. 00:14:25.397 --> 00:14:25.830 Go ahead. 00:14:25.830 --> 00:14:26.264 >> John? 00:14:26.264 --> 00:14:26.698 >> OK. 00:14:26.698 --> 00:14:27.332 >> OK? 00:14:27.332 --> 00:14:28.333 >> OK John, go on. 00:14:28.333 --> 00:14:29.134 Four minutes please. 00:14:29.134 --> 00:14:30.468 >> Well, thank you. 00:14:30.468 --> 00:14:33.471 I'm happy to be here and I want to thank the opportunity 00:14:33.471 --> 00:14:35.607 to present at this panel. 00:14:35.607 --> 00:14:38.610 Keeping my remark short, I will say that we're 00:14:38.610 --> 00:14:43.081 in an interesting period of time with respect to the future 00:14:43.081 --> 00:14:46.151 of the internet and how it's governed. 00:14:46.151 --> 00:14:49.354 People may not realize it but the fact is, 00:14:49.354 --> 00:14:52.424 there is a coordination function that's existed 00:14:52.424 --> 00:14:55.994 since the earliest days of the internet which is necessary 00:14:55.994 --> 00:14:58.563 so that we can actually use the internet 00:14:58.563 --> 00:15:00.265 so that it actually functions. 00:15:00.265 --> 00:15:01.800 For example, computers 00:15:01.800 --> 00:15:04.769 on the internet have unique identifiers. 00:15:04.769 --> 00:15:07.505 Several, actually, one of them is the IP addresses 00:15:07.505 --> 00:15:08.773 which is part of what Aaron [assumed spelling] is 00:15:08.773 --> 00:15:10.008 involved in. 00:15:10.008 --> 00:15:12.877 We can't have computers using the same IP addresses. 00:15:12.877 --> 00:15:15.313 Every computer needs its own IP address. 00:15:15.313 --> 00:15:18.583 Likewise, there's coordination of things like domain names 00:15:18.583 --> 00:15:20.385 to make sure that a domain name is a sign 00:15:20.385 --> 00:15:23.154 to one organization, et cetera, et cetera. 00:15:23.154 --> 00:15:25.724 This is called technical coordination 00:15:25.724 --> 00:15:29.594 and it's been a function of the internet, necessary function 00:15:29.594 --> 00:15:32.364 for the protocols to work as designed 00:15:32.364 --> 00:15:33.865 since the very beginning. 00:15:33.865 --> 00:15:36.634 People may not realize that this use to all be done 00:15:36.634 --> 00:15:41.639 by one gentlemen, Dr. Jon Postel who we no longer have with us 00:15:41.639 --> 00:15:43.541 but was an amazing individual. 00:15:43.541 --> 00:15:46.878 And in the late '90s, we actually went about setting 00:15:46.878 --> 00:15:51.149 up infrastructure to enable this technical coordination 00:15:51.149 --> 00:15:56.054 so that IP addresses and domain names could be available 00:15:56.054 --> 00:15:59.657 to everyone globally for their use on the internet 00:15:59.657 --> 00:16:02.293 but coordinated so that they actually interoperated 00:16:02.293 --> 00:16:05.764 so that they work as expected. 00:16:05.764 --> 00:16:08.266 This structure involves a lot of organizations. 00:16:08.266 --> 00:16:11.503 Aaron is one, there're five regional registries throughout 00:16:11.503 --> 00:16:12.904 the globe. 00:16:12.904 --> 00:16:15.373 Aaron is the one that handles North America, so with Canada, 00:16:15.373 --> 00:16:17.742 the United States and about half of the Caribbean. 00:16:17.742 --> 00:16:20.311 Though there are four other regional registries 00:16:20.311 --> 00:16:22.914 and then there is the DNS coordination that goes 00:16:22.914 --> 00:16:25.784 on through organizations such as ICANN. 00:16:25.784 --> 00:16:27.419 The international coo-- [laughs]. 00:16:27.419 --> 00:16:32.424 Sorry. International-- [Noise] -- 00:16:32.424 --> 00:16:34.826 Organization for assigned Names and Numbers. 00:16:34.826 --> 00:16:39.064 So, the fact is that these bodies all work doing technical 00:16:39.064 --> 00:16:41.399 coordination is very important. 00:16:41.399 --> 00:16:46.438 But, they've been doing it based on a historical trajectory. 00:16:46.438 --> 00:16:49.874 A trajectory that originated with projects and programs 00:16:49.874 --> 00:16:51.643 out of the US government which have 00:16:51.643 --> 00:16:55.346 since been increasingly moved out to independence 00:16:55.346 --> 00:16:56.748 but were not quite there yet. 00:16:56.748 --> 00:17:02.787 In fact, some of you maybe aware that these organizations were 00:17:02.787 --> 00:17:07.959 under supervision somewhat indirect but still supervision 00:17:07.959 --> 00:17:12.564 of program such as NTIA in the department of commerce. 00:17:12.564 --> 00:17:16.501 And so, one of the things that we now find ourselves facing is 00:17:16.501 --> 00:17:19.771 that there is a unique role in the US government 00:17:19.771 --> 00:17:21.372 with respect to the internet. 00:17:21.372 --> 00:17:26.344 And this unique role is one that is based on-- it's experienced. 00:17:26.344 --> 00:17:29.581 It's a steady hand, behind the scenes, 00:17:29.581 --> 00:17:31.449 helping the internet mature and grow. 00:17:31.449 --> 00:17:35.487 Recently however, we've now seen that there's another hand 00:17:35.487 --> 00:17:37.455 that maybe busy doing other things 00:17:37.455 --> 00:17:41.326 such as surveillance in cyber security. 00:17:41.326 --> 00:17:44.662 And so, the question that comes up is how do we reconcile those? 00:17:44.662 --> 00:17:50.535 How do we reconcile an open global transparent internet run 00:17:50.535 --> 00:17:53.805 for everyone with the possibility 00:17:53.805 --> 00:17:58.309 that there is also surveillance going on and other things 00:17:58.309 --> 00:18:00.578 that may not meet the expectations 00:18:00.578 --> 00:18:02.280 of global internet users. 00:18:02.280 --> 00:18:05.483 And so, this is the challenge in front of us. 00:18:05.483 --> 00:18:08.820 It's particularly highlighted because of the fact 00:18:08.820 --> 00:18:12.257 that the US governments unique oversight role in this 00:18:12.257 --> 00:18:14.159 and it's brought to the forefront 00:18:14.159 --> 00:18:19.597 by the recent discussions where we now say that it is not simply 00:18:19.597 --> 00:18:21.533 for the benefit of all the internet, 00:18:21.533 --> 00:18:24.836 but there's also some national priorities 00:18:24.836 --> 00:18:29.040 and national initiatives that the US government also pursues 00:18:29.040 --> 00:18:30.708 over the same infrastructure. 00:18:30.708 --> 00:18:34.312 I think that's the challenge that we will now face more 00:18:34.312 --> 00:18:36.481 so than ever in light of the revelations 00:18:36.481 --> 00:18:40.151 for the last few months and the net result would be a lot 00:18:40.151 --> 00:18:42.086 of the discussion in forum such as this. 00:18:42.086 --> 00:18:43.521 Thank you. 00:18:43.521 --> 00:18:44.622 >> Thank you and I'll try 00:18:44.622 --> 00:18:46.724 to make this iPhone behave a little better-- 00:18:46.724 --> 00:18:47.292 >> OK. 00:18:47.292 --> 00:18:48.126 >> Although-- 00:18:48.126 --> 00:18:48.960 >> I thought I was over on time. 00:18:48.960 --> 00:18:50.061 >> Yes. 00:18:50.061 --> 00:18:51.396 >> You were right on time, you were great. 00:18:51.396 --> 00:18:51.896 >> OK. 00:18:51.896 --> 00:18:52.597 >> Leslie? 00:18:52.597 --> 00:18:55.099 >> It's time, I guess. 00:18:55.099 --> 00:18:58.970 So, I also want to get us out of the DC bubble and the focus 00:18:58.970 --> 00:19:01.573 on the rights of people in the United States. 00:19:01.573 --> 00:19:04.275 I've been talking about that for the last six weeks. 00:19:04.275 --> 00:19:08.079 And congresses about to considering an amendment that's 00:19:08.079 --> 00:19:10.081 going to reign in the NSAs ability 00:19:10.081 --> 00:19:13.451 to collect our metadata from phones. 00:19:13.451 --> 00:19:16.287 I want to pivot away from that 'cause I think there're three 00:19:16.287 --> 00:19:19.324 other things that we ought to be considering at least. 00:19:19.324 --> 00:19:23.027 What-- and the reactions of governments and internet users 00:19:23.027 --> 00:19:26.364 around the world and what this means with the architecture, 00:19:26.364 --> 00:19:29.300 not just the governance, the architecture of the internet 00:19:29.300 --> 00:19:31.703 and also for the protection of human rights 00:19:31.703 --> 00:19:33.838 of global internet users and that turns 00:19:33.838 --> 00:19:35.673 out to be a very thorny question. 00:19:35.673 --> 00:19:37.208 Certainly for governments, 00:19:37.208 --> 00:19:40.545 I think this entire kerfuffle is reinforced the concerns 00:19:40.545 --> 00:19:44.115 that the global internet has undermined their sovereignty 00:19:44.115 --> 00:19:46.417 in control over their citizens. 00:19:46.417 --> 00:19:48.586 And it's further illuminated this sort 00:19:48.586 --> 00:19:52.557 of privileged position of the United States. 00:19:52.557 --> 00:19:54.926 Certainly, with respect to ICANN and some 00:19:54.926 --> 00:19:56.894 of the other critical resources, 00:19:56.894 --> 00:20:00.198 we continue to have a disproportionate share 00:20:00.198 --> 00:20:03.067 of internet traffic, all that's declining and obviously, 00:20:03.067 --> 00:20:06.104 we have a dominance in our global internet companies. 00:20:06.104 --> 00:20:10.608 For some, and the EUs, I think I have a good example, 00:20:10.608 --> 00:20:12.944 this illuminates left an inability 00:20:12.944 --> 00:20:15.346 to protect the human rights of their own citizens 00:20:15.346 --> 00:20:19.751 and we have a major fight coming up in the data directive there 00:20:19.751 --> 00:20:21.786 about whether they're going to allow data to come 00:20:21.786 --> 00:20:24.255 to the United States at all. 00:20:24.255 --> 00:20:29.527 At the same time, it's an extraordinary opportunity 00:20:29.527 --> 00:20:34.265 for authoritarian governments to exert more control 00:20:34.265 --> 00:20:38.569 over the people in data in their own boarders and it's, you know, 00:20:38.569 --> 00:20:42.707 rushes now dusting of a legislation that has to do 00:20:42.707 --> 00:20:44.042 with national servers. 00:20:44.042 --> 00:20:45.977 You're going to see that elsewhere as well 00:20:45.977 --> 00:20:49.414 and I think it's fair to worry whether this carefully honed 00:20:49.414 --> 00:20:55.386 narrative as US narrative of the why is trusted neutral stored 00:20:55.386 --> 00:20:58.489 of the internet can really hold and it's fair 00:20:58.489 --> 00:21:00.992 to ask whether we're moving towards the balkanization 00:21:00.992 --> 00:21:04.762 of the internet as government sees these moment 00:21:04.762 --> 00:21:08.333 to impost local server requirements or worse 00:21:08.333 --> 00:21:12.003 and we saw some of these proposals last year. 00:21:12.003 --> 00:21:14.872 I know we're supposed to be acronym free at the wicked. 00:21:14.872 --> 00:21:17.975 I'll explain-- routing requirements 00:21:17.975 --> 00:21:21.646 to either avoid the United States of literally 00:21:21.646 --> 00:21:23.314 to direct the routing of traffic 00:21:23.314 --> 00:21:27.251 and the worst outcome being literally ring fans 00:21:27.251 --> 00:21:30.254 to national or regional networks. 00:21:30.254 --> 00:21:33.291 If I were in Latin America and notice that there was 80 percent 00:21:33.291 --> 00:21:36.327 of my traffic still coming from the United States, 00:21:36.327 --> 00:21:39.764 I may start to wonder why we're still relying on Miami 00:21:39.764 --> 00:21:41.132 to reach most of the world. 00:21:41.132 --> 00:21:44.469 Some of that might be a weird salutary effect 00:21:44.469 --> 00:21:48.272 that we finally get internet exchange points in some places 00:21:48.272 --> 00:21:50.842 that have not had them. 00:21:50.842 --> 00:21:54.379 But I think governments becoming involved directly in the rooting 00:21:54.379 --> 00:21:57.915 of internet data would opposed a profound challenge 00:21:57.915 --> 00:22:00.184 to the open end-to-end internet 00:22:00.184 --> 00:22:02.920 and I think all these things are going to be on the table. 00:22:02.920 --> 00:22:06.057 I think you are also kind of expect to see a reexamination 00:22:06.057 --> 00:22:07.592 of the world's relationships 00:22:07.592 --> 00:22:10.661 with our cloud providers, already seeing that. 00:22:10.661 --> 00:22:13.197 You know, there's a Netherlands provider and no prism, 00:22:13.197 --> 00:22:15.867 no surveillance, no government backdoors. 00:22:15.867 --> 00:22:21.939 And finally, I think we may have lost some of the rapprochement 00:22:21.939 --> 00:22:25.743 that happened in the governance wars in the last year. 00:22:25.743 --> 00:22:29.313 There are number of important forums and discussions coming 00:22:29.313 --> 00:22:31.082 up about various treaties 00:22:31.082 --> 00:22:33.584 and how much various treaty buddies ought to be able 00:22:33.584 --> 00:22:36.154 to impose their-- 00:22:36.154 --> 00:22:39.924 post themselves into internet debates, I think we're going 00:22:39.924 --> 00:22:41.092 to lose some ground there 00:22:41.092 --> 00:22:44.395 and it could be I think quite troubling. 00:22:44.395 --> 00:22:48.933 Last point, global internet users are furious. 00:22:48.933 --> 00:22:51.769 They believe their human rights have been violated 00:22:51.769 --> 00:22:53.638 and I think they don't yet realize 00:22:53.638 --> 00:22:56.174 that it's not entirely clear whether they have any recourse 00:22:56.174 --> 00:22:57.341 for that. 00:22:57.341 --> 00:22:59.177 There's a lot of ambiguity in human rights law. 00:22:59.177 --> 00:23:01.479 Human rights law are pretty much applies, 00:23:01.479 --> 00:23:04.582 if countries make commitments to protect the human rights 00:23:04.582 --> 00:23:06.951 of people within their boarders or their control, 00:23:06.951 --> 00:23:10.188 I don't think we began to understand or have any clarity 00:23:10.188 --> 00:23:13.124 on how-- who's responsible for human rights 00:23:13.124 --> 00:23:15.159 where there's non-physical action 00:23:15.159 --> 00:23:17.061 such as electronic surveillance. 00:23:17.061 --> 00:23:19.931 And they're not going to be happy when they understand 00:23:19.931 --> 00:23:21.933 that FISA and all the conversations 00:23:21.933 --> 00:23:25.837 in the United States about safeguards and minimization are 00:23:25.837 --> 00:23:28.840 to protect our rights but have absolutely nothing 00:23:28.840 --> 00:23:29.907 to do with them. 00:23:29.907 --> 00:23:32.276 I don't think congress is going to care. 00:23:32.276 --> 00:23:34.712 But I think there's a massive laws to respect 00:23:34.712 --> 00:23:37.715 and when we're talking about five zeta [inaudible] whatever 00:23:37.715 --> 00:23:40.251 that is, a non-US person data going 00:23:40.251 --> 00:23:45.122 into a new Utah data center, I think that the irony at the end 00:23:45.122 --> 00:23:48.292 of the day will be that one 00:23:48.292 --> 00:23:51.996 of the FISA permissible activities is collecting 00:23:51.996 --> 00:23:55.132 intelligence for foreign affairs and foreign policy. 00:23:55.132 --> 00:23:58.703 And I think at the end of the day, we may see people 00:23:58.703 --> 00:24:01.839 of the world uniting with their governments around kinds 00:24:01.839 --> 00:24:06.344 of restrictions and ring fencing of the internet that will come 00:24:06.344 --> 00:24:07.812 to both underlying rights 00:24:07.812 --> 00:24:10.114 and undermine the openness of the internet. 00:24:10.114 --> 00:24:14.285 So, that is my anxious persons guide to the-- 00:24:14.285 --> 00:24:15.920 to what's been happening. 00:24:15.920 --> 00:24:17.655 >> Thank you Leslie. 00:24:17.655 --> 00:24:19.190 Randy? 00:24:19.190 --> 00:24:24.061 >> How many of you noticed accounted how many surveillance 00:24:24.061 --> 00:24:28.032 devices you've past to get to this room? 00:24:28.032 --> 00:24:33.804 Yeah. I just walked in from the restaurant a couple blocks away. 00:24:33.804 --> 00:24:40.845 I counted 22 surveillance style devices just in the walk outside 00:24:40.845 --> 00:24:44.448 of this building and there's at least in this room right now 00:24:44.448 --> 00:24:48.386 that not counting your smart phones and all that. 00:24:48.386 --> 00:24:50.555 I hope you all can find the six 00:24:50.555 --> 00:24:53.524 because they're pretty obvious as to what they are. 00:24:53.524 --> 00:24:57.828 My point on all of this is that as a practitioner, 00:24:57.828 --> 00:24:59.964 I'm the Sisa for Virginia Tech. 00:24:59.964 --> 00:25:04.168 My office is responsible for monitoring and responding 00:25:04.168 --> 00:25:06.537 to any attacks against our network infrastructure 00:25:06.537 --> 00:25:07.838 at Virginia Tech. 00:25:07.838 --> 00:25:09.907 We have our main campus down the Blacksburg, Virginia. 00:25:09.907 --> 00:25:11.842 It's about four and a half hours from here. 00:25:11.842 --> 00:25:13.477 We have a Northern Virginia campus right 00:25:13.477 --> 00:25:15.513 across the river in Boylston. 00:25:15.513 --> 00:25:17.882 And so my charge, my office is charged 00:25:17.882 --> 00:25:20.718 to monitor any attacks from there. 00:25:20.718 --> 00:25:23.888 Anybody who has ever managed an internet infrastructure has 00:25:23.888 --> 00:25:25.990 known since the very beginning 00:25:25.990 --> 00:25:29.493 that the internet has never been anonymous in the sense 00:25:29.493 --> 00:25:31.329 of tracking a machine. 00:25:31.329 --> 00:25:34.465 From day 1, we've always been able to track 00:25:34.465 --> 00:25:35.666 where our machine was. 00:25:35.666 --> 00:25:38.903 We were not able to track who is at the machine 00:25:38.903 --> 00:25:41.005 with any reasonable amount of accuracy 00:25:41.005 --> 00:25:44.241 but we've always been able to track where machines are. 00:25:44.241 --> 00:25:47.845 The big thing was of course data, storage capabilities. 00:25:47.845 --> 00:25:50.414 We didn't have enough data storage capabilities, 00:25:50.414 --> 00:25:51.349 disk drives. 00:25:51.349 --> 00:25:53.618 In 1992, when I've got involved-- 00:25:53.618 --> 00:25:57.054 first involved with the computer security stuff, you know, 00:25:57.054 --> 00:25:59.557 we had a one gigabyte drive and we thought that was, you know, 00:25:59.557 --> 00:26:02.593 the entire disc storage in the entire free world. 00:26:02.593 --> 00:26:06.631 And, you know, nowadays, with the huge disk forms that are 00:26:06.631 --> 00:26:10.001 out there, that is allowing this collection of data. 00:26:10.001 --> 00:26:13.404 So, from our standpoint, that's always been the case. 00:26:13.404 --> 00:26:16.974 So, my challenge is, you all let this happen. 00:26:16.974 --> 00:26:21.379 You all let knew that this was happening and you let it go on. 00:26:21.379 --> 00:26:24.415 There is nothing new about the prism stuff and all of these. 00:26:24.415 --> 00:26:25.883 It's kind of ironic for people 00:26:25.883 --> 00:26:28.719 in my world 'cause we all sit back and we go, you know, 00:26:28.719 --> 00:26:32.723 in 2010, the Washington Posts, Dana Priest 00:26:32.723 --> 00:26:35.292 and William Arkin wrote an excellent series called Top 00:26:35.292 --> 00:26:37.928 Secret America where they're talking about all 00:26:37.928 --> 00:26:39.563 of the built way companies 00:26:39.563 --> 00:26:41.632 that are building the surveillance technologies 00:26:41.632 --> 00:26:44.602 that the federal government and other entities are using. 00:26:44.602 --> 00:26:47.471 All out there was an excellent series on the newspaper 00:26:47.471 --> 00:26:49.140 that I read it back then. 00:26:49.140 --> 00:26:51.809 Newsweek came out in 2008 where they talked 00:26:51.809 --> 00:26:55.546 about a whistle blower who mentioned 00:26:55.546 --> 00:26:59.784 about NSA's warrantless wiretapping so to speak. 00:26:59.784 --> 00:27:01.085 It was all out there. 00:27:01.085 --> 00:27:03.754 If you go back and you look through the press things, 00:27:03.754 --> 00:27:07.291 there was always something there and nobody reacted to it. 00:27:07.291 --> 00:27:09.994 So, it's ironic from my viewpoint 00:27:09.994 --> 00:27:12.997 that everybody is having this big flop about it now 00:27:12.997 --> 00:27:15.900 because it's been there and you let it happen. 00:27:15.900 --> 00:27:19.937 So, my charge to you is don't let it happen again, OK? 00:27:19.937 --> 00:27:22.239 When you do read about these things, 00:27:22.239 --> 00:27:24.942 you need to influence your legislatures about what's going 00:27:24.942 --> 00:27:28.312 on 'cause they do not understand the technology. 00:27:28.312 --> 00:27:31.115 One quick example, in Virginia, 00:27:31.115 --> 00:27:33.484 there's data bridge notification laws 00:27:33.484 --> 00:27:35.986 of social security is disclosed. 00:27:35.986 --> 00:27:37.988 You know, somebody gets a spreadsheet 00:27:37.988 --> 00:27:40.224 and it explodes out there. 00:27:40.224 --> 00:27:44.028 Yet I can go to a county courthouse website and look 00:27:44.028 --> 00:27:47.331 up public records deeds, divorce decrees, whatever, 00:27:47.331 --> 00:27:49.433 and what's on those documents. 00:27:49.433 --> 00:27:52.169 Yet the kind of clerks can't redact that information 00:27:52.169 --> 00:27:55.072 because until recently, the law forbid it, OK? 00:27:55.072 --> 00:27:58.876 Everybody was in a rush for eGovernment but never thought 00:27:58.876 --> 00:28:01.712 about what's in those documents that going there. 00:28:01.712 --> 00:28:03.647 So, we need to be able to influence 00:28:03.647 --> 00:28:06.283 and educate the legislatures who are-- 00:28:06.283 --> 00:28:08.285 who are building the policy. 00:28:08.285 --> 00:28:10.254 So, this is the whole thing. 00:28:10.254 --> 00:28:13.357 I'm a technologist and everybody in here, the computer scientists 00:28:13.357 --> 00:28:15.626 and all that, you all learned in here with me. 00:28:15.626 --> 00:28:17.561 We help build this infrastructure. 00:28:17.561 --> 00:28:21.165 We may have had a misgiving where we thought 00:28:21.165 --> 00:28:24.401 that as builders we could control the people who use it. 00:28:24.401 --> 00:28:26.737 But as, you know, previous history shown 00:28:26.737 --> 00:28:29.039 with the atom bomb development and all these other things, 00:28:29.039 --> 00:28:30.407 that's not always the case. 00:28:30.407 --> 00:28:33.711 Builders do not control the controllers. 00:28:33.711 --> 00:28:35.045 That's my first point. 00:28:35.045 --> 00:28:37.882 The second point is that, again, you all have smart phones. 00:28:37.882 --> 00:28:39.116 Actually I don't. 00:28:39.116 --> 00:28:41.085 I have kind of a dumb phone and people always laugh. 00:28:41.085 --> 00:28:43.721 They go, "You know, you're a technologist," 00:28:43.721 --> 00:28:46.490 and I just have a little, you know, Samsung Integrity 00:28:46.490 --> 00:28:48.058 with the nice little flippy thing. 00:28:48.058 --> 00:28:50.127 And I said, "Because the guys in my lab have busted 00:28:50.127 --> 00:28:51.228 into the smart phones 00:28:51.228 --> 00:28:53.597 and tracked everybody all over the place." 00:28:53.597 --> 00:28:54.999 But actually the reason why I don't this is 00:28:54.999 --> 00:28:58.269 because the battery life is not long enough for my taste, OK? 00:28:58.269 --> 00:29:00.971 But a great quote, Lyn Paramore [assumed spelling] wrote a great 00:29:00.971 --> 00:29:04.942 article and in there quoted things that are supposed 00:29:04.942 --> 00:29:06.610 to make our lives easier. 00:29:06.610 --> 00:29:10.581 "Smartphones, Gmails, Skype, GPS, Facebook, 00:29:10.581 --> 00:29:13.884 they have become tools to track us. 00:29:13.884 --> 00:29:17.254 And we've been happily shopping for the bars 00:29:17.254 --> 00:29:22.259 to our own prison one prison at a time, one product at a time." 00:29:22.259 --> 00:29:25.362 So, we're in the-- we're to blame for all of this. 00:29:25.362 --> 00:29:27.364 We are allowing that to happen. 00:29:27.364 --> 00:29:28.599 The last thing I want to talk 00:29:28.599 --> 00:29:30.935 about is this Federal word play thing. 00:29:30.935 --> 00:29:32.970 Whenever I confront a student 00:29:32.970 --> 00:29:36.874 or a professor whose been violating a university policy, 00:29:36.874 --> 00:29:38.642 you let something go out on the net. 00:29:38.642 --> 00:29:39.977 And I go. "Why did you do that?" 00:29:39.977 --> 00:29:42.746 And it's kind of like watching, you know, a six-year-old. 00:29:42.746 --> 00:29:46.016 "I don't know, you know, it wasn't my fault," you know. 00:29:46.016 --> 00:29:47.084 That type of stuff. 00:29:47.084 --> 00:29:50.354 And you get this word play, you know. 00:29:50.354 --> 00:29:52.957 Richard Pryor, a long time ago had an excellent thing 00:29:52.957 --> 00:29:56.827 when his son broke something and he asked his son happened. 00:29:56.827 --> 00:29:59.530 And all the word play that his son came out with, you know, 00:29:59.530 --> 00:30:01.165 "Some invisible man came out and broke the thing." 00:30:01.165 --> 00:30:04.001 That's what we're seeing now. 00:30:04.001 --> 00:30:06.770 We're seeing this when they say we're not collecting data 00:30:06.770 --> 00:30:08.172 on you. 00:30:08.172 --> 00:30:10.174 Well, OK, your not collecting it technically but you're buying it 00:30:10.174 --> 00:30:12.509 from people who are collecting it from us. 00:30:12.509 --> 00:30:15.045 So, that's-- that's one thing there. 00:30:15.045 --> 00:30:18.349 The network companies that say, you know, the data providers, 00:30:18.349 --> 00:30:21.218 the Verizons, the Googles, they say, "Hey, you know, 00:30:21.218 --> 00:30:23.621 we're not willingly giving it to the federal government." 00:30:23.621 --> 00:30:24.688 Well, of course not. 00:30:24.688 --> 00:30:26.190 You're being subpoenaed for the document. 00:30:26.190 --> 00:30:29.126 You're not giving it willingly to the-- to there. 00:30:29.126 --> 00:30:32.696 You know, Zack Holman wrote a great little tweet. 00:30:32.696 --> 00:30:36.300 It says, "We don't give direct database access 00:30:36.300 --> 00:30:38.035 to government agencies." 00:30:38.035 --> 00:30:43.607 That quote has become the new "I didn't inhale," OK? 00:30:43.607 --> 00:30:45.609 And so the key word is direct. 00:30:45.609 --> 00:30:48.946 Marketers are being collecting information on us all the time. 00:30:48.946 --> 00:30:50.881 And, in fact, that was one of the big things 00:30:50.881 --> 00:30:52.316 that helped us with 9/11. 00:30:52.316 --> 00:30:54.518 On a positive side, that did help us 00:30:54.518 --> 00:30:57.955 in 9/11 identify the hijackers when the marketing companies 00:30:57.955 --> 00:31:00.758 and the credit card companies realized that they could help 00:31:00.758 --> 00:31:02.593 because they had that data. 00:31:02.593 --> 00:31:07.765 So, we need to be sure that things are done correctly. 00:31:07.765 --> 00:31:09.934 Everybody says we're doing it legally. 00:31:09.934 --> 00:31:10.868 And that's correct. 00:31:10.868 --> 00:31:13.003 The laws stated they can do it. 00:31:13.003 --> 00:31:16.040 It's the creation of that law that's the flaw. 00:31:16.040 --> 00:31:20.844 And that's my surveillance guide telling me it's time to quit. 00:31:20.844 --> 00:31:22.413 Those are my points. 00:31:22.413 --> 00:31:23.314 >> Thanks, Randy. 00:31:23.314 --> 00:31:24.348 Melissa? 00:31:24.348 --> 00:31:25.349 >> Thank you. 00:31:25.349 --> 00:31:29.887 Well, I think it's important to look 00:31:29.887 --> 00:31:34.058 to our past to inform our future. 00:31:34.058 --> 00:31:36.226 And I'm going to take a little bit different direction 00:31:36.226 --> 00:31:38.095 than my colleagues. 00:31:38.095 --> 00:31:41.198 The very first transmission of the internet was October 29th, 00:31:41.198 --> 00:31:44.568 1969 and it was an e-mail between two universities. 00:31:44.568 --> 00:31:50.341 And today we have more than 204 e-mails are sent per minute. 00:31:50.341 --> 00:31:53.410 More than 1,300 new mobile users are added per minute 00:31:53.410 --> 00:31:56.480 to the internet, 47,000 applications are downloaded, 00:31:56.480 --> 00:32:01.552 100,000 tweets, 1.3 million videos are uploaded to YouTube, 00:32:01.552 --> 00:32:04.722 two million searches to Google, and six million Facebook views. 00:32:04.722 --> 00:32:08.092 The internet is part of every part of our life 00:32:08.092 --> 00:32:11.895 and over the last 45 almost years, 00:32:11.895 --> 00:32:16.567 we have embedded the internet in every part of our society. 00:32:16.567 --> 00:32:20.838 And it is the backbone of our core infrastructure of every-- 00:32:20.838 --> 00:32:23.874 every country's core infrastructure. 00:32:23.874 --> 00:32:29.480 It represents e-government, e-banking, e-health, e-learning, 00:32:29.480 --> 00:32:31.548 the next generation of air traffic control, 00:32:31.548 --> 00:32:34.084 the next generation of power grids 00:32:34.084 --> 00:32:37.421 and every other essential service has been concentrated 00:32:37.421 --> 00:32:40.724 onto one infrastructure, the internet. 00:32:40.724 --> 00:32:43.260 And that is putting our businesses 00:32:43.260 --> 00:32:45.796 and our national security at risk. 00:32:45.796 --> 00:32:48.699 And I-- when I speak about our, I'm really speaking 00:32:48.699 --> 00:32:50.067 in as a global citizen. 00:32:50.067 --> 00:32:52.369 If I were in France I would be speaking about it in France. 00:32:52.369 --> 00:32:55.305 If I were Iran or Israel, it's the same way. 00:32:55.305 --> 00:32:58.375 And so I think that that has really began 00:32:58.375 --> 00:33:00.411 to change the conversation 00:33:00.411 --> 00:33:03.647 that we can't have any one single point of failure, 00:33:03.647 --> 00:33:07.518 economic failure and/or national security failure to any one 00:33:07.518 --> 00:33:11.188 of our-- of our core businesses or infrastructures. 00:33:11.188 --> 00:33:13.757 And so when we're talking about cyber security and we're talking 00:33:13.757 --> 00:33:17.061 about different government actions and we wrap it all 00:33:17.061 --> 00:33:20.297 into one conversation, I ask you to start to think about it 00:33:20.297 --> 00:33:22.533 as multiple conversations. 00:33:22.533 --> 00:33:25.702 And it's not helpful to bundle into one term 00:33:25.702 --> 00:33:28.338 of cyber security and/or surveillance. 00:33:28.338 --> 00:33:30.974 So, I'd you to-- I'd like you to think about it 00:33:30.974 --> 00:33:33.610 in six different ways of why our governments 00:33:33.610 --> 00:33:37.414 and why our industry are talking past each other. 00:33:37.414 --> 00:33:40.150 The first is is when we're talking about cyber security, 00:33:40.150 --> 00:33:42.853 we're sometimes talking about political activism. 00:33:42.853 --> 00:33:46.590 Those who would like to bring transparency to policies 00:33:46.590 --> 00:33:49.827 and to our initiatives that they don't agree with. 00:33:49.827 --> 00:33:53.764 In the United States, one could say that that was WikiLeaks 00:33:53.764 --> 00:33:56.934 that brought about a great amount of transparency 00:33:56.934 --> 00:34:00.070 to US policies as they leaked our information 00:34:00.070 --> 00:34:01.371 into the internet. 00:34:01.371 --> 00:34:04.475 All right, one could argue that that was also Snowden. 00:34:04.475 --> 00:34:08.078 But in other countries political activism is being used 00:34:08.078 --> 00:34:13.050 by Twitter, using Twitter and/or Facebook to organize people 00:34:13.050 --> 00:34:18.088 in these squares like Taksim and/or in Turkey or Egypt 00:34:18.088 --> 00:34:21.658 to express political discontent with their government 00:34:21.658 --> 00:34:24.428 with the intent to overthrow the government. 00:34:24.428 --> 00:34:26.063 Political instability. 00:34:26.063 --> 00:34:27.831 And so when our governments are starting to talk 00:34:27.831 --> 00:34:31.467 about surveillance on the internet and/or filtering 00:34:31.467 --> 00:34:35.539 of the internet, some believe in political democracy and freedom 00:34:35.539 --> 00:34:37.741 of that speech on the internet and others do not. 00:34:37.741 --> 00:34:40.577 And it has different mechanisms of how they're using 00:34:40.577 --> 00:34:42.713 that surveillance or the technology 00:34:42.713 --> 00:34:44.915 around political activism. 00:34:44.915 --> 00:34:47.851 Now that should not be confused with organized crime 00:34:47.851 --> 00:34:51.388 on the internet, the real modern day bank robber who's stealing 00:34:51.388 --> 00:34:54.224 ones and zeros which is real dollars 00:34:54.224 --> 00:34:57.995 out of your credit accounts or out of your real banks, 00:34:57.995 --> 00:35:01.031 and as being passed on as a cost for our citizens. 00:35:01.031 --> 00:35:02.833 We have many of our governments who are talking 00:35:02.833 --> 00:35:04.701 about the importance of organized crime. 00:35:04.701 --> 00:35:06.937 When I was just in Europe just a few weeks ago, 00:35:06.937 --> 00:35:09.072 it was 30 million dollars stolen 00:35:09.072 --> 00:35:12.276 out of 45 different cities in 30 minutes. 00:35:12.276 --> 00:35:14.144 That's a real problem for our banks. 00:35:14.144 --> 00:35:16.180 It's a real problem for our credit cards. 00:35:16.180 --> 00:35:18.715 And we're having to deal with that organized crime 00:35:18.715 --> 00:35:20.751 and real theft of ones and zeroes. 00:35:20.751 --> 00:35:24.721 Now that should not be confused with intellectual property theft 00:35:24.721 --> 00:35:26.757 and industrial espionage. 00:35:26.757 --> 00:35:28.392 That's very different. 00:35:28.392 --> 00:35:30.827 And many of our government leaders in the United States 00:35:30.827 --> 00:35:33.697 and many government leaders in Europe are talking 00:35:33.697 --> 00:35:36.967 about the unprecedented theft of intellectual property. 00:35:36.967 --> 00:35:40.070 Thefts, meaning, illegally copying the plans, 00:35:40.070 --> 00:35:43.574 processes and/or next generation technologies 00:35:43.574 --> 00:35:47.044 out of our corporations for the economic advance 00:35:47.044 --> 00:35:50.147 of their companies and/or countries. 00:35:50.147 --> 00:35:54.051 And so the intellectual property theft is then not the same 00:35:54.051 --> 00:35:55.619 as espionage. 00:35:55.619 --> 00:35:58.355 And there are governments that are conducting espionage. 00:35:58.355 --> 00:36:01.391 Most governments do to steal the plans and intentions 00:36:01.391 --> 00:36:05.229 of other governments and know their capabilities. 00:36:05.229 --> 00:36:07.431 In the United States, we sort of bundled the two, 00:36:07.431 --> 00:36:11.268 IP theft and espionage. 00:36:11.268 --> 00:36:13.604 When were talking about it, in fact, we're talking about it 00:36:13.604 --> 00:36:19.409 as Pearl Harbor and other very exaggerated terms. 00:36:19.409 --> 00:36:21.578 If we are going to bundle intellectual property theft 00:36:21.578 --> 00:36:24.414 with espionage then we have to be willing to put espionage 00:36:24.414 --> 00:36:26.650 that we would walk from it as a government. 00:36:26.650 --> 00:36:28.252 And I don't see any government willing 00:36:28.252 --> 00:36:29.653 to walk away from espionage. 00:36:29.653 --> 00:36:31.922 So, why don't we talk about what's really the problem 00:36:31.922 --> 00:36:35.025 and that's intellectual property theft and/or the protection 00:36:35.025 --> 00:36:37.828 of intellectual property and patents, et cetera. 00:36:37.828 --> 00:36:41.431 There are two other areas that are becoming more concerning 00:36:41.431 --> 00:36:45.736 for most companies and countries that are-- 00:36:45.736 --> 00:36:47.404 the first is disruption of service. 00:36:47.404 --> 00:36:50.274 And this is the distributed denial-of-services actually 00:36:50.274 --> 00:36:53.076 degrading real services in your e-banking 00:36:53.076 --> 00:36:56.913 and your e-infrastructures that are preventing our banks 00:36:56.913 --> 00:37:00.350 from allowing you to actually access those infrastructures 00:37:00.350 --> 00:37:01.918 and/or capabilities. 00:37:01.918 --> 00:37:03.754 And we just had a-- and a significant, 00:37:03.754 --> 00:37:04.888 in the United States, 00:37:04.888 --> 00:37:06.723 we're having a distributed denial-of-service 00:37:06.723 --> 00:37:08.158 against our financial institutions 00:37:08.158 --> 00:37:10.894 and so are many others in Asia and Europe. 00:37:10.894 --> 00:37:13.730 And then finally the destruction of property. 00:37:13.730 --> 00:37:16.700 There was just recently a malware that was released 00:37:16.700 --> 00:37:18.635 against Saudi ARamCo 00:37:18.635 --> 00:37:21.872 which destroyed 30,000 of their computers. 00:37:21.872 --> 00:37:24.174 And when we start to actually think about destruction 00:37:24.174 --> 00:37:26.877 of property and how one might recover from that 00:37:26.877 --> 00:37:29.913 that is a different set of capabilities than you would deal 00:37:29.913 --> 00:37:33.583 with from organized crime and/or political activism. 00:37:33.583 --> 00:37:36.453 So, as we talk about this on our panel over the course 00:37:36.453 --> 00:37:38.722 of the next hour, I ask you to start to think 00:37:38.722 --> 00:37:40.524 about which problem are you talking 00:37:40.524 --> 00:37:43.493 about because we're not talking about the same thing 00:37:43.493 --> 00:37:45.862 in each of our conversations. 00:37:45.862 --> 00:37:48.365 I'd like to wrap up and that 00:37:48.365 --> 00:37:51.134 over 100 countries have these capabilities, 00:37:51.134 --> 00:37:53.136 and they are using these capabilities to deal 00:37:53.136 --> 00:37:56.306 with these different problems whether it's political activism 00:37:56.306 --> 00:37:59.076 to overthrow government or its political activism 00:37:59.076 --> 00:38:01.211 to bring transparency to policies they don't 00:38:01.211 --> 00:38:03.613 like is different than organized crime 00:38:03.613 --> 00:38:05.749 or intellectual property theft. 00:38:05.749 --> 00:38:07.684 And there are three strategic things that are happening 00:38:07.684 --> 00:38:09.920 in the global order of things. 00:38:09.920 --> 00:38:14.524 First, some are using disruptive technology like a Stuxnet 00:38:14.524 --> 00:38:17.394 or a Shamoon to bring down core infrastructures 00:38:17.394 --> 00:38:20.097 or core businesses around the world 00:38:20.097 --> 00:38:24.234 or some are implementing surveillance tools to bring 00:38:24.234 --> 00:38:27.938 about transparency or to show the vulnerabilities 00:38:27.938 --> 00:38:29.740 for those infrastructures to be brought down. 00:38:29.740 --> 00:38:32.109 So, disruptive technologies are being used. 00:38:32.109 --> 00:38:35.412 Second, strategic alliances are also being wielded 00:38:35.412 --> 00:38:39.383 to actually gather that power and control over the internet. 00:38:39.383 --> 00:38:43.987 And that's playing out in the UN and the ITU and NATO 00:38:43.987 --> 00:38:47.023 and ACION [assumed spelling] and other of the forum 00:38:47.023 --> 00:38:48.959 where countries can align against each other 00:38:48.959 --> 00:38:50.160 for particular motives. 00:38:50.160 --> 00:38:53.397 And then finally there are strategic properties. 00:38:53.397 --> 00:38:56.767 And I mean that in the very sense of it is. 00:38:56.767 --> 00:38:58.902 There are 25 internet service providers 00:38:58.902 --> 00:38:59.970 that control 90 percent 00:38:59.970 --> 00:39:02.272 of information flow on the internet. 00:39:02.272 --> 00:39:03.974 There are internet exchange points 00:39:03.974 --> 00:39:08.345 that actually control the flow of technology and/or ones 00:39:08.345 --> 00:39:12.182 and zeroes from continent to continent or within a continent. 00:39:12.182 --> 00:39:14.451 And there are data aggregators 00:39:14.451 --> 00:39:17.654 who have actually more information on us like a Google 00:39:17.654 --> 00:39:20.190 or a Facebook than any foreign intelligence service 00:39:20.190 --> 00:39:21.491 of any other country. 00:39:21.491 --> 00:39:22.559 So, you have to think 00:39:22.559 --> 00:39:24.361 about where are the strategic properties 00:39:24.361 --> 00:39:25.495 and how they're being used 00:39:25.495 --> 00:39:28.465 by all governments not just by one government. 00:39:28.465 --> 00:39:30.033 Thank you. 00:39:30.033 --> 00:39:34.738 >> Thank you, Melissa. 00:39:34.738 --> 00:39:35.539 Laura? 00:39:35.539 --> 00:39:36.840 >> Good afternoon everyone. 00:39:36.840 --> 00:39:38.175 I'm very delighted to be here. 00:39:38.175 --> 00:39:40.544 And I wish to thank the Internet Society for the invitation 00:39:40.544 --> 00:39:43.013 and for GW for hosting it as well. 00:39:43.013 --> 00:39:46.750 I view PRISM as an opportunity to draw attention 00:39:46.750 --> 00:39:50.420 to the implications of broader global internet governance 00:39:50.420 --> 00:39:52.989 conflicts that have implications for economic 00:39:52.989 --> 00:39:54.624 and expressive liberty. 00:39:54.624 --> 00:39:59.563 I recently-- recently the last two or three years spent 00:39:59.563 --> 00:40:01.064 that time researching 00:40:01.064 --> 00:40:03.266 and writing a new book called the Global War 00:40:03.266 --> 00:40:04.434 for Internet Governance. 00:40:04.434 --> 00:40:06.536 And it's going to be published later this year 00:40:06.536 --> 00:40:08.305 by Yale University Press. 00:40:08.305 --> 00:40:11.708 Now in this book, there are approximately four pages 00:40:11.708 --> 00:40:13.777 at the end of acronyms. 00:40:13.777 --> 00:40:16.413 So, what I've done is I've challenged myself today 00:40:16.413 --> 00:40:17.881 to not use any acronyms. 00:40:17.881 --> 00:40:20.851 So, what I would like to ask you to do is to pound on the table 00:40:20.851 --> 00:40:23.787 if I use an internet governance acronyms, so pay attention 00:40:23.787 --> 00:40:27.190 to that, and I know some of you will do that. 00:40:27.190 --> 00:40:28.458 But what I tried to do 00:40:28.458 --> 00:40:31.161 in the book is describe the various layers 00:40:31.161 --> 00:40:34.764 of how the internet is already governed and what some 00:40:34.764 --> 00:40:38.001 of the current debates are that I expect to shape the future 00:40:38.001 --> 00:40:40.837 of freedom and innovation in the coming years. 00:40:40.837 --> 00:40:42.839 Now what is internet governance? 00:40:42.839 --> 00:40:44.374 This panel has already described it. 00:40:44.374 --> 00:40:45.942 If I had to give one definition, 00:40:45.942 --> 00:40:51.248 I would say internet governance is the design and administration 00:40:51.248 --> 00:40:52.782 of the technologies that are necessary 00:40:52.782 --> 00:40:55.819 to keep the internet operational and then the enactment 00:40:55.819 --> 00:40:58.855 of substantive policy around those technologies. 00:40:58.855 --> 00:41:02.425 But there is no single system of internet governance. 00:41:02.425 --> 00:41:05.195 John said it best when he was describing the various roles, 00:41:05.195 --> 00:41:07.330 names and numbers, administration, 00:41:07.330 --> 00:41:11.067 standard setting, private interconnection, arrangements 00:41:11.067 --> 00:41:14.304 between telecommunication companies, the privacy policies 00:41:14.304 --> 00:41:17.073 that are enacted by social media, by search engines 00:41:17.073 --> 00:41:19.209 and other information intermediaries. 00:41:19.209 --> 00:41:22.979 And, of course, cyber security governance not necessarily 00:41:22.979 --> 00:41:25.215 enacted by governments but by entities 00:41:25.215 --> 00:41:27.617 such as certificate authorities that are handing 00:41:27.617 --> 00:41:29.853 out digital signatures and things like that. 00:41:29.853 --> 00:41:31.621 So, those are just a few examples. 00:41:31.621 --> 00:41:35.025 So, we need to take this conversation outside 00:41:35.025 --> 00:41:38.194 of discussions about just governance. 00:41:38.194 --> 00:41:41.431 However, one of themes that I do take up in the book 00:41:41.431 --> 00:41:43.567 and in my work in general is 00:41:43.567 --> 00:41:47.671 that internet governance conflicts are the new spaces 00:41:47.671 --> 00:41:52.075 where political and economic power is working itself 00:41:52.075 --> 00:41:54.044 out in the 21st century. 00:41:54.044 --> 00:41:57.380 We see this with PRISM, we see this with Stuxnet, 00:41:57.380 --> 00:42:00.083 we see this with the turn to intellectual-- 00:42:00.083 --> 00:42:01.251 to infrastructure 00:42:01.251 --> 00:42:03.653 for intellectual property rights enforcement, 00:42:03.653 --> 00:42:07.223 with governments cutting off access during political turmoil. 00:42:07.223 --> 00:42:08.625 And as Mellissa said, 00:42:08.625 --> 00:42:10.894 we had denial-of-service attacks often used 00:42:10.894 --> 00:42:13.630 to suppress human rights and expression. 00:42:13.630 --> 00:42:17.567 So, internet governance points of control are really not just 00:42:17.567 --> 00:42:19.736 about keeping the internet operational although 00:42:19.736 --> 00:42:21.771 that is absolutely vital. 00:42:21.771 --> 00:42:25.742 But there are also a proxy for broader political 00:42:25.742 --> 00:42:27.344 and economic conflicts. 00:42:27.344 --> 00:42:29.813 So, the fact that PRISM draws attention to some 00:42:29.813 --> 00:42:33.783 of these broader global internet governance issues is 00:42:33.783 --> 00:42:35.485 an opportunity. 00:42:35.485 --> 00:42:39.356 But keep in mind that government surveillance ad censorship 00:42:39.356 --> 00:42:43.126 for that matter which is in my opinion an even greater problem 00:42:43.126 --> 00:42:46.663 around the world is not something 00:42:46.663 --> 00:42:48.765 that happens in a vacuum. 00:42:48.765 --> 00:42:51.334 So, it's delegated and it is made possible 00:42:51.334 --> 00:42:54.971 by certain arrangements of technical architecture 00:42:54.971 --> 00:42:57.207 and by private ordering. 00:42:57.207 --> 00:43:01.411 So, infrastructure governance just to give you a few examples, 00:43:01.411 --> 00:43:06.449 infrastructure governance is directly tied to privacy issues. 00:43:06.449 --> 00:43:09.052 So, I have an information engineering background. 00:43:09.052 --> 00:43:11.554 I am also a social scientist who studies the politics 00:43:11.554 --> 00:43:13.156 of technical architecture. 00:43:13.156 --> 00:43:15.792 And I can say that, you know, you probably could say 00:43:15.792 --> 00:43:17.160 to use a Harry Potter analogy. 00:43:17.160 --> 00:43:20.230 There are some dark arts of internet governance 00:43:20.230 --> 00:43:25.068 that have a good intention but they can be used for other uses. 00:43:25.068 --> 00:43:27.604 So, one of these, for example, is the deep packet inspection. 00:43:27.604 --> 00:43:30.440 I didn't use the acronym so no pounding on the table 00:43:30.440 --> 00:43:34.244 which is a capability that allows network providers 00:43:34.244 --> 00:43:37.580 to inspect the actual content of packets sent 00:43:37.580 --> 00:43:40.250 over the internet rather than just the packet headers. 00:43:40.250 --> 00:43:42.152 So, this can be used for a variety 00:43:42.152 --> 00:43:46.623 of very important function such as network management, 00:43:46.623 --> 00:43:48.658 detecting viruses and worms. 00:43:48.658 --> 00:43:51.094 It could also be used for customized advertising, 00:43:51.094 --> 00:43:53.163 now getting outside of the operational role, 00:43:53.163 --> 00:43:55.799 or for surveillances or for throttling 00:43:55.799 --> 00:43:57.333 and blocking of traffic. 00:43:57.333 --> 00:44:01.404 So, this is a very significant development made possible only 00:44:01.404 --> 00:44:04.207 by advances and processing power and storage. 00:44:04.207 --> 00:44:06.676 And we need transparency and accountability 00:44:06.676 --> 00:44:08.712 in issues like this as well. 00:44:08.712 --> 00:44:11.648 So, another area of infrastructure related 00:44:11.648 --> 00:44:15.585 to privacy is the hidden identity infrastructure 00:44:15.585 --> 00:44:18.755 that makes possible business models that are based 00:44:18.755 --> 00:44:20.390 on online advertising. 00:44:20.390 --> 00:44:22.992 So, this is a good thing for freedom of expression 00:44:22.992 --> 00:44:26.463 because there are free products that we are able to use, 00:44:26.463 --> 00:44:29.299 but we are almost at the point where the prospect 00:44:29.299 --> 00:44:33.470 for anonymous speech considering this identity infrastructure is 00:44:33.470 --> 00:44:35.305 almost impossible. 00:44:35.305 --> 00:44:38.475 We have technical identifiers at the level of hardware 00:44:38.475 --> 00:44:40.410 like Ethernet cards at the level 00:44:40.410 --> 00:44:45.014 of virtual identifiers locationally via cellphone 00:44:45.014 --> 00:44:50.653 location, wireless fidelity AKA wifi, it's my one acronym 00:44:50.653 --> 00:44:53.456 or global positioning system and through things 00:44:53.456 --> 00:44:56.526 like platform mediation and real identification requirements. 00:44:56.526 --> 00:44:59.763 So, if you put this all together, this is at the heart 00:44:59.763 --> 00:45:03.299 of business models that we need at the heart 00:45:03.299 --> 00:45:07.403 of online advertising, at the heart of having free software. 00:45:07.403 --> 00:45:10.607 But it also is the technical capability 00:45:10.607 --> 00:45:12.942 that can enable new form, even newer forms 00:45:12.942 --> 00:45:15.111 of surveillance in the future. 00:45:15.111 --> 00:45:18.481 So, these are new opportunities for surveillance. 00:45:18.481 --> 00:45:21.618 Two other infrastructure issues I'll mention I'll mention 00:45:21.618 --> 00:45:26.389 quickly include a current rethinking and redesign of the 00:45:26.389 --> 00:45:28.892 "who is" protocol which keeps track 00:45:28.892 --> 00:45:32.929 of who is registering a domain name and, of course, 00:45:32.929 --> 00:45:35.565 also the issue as has already been mentioned 00:45:35.565 --> 00:45:37.534 of internet exchange points. 00:45:37.534 --> 00:45:40.203 How these are governed and how they are distributed 00:45:40.203 --> 00:45:42.172 around the world is something 00:45:42.172 --> 00:45:44.073 that is very related to civil liberties. 00:45:44.073 --> 00:45:47.911 The Internet Society and we'll hear from next has really been 00:45:47.911 --> 00:45:50.079 at the forefront of this area which-- 00:45:50.079 --> 00:45:52.215 having more internet exchange points, 00:45:52.215 --> 00:45:54.717 looking at the criticality of them for human rights 00:45:54.717 --> 00:45:56.452 for infrastructure development 00:45:56.452 --> 00:45:59.923 and as concentrated points of information flows. 00:45:59.923 --> 00:46:04.060 So, the truth is that global internet choke points, 00:46:04.060 --> 00:46:05.295 of course, exist. 00:46:05.295 --> 00:46:08.898 And the internet is governed not by any one entity 00:46:08.898 --> 00:46:11.701 but multi-stakeholder governance which I'm sure we will take 00:46:11.701 --> 00:46:13.970 up in the roundtable later. 00:46:13.970 --> 00:46:17.774 But that this governance is not fixed anymore 00:46:17.774 --> 00:46:19.909 than architecture is fixed. 00:46:19.909 --> 00:46:22.345 So, the architecture is constantly changing 00:46:22.345 --> 00:46:25.615 and the governance is constantly changing as well. 00:46:25.615 --> 00:46:27.884 The basic theoretical or conceptual framework 00:46:27.884 --> 00:46:30.119 of my own work is that arrangements 00:46:30.119 --> 00:46:34.190 of technical architecture are also arrangements of power. 00:46:34.190 --> 00:46:38.094 So, it's critical for the public to be engaged in these debates 00:46:38.094 --> 00:46:40.029 because the future of internet architecture 00:46:40.029 --> 00:46:42.632 and governance is directly related 00:46:42.632 --> 00:46:44.033 to the future of internet freedom. 00:46:44.033 --> 00:46:46.936 So, I appreciate the opportunity to discuss that here today. 00:46:46.936 --> 00:46:49.172 Thank you very much for listening. 00:46:49.172 --> 00:46:50.139 >> Thank you, Laura. 00:46:50.139 --> 00:46:52.542 Lynn? 00:46:52.542 --> 00:46:53.576 >> Good afternoon. 00:46:53.576 --> 00:46:55.745 This has been a very comprehensive set 00:46:55.745 --> 00:46:59.048 of speaking points, I have to say to date. 00:46:59.048 --> 00:47:02.285 So, the Internet Society is a cause-based organization. 00:47:02.285 --> 00:47:05.154 We advocate for an open global internet. 00:47:05.154 --> 00:47:06.656 In the recent revelations 00:47:06.656 --> 00:47:08.892 about the mass scale interceptions not only 00:47:08.892 --> 00:47:12.128 by the US, the UK, but many, many other countries 00:47:12.128 --> 00:47:14.631 around the world have serious implications 00:47:14.631 --> 00:47:17.533 for the open global internet. 00:47:17.533 --> 00:47:19.769 ISOC is an international organization. 00:47:19.769 --> 00:47:22.071 We have members, org members and chapters 00:47:22.071 --> 00:47:23.606 in virtually every country 00:47:23.606 --> 00:47:26.809 of the world perhaps even every country of the world. 00:47:26.809 --> 00:47:30.914 We have headquarters in just outside of D.C. here 00:47:30.914 --> 00:47:33.650 in Western Virginia and Geneva, Switzerland. 00:47:33.650 --> 00:47:38.788 And we have a very senior policy and technical staff in little 00:47:38.788 --> 00:47:41.024 over 20 countries of the world often times 00:47:41.024 --> 00:47:43.393 in the same individual which is more 00:47:43.393 --> 00:47:45.595 and more the future in any case. 00:47:45.595 --> 00:47:48.364 I spent 27 years in Europe, just moved back 00:47:48.364 --> 00:47:50.466 to the US a little over a year ago. 00:47:50.466 --> 00:47:52.568 And the one thing I'd really like to do is to make sure 00:47:52.568 --> 00:47:55.738 that here in D.C., in this country's capital 00:47:55.738 --> 00:47:58.408 that we recognize that this is not just about US citizens 00:47:58.408 --> 00:48:01.010 and it's not just about the foreigners 00:48:01.010 --> 00:48:03.780 that the US is surveilling. 00:48:03.780 --> 00:48:06.749 This affects every individual in the world. 00:48:06.749 --> 00:48:09.585 It affects some of them very directly 00:48:09.585 --> 00:48:12.088 but it will affect the internet we all have access 00:48:12.088 --> 00:48:17.393 to going forward to tomorrow and to generations to come. 00:48:17.393 --> 00:48:21.764 If we are not careful, we will actually rob both individuals 00:48:21.764 --> 00:48:24.834 today, tomorrow and future generations of all the freedom 00:48:24.834 --> 00:48:26.736 and the benefit and the innovation 00:48:26.736 --> 00:48:29.639 that the internet has brought. 00:48:29.639 --> 00:48:32.809 The Internet Society actually deals an awful lot in principles 00:48:32.809 --> 00:48:36.112 and the principles that make the internet what the internet is. 00:48:36.112 --> 00:48:38.381 First and foremost, it's a platform. 00:48:38.381 --> 00:48:43.019 It allows everybody to go out and develop what they choose to, 00:48:43.019 --> 00:48:46.656 to access what they choose to, to innovate on material that's 00:48:46.656 --> 00:48:49.192 out there and make that available. 00:48:49.192 --> 00:48:54.230 If we're not careful, we'll loose all of that. 00:48:54.230 --> 00:48:57.133 So, the-- in particular recently, 00:48:57.133 --> 00:48:59.902 the unwarded collection storage and the ease 00:48:59.902 --> 00:49:02.472 of correlation amongst all the data that's collected. 00:49:02.472 --> 00:49:04.841 And I actually don't differentiate a lot 00:49:04.841 --> 00:49:07.710 between metadata and content. 00:49:07.710 --> 00:49:10.079 You can get so much information from metadata 00:49:10.079 --> 00:49:11.681 that we shouldn't kid ourselves by saying, 00:49:11.681 --> 00:49:15.418 "It's just metadata we're collecting, it's OK." 00:49:15.418 --> 00:49:19.789 That-- though the collection that will undermine many 00:49:19.789 --> 00:49:21.724 of the key principles and relationships. 00:49:21.724 --> 00:49:26.996 And in particular some of those natural conclusions will start 00:49:26.996 --> 00:49:28.598 to impact the physical infrastructure 00:49:28.598 --> 00:49:32.435 of the internet itself whether it's using some of the IXPs 00:49:32.435 --> 00:49:34.337 as choke points or whether it's using some 00:49:34.337 --> 00:49:36.372 of the technical capabilities that exist 00:49:36.372 --> 00:49:38.708 to help with surveillance. 00:49:38.708 --> 00:49:42.111 Those are all things we want to I think-- 00:49:42.111 --> 00:49:44.614 think through very, very carefully. 00:49:44.614 --> 00:49:46.115 One of the principles we argue 00:49:46.115 --> 00:49:48.351 for is multistakeholder dialogue. 00:49:48.351 --> 00:49:51.120 And it's because so much of what we're all facing whether it's 00:49:51.120 --> 00:49:52.688 in a policy or a technical 00:49:52.688 --> 00:49:55.024 or a social environment has never been done 00:49:55.024 --> 00:49:56.426 in the world before. 00:49:56.426 --> 00:49:59.328 We're breaking barriers every single day and we need 00:49:59.328 --> 00:50:01.864 to bring everybody to the table for a discussion 00:50:01.864 --> 00:50:03.232 and move forward thoughtfully and carefully. 00:50:03.232 --> 00:50:09.839 That is even more so when we look to governments particularly 00:50:09.839 --> 00:50:12.909 in their role in protecting citizens. 00:50:12.909 --> 00:50:16.646 We believe that the internet must be a channel for secure, 00:50:16.646 --> 00:50:19.215 reliable, private communication 00:50:19.215 --> 00:50:21.651 between entities and individuals. 00:50:21.651 --> 00:50:26.155 And surveillance without due process is simply unacceptable. 00:50:26.155 --> 00:50:29.859 And as some other articles have said recently, frankly, 00:50:29.859 --> 00:50:31.360 it's very creepy as well. 00:50:31.360 --> 00:50:33.629 And if that makes it more personal, this is good 00:50:33.629 --> 00:50:38.601 because we need everybody to care about what's happening now. 00:50:38.601 --> 00:50:40.303 We also challenge the view that policies 00:50:40.303 --> 00:50:41.771 to ensure security must always come 00:50:41.771 --> 00:50:44.307 at the cost of user's rights. 00:50:44.307 --> 00:50:47.210 I'd also argue with the fact that we all know it was coming 00:50:47.210 --> 00:50:49.445 so what are we concerned about? 00:50:49.445 --> 00:50:50.980 Due process wasn't followed. 00:50:50.980 --> 00:50:52.548 That's what were concerned about. 00:50:52.548 --> 00:50:54.050 Did most people that pay attention 00:50:54.050 --> 00:50:56.619 to this field understand that you could do all these sorts 00:50:56.619 --> 00:50:57.820 of things with the data? 00:50:57.820 --> 00:51:01.057 Yes. Did we believe our governments were doing it 00:51:01.057 --> 00:51:03.759 without due process and certainly 00:51:03.759 --> 00:51:07.597 without an adequate level of transparency? 00:51:07.597 --> 00:51:09.999 I might answer yes but hopefully-- 00:51:09.999 --> 00:51:11.934 hopefully we didn't and [inaudible] 00:51:11.934 --> 00:51:14.904 to happen as Frank said. 00:51:14.904 --> 00:51:17.273 One of the things we'd actually 00:51:17.273 --> 00:51:20.243 like to do is really get everybody to focus 00:51:20.243 --> 00:51:21.511 on the multistakeholder. 00:51:21.511 --> 00:51:22.845 A lot of the principles 00:51:22.845 --> 00:51:28.184 that have given us the internet find new forms, structures 00:51:28.184 --> 00:51:29.919 and processes to address that. 00:51:29.919 --> 00:51:33.322 Don't revert back to we need a new institution. 00:51:33.322 --> 00:51:37.760 I don't think that is the answer in almost every situation. 00:51:37.760 --> 00:51:42.632 Some of the recent proposals that have been put forward 00:51:42.632 --> 00:51:45.234 to address some of these aspects would call for treaties. 00:51:45.234 --> 00:51:47.370 Treaties are largely intergovernmental. 00:51:47.370 --> 00:51:48.971 They don't allow for the private sector. 00:51:48.971 --> 00:51:51.240 They don't allow for civil society. 00:51:51.240 --> 00:51:53.209 And honestly I don't know how you get some 00:51:53.209 --> 00:51:54.610 of those private sector companies 00:51:54.610 --> 00:51:57.113 to sign on to a treaty. 00:51:57.113 --> 00:51:59.248 So, I don't think treaties are the answer either. 00:51:59.248 --> 00:52:02.885 We're going to need to create new processes and new forums 00:52:02.885 --> 00:52:04.887 and certainly at the core of all that ought 00:52:04.887 --> 00:52:07.256 to be thoughtful informed dialogue. 00:52:07.256 --> 00:52:09.692 So, I think, you know, it's our hope 00:52:09.692 --> 00:52:13.095 that as these discussions continue across the world 00:52:13.095 --> 00:52:16.866 that we recognize and come to agree again 00:52:16.866 --> 00:52:19.035 on some other high level principles. 00:52:19.035 --> 00:52:21.504 Some of the ones I'd throw out for further debate, 00:52:21.504 --> 00:52:24.874 is it unwanted surveillance even in the furtherance 00:52:24.874 --> 00:52:27.877 of national security is not acceptable. 00:52:27.877 --> 00:52:31.347 Unwarranted surveillance is not acceptable. 00:52:31.347 --> 00:52:34.050 The disproportionate surveillance is also 00:52:34.050 --> 00:52:36.018 not acceptable. 00:52:36.018 --> 00:52:38.654 That surveillance without accountability is 00:52:38.654 --> 00:52:41.123 not acceptable. 00:52:41.123 --> 00:52:42.558 And further, turning 00:52:42.558 --> 00:52:44.727 to something a little more positive, 00:52:44.727 --> 00:52:46.762 that there should be transparency with respect 00:52:46.762 --> 00:52:49.398 to policy and its implementation, 00:52:49.398 --> 00:52:53.202 that we should be harnessing the expertise of all stakeholders 00:52:53.202 --> 00:52:56.105 to discover better ways to protect citizens 00:52:56.105 --> 00:52:58.374 in a global community. 00:52:58.374 --> 00:53:02.578 And most importantly, encore to everything we do 00:53:02.578 --> 00:53:05.147 that we uphold human rights. 00:53:05.147 --> 00:53:07.016 And so I look forward to the discussion for the rest 00:53:07.016 --> 00:53:09.185 of the day, and thank you. 00:53:09.185 --> 00:53:10.119 >> Thank you, Lynn. 00:53:10.119 --> 00:53:10.920 Danny? 00:53:10.920 --> 00:53:12.255 >> Thanks, Lance. 00:53:12.255 --> 00:53:16.525 So, thanks to the Internet Society and GW, Lynn and Lance, 00:53:16.525 --> 00:53:18.694 for getting-- Paul for getting us together. 00:53:18.694 --> 00:53:23.633 And at the end of the panel, I'm always reminded 00:53:23.633 --> 00:53:25.635 of this very distinguished member of Congress said 00:53:25.635 --> 00:53:28.371 at the near the end of a very excruciatingly long hearing, 00:53:28.371 --> 00:53:31.807 everything's been said but not every one has said it. 00:53:31.807 --> 00:53:36.746 So, I subscribe to much of what has been said 00:53:36.746 --> 00:53:39.315 by many of my fellow panels. 00:53:39.315 --> 00:53:42.084 I want to just make three points 00:53:42.084 --> 00:53:47.089 about what I think we've been experiencing as a result 00:53:47.089 --> 00:53:49.458 of this surveillance debate over the last month. 00:53:49.458 --> 00:53:54.430 I think fundamentally what we've had is a certain degree 00:53:54.430 --> 00:53:57.967 of a crisis in confidence and a crisis in trust 00:53:57.967 --> 00:53:59.568 about the internet environment. 00:53:59.568 --> 00:54:02.305 The question is, should you trust it or not? 00:54:02.305 --> 00:54:06.709 And as Mellissa noted, it's, I think, useful to try 00:54:06.709 --> 00:54:11.047 to breakdown to some extent our current sources of trust 00:54:11.047 --> 00:54:14.250 in the internet in particular, in society in general. 00:54:14.250 --> 00:54:16.719 I want to just make three points about the institutional, 00:54:16.719 --> 00:54:22.291 legal and political levels of trust that we tend to look to. 00:54:22.291 --> 00:54:25.027 To start with the institutional, you heard from-- 00:54:25.027 --> 00:54:29.899 you heard from John and from Lynn about some 00:54:29.899 --> 00:54:32.368 of the institutions that make the internet work. 00:54:32.368 --> 00:54:33.569 You know, I think it's interesting 00:54:33.569 --> 00:54:36.172 when you look purely technically at the internet. 00:54:36.172 --> 00:54:40.309 People pretty much trust that the pack is going to arrive more 00:54:40.309 --> 00:54:41.510 or less in the right order. 00:54:41.510 --> 00:54:44.246 And enough of them will get there 00:54:44.246 --> 00:54:45.514 that you could get your message through it. 00:54:45.514 --> 00:54:46.782 You can watch video. 00:54:46.782 --> 00:54:49.218 We don't-- we don't have a lot of debates about that. 00:54:49.218 --> 00:54:55.391 I will note just as a kind of a observation of the sociology 00:54:55.391 --> 00:54:57.259 in a certain way of people 00:54:57.259 --> 00:54:58.694 in the internet technical community. 00:54:58.694 --> 00:55:01.630 There is a sense in some ways as Lynn suggested 00:55:01.630 --> 00:55:06.769 that if any third party can get in the middle 00:55:06.769 --> 00:55:10.740 of a communication stream between two parties, 00:55:10.740 --> 00:55:13.542 but that is in a sort of very idealized sense a 00:55:13.542 --> 00:55:14.610 technical failure. 00:55:14.610 --> 00:55:16.545 It's the internet not working properly. 00:55:16.545 --> 00:55:18.481 Now that's a narrow technical view 00:55:18.481 --> 00:55:19.615 of the internet environment. 00:55:19.615 --> 00:55:23.319 We, of course, have a broader legal and social 00:55:23.319 --> 00:55:26.655 and political view of our societies, and we do recognize 00:55:26.655 --> 00:55:30.126 that that surveillance and espionage will happen. 00:55:30.126 --> 00:55:33.696 But part of the challenge, I think, in closing the trust gap 00:55:33.696 --> 00:55:36.232 that we have is to articulate better what those sorts 00:55:36.232 --> 00:55:37.533 of expectations are. 00:55:37.533 --> 00:55:39.435 We do have administrative institutions 00:55:39.435 --> 00:55:41.337 like that run the domain name service 00:55:41.337 --> 00:55:42.605 and IP address assignment. 00:55:42.605 --> 00:55:44.106 Thanks to people like John. 00:55:44.106 --> 00:55:45.174 They just kind of worked-- 00:55:45.174 --> 00:55:46.909 people grumble about I can't [phonetic]. 00:55:46.909 --> 00:55:49.545 But so far, you know, people are getting new domain names. 00:55:49.545 --> 00:55:50.780 They are being maintained. 00:55:50.780 --> 00:55:55.484 Nothing has completely fallen apart at that point. 00:55:55.484 --> 00:55:56.786 What I think is more complicated 00:55:56.786 --> 00:56:00.089 on the institutional trust front is that in many cases, 00:56:00.089 --> 00:56:01.657 we're used to looking to government 00:56:01.657 --> 00:56:04.393 to establish trustworthiness in society. 00:56:04.393 --> 00:56:06.262 And certainly governments believe their job is 00:56:06.262 --> 00:56:09.298 to establish trustworthiness in society. 00:56:09.298 --> 00:56:12.301 But as you've heard, many of our sources of trust 00:56:12.301 --> 00:56:14.136 in the internet are actually not governmental. 00:56:14.136 --> 00:56:17.907 They are working perfectly well largely without governments. 00:56:17.907 --> 00:56:20.209 And I'll come back and talk about that. 00:56:20.209 --> 00:56:23.312 But again because of that somewhat unusual circumstance 00:56:23.312 --> 00:56:27.049 that Lynn alluded to, these multistakeholder processes, 00:56:27.049 --> 00:56:30.820 we probably have to understand that a little bit better 00:56:30.820 --> 00:56:34.123 so that people can trust those environments. 00:56:34.123 --> 00:56:37.226 You know, on the-- when we look at legal institutions, 00:56:37.226 --> 00:56:39.195 we rely a lot on our legal institutions 00:56:39.195 --> 00:56:42.064 to establish trust in society. 00:56:42.064 --> 00:56:44.366 We hope that our legal institutions make it 00:56:44.366 --> 00:56:47.837 so that most people and most institutions mostly do the right 00:56:47.837 --> 00:56:48.771 thing most of the time. 00:56:48.771 --> 00:56:50.105 We don't expect perfection 00:56:50.105 --> 00:56:53.108 but we do expect our legal institutions to set standards 00:56:53.108 --> 00:56:55.144 and that there are consequences when they're not followed. 00:56:55.144 --> 00:56:58.147 I think when we look at the privacy issues raised 00:56:58.147 --> 00:57:00.783 by the current surveillance practices 00:57:00.783 --> 00:57:04.420 that had been revealed, the problem that we have, I believe, 00:57:04.420 --> 00:57:08.090 is that every one would like there to be a sense of privacy 00:57:08.090 --> 00:57:09.959 in our communications environment. 00:57:09.959 --> 00:57:11.794 But I think we have a real-- 00:57:11.794 --> 00:57:16.799 a lot of confusion about just what that ought to mean. 00:57:16.799 --> 00:57:18.968 We tend to think about privacy particularly 00:57:18.968 --> 00:57:22.338 in the computer network environment as being able 00:57:22.338 --> 00:57:23.873 to keep things secret. 00:57:23.873 --> 00:57:26.208 Well, I think we all understand now that we don't have a lot 00:57:26.208 --> 00:57:30.012 of secrets, and we rely on lots of third parties 00:57:30.012 --> 00:57:33.282 to maintain our information. 00:57:33.282 --> 00:57:38.220 So, we don't keep secrets as well as we may be used to. 00:57:38.220 --> 00:57:40.923 And my own view is that that means we have to start thinking 00:57:40.923 --> 00:57:43.125 about privacy more as a question 00:57:43.125 --> 00:57:47.029 of whether information is used properly whether it's misused, 00:57:47.029 --> 00:57:48.030 whether it's used 00:57:48.030 --> 00:57:50.232 to discriminate unfairly against people. 00:57:50.232 --> 00:57:53.669 But that's going to require certain amount of discussion. 00:57:53.669 --> 00:57:55.371 Lots of people have mentioned accountability. 00:57:55.371 --> 00:57:58.240 We're going to need better accountability mechanisms 00:57:58.240 --> 00:58:00.409 for these more complex privacy rules. 00:58:00.409 --> 00:58:03.312 When privacy is not a binary phenomenon 00:58:03.312 --> 00:58:07.716 that is either it's secret or it's not, we need mechanisms 00:58:07.716 --> 00:58:11.787 to assure trust in the way personal information is handled. 00:58:11.787 --> 00:58:14.423 I think there's a very simple analogy actually 00:58:14.423 --> 00:58:17.393 that we can draw from the financial world. 00:58:17.393 --> 00:58:20.095 Huge parts of our economy, 00:58:20.095 --> 00:58:23.799 huge parts of the world's economy run based 00:58:23.799 --> 00:58:26.302 on a pretty well understand set of accounting rules. 00:58:26.302 --> 00:58:29.204 We're used to looking at balance sheets for corporations 00:58:29.204 --> 00:58:30.639 and having some sense of trust 00:58:30.639 --> 00:58:32.808 that those balance sheets reflect what's actually going 00:58:32.808 --> 00:58:35.110 on in the financial life of the corporations. 00:58:35.110 --> 00:58:37.513 We don't expect to see all the transactions 00:58:37.513 --> 00:58:40.115 in the general ledger in order to look and get a picture 00:58:40.115 --> 00:58:43.285 of whether the corporation is profitable, not profitable, 00:58:43.285 --> 00:58:46.422 paying its taxes correctly, not, et cetera. 00:58:46.422 --> 00:58:48.757 Now there are-- this doesn't always work perfectly, 00:58:48.757 --> 00:58:50.926 but I the analogy particularly 00:58:50.926 --> 00:58:56.532 to the NSA surveillance situation is quite strong. 00:58:56.532 --> 00:58:59.401 We do as citizens of the United States want to be able 00:58:59.401 --> 00:59:01.170 to have a sense of confidence 00:59:01.170 --> 00:59:05.274 that our intelligence agencies are following the rules 00:59:05.274 --> 00:59:06.642 that they say they're following. 00:59:06.642 --> 00:59:10.079 My guess is they probably do about 90 percent of the time. 00:59:10.079 --> 00:59:12.114 But we want to know that there's some accountability 00:59:12.114 --> 00:59:13.382 to those rules. 00:59:13.382 --> 00:59:16.285 I think we understand that we're not going to be able 00:59:16.285 --> 00:59:22.825 to send auditors, independent auditors inside classified 00:59:22.825 --> 00:59:25.494 environments and can have them come back and report 00:59:25.494 --> 00:59:26.829 on everything they found. 00:59:26.829 --> 00:59:29.031 But if we follow this balance sheet model, if we follow 00:59:29.031 --> 00:59:32.201 to a methodology of assessing how information is used, 00:59:32.201 --> 00:59:34.837 we can get that sense of trust back. 00:59:34.837 --> 00:59:39.808 And finally, as a matter of political trust 00:59:39.808 --> 00:59:41.810 and by political, I don't mean kind 00:59:41.810 --> 00:59:43.746 of small P Washington politics. 00:59:43.746 --> 00:59:45.781 I really mean politics in the sense 00:59:45.781 --> 00:59:48.917 of how we organize ourselves as a society. 00:59:48.917 --> 00:59:54.423 As people on this panel have noted, 00:59:54.423 --> 00:59:57.393 our sources of political trust are complicated 00:59:57.393 --> 01:00:00.029 in the internet environment and unusual. 01:00:00.029 --> 01:00:01.697 We are used to the idea of states 01:00:01.697 --> 01:00:06.368 of government's exercising authority directly 01:00:06.368 --> 01:00:10.539 on institutions often on intermediaries, 01:00:10.539 --> 01:00:12.875 but in the internet world and we're-- 01:00:12.875 --> 01:00:15.077 and if you considered the analogy 01:00:15.077 --> 01:00:19.214 between telephone networks in the past 01:00:19.214 --> 01:00:22.351 and internet service providers today, telephone networks, 01:00:22.351 --> 01:00:24.920 broadcast networks were really creatures of the state. 01:00:24.920 --> 01:00:28.791 They were authorized by the actions of legislatures 01:00:28.791 --> 01:00:32.895 and therefore controlled in that way at the local state federal 01:00:32.895 --> 01:00:35.998 and even international legal level. 01:00:35.998 --> 01:00:38.567 The internet doesn't-- has not happened that way, 01:00:38.567 --> 01:00:42.237 it was not a creature of the state ever, it was really 01:00:42.237 --> 01:00:46.709 in many ways a creature of individual and voluntary action 01:00:46.709 --> 01:00:50.279 by some people on this panel, by others all around the world 01:00:50.279 --> 01:00:54.016 who participate in making this internet institutions work. 01:00:54.016 --> 01:00:57.352 But now when we're nervous about how they work 01:00:57.352 --> 01:00:59.722 and how the state work we have rethink some 01:00:59.722 --> 01:01:00.856 of these relationships. 01:01:00.856 --> 01:01:06.095 So, we're going to have to get use to the fact 01:01:06.095 --> 01:01:10.432 that governments-- I would submit cannot reach 01:01:10.432 --> 01:01:12.167 into these internet institutions 01:01:12.167 --> 01:01:15.137 like the internet engineering test force like I can-- 01:01:15.137 --> 01:01:17.506 like the worldwide web consortium 01:01:17.506 --> 01:01:19.875 and achieve exactly the result they want. 01:01:19.875 --> 01:01:23.378 But of course at the same time governments will make laws 01:01:23.378 --> 01:01:27.750 and rules about how individuals and corporations act whether 01:01:27.750 --> 01:01:29.384 for intellectual property protection 01:01:29.384 --> 01:01:33.088 or privacy protection or anything else. 01:01:33.088 --> 01:01:34.456 So, I think that what this-- 01:01:34.456 --> 01:01:38.327 the whole surveillance experience has revealed is 01:01:38.327 --> 01:01:42.698 that the rules and expectations 01:01:42.698 --> 01:01:44.933 that we have are quite a bit more nuanced 01:01:44.933 --> 01:01:47.970 than the very binary technical behavior 01:01:47.970 --> 01:01:49.772 of the internet environment. 01:01:49.772 --> 01:01:52.341 And I think our challenge is now to do a better job 01:01:52.341 --> 01:01:54.076 of articulating just what we expected, 01:01:54.076 --> 01:01:56.211 all these different institutions at all these levels 01:01:56.211 --> 01:01:58.280 and how we're going to find accountability 01:01:58.280 --> 01:02:00.516 to those expectations. 01:02:00.516 --> 01:02:02.017 Thanks. 01:02:02.017 --> 01:02:05.387 >> Thank you Danny and thank you everybody on the panel. 01:02:05.387 --> 01:02:09.091 I think what we'll do now, I'm going to open up first 01:02:09.091 --> 01:02:11.360 to the panelist for five or 10 minutes 01:02:11.360 --> 01:02:15.364 so they can ask questions of their fellow panelists, 01:02:15.364 --> 01:02:19.535 make further, you know, comments, go some back and forth 01:02:19.535 --> 01:02:21.436 that way for five or 10 minutes. 01:02:21.436 --> 01:02:23.972 In the meantime if you in the audience, 01:02:23.972 --> 01:02:27.743 if you have a question would you please if you're physically 01:02:27.743 --> 01:02:31.346 in the audience here at GW step up to one 01:02:31.346 --> 01:02:34.983 of these two microphones in either of the isles, form a line 01:02:34.983 --> 01:02:38.654 and when your turn comes please state your name and affiliation 01:02:38.654 --> 01:02:41.857 and then ask your question. 01:02:41.857 --> 01:02:45.127 If you are in the internet world, if you're off 01:02:45.127 --> 01:02:49.298 in the clouds somewhere and want to communicate send it in, 01:02:49.298 --> 01:02:52.267 Paul any other directions on that 01:02:52.267 --> 01:02:54.469 or you have some questions already? 01:02:54.469 --> 01:02:57.406 While you're waiting, I want to give the panelist a chance first 01:02:57.406 --> 01:02:59.541 but any other protocol? 01:02:59.541 --> 01:03:06.815 >> So, they type the questions into live stream 01:03:06.815 --> 01:03:09.251 and I'll be reading them here at one of these mics. 01:03:09.251 --> 01:03:11.520 So, that's for the live stream panelists. 01:03:11.520 --> 01:03:14.723 In New York they can just line up at their microphone there. 01:03:14.723 --> 01:03:16.425 >> In New York they can line up their microphone 01:03:16.425 --> 01:03:17.593 and we'll see them live up there? 01:03:17.593 --> 01:03:18.493 >> We'll see them, yes, that's right. 01:03:18.493 --> 01:03:19.061 >> OK. 01:03:19.061 --> 01:03:19.628 >> Very good. 01:03:19.628 --> 01:03:20.395 >> All right. 01:03:20.395 --> 01:03:21.230 This will be interesting. 01:03:21.230 --> 01:03:23.398 OK, but first let's get to the-- 01:03:23.398 --> 01:03:27.502 give the panelists a chance to ask questions, Leslie? 01:03:27.502 --> 01:03:31.874 >> So, I want to ask a question of Danny because talking 01:03:31.874 --> 01:03:35.878 about the concern or persuading people that, you know, 01:03:35.878 --> 01:03:38.380 winning people of off government is sort 01:03:38.380 --> 01:03:41.650 of the governance structure for the internet and trying 01:03:41.650 --> 01:03:44.253 to educate them that it's not really government, 01:03:44.253 --> 01:03:47.189 it's all of these other institutions and we do them 01:03:47.189 --> 01:03:49.758 in a multi-stakeholder way and many people 01:03:49.758 --> 01:03:52.861 up here have spent considerable time trying 01:03:52.861 --> 01:03:55.898 to move people to that model. 01:03:55.898 --> 01:03:58.267 It just seems to me that the rest 01:03:58.267 --> 01:04:00.802 of the world right now is going to think we've been involved 01:04:00.802 --> 01:04:02.070 in a slight of hand 01:04:02.070 --> 01:04:06.208 that basically we're saying governments stay out, 01:04:06.208 --> 01:04:10.012 governments don't get too involved here. 01:04:10.012 --> 01:04:13.181 All these other into multi stakeholder institutions are 01:04:13.181 --> 01:04:15.083 really the core of the internet and then 01:04:15.083 --> 01:04:18.020 at the same time building an environment 01:04:18.020 --> 01:04:21.556 where the United States uses historically-- 01:04:21.556 --> 01:04:25.227 historical dominance 01:04:25.227 --> 01:04:28.230 to basically trump all of those governance. 01:04:28.230 --> 01:04:31.800 So, I hear what you're saying but it was a hard argument 01:04:31.800 --> 01:04:34.102 to make to the rest of the world beforehand. 01:04:34.102 --> 01:04:36.405 I'm just curious whether you're continuing 01:04:36.405 --> 01:04:38.206 to say it with a straight face. 01:04:38.206 --> 01:04:39.141 But I'm having trouble. 01:04:39.141 --> 01:04:41.443 >> It's a habit. 01:04:41.443 --> 01:04:47.282 I guess what I would say is the ability to make 01:04:47.282 --> 01:04:49.785 that argument really depends on-- 01:04:49.785 --> 01:04:51.954 as several people have said the layer 01:04:51.954 --> 01:04:53.355 at which you're making the argument. 01:04:53.355 --> 01:05:00.095 I don't believe that the NSA surveillance changes one bit the 01:05:00.095 --> 01:05:06.568 question of who should be setting standards for TCPIP 01:05:06.568 --> 01:05:10.072 or who should be determining how domain names get assigned. 01:05:10.072 --> 01:05:15.277 I do believe that as you said Leslie that the question 01:05:15.277 --> 01:05:20.248 of government espionage activities whether it's the NSA 01:05:20.248 --> 01:05:26.188 or GCHQ or MI5 or, you know, the German Intelligence Agency, 01:05:26.188 --> 01:05:28.490 the French Intelligence Agency, anyone of them, 01:05:28.490 --> 01:05:30.926 all of which you're doing exactly the same thing. 01:05:30.926 --> 01:05:35.998 I do believe that we now have to have a more public discussion 01:05:35.998 --> 01:05:37.632 about what our expectations are 01:05:37.632 --> 01:05:39.835 for surveillance including espionage 01:05:39.835 --> 01:05:42.004 in the internet environment. 01:05:42.004 --> 01:05:47.776 But that shouldn't get confused with the question of whether all 01:05:47.776 --> 01:05:49.778 of a sudden we need a treaty about how 01:05:49.778 --> 01:05:51.847 to set internet technical standards. 01:05:51.847 --> 01:05:55.450 And I believe that, you know, I'm highly uncomfortable talking 01:05:55.450 --> 01:05:56.952 about the rest of the world. 01:05:56.952 --> 01:06:01.757 But I think that what we saw in the internet governance debate 01:06:01.757 --> 01:06:09.297 at the United Nations at the-- in Dubai where the proposition 01:06:09.297 --> 01:06:15.670 from Democratic countries like Iran and China and Russia was 01:06:15.670 --> 01:06:17.205 to exert greater control 01:06:17.205 --> 01:06:20.642 over the internet environment was rejected not just 01:06:20.642 --> 01:06:25.747 by the usual suspects, that is the 34 OACD countries 01:06:25.747 --> 01:06:28.016 who you could somewhat expect to do that. 01:06:28.016 --> 01:06:32.554 But by another 20 countries, from Africa and South Asia 01:06:32.554 --> 01:06:35.957 and different parts of the world, that I think 01:06:35.957 --> 01:06:42.898 at Brazil have recognized that while we could always do better 01:06:42.898 --> 01:06:44.900 with the current internet governors arrangements 01:06:44.900 --> 01:06:47.736 that they're working and messing with them has a cause 01:06:47.736 --> 01:06:49.004 for all those countries. 01:06:49.004 --> 01:06:51.973 So, I think as long as we keep these issues distinct 01:06:51.973 --> 01:06:55.410 and don't confuse them I think there's a way 01:06:55.410 --> 01:06:58.814 to have both discussions in a coherent way. 01:06:58.814 --> 01:07:00.082 >> Well, so I agree with you. 01:07:00.082 --> 01:07:00.715 >> I know you do. 01:07:00.715 --> 01:07:01.817 [laughs] 01:07:01.817 --> 01:07:06.154 >> But it seems to me the opportunity here 01:07:06.154 --> 01:07:09.157 for many countries to combine them together 01:07:09.157 --> 01:07:11.393 to not make them distinct. 01:07:11.393 --> 01:07:14.596 The opportunity to reclaim control 01:07:14.596 --> 01:07:17.699 by basically bringing this together. 01:07:17.699 --> 01:07:19.101 >> Sure. So, what did Russia say? 01:07:19.101 --> 01:07:23.038 What did Russia say this-- you know, Russia said in response 01:07:23.038 --> 01:07:25.207 to the NSA we need more government control-- 01:07:25.207 --> 01:07:26.274 >> Right. 01:07:26.274 --> 01:07:30.212 >> -- of both the internet infrastructure 01:07:30.212 --> 01:07:31.580 and the internet companies. 01:07:31.580 --> 01:07:34.216 It's a-- I mean, I think the question is how does anyone say 01:07:34.216 --> 01:07:35.984 that with a straight face 01:07:35.984 --> 01:07:39.421 when the concern was undo government intrusion? 01:07:39.421 --> 01:07:42.023 But, yeah, I mean it-- 01:07:42.023 --> 01:07:45.127 people who want to make those arguments will find ways 01:07:45.127 --> 01:07:46.828 to make them. 01:07:46.828 --> 01:07:50.198 >> I worry that many of those in between are suddenly going 01:07:50.198 --> 01:07:56.838 to become more persuadable because of the outrage. 01:07:56.838 --> 01:08:00.308 >> So, I have a question for my fellow panelists. 01:08:00.308 --> 01:08:04.212 And it's sort of following what Danny just raised. 01:08:04.212 --> 01:08:07.182 In December we had an interesting conference, 01:08:07.182 --> 01:08:09.885 the World Conference 01:08:09.885 --> 01:08:12.320 on International Telecommunications. 01:08:12.320 --> 01:08:15.056 I'll use the acronym WCIT not 'cause I want 01:08:15.056 --> 01:08:16.558 to have the table bounded. 01:08:16.558 --> 01:08:18.260 I explain the acronym first. 01:08:18.260 --> 01:08:19.327 >> You did. 01:08:19.327 --> 01:08:20.428 >> But you hear the term WCIT so I want 01:08:20.428 --> 01:08:22.096 to pronounce it as you might hear it. 01:08:22.096 --> 01:08:23.430 But the World Conference 01:08:23.430 --> 01:08:26.401 on International Telecommunications was look 01:08:26.401 --> 01:08:28.103 at some treaty arrangements. 01:08:28.103 --> 01:08:29.404 So, some tariffs. 01:08:29.404 --> 01:08:33.108 Regarding interconnection and there were number 01:08:33.108 --> 01:08:36.278 of very interesting proposals that shut up in Dubai. 01:08:36.278 --> 01:08:41.283 And I'm struck by the timing because that happened 01:08:41.283 --> 01:08:46.921 and now we now have a lot of events regarding surveillance 01:08:46.921 --> 01:08:49.624 and then I say and so on and so forth. 01:08:49.624 --> 01:08:52.227 And I guess with my panelists I'd ask the question, 01:08:52.227 --> 01:08:56.631 does anyone care to speculate if water had been reversed? 01:08:56.631 --> 01:08:58.166 What the outcome would have been? 01:08:58.166 --> 01:09:01.036 Because I've had a few people suggest 01:09:01.036 --> 01:09:03.904 that that's an interesting exercise. 01:09:03.904 --> 01:09:08.475 I am not sure whether or not the outcome that we had in Dubai 01:09:08.475 --> 01:09:12.913 in December is what we would be seeing 01:09:12.913 --> 01:09:16.451 if in fact it was being done instead next month. 01:09:16.451 --> 01:09:17.786 >> Hold on, that was my concern. 01:09:17.786 --> 01:09:21.122 That's my concern. 01:09:21.122 --> 01:09:26.493 Well, I think that if you look at the World Conference 01:09:26.493 --> 01:09:30.198 on International Telecommunications, 01:09:30.198 --> 01:09:34.769 it was an important treaty negotiation, renegotiation 01:09:34.769 --> 01:09:41.142 that hadn't been renegotiated since 1988, is that right? 01:09:41.142 --> 01:09:45.613 '88. And as Americans we look at these negotiations as one-- 01:09:45.613 --> 01:09:52.587 as a one negotiation and I think that that's a poor perspective 01:09:52.587 --> 01:09:56.057 because the WCIT was really 01:09:56.057 --> 01:10:01.029 about how does one monetize the internet and to pay 01:10:01.029 --> 01:10:03.365 for court infrastructure. 01:10:03.365 --> 01:10:09.437 And it is one of a multi-series of negotiations, the world-- 01:10:09.437 --> 01:10:13.842 there's another telecommunications conference 01:10:13.842 --> 01:10:17.212 on policy, WTPF, it just happened in Geneva 01:10:17.212 --> 01:10:20.448 and they'll be the world summit on information society 01:10:20.448 --> 01:10:24.753 that will be culminating in 2014 I think, right? 01:10:24.753 --> 01:10:26.121 2014, '15. 01:10:26.121 --> 01:10:27.389 >> So on, yup. 01:10:27.389 --> 01:10:31.092 >> And there will be 24 negotiations to go between now 01:10:31.092 --> 01:10:35.830 and then that will ultimately be where things will land. 01:10:35.830 --> 01:10:37.299 And then from-- the world summit 01:10:37.299 --> 01:10:39.467 on information society will be the strategy 01:10:39.467 --> 01:10:43.471 by which will be executed in the WTPF for policy. 01:10:43.471 --> 01:10:48.143 The WCIT for regulation and in the internet standards-- 01:10:48.143 --> 01:10:50.211 in the international standards organization 01:10:50.211 --> 01:10:53.281 for the overall technology. 01:10:53.281 --> 01:10:57.452 So, I think if you are a person in the corporate world 01:10:57.452 --> 01:10:59.688 and you're worried about these things you shouldn't just look 01:10:59.688 --> 01:11:01.790 at one of these forums as one off. 01:11:01.790 --> 01:11:03.191 And if you're worried about it 01:11:03.191 --> 01:11:05.226 from a government perspective it's not just the policy forum 01:11:05.226 --> 01:11:07.495 where the regulatory forum, it's all of this forum 01:11:07.495 --> 01:11:08.830 and they're all interconnected. 01:11:08.830 --> 01:11:12.567 So, I would say that yes, I think you actually suggested 01:11:12.567 --> 01:11:15.770 that it was a positive outcome at WCIT in Dubai and I think 01:11:15.770 --> 01:11:19.240 that the United States lost in that negotiation but-- 01:11:19.240 --> 01:11:23.111 and I think that the United States and many are going 01:11:23.111 --> 01:11:26.348 to continue to lose and it's going to be a quick erosion 01:11:26.348 --> 01:11:31.486 of our stance not a slower version of our stance. 01:11:31.486 --> 01:11:34.456 >> I'll take one more question from the panel. 01:11:34.456 --> 01:11:36.558 Any other panelist has a question before we go 01:11:36.558 --> 01:11:39.327 out to the audience? 01:11:39.327 --> 01:11:42.197 Going once? 01:11:43.765 --> 01:11:45.333 OK. 01:11:45.333 --> 01:11:47.369 >> Mike Nelson with Bloomberg Government 01:11:47.369 --> 01:11:49.137 and with Georgetown University. 01:11:49.137 --> 01:11:51.673 I want to commend the internet society for great panel, 01:11:51.673 --> 01:11:53.708 we got the lawyers, we've got the techies, 01:11:53.708 --> 01:11:56.578 we've got the scholars, we've got the activists, 01:11:56.578 --> 01:11:59.347 and that's great but we tend here in Washington 01:11:59.347 --> 01:12:00.915 to talk about the policy. 01:12:00.915 --> 01:12:03.685 And Danny I tweeted your-- 01:12:03.685 --> 01:12:06.955 a [inaudible] of your talk which I thought was exceptional. 01:12:06.955 --> 01:12:08.890 And that was-- 01:12:08.890 --> 01:12:10.792 >> You got it to 142 characters? 01:12:10.792 --> 01:12:12.627 >> Less than that. 01:12:12.627 --> 01:12:17.766 But you basically said, data will flow, we can't really focus 01:12:17.766 --> 01:12:20.402 as we used to on controlling that flow, 01:12:20.402 --> 01:12:25.073 we have to control the misuse of that data. 01:12:25.073 --> 01:12:27.876 Policy makers are starting to understand that. 01:12:27.876 --> 01:12:30.478 But I think we also have to figure out a way 01:12:30.478 --> 01:12:33.648 that techies can start implementing systems 01:12:33.648 --> 01:12:35.150 that reflect that. 01:12:35.150 --> 01:12:38.253 And the first way to do that is to make sure 01:12:38.253 --> 01:12:41.589 that systems are more transparent so that we can see 01:12:41.589 --> 01:12:44.459 where data is being misused. 01:12:44.459 --> 01:12:47.829 And I guess I'd challenge the audience to think about privacy, 01:12:47.829 --> 01:12:50.832 not to tell the audience and the panel to think 01:12:50.832 --> 01:12:53.868 about transparency by design. 01:12:53.868 --> 01:12:57.505 We've heard about privacy by design but has anybody thought 01:12:57.505 --> 01:13:00.642 of examples of where we're building in the transparencies 01:13:00.642 --> 01:13:03.144 so its in the technology and other places 01:13:03.144 --> 01:13:05.079 where we could do that better? 01:13:05.079 --> 01:13:08.016 Just an open question. 01:13:08.016 --> 01:13:09.417 >> Laura? 01:13:09.417 --> 01:13:13.421 >> OK. I think that's a really great question and a good point. 01:13:13.421 --> 01:13:16.858 I'll give one example of where I think the transparency is 01:13:16.858 --> 01:13:18.693 excellent and then a couple of examples 01:13:18.693 --> 01:13:21.262 where I think we need more transparency. 01:13:21.262 --> 01:13:24.232 What is one of the oldest and most vulnerable institutions 01:13:24.232 --> 01:13:25.600 of internet governance? 01:13:25.600 --> 01:13:28.736 The internet engineering taskforce jumps to mind. 01:13:28.736 --> 01:13:30.038 So, this is the-- one 01:13:30.038 --> 01:13:32.941 of the standard setting organizations for the internet. 01:13:32.941 --> 01:13:34.676 There are many others but they have set many 01:13:34.676 --> 01:13:39.814 of the core standards so they have a tradition of being open 01:13:39.814 --> 01:13:41.249 in three different ways. 01:13:41.249 --> 01:13:44.052 They're open in the development of a standard 01:13:44.052 --> 01:13:46.221 and that anyone can participate. 01:13:46.221 --> 01:13:49.190 Now, granted there are a lot of barriers to participation, 01:13:49.190 --> 01:13:51.459 it requires a lot of technical knowledge, 01:13:51.459 --> 01:13:54.929 it requires in many cases money to go to some 01:13:54.929 --> 01:13:57.065 of the events in time. 01:13:57.065 --> 01:13:59.734 But it is basically open to anyone. 01:13:59.734 --> 01:14:02.370 They are also open and transparent 01:14:02.370 --> 01:14:04.739 in that the actual specification. 01:14:04.739 --> 01:14:06.508 So, a standard is not really software 01:14:06.508 --> 01:14:09.377 or hardware specifications that are written down 01:14:09.377 --> 01:14:11.546 and people can go online and view them. 01:14:11.546 --> 01:14:14.516 So, I would differ with some of the panelists and say that, 01:14:14.516 --> 01:14:17.919 "Oh the technology is-- it is political." 01:14:17.919 --> 01:14:22.023 So, the technology designers make political decisions 01:14:22.023 --> 01:14:25.527 in the design whether they like to call it that or not. 01:14:25.527 --> 01:14:27.695 So, sometimes privacy is designed in. 01:14:27.695 --> 01:14:30.198 Think about encryption standards for example. 01:14:30.198 --> 01:14:33.535 Think about unique identifiers and the privacy implications. 01:14:33.535 --> 01:14:36.971 Yet the specification is open so there are some degree 01:14:36.971 --> 01:14:39.240 of accountability where people can view it. 01:14:39.240 --> 01:14:41.442 It's also open in the implementation 01:14:41.442 --> 01:14:44.379 because it results in multiple competing products 01:14:44.379 --> 01:14:46.247 that are based on that standard. 01:14:46.247 --> 01:14:47.649 So, that's an example. 01:14:47.649 --> 01:14:50.718 In other cases we don't have a lot of transparency and I agree 01:14:50.718 --> 01:14:52.186 with you that we need more. 01:14:52.186 --> 01:14:55.890 So, here is an example, how do we look at interconnections? 01:14:55.890 --> 01:14:59.394 So, this is an area where I'm worried because of all 01:14:59.394 --> 01:15:01.563 of the calls for greater government regulation 01:15:01.563 --> 01:15:03.097 of interconnection in an area 01:15:03.097 --> 01:15:06.401 that has worked fairly well up until now. 01:15:06.401 --> 01:15:08.536 Well, part of the reason we're seeing this calls 01:15:08.536 --> 01:15:10.772 for a regulation is that we can't really see what the 01:15:10.772 --> 01:15:13.207 agreements are between these private companies. 01:15:13.207 --> 01:15:17.178 So, I think it would be more helpful to have transparency 01:15:17.178 --> 01:15:19.714 in an area such as that as well as other infrastructure areas. 01:15:19.714 --> 01:15:25.987 >> So, I want to go back to Danny's premise 01:15:25.987 --> 01:15:28.856 which you apparently support which seems to be-- 01:15:28.856 --> 01:15:32.560 data will flow, everybody will collect it 01:15:32.560 --> 01:15:34.395 and we should only focus on the uses. 01:15:34.395 --> 01:15:36.864 And that's certainly a discussion we've had on sort 01:15:36.864 --> 01:15:39.334 of the consumer side of the ledger? 01:15:39.334 --> 01:15:41.402 You know, Google will collect it and where we have 01:15:41.402 --> 01:15:44.339 to focus our attention is how they're using it. 01:15:44.339 --> 01:15:47.542 I have to submit the government is collecting information 01:15:47.542 --> 01:15:52.113 and certainly the US government collecting information really 01:15:52.113 --> 01:15:55.917 to-- is subject to-- I mean in our own country it's subject 01:15:55.917 --> 01:15:59.954 to this little thing called the Fourth Amendment and I know 01:15:59.954 --> 01:16:03.992 of no case and I stand-- I'm willing to stand corrected 01:16:03.992 --> 01:16:06.828 that says, you can go in-- 01:16:06.828 --> 01:16:09.597 I mean, this is essentially what the governments is arguing 01:16:09.597 --> 01:16:11.232 in NSA collection. 01:16:11.232 --> 01:16:15.837 And they're calling it acquisition and not collection 01:16:15.837 --> 01:16:19.507 that acquiring the information is not collection. 01:16:19.507 --> 01:16:24.445 And that any rights that might attach don't happen 01:16:24.445 --> 01:16:26.280 until you open and look at the packets. 01:16:26.280 --> 01:16:29.117 I don't know, you know, I've never heard anybody come 01:16:29.117 --> 01:16:31.519 into somebody's house, walk away with their desk drawer 01:16:31.519 --> 01:16:33.855 and say, "We're acquiring." 01:16:33.855 --> 01:16:37.659 To let you know if we ever get around to looking at it. 01:16:37.659 --> 01:16:41.095 And so-- Danny and I have some disagreement although I'm 01:16:41.095 --> 01:16:43.631 getting persuaded more and more by his-- 01:16:43.631 --> 01:16:47.802 by the question of use in the commercial side 01:16:47.802 --> 01:16:49.837 of this big data world. 01:16:49.837 --> 01:16:52.607 But, I'm not willing to go there in terms of governments. 01:16:52.607 --> 01:16:54.742 And I think it's a really dangerous thing to do. 01:16:54.742 --> 01:17:00.815 >> So I-- just to clarify, my observation 01:17:00.815 --> 01:17:07.789 that data will flow is not meant as a moral conclusion. 01:17:07.789 --> 01:17:11.492 And I think the extension which we choose to put limits 01:17:11.492 --> 01:17:15.596 on how much data government can acquire from those 01:17:15.596 --> 01:17:17.465 who have already collected it, right. 01:17:17.465 --> 01:17:21.636 Because that's what we're talking about here, 01:17:21.636 --> 01:17:26.708 it's very important and I think that historically we have relied 01:17:26.708 --> 01:17:32.080 on technical barriers to large scale information collection 01:17:32.080 --> 01:17:34.882 as a way to limit how much power the government has 01:17:34.882 --> 01:17:36.217 and we don't have those anymore. 01:17:36.217 --> 01:17:38.619 So, we're going to have to get very explicit 01:17:38.619 --> 01:17:41.155 about what limits we think government should have 01:17:41.155 --> 01:17:43.424 on both the collection and the use front. 01:17:43.424 --> 01:17:46.594 My only observation kind of back to your point Mike is 01:17:46.594 --> 01:17:50.364 that we are much better technically 01:17:50.364 --> 01:17:52.734 at managing collection limitation 01:17:52.734 --> 01:17:54.736 than we are managing use limitation. 01:17:54.736 --> 01:17:57.038 Just as a pure matter of the kinds 01:17:57.038 --> 01:18:00.708 of computer science techniques that we have available 01:18:00.708 --> 01:18:04.779 and I would submit that's because, you know, 01:18:04.779 --> 01:18:07.782 the computer security community cryptographers have taught us a 01:18:07.782 --> 01:18:12.220 huge amount about how to keep data secret 01:18:12.220 --> 01:18:14.155 and control access to data. 01:18:14.155 --> 01:18:17.125 There's a whole other set of disciplines developing 01:18:17.125 --> 01:18:21.629 in computer science that try to characterize information usage, 01:18:21.629 --> 01:18:26.134 track information usage, but it is a different-- 01:18:26.134 --> 01:18:30.505 but there is less progress on that because I think 01:18:30.505 --> 01:18:33.207 that that's not a view of privacy 01:18:33.207 --> 01:18:36.944 that computer sciences have previously focused on. 01:18:36.944 --> 01:18:38.780 So, I think you're exactly right to point 01:18:38.780 --> 01:18:40.581 out that we need more work there. 01:18:40.581 --> 01:18:41.983 >> I'd actually hear from the techies. 01:18:41.983 --> 01:18:44.418 Because I wasn't thinking so much about transparency 01:18:44.418 --> 01:18:46.487 at the institution level at layer eight. 01:18:46.487 --> 01:18:48.890 I was thinking more the lower levels. 01:18:48.890 --> 01:18:49.957 Well, like-- 01:18:49.957 --> 01:18:51.325 >> Oh, I'll give the-- let me give the-- 01:18:51.325 --> 01:18:52.727 >> -- like route to tracing, you know, when we send an e-mail 01:18:52.727 --> 01:18:54.729 to each other you can find out where it balanced along the way. 01:18:54.729 --> 01:18:57.098 >> Let me give the techies about two minutes before we move 01:18:57.098 --> 01:18:59.433 on to another question because we will have a chance 01:18:59.433 --> 01:19:02.003 to circle back in the round table again 01:19:02.003 --> 01:19:03.805 so we can take another bite at the apple here. 01:19:03.805 --> 01:19:04.338 >> Yeah. 01:19:04.338 --> 01:19:05.406 >> Go ahead. 01:19:05.406 --> 01:19:06.774 >> I just want to-- just very quickly. 01:19:06.774 --> 01:19:08.042 Stealing is stealing. 01:19:08.042 --> 01:19:09.577 It doesn't matter whether it's in the physical world 01:19:09.577 --> 01:19:11.479 or in the cyber world. 01:19:11.479 --> 01:19:16.184 So, whatever the techniques you have to collect data of a theft, 01:19:16.184 --> 01:19:18.953 in the physical world you can apply the same techniques 01:19:18.953 --> 01:19:20.288 in the cyber world. 01:19:20.288 --> 01:19:22.156 The difference is speed. 01:19:22.156 --> 01:19:25.293 I mean it takes me physically a long time to go in 01:19:25.293 --> 01:19:27.762 and steal a laptop from the gentleman's tester 01:19:27.762 --> 01:19:30.264 but I can steal all the information on his laptop 01:19:30.264 --> 01:19:32.934 in a second, probably as long as it took me to do it as long 01:19:32.934 --> 01:19:34.769 as I can connect it over the net. 01:19:34.769 --> 01:19:38.206 So, the comment about the government, you know, 01:19:38.206 --> 01:19:41.175 and the search warrant in the constitution, you should, 01:19:41.175 --> 01:19:42.210 you know, that's why it's there. 01:19:42.210 --> 01:19:43.811 That's why we have the constitution is 01:19:43.811 --> 01:19:45.012 to follow those laws. 01:19:45.012 --> 01:19:47.715 And you can still achieve the same goals and stay 01:19:47.715 --> 01:19:49.750 within the constitutional limits. 01:19:49.750 --> 01:19:51.118 It's been done. 01:19:51.118 --> 01:19:54.021 It's just that what's happened is we got a bunch of people 01:19:54.021 --> 01:19:58.092 at the policy level that didn't understand what the 01:19:58.092 --> 01:20:00.027 implications are. 01:20:00.027 --> 01:20:01.395 And that's where-- everything 01:20:01.395 --> 01:20:03.097 that they've done has been legal. 01:20:03.097 --> 01:20:04.332 It-- the law is the problem. 01:20:04.332 --> 01:20:06.601 Not what whether they're doing it or that. 01:20:06.601 --> 01:20:08.836 >> I would question that. 01:20:08.836 --> 01:20:10.037 >> But-- 01:20:10.037 --> 01:20:13.074 >> OK. I'm going to move this along because I want 01:20:13.074 --> 01:20:15.610 to give Joanne a chance and I'm sure Steve is getting a lot 01:20:15.610 --> 01:20:17.879 of farther for the round table to come back to just later on. 01:20:17.879 --> 01:20:19.213 >> So, I don't want to pick up on thing 01:20:19.213 --> 01:20:23.818 which is the internet has a tradition or convention, 01:20:23.818 --> 01:20:28.489 I wouldn't say tradition, convention of protocols 01:20:28.489 --> 01:20:31.359 which behave in an open manner. 01:20:31.359 --> 01:20:34.896 And so, this is for example, your-- 01:20:34.896 --> 01:20:37.465 when you're looking at how packets flow, there are commands 01:20:37.465 --> 01:20:40.167 like traceroute that let you see how they go through the internet 01:20:40.167 --> 01:20:43.738 and you can map them through an exchange point most of the time. 01:20:43.738 --> 01:20:46.274 When you look at mail headers, you can look at e-mail headers 01:20:46.274 --> 01:20:48.676 and you can actually see, wow that's not my e-mail, 01:20:48.676 --> 01:20:51.512 it got from point A to point B and it's visible 01:20:51.512 --> 01:20:54.282 and you can see those most of the time. 01:20:54.282 --> 01:20:57.385 When you look at a packet that you've received you can look 01:20:57.385 --> 01:21:00.121 at the source address and say, "Oh, where is that from?" 01:21:00.121 --> 01:21:04.025 And you can look it up and find it most of the time. 01:21:04.025 --> 01:21:06.594 Now, there is no obligations that any 01:21:06.594 --> 01:21:08.429 of this information is accurate. 01:21:08.429 --> 01:21:09.897 It's all sufficiently accurate 01:21:09.897 --> 01:21:12.600 to keep the internet running or at least so far. 01:21:12.600 --> 01:21:15.336 And we hope it will just keep it running, 01:21:15.336 --> 01:21:18.873 but there's no actual obligations and you need 01:21:18.873 --> 01:21:23.077 to be careful because while there would be some benefit 01:21:23.077 --> 01:21:27.181 to having an attribute that says there's an actual obligation 01:21:27.181 --> 01:21:30.918 to make this accurate, then I see people emerging saying, 01:21:30.918 --> 01:21:34.455 "Well, wait a second, now I'm worried about my anonymity 01:21:34.455 --> 01:21:38.326 because now you can trace my IP, or you can trace my e-mail." 01:21:38.326 --> 01:21:43.931 So, we have just a convention of transparency 01:21:43.931 --> 01:21:46.133 which has been enough to keep the internet running. 01:21:46.133 --> 01:21:47.835 There is a question on whether or not that's going 01:21:47.835 --> 01:21:50.538 to actually work long term. 01:21:50.538 --> 01:21:55.176 The point that was made by Randy which is that the rate 01:21:55.176 --> 01:21:58.379 at which you can attack something digitally is a lot 01:21:58.379 --> 01:21:59.914 faster than physically. 01:21:59.914 --> 01:22:03.451 And this means that the ability to have an accountable internet 01:22:03.451 --> 01:22:07.822 where we can actually figure out who sent the bomb threat 01:22:07.822 --> 01:22:11.359 or figure out who sent the e-mail which cause the problem 01:22:11.359 --> 01:22:15.563 at the school is potentially a very large duty 01:22:15.563 --> 01:22:19.767 and it may require us making a tradeoff between anonymity 01:22:19.767 --> 01:22:24.138 and curated anonymity in order to have accountability. 01:22:24.138 --> 01:22:26.173 Right now it's not clear that one 01:22:26.173 --> 01:22:27.975 or the other is the right answer. 01:22:27.975 --> 01:22:31.245 >> So, we may-- we'll circle back to this in the round table. 01:22:31.245 --> 01:22:34.749 Let me move on to the next question over here. 01:22:34.749 --> 01:22:38.853 >> All right, I'm [inaudible] cofounder of Codex for Africa. 01:22:38.853 --> 01:22:40.921 This is more to as the techie side too 01:22:40.921 --> 01:22:43.257 but at the same time from a global view. 01:22:43.257 --> 01:22:47.695 We represent thousand of developers in Africa, 01:22:47.695 --> 01:22:49.764 in the upcoming years it's going 01:22:49.764 --> 01:22:51.832 to be more software developers who're are going 01:22:51.832 --> 01:22:56.070 to be creating thousands of applications on mobile and web. 01:22:56.070 --> 01:22:59.507 And one of the things is what are the strategies there, 01:22:59.507 --> 01:23:03.077 when you have emerging countries or emerging economy jumping 01:23:03.077 --> 01:23:06.213 on a bag of bandwagon of using the internet to do transaction 01:23:06.213 --> 01:23:08.849 with the US or the western world. 01:23:08.849 --> 01:23:12.486 What do you think what would happen because I could be 01:23:12.486 --> 01:23:16.924 in a country like Synagogue, you know, do some hacking, 01:23:16.924 --> 01:23:20.561 I can do anything I can because you don't have access to the-- 01:23:20.561 --> 01:23:22.630 maybe the continent level network. 01:23:22.630 --> 01:23:27.935 But as well as the western world, 01:23:27.935 --> 01:23:29.804 what are your strategies and all that? 01:23:29.804 --> 01:23:33.607 >> Well, this is where the law comes into play. 01:23:33.607 --> 01:23:35.576 What we hear on the techie side for instance is 01:23:35.576 --> 01:23:38.345 of course there is laws in hacking in the US, 01:23:38.345 --> 01:23:41.048 but there is no laws in hacking in China, 01:23:41.048 --> 01:23:42.416 as we would understand it. 01:23:42.416 --> 01:23:45.820 So, each country gets to define, you know, what a hacking is. 01:23:45.820 --> 01:23:49.323 Some may take it as an assault against the government 01:23:49.323 --> 01:23:51.192 if you are hacking, you know, 01:23:51.192 --> 01:23:54.795 some might just say it's a plain and simple theft. 01:23:54.795 --> 01:23:57.131 So, you're going to have to-- I would think you'd have to look 01:23:57.131 --> 01:23:59.900 at each individual country's definition 01:23:59.900 --> 01:24:03.504 of what they considered to be hacking in that case. 01:24:03.504 --> 01:24:07.641 Now, on the other side, again, if you're writing an application 01:24:07.641 --> 01:24:09.810 for someone like that then you're going to do logging, 01:24:09.810 --> 01:24:12.480 you're going to do all of this type of stuff because you want 01:24:12.480 --> 01:24:15.749 to provide an auditor if you will 01:24:15.749 --> 01:24:17.952 if it's a financial application with some record 01:24:17.952 --> 01:24:20.654 of whatever transactions your software handles. 01:24:20.654 --> 01:24:23.557 So, there's always going to be a record of something that you-- 01:24:23.557 --> 01:24:26.460 either your app did or where your app went. 01:24:26.460 --> 01:24:30.331 Whether it's accurate or not that's another question 01:24:30.331 --> 01:24:31.632 but there's always going to be a record. 01:24:31.632 --> 01:24:34.635 And again, metadata analysis I can use that 01:24:34.635 --> 01:24:35.903 and make some inferences 01:24:35.903 --> 01:24:39.039 as to what you did even though I can't see what you-- 01:24:39.039 --> 01:24:43.511 what's in your individual packets if you encrypted them. 01:24:43.511 --> 01:24:44.578 >> John? 01:24:44.578 --> 01:24:48.716 >> So, that's an amazing wake up call here. 01:24:48.716 --> 01:24:51.552 So, we have this internet that's remarkable. 01:24:51.552 --> 01:24:56.056 It allows people to interact, people in different countries 01:24:56.056 --> 01:24:59.059 with different expectations to interact. 01:24:59.059 --> 01:25:00.995 And yet, the conventions 01:25:00.995 --> 01:25:06.667 by which governments work haven't evolved fast enough. 01:25:06.667 --> 01:25:10.204 The idea that citizen in country A is interacting with citizen 01:25:10.204 --> 01:25:14.542 in country B and it might be illegal in one country and not 01:25:14.542 --> 01:25:17.111 in another is a whole new concept 01:25:17.111 --> 01:25:19.914 that governments are going to take some time to try 01:25:19.914 --> 01:25:21.448 to figure out how to deal with. 01:25:21.448 --> 01:25:22.683 So, we have a problem. 01:25:22.683 --> 01:25:25.352 We literally have an internet that has capabilities 01:25:25.352 --> 01:25:29.223 that governments haven't come to grip on how 01:25:29.223 --> 01:25:32.893 to handle their duties and responsibilities. 01:25:32.893 --> 01:25:35.429 I know governments have feel very strongly 01:25:35.429 --> 01:25:38.499 about protecting their citizens against pornography 01:25:38.499 --> 01:25:41.869 or against certain types of content. 01:25:41.869 --> 01:25:43.270 I know governments in other countries 01:25:43.270 --> 01:25:46.840 that feel very strongly that that's up to each citizen. 01:25:46.840 --> 01:25:49.944 But the reality is that that intersection has now happened 01:25:49.944 --> 01:25:51.145 because of the internet. 01:25:51.145 --> 01:25:53.948 Two governments can have very different views 01:25:53.948 --> 01:25:56.817 on what their responsibilities of their citizens are. 01:25:56.817 --> 01:26:00.387 So, to answer your question in a general case, 01:26:00.387 --> 01:26:02.022 the internets move faster than governments. 01:26:02.022 --> 01:26:04.024 Governments literally do not know how to interact 01:26:04.024 --> 01:26:05.893 with the situation you describe. 01:26:05.893 --> 01:26:09.396 On a practical matter, if you end up doing something 01:26:09.396 --> 01:26:13.033 of significance, something that causes a lot of harm 01:26:13.033 --> 01:26:17.271 or actually there's a very nice list of types of attacks, 01:26:17.271 --> 01:26:21.775 distraction of property, theft of intellectual property. 01:26:21.775 --> 01:26:25.412 There's different types of extortion or DDoS, 01:26:25.412 --> 01:26:29.416 if you actually do something of a major magnitude you'll find 01:26:29.416 --> 01:26:32.119 out that law enforcement does cooperate between countries 01:26:32.119 --> 01:26:33.520 and it works very well. 01:26:33.520 --> 01:26:36.223 It's just not set up for the scale of the internet. 01:26:36.223 --> 01:26:39.560 And it's in the age of the cooperation 01:26:39.560 --> 01:26:41.195 between law enforcement 01:26:41.195 --> 01:26:44.898 and various computer response teams is one step 01:26:44.898 --> 01:26:48.135 above fax machines ringing and going back and forth. 01:26:48.135 --> 01:26:51.538 We have the mechanism to handle the really bad events 01:26:51.538 --> 01:26:53.073 fairly slowly. 01:26:53.073 --> 01:26:55.342 We don't have anything to handle the scale 01:26:55.342 --> 01:26:58.545 of automatic attacks happening 24 hours a day 01:26:58.545 --> 01:27:00.114 around the entire globe which don't-- 01:27:00.114 --> 01:27:01.682 >> Let me move to Danny. 01:27:01.682 --> 01:27:03.550 He wanted to say something and then I'm going to move 01:27:03.550 --> 01:27:05.152 on to the next question. 01:27:05.152 --> 01:27:06.820 By the way, I can't really talk to anybody 01:27:06.820 --> 01:27:09.256 in New York once I ask a question. 01:27:09.256 --> 01:27:11.492 So, what they do I guess they'll stand up or something 01:27:11.492 --> 01:27:12.459 or else go through Paul. 01:27:12.459 --> 01:27:13.794 Danny, go ahead. 01:27:13.794 --> 01:27:17.965 >> I just want to make one observation about the challenge 01:27:17.965 --> 01:27:23.537 of international law enforcement cooperation. 01:27:23.537 --> 01:27:26.106 Most people in this room are probably familiar 01:27:26.106 --> 01:27:30.577 with the SOPA debate that was proposed in United States. 01:27:30.577 --> 01:27:33.814 In a certain sense we only have that debate with all 01:27:33.814 --> 01:27:40.154 of its cataclysm because of the failure of current mechanisms 01:27:40.154 --> 01:27:43.023 in international law enforcement cooperation. 01:27:43.023 --> 01:27:45.592 We have that debate, the Congress was considering 01:27:45.592 --> 01:27:50.564 that law blocking access 01:27:50.564 --> 01:27:53.233 to websites outside the United States 01:27:53.233 --> 01:27:58.038 that might have infringing content because people 01:27:58.038 --> 01:27:59.473 in Congress were concerned 01:27:59.473 --> 01:28:03.344 that US Law Enforcement didn't have an effective way of working 01:28:03.344 --> 01:28:07.781 with law enforcement authorities from the countries 01:28:07.781 --> 01:28:09.850 where the infringement was actually happening. 01:28:09.850 --> 01:28:16.256 I think that we have to get a lot better as John is suggesting 01:28:16.256 --> 01:28:18.859 at add enforcement cooperation. 01:28:18.859 --> 01:28:21.895 There are realms where that works reasonably well but it's-- 01:28:21.895 --> 01:28:25.632 the problem is it's mostly cooperation in the form of how 01:28:25.632 --> 01:28:30.003 to make a criminal conviction against someone to stick. 01:28:30.003 --> 01:28:32.773 Law enforcement cooperation mechanisms are good 01:28:32.773 --> 01:28:34.541 at exchanging evidence, it make sure 01:28:34.541 --> 01:28:37.811 that you have the information you need to, you know, 01:28:37.811 --> 01:28:41.215 bring someone to trial but not good 01:28:41.215 --> 01:28:45.219 at actually stopping the behavior 01:28:45.219 --> 01:28:47.054 that maybe harmful as it's happening. 01:28:47.054 --> 01:28:49.156 So, I think it's a very big challenge. 01:28:49.156 --> 01:28:51.792 >> All right, go to Paul for a-- 01:28:51.792 --> 01:28:53.727 >> I actually did see that David Salmon [assumed spelling] 01:28:53.727 --> 01:28:57.131 of the New York Society's chapter president would 01:28:57.131 --> 01:28:58.365 like to have a question. 01:28:58.365 --> 01:28:59.700 So, why don't we go to him if he will-- 01:28:59.700 --> 01:29:01.568 I think they have a little bit of a delay. 01:29:01.568 --> 01:29:05.539 So, he might just be hearing this in a second. 01:29:05.539 --> 01:29:07.441 >> OK David. 01:29:07.441 --> 01:29:14.982 [ Inaudible Remark ] 01:29:14.982 --> 01:29:22.689 >> OK, that's your cue David. 01:29:22.689 --> 01:29:24.558 >> OK. I'll speak to the camera then or-- yeah. 01:29:24.558 --> 01:29:26.460 OK, so. 01:29:26.460 --> 01:29:34.001 [ Inaudible Remark ] 01:29:34.001 --> 01:29:36.570 OK, we have some delay here. 01:29:36.570 --> 01:29:39.440 My question is what sort 01:29:39.440 --> 01:29:41.608 of scenarios do our panelists envision 01:29:41.608 --> 01:29:45.712 and what would be some alternative solutions 01:29:45.712 --> 01:29:50.417 if our government specifically Congress is unwilling or unable 01:29:50.417 --> 01:29:54.755 to rain in agencies such as the NSA in terms of surveillance? 01:29:54.755 --> 01:29:57.057 If they can't do it or choose not 01:29:57.057 --> 01:29:58.992 to what would be the consequences? 01:29:58.992 --> 01:30:02.029 Are there technical solutions or are there possible solutions 01:30:02.029 --> 01:30:05.032 that could be implemented without US government? 01:30:05.032 --> 01:30:09.803 >> OK. The panelists are being-- the panelists are being asked, 01:30:09.803 --> 01:30:11.605 is there a work around congress? 01:30:11.605 --> 01:30:15.075 >> I would just to speak to it just 01:30:15.075 --> 01:30:16.944 as an individual not as a panel member. 01:30:16.944 --> 01:30:18.312 But if congress can't rain 01:30:18.312 --> 01:30:21.548 in the government agency we have a lot more serious problems 01:30:21.548 --> 01:30:23.584 than what's going on in the internet. 01:30:23.584 --> 01:30:28.021 >> When was the last time we passed a federal budget? 01:30:28.021 --> 01:30:30.257 >> I mean, they are government agency. 01:30:30.257 --> 01:30:31.358 Congress has to do that. 01:30:31.358 --> 01:30:34.695 Now, again, there is classified information 01:30:34.695 --> 01:30:37.865 and all this other stuff that can influence how law is passed. 01:30:37.865 --> 01:30:40.968 But quite frankly if congress didn't have that power 01:30:40.968 --> 01:30:43.737 to do it then we wouldn't see General Alexander making a run 01:30:43.737 --> 01:30:47.174 up to talk to members, I think was it today or-- 01:30:47.174 --> 01:30:48.475 >> No, it's tomorrow. 01:30:48.475 --> 01:30:49.409 >> Yeah, the vote is tomorrow. 01:30:49.409 --> 01:30:50.944 So, you know, doing that, 01:30:50.944 --> 01:30:53.780 so certainly I would think congress has the ability to do 01:30:53.780 --> 01:30:56.216 and should have the ability or else we don't have a democracy. 01:30:56.216 --> 01:30:59.820 >> OK, any other panelist winging on that? 01:30:59.820 --> 01:31:00.320 Lynn? 01:31:00.320 --> 01:31:01.622 >> Well-- 01:31:01.622 --> 01:31:03.223 >> You can just say quicker than I'm-- oh, I'm sorry. 01:31:03.223 --> 01:31:04.324 >> No please. 01:31:04.324 --> 01:31:06.527 >> That, you know, there are ways for people 01:31:06.527 --> 01:31:08.228 to manage their traffic. 01:31:08.228 --> 01:31:11.331 I know I'm certainly certain that would be even more ways 01:31:11.331 --> 01:31:14.801 for people to manage their traffic and choose the routing. 01:31:14.801 --> 01:31:17.137 We actually are quite concerned about that 01:31:17.137 --> 01:31:20.707 because it will make the global internet much less resilient. 01:31:20.707 --> 01:31:24.545 It will-- putting something in a box doesn't mean it's-- 01:31:24.545 --> 01:31:29.149 it maybe protecting it from one country actually examine it 01:31:29.149 --> 01:31:31.451 but it doesn't protect the other country. 01:31:31.451 --> 01:31:36.490 And so, I'm not quite sure what David's question was but, 01:31:36.490 --> 01:31:39.927 you know, if it's about routing and the ability to route 01:31:39.927 --> 01:31:42.829 around what you see as a problem, I think we need 01:31:42.829 --> 01:31:44.131 to be very, very careful about what some 01:31:44.131 --> 01:31:45.465 of those potential solutions are 01:31:45.465 --> 01:31:47.501 and because I don't think it will address the question 01:31:47.501 --> 01:31:50.003 you're-- the problem you're trying to route around. 01:31:50.003 --> 01:31:54.274 And in fact it will overtime make the global internet much 01:31:54.274 --> 01:31:57.044 less resilient. 01:31:57.044 --> 01:31:58.111 >> Paul? 01:31:58.111 --> 01:31:59.880 >> OK, I have a question from live stream. 01:31:59.880 --> 01:32:01.615 It's from Garth Gram [assumed spelling]. 01:32:01.615 --> 01:32:03.850 He asks, is the real issue autonomy 01:32:03.850 --> 01:32:06.587 and self determined choice rather than privacy? 01:32:06.587 --> 01:32:09.423 And if so, what is the role of identity 01:32:09.423 --> 01:32:12.926 in addressing the issue of trust? 01:32:12.926 --> 01:32:20.634 >> Well, I'll take one step at that. 01:32:20.634 --> 01:32:24.871 I think that in the discussions of privacy 01:32:24.871 --> 01:32:31.778 over the last 10 years or so, maybe longer I think 01:32:31.778 --> 01:32:36.383 that we've gotten a little bit distracted by the promise 01:32:36.383 --> 01:32:41.588 of individual choice as somehow the key to privacy. 01:32:41.588 --> 01:32:45.325 I think that a lot of the privacy values-- 01:32:45.325 --> 01:32:48.462 and what I mean by that is the dialogue box is 01:32:48.462 --> 01:32:51.898 that everyone sees in, you know, one website or another 01:32:51.898 --> 01:32:54.701 where you have to click here to accept the privacy policy 01:32:54.701 --> 01:32:57.571 or swat away a dialogue box to proceed. 01:32:57.571 --> 01:33:03.010 And I think certainly in-- it's actually a remarkable point 01:33:03.010 --> 01:33:06.179 of convergence between the United States and Europe 01:33:06.179 --> 01:33:10.150 in the last couple years both the White House 01:33:10.150 --> 01:33:13.620 and the Federal Trade Commission issued major privacy policy 01:33:13.620 --> 01:33:16.857 statements that noted the limitations of this 01:33:16.857 --> 01:33:20.293 so called noticing choice or individual determination model. 01:33:20.293 --> 01:33:23.563 The European certainly have pointed that out as well. 01:33:23.563 --> 01:33:26.333 A lot of the things that we value associated 01:33:26.333 --> 01:33:27.968 with privacy are collected values. 01:33:27.968 --> 01:33:30.871 We want to make sure people can associate freely, 01:33:30.871 --> 01:33:33.874 can engage in politics, can engage in commerce, 01:33:33.874 --> 01:33:36.143 can seek medical care, et cetera. 01:33:36.143 --> 01:33:39.846 And I think that giving people the choices to opt 01:33:39.846 --> 01:33:42.749 out of those things or somehow control their identity 01:33:42.749 --> 01:33:45.852 when they are trying to speak to their doctor or make 01:33:45.852 --> 01:33:48.155 up public political statement really seems 01:33:48.155 --> 01:33:51.992 to be exactly the opposite of some of our core privacy value. 01:33:51.992 --> 01:33:55.295 So, I think that there are situations 01:33:55.295 --> 01:33:58.131 in which individual autonomy is quite important 01:33:58.131 --> 01:34:00.901 but a little bit also to the last question about the NSA. 01:34:00.901 --> 01:34:04.404 I don't think we get ourselves out of these privacy problems 01:34:04.404 --> 01:34:13.280 by just giving people, you know, 20K long encryption keys 01:34:13.280 --> 01:34:15.549 to wield against everyone else. 01:34:15.549 --> 01:34:16.750 >> Laura? 01:34:16.750 --> 01:34:20.887 >> That's a really interesting question and I want 01:34:20.887 --> 01:34:22.689 to tie it back to something 01:34:22.689 --> 01:34:25.792 that I think Danny said before about data will flow. 01:34:25.792 --> 01:34:27.728 And, you know, while I agree with that, 01:34:27.728 --> 01:34:30.797 that's also not necessarily the case. 01:34:30.797 --> 01:34:34.034 We have interconnection disputes that have resulted in outages, 01:34:34.034 --> 01:34:36.136 we've had countries that have cut off access 01:34:36.136 --> 01:34:37.437 for their citizens. 01:34:37.437 --> 01:34:39.806 We have areas of the world that have infrastructures 01:34:39.806 --> 01:34:41.374 of complete censorship. 01:34:41.374 --> 01:34:44.411 We have digital divide issues, we have trends away 01:34:44.411 --> 01:34:47.380 from interoperability where we're going in the cloud 01:34:47.380 --> 01:34:50.250 to more proprietary protocols for example. 01:34:50.250 --> 01:34:53.420 So, it's-- so data will not necessarily flow. 01:34:53.420 --> 01:34:55.288 But one of the things that is required for it 01:34:55.288 --> 01:34:59.126 to flow is this issue of trust that the questioner brought up. 01:34:59.126 --> 01:35:03.830 So, I think I can mention just a couple of areas or maybe three 01:35:03.830 --> 01:35:05.165 that are very important. 01:35:05.165 --> 01:35:09.002 So, the trust has always excited between network providers 01:35:09.002 --> 01:35:12.639 to exchange information about IP addresses that are either 01:35:12.639 --> 01:35:15.876 in their control or that they can reach on the internet. 01:35:15.876 --> 01:35:18.678 But we have seen examples that's done 01:35:18.678 --> 01:35:20.814 by through a boarder gateway protocol. 01:35:20.814 --> 01:35:22.182 There have been examples 01:35:22.182 --> 01:35:25.452 where false routes have been advertised whether intentionally 01:35:25.452 --> 01:35:28.555 or not and outages have occurred. 01:35:28.555 --> 01:35:31.525 So, there is-- our effort is underway now to secure 01:35:31.525 --> 01:35:33.126 that which are very necessary. 01:35:33.126 --> 01:35:35.295 So, we have to build trust into the network. 01:35:35.295 --> 01:35:37.230 It's not something that we can just assume. 01:35:37.230 --> 01:35:39.900 It has to be designed in, it has to be build in. 01:35:39.900 --> 01:35:42.903 The same thing with how the domain name system works. 01:35:42.903 --> 01:35:45.972 We have servers located around the world that resolve queries 01:35:45.972 --> 01:35:50.343 of domain names like maybe I'm up here looking at cnn.com, 01:35:50.343 --> 01:35:54.014 I'm not but the domain name server would resolve 01:35:54.014 --> 01:35:57.050 that into its IP address and route the information. 01:35:57.050 --> 01:35:59.986 Well, that can be gamed also 01:35:59.986 --> 01:36:03.223 and that there can be a false return of a query. 01:36:03.223 --> 01:36:06.526 So, having things like domain name system security extensions 01:36:06.526 --> 01:36:08.762 has to be continued to be implemented. 01:36:08.762 --> 01:36:10.997 You know, these are just a few of the examples, 01:36:10.997 --> 01:36:14.968 an answer to the question that it has to be designed in, 01:36:14.968 --> 01:36:18.104 same thing with website authentication. 01:36:18.104 --> 01:36:21.908 If I'm saying that correctly the role of certificate authorities 01:36:21.908 --> 01:36:24.311 and how they verify through a digital signatures 01:36:24.311 --> 01:36:27.247 that a website is who the website says it is. 01:36:27.247 --> 01:36:29.950 So, again, this is an example of the politics 01:36:29.950 --> 01:36:32.319 of the architecture, it's no just about agreements 01:36:32.319 --> 01:36:35.255 between people but about designing this trust 01:36:35.255 --> 01:36:37.457 and identity into the infrastructure. 01:36:37.457 --> 01:36:39.726 >> I'm going to move on to the next question just 01:36:39.726 --> 01:36:43.663 because I want to get the audience as much opportunity 01:36:43.663 --> 01:36:47.234 as I can because the panelists are going to be able 01:36:47.234 --> 01:36:50.904 to circle back on this later on over here. 01:36:50.904 --> 01:36:53.440 >> So, I'm Luke Wadman [assumed spelling], I'm a student working 01:36:53.440 --> 01:36:55.475 as a policy analyst intern, 01:36:55.475 --> 01:36:58.378 analysis intern for IEEE this summer. 01:36:58.378 --> 01:37:00.513 I'm working on internet governance issues. 01:37:00.513 --> 01:37:04.050 And does the panel think there is any-- 01:37:04.050 --> 01:37:10.056 would it be a good way to frame the debate on privacy 01:37:10.056 --> 01:37:13.426 and internet governance and et cetera in economic terms 01:37:13.426 --> 01:37:15.962 because if I've learned anything in my time in DC it's 01:37:15.962 --> 01:37:17.564 that catching the ear 01:37:17.564 --> 01:37:20.200 of our congressional representatives is easy 01:37:20.200 --> 01:37:22.969 if you start talking about jobs and job creation 01:37:22.969 --> 01:37:27.207 and we've already talked a little bit about the impact 01:37:27.207 --> 01:37:31.878 of things like prism on US-based IT companies like Google 01:37:31.878 --> 01:37:34.381 and Facebook, particularly in the EU 01:37:34.381 --> 01:37:36.583 but also around the world. 01:37:36.583 --> 01:37:39.819 One case is that Google isn't really competitive in China 01:37:39.819 --> 01:37:42.756 and that's probably going to continue in that direction. 01:37:42.756 --> 01:37:46.860 So, would that be a good way to frame this whole conversation 01:37:46.860 --> 01:37:48.395 and actually encourage some sort 01:37:48.395 --> 01:37:52.265 of positive congressional action? 01:37:53.600 --> 01:37:56.703 >> So, I would never say that I have any idea how 01:37:56.703 --> 01:37:59.339 to encourage positive congressional action. 01:37:59.339 --> 01:38:02.375 I just want to put that on the table. 01:38:02.375 --> 01:38:03.944 I think it is true 01:38:03.944 --> 01:38:07.514 that everything that's happened this sort 01:38:07.514 --> 01:38:13.753 of last six weeks inside this sort of NSA bubble has happened 01:38:13.753 --> 01:38:17.757 without any reference as to what it might-- 01:38:17.757 --> 01:38:22.562 the impact that it might have on US industry. 01:38:22.562 --> 01:38:25.532 And I think it is possible that the impact at least 01:38:25.532 --> 01:38:27.300 in the short run maybe severe. 01:38:27.300 --> 01:38:30.370 On the other hand a lot of people may carry 01:38:30.370 --> 01:38:33.873 on about being unhappy about discovering 01:38:33.873 --> 01:38:37.811 that the NSA is sucking up their data. 01:38:37.811 --> 01:38:42.816 Historically, when the big comp-- 01:38:42.816 --> 01:38:45.685 if you look at the SOPA fight 01:38:45.685 --> 01:38:47.554 which I think was probably the first time 01:38:47.554 --> 01:38:52.158 that US internet industry sort of held hands with activists 01:38:52.158 --> 01:38:56.329 and technologist, it does get congresses attention. 01:38:56.329 --> 01:39:00.066 I will say though that National Security is different. 01:39:00.066 --> 01:39:03.703 It is just always different and the arc 01:39:03.703 --> 01:39:08.575 of National Security has been more, more, more since 9/11 01:39:08.575 --> 01:39:13.813 and the question is whether these revelations have sort 01:39:13.813 --> 01:39:17.717 of pushed us beyond the more and more place. 01:39:17.717 --> 01:39:20.587 >> OK. Let's move over here. 01:39:20.587 --> 01:39:24.457 >> Hi, I'm Susan Aaronson with GW, I'm a professor here 01:39:24.457 --> 01:39:26.559 and I work with the Worldwide Web Foundation 01:39:26.559 --> 01:39:28.428 on measuring internet openness. 01:39:28.428 --> 01:39:32.032 And I want to ask you a question that relates to trust, 01:39:32.032 --> 01:39:34.034 the trust of policy makers. 01:39:34.034 --> 01:39:38.271 So, in the last couple of days we've seen [inaudible] 01:39:38.271 --> 01:39:41.041 and Angle a Miracle [assumed spelling] make these delightful 01:39:41.041 --> 01:39:46.613 comments about sever locations and threats in terms of privacy. 01:39:46.613 --> 01:39:49.482 And again, I wonder if there are-- 01:39:49.482 --> 01:39:52.919 so, they're basically saying if the server can't be located 01:39:52.919 --> 01:39:58.525 where we can control, where our privacy rules dominate we might 01:39:58.525 --> 01:40:01.194 not accept for example some 01:40:01.194 --> 01:40:02.395 of the things the United States wants 01:40:02.395 --> 01:40:04.230 in the trade agreement or-- 01:40:04.230 --> 01:40:07.934 and we see similar things with the Trans-Pacific Partnership 01:40:07.934 --> 01:40:10.236 and I just wonder if you could talk a little bit 01:40:10.236 --> 01:40:11.571 about this now. 01:40:11.571 --> 01:40:15.208 You know, you can always, for national security reasons, 01:40:15.208 --> 01:40:19.345 you can always say you have a particular policy in place 01:40:19.345 --> 01:40:21.181 and it's not protectionist. 01:40:21.181 --> 01:40:23.349 But this is opposite of that, right? 01:40:23.349 --> 01:40:25.518 They're saying that for privacy reasons, 01:40:25.518 --> 01:40:31.458 they want to essentially protect their citizens 01:40:31.458 --> 01:40:33.426 from their information being traded 01:40:33.426 --> 01:40:36.696 by having the server location in the United Stated. 01:40:36.696 --> 01:40:40.600 If I may add one other thing which is Frank La Rue, 01:40:40.600 --> 01:40:44.637 who works for the-- who is the UN Special Representative 01:40:44.637 --> 01:40:48.174 on Freedom of Expression, he has said basically 01:40:48.174 --> 01:40:51.377 that the US' failure to protect the privacy is a violation 01:40:51.377 --> 01:40:53.146 of its human rights' obligation 01:40:53.146 --> 01:40:55.148 because that is a basic human right 01:40:55.148 --> 01:40:57.750 under the Universal Declaration, blah, blah, blah. 01:40:57.750 --> 01:41:03.990 So I want to hear your comments. 01:41:03.990 --> 01:41:05.225 >> Sure. I'll do this. 01:41:05.225 --> 01:41:06.960 Pull it out there. 01:41:06.960 --> 01:41:09.395 I'll-- the Trans-Pacific Partnership 01:41:09.395 --> 01:41:18.471 and the US Free Trade Agreement is and always will have had 01:41:20.540 --> 01:41:24.911 to address the data privacy laws. 01:41:24.911 --> 01:41:27.113 The Safe Harbor that we had in place 01:41:27.113 --> 01:41:31.918 in 2001 will actually expire with the agreement. 01:41:31.918 --> 01:41:35.488 And the United States, as you know, has no national umbrella 01:41:35.488 --> 01:41:37.357 for data breach and data privacy. 01:41:37.357 --> 01:41:41.494 We have 47 individual states with their individual programs 01:41:41.494 --> 01:41:43.263 and no national umbrella. 01:41:43.263 --> 01:41:46.099 And so, if we're recalling for congressional action 01:41:46.099 --> 01:41:50.336 that had an economic, you know, significant impact, 01:41:50.336 --> 01:41:54.374 there are 52 pieces of legislation currently 01:41:54.374 --> 01:41:57.777 in 113th Congress around cyber security, 01:41:57.777 --> 01:41:59.646 about 10 of which around data breach. 01:41:59.646 --> 01:42:01.181 It would be wonderful if we could get 01:42:01.181 --> 01:42:03.716 to some bipartisan agreement on that 01:42:03.716 --> 01:42:07.787 so we could enable the overall Free Trade Agreement 01:42:07.787 --> 01:42:11.257 to move forward between the two continents. 01:42:11.257 --> 01:42:16.162 More specifically though, noting the 47 different state laws 01:42:16.162 --> 01:42:19.799 and noting the difference between the Europe 01:42:19.799 --> 01:42:23.836 and the United States, cloud computing 01:42:23.836 --> 01:42:27.574 and where the data is stored follows the geography 01:42:27.574 --> 01:42:29.976 and will always follow the geography. 01:42:29.976 --> 01:42:32.545 So if there's a data breach here in the state of Virginia, 01:42:32.545 --> 01:42:34.480 it follows a different set of rules 01:42:34.480 --> 01:42:37.550 than Massachusetts and in California. 01:42:37.550 --> 01:42:40.853 And a company, whoever the company might be, actually has 01:42:40.853 --> 01:42:44.324 to know all sets of laws for that particular state 01:42:44.324 --> 01:42:48.361 in this case in order to follow the regulatory compliance, 01:42:48.361 --> 01:42:49.429 et cetera. 01:42:49.429 --> 01:42:51.798 That also is the same for if it's stored 01:42:51.798 --> 01:42:53.132 in the United Kingdom, 01:42:53.132 --> 01:42:55.535 it follows the United Kingdom's laws, and the Netherlands, 01:42:55.535 --> 01:42:58.004 and Brazil, and you pick the place. 01:42:58.004 --> 01:43:04.711 And so when the EU and the leaders of Germany 01:43:04.711 --> 01:43:07.480 and elsewhere are talking about the data protection 01:43:07.480 --> 01:43:12.252 and data privacy, and they are looking at the United States 01:43:12.252 --> 01:43:15.221 and worried about how our data-- 01:43:15.221 --> 01:43:18.258 we're protecting data and the privacy, 01:43:18.258 --> 01:43:21.761 then it would be also important understand how the European 01:43:21.761 --> 01:43:26.933 companies are mirroring data in other countries like Brazil 01:43:26.933 --> 01:43:30.937 or South Africa or Egypt or China or India, 01:43:30.937 --> 01:43:34.040 et cetera because the data always follows the law 01:43:34.040 --> 01:43:39.112 of the geography that it sits in. 01:43:39.112 --> 01:43:42.181 >> I'll just add to that that one of the things to-- 01:43:42.181 --> 01:43:46.886 I mean, obviously, the NSA revelations have sort 01:43:46.886 --> 01:43:50.156 of strengthened the EU's hand in a discussion 01:43:50.156 --> 01:43:52.458 that was going long before. 01:43:52.458 --> 01:43:56.963 We have a particular view of what privacy means. 01:43:56.963 --> 01:44:02.101 It doesn't match up, going back to this question earlier about, 01:44:02.101 --> 01:44:06.973 you know, what economic kind of motivation might move Congress. 01:44:06.973 --> 01:44:10.376 One would think the US companies would move forward 01:44:10.376 --> 01:44:12.945 on a comprehensive data protection regime 01:44:12.945 --> 01:44:16.215 in the United States that might be more flexible 01:44:16.215 --> 01:44:20.553 and perhaps reflect the internet more than the European one, 01:44:20.553 --> 01:44:23.323 but I haven't seen them step forward on that. 01:44:23.323 --> 01:44:26.726 I think it would be interesting for somebody to ask the question 01:44:26.726 --> 01:44:30.863 about the various EU countries in their surveillance regimes 01:44:30.863 --> 01:44:33.733 because as much as I say some very unpleasant things 01:44:33.733 --> 01:44:37.136 about ours, I think you would find that it-- 01:44:37.136 --> 01:44:39.405 with the exception of our capacity 01:44:39.405 --> 01:44:43.810 for the just incredible scale of collection, 01:44:43.810 --> 01:44:47.914 that the actual legal protections are no better 01:44:47.914 --> 01:44:50.583 at best and probably a lot worse. 01:44:50.583 --> 01:44:56.089 >> Just one comment on the trade discussions. 01:44:56.089 --> 01:44:58.091 Suzanne, I think it's a very good, 01:44:58.091 --> 01:45:00.593 it's a very important question. 01:45:00.593 --> 01:45:04.564 I certainly think that, you know, as you well know, 01:45:04.564 --> 01:45:07.867 better than probably anyone in this room, you know, 01:45:07.867 --> 01:45:10.970 trade agreements have always made exceptions for things 01:45:10.970 --> 01:45:14.407 like national security, public morals, 01:45:14.407 --> 01:45:16.676 sometimes consumer protections, things like that. 01:45:16.676 --> 01:45:21.080 I think what we see now is that simply pushing them off, 01:45:21.080 --> 01:45:24.083 those issues off into the exception category is not going 01:45:24.083 --> 01:45:28.121 to work so we need some kind of mechanism 01:45:28.121 --> 01:45:30.323 that on the one hand respects the fact 01:45:30.323 --> 01:45:32.425 that governments do have a legitimate 01:45:32.425 --> 01:45:35.128 and important interest in protecting their citizens 01:45:35.128 --> 01:45:39.632 against unsafe products, against human rights violations 01:45:39.632 --> 01:45:42.235 if that's the way they do privacy, against, you know, 01:45:42.235 --> 01:45:44.604 security breaches, what have you. 01:45:44.604 --> 01:45:51.477 But tying that to the location of data is, I think, 01:45:51.477 --> 01:45:56.716 just an overly simplistic way of accomplishing that purpose, 01:45:56.716 --> 01:46:00.353 and I think, you know, you can make fancy-- 01:46:00.353 --> 01:46:04.323 well, you can make fancy trade arguments about why that's not, 01:46:04.323 --> 01:46:07.727 you know, most favored nation treatment. 01:46:07.727 --> 01:46:13.065 But I think the bottom line is, we used to have trade agreements 01:46:13.065 --> 01:46:15.802 that were fundamentally about tariffs and we've mostly dealt 01:46:15.802 --> 01:46:18.204 with those issues, and now we are going to trade agreements 01:46:18.204 --> 01:46:21.507 that are fundamentally about the non-tariff barriers 01:46:21.507 --> 01:46:23.776 that exist between economies. 01:46:23.776 --> 01:46:27.046 So we're going to have to deal with that either. 01:46:27.046 --> 01:46:30.883 I think that in the, you know-- for some period of time, 01:46:30.883 --> 01:46:35.388 I think the surveillance issues will cloud those discussions 01:46:35.388 --> 01:46:37.990 but we'll come back to them at some point 01:46:37.990 --> 01:46:40.827 and they will be the same issues. 01:46:40.827 --> 01:46:43.763 So-- and I-- the only thing I-- 01:46:43.763 --> 01:46:49.802 the only final thing I would say, I think that one 01:46:49.802 --> 01:46:51.204 of the big challenges we're going to have 01:46:51.204 --> 01:46:54.907 in the trade context on internet issues is the challenge 01:46:54.907 --> 01:47:00.146 that we found with ACTA, that the ACTA was making-- 01:47:00.146 --> 01:47:02.448 [Inaudible Remark] Sorry, oh, sorry, oh God, Steve is going 01:47:02.448 --> 01:47:04.150 to throw that look at me. 01:47:04.150 --> 01:47:10.523 So there was a trade agreement involving intellectual property 01:47:10.523 --> 01:47:17.163 enforcement whose acronym is ACTA 01:47:17.163 --> 01:47:22.268 and was very strenuously opposed by civil society groups all 01:47:22.268 --> 01:47:24.470 over the world because they didn't know what it was, 01:47:24.470 --> 01:47:26.539 they didn't know what was in the agreement and they argued, 01:47:26.539 --> 01:47:28.608 I think-- I thought, quite legitimately 01:47:28.608 --> 01:47:31.010 that if there are going to be rules made 01:47:31.010 --> 01:47:34.113 about intellectual property rights that affect individuals, 01:47:34.113 --> 01:47:36.182 there should be some public discussion 01:47:36.182 --> 01:47:37.783 of what those rules are. 01:47:37.783 --> 01:47:42.121 Trade people believe they somehow can't negotiate 01:47:42.121 --> 01:47:43.489 in public. 01:47:43.489 --> 01:47:46.125 And that's a sort of an article of faith in the trade world. 01:47:46.125 --> 01:47:50.329 They're going to have to learn to be a little bit more public 01:47:50.329 --> 01:47:53.466 if they're going to get anything done on these issues is my deal. 01:47:53.466 --> 01:47:55.401 >> Lynn, you got the last word before the break. 01:47:55.401 --> 01:47:56.802 >> Just quickly. 01:47:56.802 --> 01:47:58.104 Not only-- it wasn't that they wouldn't negotiate in public, 01:47:58.104 --> 01:47:59.639 they would not authorize a release 01:47:59.639 --> 01:48:02.141 of the documents post-negotiation. 01:48:02.141 --> 01:48:04.243 They were not available publicly. 01:48:04.243 --> 01:48:06.846 >> So this sounds like a thread going-- 01:48:06.846 --> 01:48:11.918 circling back to NSA and FISA and all that, but I am sorry 01:48:11.918 --> 01:48:15.488 that we have hit the point where we promised we were going 01:48:15.488 --> 01:48:18.291 to take a very brief five-minute break that you're going 01:48:18.291 --> 01:48:20.693 to have a chance to stretch your legs, then we're going 01:48:20.693 --> 01:48:26.699 to come back and people on the panel will mix it up some more, 01:48:26.699 --> 01:48:30.736 even better I suspect, moderated by Steve Roberts. 01:48:30.736 --> 01:48:33.239 But let's take a quick five-minute break. 01:48:33.239 --> 01:48:36.475 There will be one other opportunity for you all to meet 01:48:36.475 --> 01:48:38.744 and greet at least most of the panelists 01:48:38.744 --> 01:48:42.882 and there's a reception that starts at 5:15 afterwards. 01:48:42.882 --> 01:48:45.551 But for now, five-minute break, we'll convene at 4 o'clock. 01:48:45.551 --> 01:48:47.486 Thank you very much. 01:48:47.486 --> 01:48:53.960 [ Inaudible Discussions ] 01:48:53.960 --> 01:48:55.294 Well, thanks for sticking around. 01:48:55.294 --> 01:48:56.829 I know it's been a long afternoon. 01:48:56.829 --> 01:48:59.932 As Lance said, I'm Steve Roberts. 01:48:59.932 --> 01:49:02.335 I'm a professor here at GW in the School of Media 01:49:02.335 --> 01:49:04.570 and Public Affairs, right across the street. 01:49:04.570 --> 01:49:08.841 And my job is to try to crystallize some of the issues 01:49:08.841 --> 01:49:11.644 that we've been discussing 01:49:11.644 --> 01:49:14.447 and [inaudible] some conversation among 01:49:14.447 --> 01:49:15.815 the panelists. 01:49:15.815 --> 01:49:19.919 And I want to start by quoting a couple of things I heard. 01:49:19.919 --> 01:49:22.455 Lynn, for instance, said that 01:49:22.455 --> 01:49:25.157 "unwanted surveillance is not acceptable." 01:49:25.157 --> 01:49:29.528 Leslie talked a lot about human rights. 01:49:29.528 --> 01:49:32.398 But there was a phrase 01:49:32.398 --> 01:49:36.068 that I did not hear the entire first hour and a half except 01:49:36.068 --> 01:49:39.839 in passing, and that word was "national security." 01:49:39.839 --> 01:49:44.877 And so I want to pose this question to the panel. 01:49:44.877 --> 01:49:48.014 Isn't national security a human right? 01:49:48.014 --> 01:49:50.383 Isn't safety a human right? 01:49:50.383 --> 01:49:57.123 Isn't the unwanted surveillance, 01:49:57.123 --> 01:50:01.360 one person's unwanted surveillance is another person's 01:50:01.360 --> 01:50:06.432 protection from danger and from terrorism? 01:50:06.432 --> 01:50:10.703 So, I want to ask everybody, what's the tradeoff here? 01:50:10.703 --> 01:50:16.776 The whole idea in the first half of this panel was the importance 01:50:16.776 --> 01:50:20.146 of the freedoms in the internet. 01:50:20.146 --> 01:50:21.480 But what are the limits, 01:50:21.480 --> 01:50:23.916 and what are the legitimate tradeoffs, 01:50:23.916 --> 01:50:27.453 and how do we balance legitimate human rights 01:50:27.453 --> 01:50:29.922 against legitimate rights to be safe 01:50:29.922 --> 01:50:31.824 from terrorism and other threats? 01:50:31.824 --> 01:50:34.360 Who wants to start? 01:50:34.360 --> 01:50:36.896 Go ahead, John. 01:50:36.896 --> 01:50:42.435 >> So I'm going to almost answer the question, but not quite. 01:50:42.435 --> 01:50:50.543 It is true that the governments have certain roles 01:50:50.543 --> 01:50:51.911 and responsibilities. 01:50:51.911 --> 01:50:56.916 And one of those roles is there's a certain protection, 01:50:56.916 --> 01:50:59.251 a certain defensive role 01:50:59.251 --> 01:51:02.021 that a government feels it has to provide. 01:51:02.021 --> 01:51:06.559 And the question is how do governments do what they see 01:51:06.559 --> 01:51:09.128 as their obligations, 01:51:09.128 --> 01:51:12.832 their actual responsibilities given the internet. 01:51:12.832 --> 01:51:16.268 The internet has not been very good at this, OK? 01:51:16.268 --> 01:51:16.969 So, -- 01:51:16.969 --> 01:51:18.204 >> Would you excuse me. 01:51:18.204 --> 01:51:21.006 It's not just an obligation, it's not just something 01:51:21.006 --> 01:51:24.877 that they passing, this is the first obligation 01:51:24.877 --> 01:51:26.579 of government, is to protect-- 01:51:26.579 --> 01:51:27.146 >> Right. 01:51:27.146 --> 01:51:27.980 >> -- people. 01:51:27.980 --> 01:51:29.348 Isn't it the first obligation? 01:51:29.348 --> 01:51:31.383 >> Ideal. One of the things that [inaudible] does, of course, 01:51:31.383 --> 01:51:33.686 is we're responsible for maintaining a registry 01:51:33.686 --> 01:51:36.122 of IP addresses and that registry is often used 01:51:36.122 --> 01:51:39.525 because someone does something in cyberspace 01:51:39.525 --> 01:51:41.260 and the first thing law enforcement would 01:51:41.260 --> 01:51:44.263 like to know is, where is that in the real world? 01:51:44.263 --> 01:51:46.799 Because real world has the people in organizations 01:51:46.799 --> 01:51:48.534 and the cyberspace has to do 01:51:48.534 --> 01:51:50.302 with domain names and IP addresses. 01:51:50.302 --> 01:51:53.305 And so, governments feel they have 01:51:53.305 --> 01:51:54.907 to enforce laws for example. 01:51:54.907 --> 01:51:57.810 And yet the internet wasn't built with an interface 01:51:57.810 --> 01:52:01.380 for government is saying, "If you're trying to do your duty, 01:52:01.380 --> 01:52:04.383 here's how you go about finding that person. 01:52:04.383 --> 01:52:07.720 Here's how you go about doing what you see as an obligation." 01:52:07.720 --> 01:52:10.723 So, I know a lot of people look at this 01:52:10.723 --> 01:52:15.060 and they go this entire area of governments and what they want 01:52:15.060 --> 01:52:17.763 to do with the internet and they want to take control 01:52:17.763 --> 01:52:20.299 and they want to do surveillance. 01:52:20.299 --> 01:52:22.802 If you turn it around and look at it, 01:52:22.802 --> 01:52:25.004 remember that from the government's perspective, 01:52:25.004 --> 01:52:28.407 in many cases, these governments feel they have an obligation 01:52:28.407 --> 01:52:31.710 and the internet is actively preventing them 01:52:31.710 --> 01:52:33.579 from doing something they're required 01:52:33.579 --> 01:52:35.047 by their citizens to do. 01:52:35.047 --> 01:52:38.350 So, we need to not omit the fact 01:52:38.350 --> 01:52:42.521 that the internet doesn't provide a friendly interface 01:52:42.521 --> 01:52:43.856 to government. 01:52:43.856 --> 01:52:47.226 So, me people would see that as a feature but it's a fact 01:52:47.226 --> 01:52:49.328 that shouldn't be overlooked in the discussion. 01:52:49.328 --> 01:52:50.062 >> Tradeoff. 01:52:50.062 --> 01:52:51.230 What's the tradeoff? 01:52:51.230 --> 01:52:52.198 Leslie? 01:52:52.198 --> 01:52:54.500 >> So, I want to back this up. 01:52:54.500 --> 01:52:56.869 This is not a new question and it doesn't have 01:52:56.869 --> 01:52:58.137 to do with the internet. 01:52:58.137 --> 01:52:59.672 I mean, we have a-- 01:52:59.672 --> 01:53:04.210 an international human rights framework 01:53:04.210 --> 01:53:08.514 that explicitly makes national security an exception for-- 01:53:08.514 --> 01:53:13.219 exception for-- in human rights treaties. 01:53:13.219 --> 01:53:16.589 It is an obligation of the countries themselves 01:53:16.589 --> 01:53:18.524 to protect our national security. 01:53:18.524 --> 01:53:21.493 But we also have an entire developed jurisprudence 01:53:21.493 --> 01:53:25.631 about publicly enacted transparent law, 01:53:25.631 --> 01:53:30.436 proportionate law, fair process, remedy and oversight. 01:53:30.436 --> 01:53:33.906 And, you know, I think we just throw this 01:53:33.906 --> 01:53:37.009 into the internet context, we're just missing, there's a bit-- 01:53:37.009 --> 01:53:41.413 you know, there's a basic-- there's bodies of law and norms. 01:53:41.413 --> 01:53:45.017 And the question here is not whether there's a tradeoff, 01:53:45.017 --> 01:53:46.685 it's whether you reach a balance. 01:53:46.685 --> 01:53:52.191 And I think when you have most of this process secret, 01:53:52.191 --> 01:53:55.794 the judicial process secret, the oversight secret, 01:53:55.794 --> 01:53:58.631 the interpretation of the law secret, 01:53:58.631 --> 01:54:01.200 then you cannot achieve that balance. 01:54:01.200 --> 01:54:03.269 The question at the end of day is balance. 01:54:03.269 --> 01:54:05.471 I certainly would take issue with the idea 01:54:05.471 --> 01:54:09.375 that the internet has been unfriendly to law enforcement 01:54:09.375 --> 01:54:11.610 and it's always this, you know, we're going dark 01:54:11.610 --> 01:54:13.012 and we can't see anything. 01:54:13.012 --> 01:54:16.715 I think if we learned anything over the last couple of months, 01:54:16.715 --> 01:54:20.419 it's that law enforcement really has access 01:54:20.419 --> 01:54:22.021 to much more information 01:54:22.021 --> 01:54:24.790 and that there is therefore a temptation 01:54:24.790 --> 01:54:27.726 to use what technology has created 01:54:27.726 --> 01:54:32.631 to go beyond what a balanced human rights frame would allow. 01:54:32.631 --> 01:54:34.199 And I think that's what our problem is, 01:54:34.199 --> 01:54:35.534 not that they're not supposed to be [inaudible]. 01:54:35.534 --> 01:54:38.137 It is a first order of business for government. 01:54:38.137 --> 01:54:40.906 They are supposed to protect their citizens. 01:54:40.906 --> 01:54:44.977 But Steve, if you look at this framework that's been created, 01:54:44.977 --> 01:54:49.248 it was framework that was created on a battlefield in Iraq 01:54:49.248 --> 01:54:55.220 to make sure that you had every less possible bid of information 01:54:55.220 --> 01:54:58.557 to make sure you would know about the IED. 01:54:58.557 --> 01:55:03.362 And this whole haystack and needle analogy assumes 01:55:03.362 --> 01:55:06.532 that collecting a haystack is proportionate, 01:55:06.532 --> 01:55:08.167 and I don't think it is. 01:55:08.167 --> 01:55:11.303 >> But the President has said this program 01:55:11.303 --> 01:55:13.305 of surveillance is essential, the Director 01:55:13.305 --> 01:55:16.709 of national security said that it's essential, the Chairman 01:55:16.709 --> 01:55:18.777 of the Senate Intelligence Committee, 01:55:18.777 --> 01:55:20.846 a liberal former mayor 01:55:20.846 --> 01:55:23.649 of San Francisco had said it's essential, 01:55:23.649 --> 01:55:25.951 what's your quarrel with this? 01:55:25.951 --> 01:55:29.121 And how do you rebut their argument of everybody 01:55:29.121 --> 01:55:33.359 who has had access to the secret, say this is justifiable. 01:55:33.359 --> 01:55:38.497 I'd like other people to deal with this. 01:55:38.497 --> 01:55:39.298 >> Please. 01:55:39.298 --> 01:55:40.065 >> Yeah. [Multiple Speakers] 01:55:40.065 --> 01:55:45.204 >> OK. So, it's-- there's 01:55:45.204 --> 01:55:48.407 so many portrayals of this as a binary. 01:55:48.407 --> 01:55:50.976 And, you know, I think the issue is more one 01:55:50.976 --> 01:55:53.445 of degrees [phonetic] and a more granular issue. 01:55:53.445 --> 01:55:55.180 But there are some binaries here, right? 01:55:55.180 --> 01:55:57.616 We either have a constitution or we don't. 01:55:57.616 --> 01:55:59.918 We either have a fourth amendment or we don't. 01:55:59.918 --> 01:56:02.121 But if you start looking at the actual practices 01:56:02.121 --> 01:56:05.057 and I don't think we have a full picture of exactly what's going 01:56:05.057 --> 01:56:08.193 on but based on some of the things that we've heard, 01:56:08.193 --> 01:56:12.197 there are ways to enact the necessary national security 01:56:12.197 --> 01:56:16.568 without crossing the lines that would be unacceptable 01:56:16.568 --> 01:56:17.936 to the majority of the people. 01:56:17.936 --> 01:56:21.507 So, having low level-- so layers of control and layers 01:56:21.507 --> 01:56:24.610 of accountability in the processes of surveillance, 01:56:24.610 --> 01:56:27.312 right, so not just having any low level analyst being able 01:56:27.312 --> 01:56:30.349 to take a fire hose of information and download 01:56:30.349 --> 01:56:33.485 that unto their computer just to exaggerate the point, right? 01:56:33.485 --> 01:56:35.487 So, there's the granularity, 01:56:35.487 --> 01:56:37.423 there's getting the information that's necessary, 01:56:37.423 --> 01:56:38.891 there's the process of accountability, 01:56:38.891 --> 01:56:40.459 there's the issue of judicial review. 01:56:40.459 --> 01:56:42.294 So, I think that there are ways 01:56:42.294 --> 01:56:45.330 to enact the necessary national security now 01:56:45.330 --> 01:56:47.866 that our public's fear is online and now 01:56:47.866 --> 01:56:50.903 that we have the privatization of that public's fear 01:56:50.903 --> 01:56:53.238 without going to the extremes 01:56:53.238 --> 01:56:56.075 of basically having the fire hose analogy 01:56:56.075 --> 01:56:59.578 and just downloading whatever data about anybody. 01:56:59.578 --> 01:57:01.914 >> Anybody else on the panel who want to pick on this? 01:57:01.914 --> 01:57:03.816 Please, go ahead. 01:57:03.816 --> 01:57:07.486 >> So, you want us to talk about tradeoffs but I actually want 01:57:07.486 --> 01:57:11.690 to suggest that I think a more accountable clear system is 01:57:11.690 --> 01:57:13.058 better for national security. 01:57:13.058 --> 01:57:16.228 I think what's happening now where you have very, 01:57:16.228 --> 01:57:20.766 very broad authorities that are unclear is almost the worst 01:57:20.766 --> 01:57:23.869 of all possible worlds for both civil liberties 01:57:23.869 --> 01:57:27.439 and national security because you have-- 01:57:27.439 --> 01:57:31.777 you have policy officials, other governments, activists, 01:57:31.777 --> 01:57:34.046 et cetera, poking around in the business 01:57:34.046 --> 01:57:36.849 of the intelligence community, and that's not a very good thing 01:57:36.849 --> 01:57:40.052 for them frankly, they want to able to do what they do 01:57:40.052 --> 01:57:45.791 of quietly and-- but in order for us to do that, 01:57:45.791 --> 01:57:49.962 in order for that to happen, there has to be a clear sense 01:57:49.962 --> 01:57:51.163 of what the rules are. 01:57:51.163 --> 01:57:53.232 One sense I which-- I largely agree with Leslie 01:57:53.232 --> 01:57:55.400 but the one sense in which I think this is an internet 01:57:55.400 --> 01:57:58.704 problem is it's really kind of a 9/11 problem, 01:57:58.704 --> 01:58:00.472 and then I think a lot of what's going on is going 01:58:00.472 --> 01:58:06.044 on under the kind of exceptional basis that we've handled a lot 01:58:06.044 --> 01:58:08.981 of national security issues post 9/11. 01:58:08.981 --> 01:58:13.152 And to quote the President again, ironically enough, 01:58:13.152 --> 01:58:16.922 just a few weeks before this whole surveillance story broke, 01:58:16.922 --> 01:58:19.291 the President went to the National Defense Universities, 01:58:19.291 --> 01:58:24.263 you know, and gave a speech saying, number one, 01:58:24.263 --> 01:58:28.100 it is bad for a country to be perpetually at war, 01:58:28.100 --> 01:58:29.801 and number two, that the threat level 01:58:29.801 --> 01:58:35.440 from Al Qaeda was basically below the level that it was 01:58:35.440 --> 01:58:38.277 at 9/11, and that we should-- 01:58:38.277 --> 01:58:41.313 and that we should start treating that threat, 01:58:41.313 --> 01:58:45.250 that national security threat as part of the norm not 01:58:45.250 --> 01:58:47.152 as an exception that we have to respond 01:58:47.152 --> 01:58:50.455 to with these kinds of exceptions. 01:58:50.455 --> 01:58:52.958 This whole surveillance program was created 01:58:52.958 --> 01:58:54.960 as the President's surveillance programs, you know, 01:58:54.960 --> 01:58:57.162 as an exception, and that's its problem. 01:58:57.162 --> 01:58:58.297 If the problem is not-- 01:58:58.297 --> 01:58:59.998 >> Although continued by a democratic president-- 01:58:59.998 --> 01:59:04.870 >> Yes, that will-- that's right but I think that it needs 01:59:04.870 --> 01:59:10.175 to be continued on a more clear accountable basis. 01:59:10.175 --> 01:59:14.913 And so I don't tend to accept that the issue gets solved 01:59:14.913 --> 01:59:17.282 by saying more surveillance, less surveillance. 01:59:17.282 --> 01:59:19.851 I think that the issue is surveillance according 01:59:19.851 --> 01:59:21.887 to what rules and with what accountability. 01:59:21.887 --> 01:59:25.057 >> Lynn I quoted [phonetic] you-- please, your turn. 01:59:25.057 --> 01:59:26.325 >> Yeah. I mean, I'll come to my point [inaudible] 01:59:26.325 --> 01:59:29.561 but just [inaudible] said unwarranted surveillance. 01:59:29.561 --> 01:59:32.364 I recognize the difficulty in unwanted thief 01:59:32.364 --> 01:59:34.766 in the perspective of the individual. 01:59:34.766 --> 01:59:37.436 So, it's very much an unwarranted. 01:59:37.436 --> 01:59:38.403 >> Thank you. 01:59:38.403 --> 01:59:39.171 >> But-- And I just really wanted 01:59:39.171 --> 01:59:40.372 to echo the three comments 01:59:40.372 --> 01:59:42.841 that have been made here very, very, very strongly. 01:59:42.841 --> 01:59:45.010 When-- In a system like the internet 01:59:45.010 --> 01:59:47.913 which is breaking all barriers where we're so interconnected 01:59:47.913 --> 01:59:51.116 and so interdependent, we have to change our paradigm 01:59:51.116 --> 01:59:53.885 of looking at this and move it to one of managing risk. 01:59:53.885 --> 01:59:57.322 We can talk about in the context of tradeoffs if you like. 01:59:57.322 --> 01:59:59.725 But we really do have to look at-- 01:59:59.725 --> 02:00:02.327 >> Wasn't that the only context? 02:00:02.327 --> 02:00:06.265 Or isn't tradeoff is the only legitimate way to talk about it? 02:00:06.265 --> 02:00:09.034 Because we-- isn't that what we do everyday? 02:00:09.034 --> 02:00:11.136 >> I think tradeoff is legitimate way 02:00:11.136 --> 02:00:13.138 but I'm not sure we're making the right tradeoffs 02:00:13.138 --> 02:00:15.874 and I think we continue to focus on national security 02:00:15.874 --> 02:00:20.145 and quite often run by flagrant abuses 02:00:20.145 --> 02:00:23.582 than we're conflating the issue or we're not pulling it apart. 02:00:23.582 --> 02:00:26.251 It's not about national security and what is the best way 02:00:26.251 --> 02:00:28.820 to protect national security. 02:00:28.820 --> 02:00:30.222 From my perspective, you know, 02:00:30.222 --> 02:00:32.057 what our members are actually upset 02:00:32.057 --> 02:00:35.494 about is the flagrant abuses and the lack 02:00:35.494 --> 02:00:37.229 of transparency and the secrecy. 02:00:37.229 --> 02:00:38.363 >> Yes, please. 02:00:38.363 --> 02:00:42.267 >> And I think part of the problem that I have 02:00:42.267 --> 02:00:43.869 with hearing what they've said 02:00:43.869 --> 02:00:45.971 for giving the reasons is we haven't heard the reason 02:00:45.971 --> 02:00:47.339 that makes sense. 02:00:47.339 --> 02:00:50.042 It's-- why are you collecting the data, 02:00:50.042 --> 02:00:52.477 it's like the equivalent of your mom 02:00:52.477 --> 02:00:55.347 and dad saying well, because I said so. 02:00:55.347 --> 02:00:58.450 You have to give it something behind that, you know, to-- 02:00:58.450 --> 02:01:01.953 is there a credible threat at whatever level there is. 02:01:01.953 --> 02:01:03.322 I think Danny is right. 02:01:03.322 --> 02:01:06.725 I think the threat level from what we've read in previous, 02:01:06.725 --> 02:01:08.860 you know, speeches by the President is 02:01:08.860 --> 02:01:11.296 that the threat level is a lot less than it was at 9/11. 02:01:11.296 --> 02:01:13.098 Well, if it's a lot less than it wasn't 9/11, 02:01:13.098 --> 02:01:15.233 why do we need to expand this? 02:01:15.233 --> 02:01:17.969 Give us something to look at. 02:01:17.969 --> 02:01:21.373 But I think when I hear them talk about these things 02:01:21.373 --> 02:01:25.210 and give these reasons as somebody who does this type 02:01:25.210 --> 02:01:28.080 of metadata analysis and, you know, 02:01:28.080 --> 02:01:30.148 just as for my own infrastructure was certainly 02:01:30.148 --> 02:01:32.818 in my own infrastructure I can do a lot of that analysis. 02:01:32.818 --> 02:01:35.020 But there's an uplink to me. 02:01:35.020 --> 02:01:37.556 And those people that control that infrastructure, 02:01:37.556 --> 02:01:39.324 my infrastructure, your infrastructure, 02:01:39.324 --> 02:01:41.259 they can do the same type of analysis 02:01:41.259 --> 02:01:43.028 and it trees all the way up. 02:01:43.028 --> 02:01:45.664 It's-- So, why? 02:01:45.664 --> 02:01:48.300 You have to give us a credible reason. 02:01:48.300 --> 02:01:50.469 >> But was running through a lot 02:01:50.469 --> 02:01:53.705 of your comments is a basic mistrust of government. 02:01:53.705 --> 02:01:55.140 I mean you've been told-- 02:01:55.140 --> 02:01:59.678 public has been told by the Intelligence committees 02:01:59.678 --> 02:02:03.448 which have in brief that this is a very valuable tool PRISM 02:02:03.448 --> 02:02:06.051 and other surveillance are very valuable to the President. 02:02:06.051 --> 02:02:09.020 Duly elected democratic liberal president had said it's a very 02:02:09.020 --> 02:02:10.856 valuable tool, the liberal chairman 02:02:10.856 --> 02:02:12.891 of the Senate Intelligence Committee has said it's a very 02:02:12.891 --> 02:02:15.660 valuable tool and everyone of you is doubting it. 02:02:15.660 --> 02:02:20.932 So, what is the source of your suspicions and your mistrust 02:02:20.932 --> 02:02:22.434 of what you're being told? 02:02:22.434 --> 02:02:24.703 >> So, I actually don't, you know, when-- 02:02:24.703 --> 02:02:27.539 there's no way for us to know if it's a valuable tool 02:02:27.539 --> 02:02:28.940 or not a valuable tool. 02:02:28.940 --> 02:02:32.611 So, you could take them at face value that it's a valuable tool. 02:02:32.611 --> 02:02:35.447 Collection of data is a valuable thing. 02:02:35.447 --> 02:02:39.418 It's just not the only analysis in a democratic society. 02:02:39.418 --> 02:02:41.319 And I think-- so, I mean, I-- 02:02:41.319 --> 02:02:44.156 and that's I think the problem here, 02:02:44.156 --> 02:02:48.427 we live in a democratic society where we're supposed 02:02:48.427 --> 02:02:52.230 to have proportional laws that more than a small number 02:02:52.230 --> 02:02:56.101 of people are able to know about to assess that balance 02:02:56.101 --> 02:02:58.203 between liberty and security. 02:02:58.203 --> 02:03:00.071 We really don't have that. 02:03:00.071 --> 02:03:03.008 I mean, if this was a discussion 02:03:03.008 --> 02:03:07.312 that they were tasking these companies 02:03:07.312 --> 02:03:11.583 with specific request based on articulable facts 02:03:11.583 --> 02:03:13.418 about specific individuals 02:03:13.418 --> 02:03:15.954 or even several hundred individuals, 02:03:15.954 --> 02:03:19.057 we might be having a different discussion about the balance 02:03:19.057 --> 02:03:21.326 between liberty and security. 02:03:21.326 --> 02:03:23.695 But we're having a discussion about the value 02:03:23.695 --> 02:03:26.431 of basically collecting the data potentially 02:03:26.431 --> 02:03:27.566 on everybody in the world. 02:03:27.566 --> 02:03:29.968 I mean, we don't know the set. 02:03:29.968 --> 02:03:33.004 So, it's not about trust of government or not. 02:03:33.004 --> 02:03:36.174 You know, I think you could probably come, you know, 02:03:36.174 --> 02:03:39.344 device a program where you know everything about everybody 02:03:39.344 --> 02:03:41.947 in the world and claim it makes you safer, 02:03:41.947 --> 02:03:43.648 maybe it makes you safer. 02:03:43.648 --> 02:03:48.019 But we no longer are following either the values, 02:03:48.019 --> 02:03:50.355 the constitution or the norms of it. 02:03:50.355 --> 02:03:52.324 >> Well, we see you're not following the constitution. 02:03:52.324 --> 02:03:56.461 These laws were passed by democratically-elected Congress. 02:03:56.461 --> 02:03:57.929 >> Well, having been there. 02:03:57.929 --> 02:03:58.497 Yeah. 02:03:58.497 --> 02:03:59.197 >> Yeah, right. 02:03:59.197 --> 02:04:00.265 >> Having been there, 02:04:00.265 --> 02:04:01.299 they didn't know what they were passing 02:04:01.299 --> 02:04:02.701 and they didn't know what [inaudible]. 02:04:02.701 --> 02:04:04.169 >> So, [inaudible] to that, you just said the issue wasn't trust 02:04:04.169 --> 02:04:05.837 and you now you just say, well, 02:04:05.837 --> 02:04:07.072 they didn't know what they were passing. 02:04:07.072 --> 02:04:08.440 >> They didn't know-- they didn't know-- 02:04:08.440 --> 02:04:10.542 >> If you believe well-- well, let me ask you the question. 02:04:10.542 --> 02:04:13.879 If you believe in a democratic system, now you're saying, 02:04:13.879 --> 02:04:15.146 I don't believe 02:04:15.146 --> 02:04:16.815 in the democratic process that's passed these laws. 02:04:16.815 --> 02:04:18.016 >> No. 02:04:18.016 --> 02:04:19.284 >> That they were misinformed and we know better? 02:04:19.284 --> 02:04:23.455 >> No. The laws have been after the fact, stretched 02:04:23.455 --> 02:04:26.491 and manipulated in ways the Congress didn't intend. 02:04:26.491 --> 02:04:31.596 And that's where-- and that's where we've gone off the rails. 02:04:31.596 --> 02:04:35.567 Nobody who is in Congress at that time, Section 215, 02:04:35.567 --> 02:04:37.269 the metadata law that we're talking 02:04:37.269 --> 02:04:40.105 about which is aimed specifically US citizens. 02:04:40.105 --> 02:04:44.509 In making the changes they were making, nobody believed 02:04:44.509 --> 02:04:48.780 that relevant data meant everybody in the United States. 02:04:48.780 --> 02:04:49.981 >> Let me ask you-- 02:04:49.981 --> 02:04:51.850 >> So, you know, this is-- so this is ultimately-- 02:04:51.850 --> 02:04:54.152 yes, it's a question of trust in so far 02:04:54.152 --> 02:04:58.323 as the people implementing the law have made it as elastic 02:04:58.323 --> 02:05:00.425 as possible without it completely exploding 02:05:00.425 --> 02:05:04.095 and it might not be exploding. 02:05:04.095 --> 02:05:05.363 >> John. 02:05:05.363 --> 02:05:07.599 >> I've expressed no view on whether it's desirable 02:05:07.599 --> 02:05:11.803 or undesirable or whether it's illegal or legal. 02:05:11.803 --> 02:05:15.507 Neither of those questions are really interesting to me. 02:05:15.507 --> 02:05:18.910 When it comes to the internet though, 02:05:18.910 --> 02:05:22.480 the question is there's a set of events going 02:05:22.480 --> 02:05:24.583 on regarding surveillance, 02:05:24.583 --> 02:05:27.986 and the internet is global in nature. 02:05:27.986 --> 02:05:32.023 We have allies and trading partners 02:05:32.023 --> 02:05:39.230 and organizations globally, other governments who want 02:05:39.230 --> 02:05:42.300 to understand what's going 02:05:42.300 --> 02:05:45.604 on because they may have the same desire. 02:05:45.604 --> 02:05:50.742 There may be another government that wishes for its reasons 02:05:50.742 --> 02:05:54.980 to engage in surveillance of communication in its country. 02:05:54.980 --> 02:05:58.750 And it wants to understand what is the framework 02:05:58.750 --> 02:06:02.854 by which this is occurring and how does it happen 02:06:02.854 --> 02:06:06.558 in the internet, how was it's supported, how does it go 02:06:06.558 --> 02:06:09.361 on because they have their own national interests 02:06:09.361 --> 02:06:12.497 and they may pass laws in their region that are perfectly fine 02:06:12.497 --> 02:06:15.700 and acceptable according to their processes. 02:06:15.700 --> 02:06:18.169 So, we now have this framework that says, 02:06:18.169 --> 02:06:19.738 there are circumstances during 02:06:19.738 --> 02:06:22.507 which surveillance is apparently an accepted part 02:06:22.507 --> 02:06:23.875 of the architecture. 02:06:23.875 --> 02:06:25.777 What we don't have is a transparency 02:06:25.777 --> 02:06:29.781 about where that's occurring and how that occurs and what happens 02:06:29.781 --> 02:06:32.550 if another 130 countries also do it. 02:06:32.550 --> 02:06:37.422 I believe that if we're to have equitable internet governance, 02:06:37.422 --> 02:06:40.425 it's necessary to have a fully articulated 02:06:40.425 --> 02:06:42.260 and transparent framework. 02:06:42.260 --> 02:06:44.029 I do not know whether or not everyone is going 02:06:44.029 --> 02:06:46.831 to like what their country chooses for what it does 02:06:46.831 --> 02:06:48.333 with surveillance or not. 02:06:48.333 --> 02:06:49.601 That's a different question. 02:06:49.601 --> 02:06:51.736 That's a question of laws and governance structure. 02:06:51.736 --> 02:06:54.205 But if this is going to go on, we need to understand 02:06:54.205 --> 02:06:56.741 where it occurs and how it occurs and the fact 02:06:56.741 --> 02:06:58.977 that it could be occurring in a lot of places. 02:06:58.977 --> 02:07:01.980 And that should be understood and documented as part 02:07:01.980 --> 02:07:06.351 of a clearly transparent recognition 02:07:06.351 --> 02:07:08.019 that this is part of the internet. 02:07:08.019 --> 02:07:11.089 >> Let me ask you all this question. 02:07:11.089 --> 02:07:12.724 You said you're not interested in legality. 02:07:12.724 --> 02:07:17.629 But one of the key debates here is the legal framework 02:07:17.629 --> 02:07:20.398 for PRISM and the FISA law. 02:07:20.398 --> 02:07:26.471 And there's not much debate about whether 02:07:26.471 --> 02:07:29.541 or what's been taking places legal or not under the law, 02:07:29.541 --> 02:07:32.510 but there's a big debate about whether the law is the right law 02:07:32.510 --> 02:07:34.212 and whether the framework should be altered. 02:07:34.212 --> 02:07:39.417 If you all were to testify before an intelligence 02:07:39.417 --> 02:07:42.153 committees and others on the Hill and asked, 02:07:42.153 --> 02:07:44.155 how should this law be change 02:07:44.155 --> 02:07:46.257 to advance the values your talking about? 02:07:46.257 --> 02:07:48.393 What would be some of your suggestions? 02:07:48.393 --> 02:07:51.696 Go ahead. 02:07:51.696 --> 02:07:54.933 >> I think we have to start by walking out the changes 02:07:54.933 --> 02:07:59.104 that we made in the records law because we took 02:07:59.104 --> 02:08:02.607 out all the words that make it proportionate 02:08:02.607 --> 02:08:06.644 and make it targeted and transformed it 02:08:06.644 --> 02:08:08.913 into a broad collection statute. 02:08:08.913 --> 02:08:12.183 And I, you know, I think the ways to walk it back 02:08:12.183 --> 02:08:17.589 that allows substantial collection of targets 02:08:17.589 --> 02:08:22.093 and information related to that targets and backs it 02:08:22.093 --> 02:08:27.499 out of this broad relevancy standard that allows it-- 02:08:27.499 --> 02:08:30.735 if one to be collected on anybody but also not-- 02:08:30.735 --> 02:08:34.672 it just takes out the whole national security purpose. 02:08:34.672 --> 02:08:38.009 Basically, you no longer have to be collecting data 02:08:38.009 --> 02:08:39.778 because of a particular terrorist 02:08:39.778 --> 02:08:42.847 or particular intelligence activity. 02:08:42.847 --> 02:08:45.550 You only have to be collecting in order 02:08:45.550 --> 02:08:47.786 to be protecting the United States. 02:08:47.786 --> 02:08:52.557 And that is simply to fraud and to likely to abuse. 02:08:52.557 --> 02:08:55.426 It is harder for me to note what have changed 702 02:08:55.426 --> 02:08:57.595 because we still don't understand what they're doing. 02:08:57.595 --> 02:08:59.164 >> And [inaudible] going to thought about these-- 02:08:59.164 --> 02:09:02.467 >> Except for the transparence-- except for greater transparency. 02:09:02.467 --> 02:09:05.069 >> 'Cause this is-- this is going to be debated 02:09:05.069 --> 02:09:06.304 in the weeks and months ahead. 02:09:06.304 --> 02:09:07.605 It's a very important question. 02:09:07.605 --> 02:09:08.873 >> But the traditional method 02:09:08.873 --> 02:09:11.376 of before the haystack love [phonetic], 02:09:11.376 --> 02:09:12.877 if you allow me to call it that. 02:09:12.877 --> 02:09:14.679 Before that was placed, the traditional methods 02:09:14.679 --> 02:09:16.981 of law enforcement worked, and they would work 02:09:16.981 --> 02:09:18.983 with whatever the internet had to provide. 02:09:18.983 --> 02:09:20.518 You needed to identify somebody. 02:09:20.518 --> 02:09:24.155 You usually identify them through a non-technical aspect. 02:09:24.155 --> 02:09:26.958 You had an informant somebody tell you, "Hey, 02:09:26.958 --> 02:09:29.928 I think that you were doing something illegal," and that-- 02:09:29.928 --> 02:09:31.963 that puts the focus on you. 02:09:31.963 --> 02:09:34.432 From there, you would use your traditional tools whether 02:09:34.432 --> 02:09:36.301 they're on the net or not to find, you know, 02:09:36.301 --> 02:09:38.036 to find out what's going on. 02:09:38.036 --> 02:09:45.143 Collecting data when there's no evidence of a crime is kind 02:09:45.143 --> 02:09:47.612 of counter intuitive and kind of productive in a way 02:09:47.612 --> 02:09:49.848 because it's sitting there. 02:09:49.848 --> 02:09:53.351 So, if it were me and I was an adversary of the United States, 02:09:53.351 --> 02:09:57.288 I would find where those-- that database was being stored 02:09:57.288 --> 02:10:00.024 and I would go after it to collect all that information 02:10:00.024 --> 02:10:02.126 because I can do the same type of metadata analysis 02:10:02.126 --> 02:10:03.194 that could be done that way. 02:10:03.194 --> 02:10:07.332 The third thing is-- the reason why we-- 02:10:07.332 --> 02:10:09.567 you've mentioned earlier that maybe we've mistrusted is 02:10:09.567 --> 02:10:14.005 because we know what can be done with that data and we know 02:10:14.005 --> 02:10:15.139 when somebody-- we know 02:10:15.139 --> 02:10:18.109 when somebody has given us a [inaudible] answer. 02:10:18.109 --> 02:10:20.678 Because I know that if I control my infrastructure, 02:10:20.678 --> 02:10:23.848 I know the power that I have doing in my office, 02:10:23.848 --> 02:10:27.085 I have to act responsibly and within, you know, 02:10:27.085 --> 02:10:28.219 the laws and all that. 02:10:28.219 --> 02:10:30.054 But I know what can be done 02:10:30.054 --> 02:10:33.258 if there's no oversight on my position. 02:10:33.258 --> 02:10:34.959 And that's why I think you hear-- 02:10:34.959 --> 02:10:36.227 >> But there is oversight. 02:10:36.227 --> 02:10:38.997 It is, you know, I mean they-- 02:10:38.997 --> 02:10:42.200 >> It would be if you were-- if you were the oversight committee 02:10:42.200 --> 02:10:46.471 for what I would do technically, do you have the technical skills 02:10:46.471 --> 02:10:48.406 to know what I'm doing? 02:10:48.406 --> 02:10:49.407 [Inaudible Remark] 02:10:49.407 --> 02:10:52.877 >> So I'm going to leave the legal-- 02:10:52.877 --> 02:10:55.880 so the legal policy questions, I largely agree 02:10:55.880 --> 02:10:57.015 with what has been said. 02:10:57.015 --> 02:10:59.083 I don't think that we have adequate oversight. 02:10:59.083 --> 02:11:02.854 And if I were-- I was talking to Congress about what to do 02:11:02.854 --> 02:11:04.689 to increase the trust in this environment, 02:11:04.689 --> 02:11:07.025 I would say that that Congress 02:11:07.025 --> 02:11:09.827 and the FISA court needs a more effective 02:11:09.827 --> 02:11:11.296 accountability mechanism. 02:11:11.296 --> 02:11:14.499 There is no way that the FISA court judges or the members 02:11:14.499 --> 02:11:16.301 of the Intelligence community are looking 02:11:16.301 --> 02:11:17.568 at every single query-- 02:11:17.568 --> 02:11:18.569 >> Right. 02:11:18.569 --> 02:11:20.505 >> -- that NSA analysts are performing 02:11:20.505 --> 02:11:22.006 on these enormous amounts of data. 02:11:22.006 --> 02:11:23.775 It is technically possible to do 02:11:23.775 --> 02:11:26.010 that to Mike Nelson's [assumed spelling] earlier point 02:11:26.010 --> 02:11:30.949 to actually evaluate whether when Bob led the general counsel 02:11:30.949 --> 02:11:34.385 of ODNI says, "Yeah, we have the whole state haystack 02:11:34.385 --> 02:11:37.722 but we only ask questions based on certain predicates." 02:11:37.722 --> 02:11:40.291 I know Bob and I more or less trust him 02:11:40.291 --> 02:11:43.661 but I think it's outrageous for the government to say 02:11:43.661 --> 02:11:46.431 to its citizens, "Don't worry, trust us." 02:11:46.431 --> 02:11:48.599 We give the government considerable authority 02:11:48.599 --> 02:11:50.401 but we need mechanisms to make sure it's being 02:11:50.401 --> 02:11:51.602 used responsibly. 02:11:51.602 --> 02:11:53.538 And none of the oversight mechanisms that exist 02:11:53.538 --> 02:11:57.775 that you've mentioned are able to provide that kind 02:11:57.775 --> 02:12:00.244 of accountability other than to call 02:12:00.244 --> 02:12:02.580 up a responsible person like, you know, 02:12:02.580 --> 02:12:03.748 Mr. Ledin [assumed spelling] say, 02:12:03.748 --> 02:12:04.882 "Are you following the rules?" 02:12:04.882 --> 02:12:06.517 And he says, "Yes, we're following the rules." 02:12:06.517 --> 02:12:09.420 He doesn't even know what every single analyst does 02:12:09.420 --> 02:12:11.122 in the agencies that's responsible for it. 02:12:11.122 --> 02:12:15.226 >> Let me ask you about one of the proposals that has been made 02:12:15.226 --> 02:12:17.161 and why they debated in Washington. 02:12:17.161 --> 02:12:20.832 And so, a lot of people pointed out one of the flaws, 02:12:20.832 --> 02:12:23.167 critics had pointed out one of the flaws 02:12:23.167 --> 02:12:26.804 in the FISA process is there's no adversarial mechanism 02:12:26.804 --> 02:12:31.709 within the FISA system that the government comes in and asks 02:12:31.709 --> 02:12:35.646 for permission and there is no counter voice. 02:12:35.646 --> 02:12:37.348 There is no adversarial proceeding. 02:12:37.348 --> 02:12:42.220 And in most legal systems, there is a mechanism for challenging. 02:12:42.220 --> 02:12:45.990 So, a number of legislative proposals have been advanced 02:12:45.990 --> 02:12:47.392 in one form or another. 02:12:47.392 --> 02:12:50.361 Is this one of the mechanism set that Congress should be looking 02:12:50.361 --> 02:12:53.531 at to try to reorder this balance that many 02:12:53.531 --> 02:12:55.166 of you think is out way? 02:12:55.166 --> 02:12:59.270 >> Yeah. I actually think this question of some kind 02:12:59.270 --> 02:13:02.306 of a public advocate and I think it's probably-- 02:13:02.306 --> 02:13:05.576 we figured it out how to give private lawyers the ability 02:13:05.576 --> 02:13:07.378 to look at classified information 02:13:07.378 --> 02:13:09.380 and criminal procedures. 02:13:09.380 --> 02:13:12.216 We ought to be able to come up with this table of those people 02:13:12.216 --> 02:13:15.353 who litigate the national security state, 02:13:15.353 --> 02:13:18.356 who can stand in for the public. 02:13:18.356 --> 02:13:24.762 And, you know, I think it's one of many potential points of sort 02:13:24.762 --> 02:13:28.299 of strengthening oversight here. 02:13:28.299 --> 02:13:30.835 I think it's-- I think it's critically important. 02:13:30.835 --> 02:13:32.336 I think different levels of sort 02:13:32.336 --> 02:13:35.039 of reporting back to the FISA court. 02:13:35.039 --> 02:13:37.041 I think part of the problem and the reason 02:13:37.041 --> 02:13:39.477 that people are responding is, I mean, 02:13:39.477 --> 02:13:42.914 it's interesting FISA was a civil liberties measure 02:13:42.914 --> 02:13:46.150 when it was adopted in 1978. 02:13:46.150 --> 02:13:48.686 And, you know, it's basically my mentors were the civil 02:13:48.686 --> 02:13:51.589 libertarians who proposed this crazy idea. 02:13:51.589 --> 02:13:58.696 And the world is really different from the ones in 1978. 02:13:58.696 --> 02:14:02.300 And being in contact with a foreign person, I mean, 02:14:02.300 --> 02:14:03.968 you know, there was an iron curtain. 02:14:03.968 --> 02:14:05.436 If you were-- if they could actually figure 02:14:05.436 --> 02:14:08.239 out you were communicating with a foreign person, 02:14:08.239 --> 02:14:10.708 it probably had some significance. 02:14:10.708 --> 02:14:12.777 We now live in this world where 20 percent 02:14:12.777 --> 02:14:15.746 of us are first generation, 02:14:15.746 --> 02:14:18.549 where our corporations are global, 02:14:18.549 --> 02:14:21.886 where we travel all the time, and where we-- 02:14:21.886 --> 02:14:24.555 people don't identify themselves in that the same kind 02:14:24.555 --> 02:14:28.226 of we-them way and yet we have a law 02:14:28.226 --> 02:14:31.295 and a designation of foreign persons. 02:14:31.295 --> 02:14:34.966 That really is a Cold War era and almost has 02:14:34.966 --> 02:14:37.235 to be reconsidered all by itself. 02:14:37.235 --> 02:14:39.871 And the law can't be working very well 02:14:39.871 --> 02:14:41.672 because it's not supposed to sweep 02:14:41.672 --> 02:14:43.541 up American's communications. 02:14:43.541 --> 02:14:46.077 And all you have to do is read the minimization guidelines 02:14:46.077 --> 02:14:48.846 to understand how much of our communications [inaudible]. 02:14:48.846 --> 02:14:53.151 >> Hal Berghel wrote an interesting article 02:14:53.151 --> 02:14:56.087 that just came out in IEEE Computer magazine. 02:14:56.087 --> 02:14:57.788 It's called "Through the PRISM Darkly". 02:14:57.788 --> 02:15:00.024 And there's a quote in there that says, 02:15:00.024 --> 02:15:01.893 "The Foreign Intelligence Surveillance Court has an 02:15:01.893 --> 02:15:05.930 approval rate of 99.93 percent of all surveillance requests. 02:15:05.930 --> 02:15:08.666 While this might not meet the strict definition 02:15:08.666 --> 02:15:10.902 of a kangaroo court, it seems to fall 02:15:10.902 --> 02:15:13.237 within the marsupial family." 02:15:13.237 --> 02:15:13.971 So-- 02:15:13.971 --> 02:15:15.339 [ Laughter ] 02:15:15.339 --> 02:15:18.509 The point of it is is that there are, you know, there are two 02:15:18.509 --> 02:15:22.046 and he calls them cyber urban myths that deal with this. 02:15:22.046 --> 02:15:25.216 One is that you do need to all of this, you know, 02:15:25.216 --> 02:15:28.753 information to do it and that there's not-- 02:15:28.753 --> 02:15:30.821 there's sufficient oversight. 02:15:30.821 --> 02:15:31.856 And I think we all agree, 02:15:31.856 --> 02:15:34.525 there's not sufficient oversight. 02:15:34.525 --> 02:15:39.797 You wouldn't ask me to be on a medical oversight committee 02:15:39.797 --> 02:15:42.033 to review surgical procedures 02:15:42.033 --> 02:15:43.801 because I'm not a doctor, I'm not a surgeon. 02:15:43.801 --> 02:15:46.070 I don't have that expertise in that area. 02:15:46.070 --> 02:15:47.371 And so, I think that's the-- 02:15:47.371 --> 02:15:49.040 I think that's the thing 02:15:49.040 --> 02:15:53.244 that bothers the technology people is we know it is a small 02:15:53.244 --> 02:15:56.013 community of the actual people that know the nuts and bolts 02:15:56.013 --> 02:15:58.616 about technology security from that standpoint. 02:15:58.616 --> 02:16:00.818 And if we don't know each other by-- 02:16:00.818 --> 02:16:04.088 personally, we know each other by reputation and whatever. 02:16:04.088 --> 02:16:07.992 And so when you look and you query your other peers 02:16:07.992 --> 02:16:10.161 and they have the same misgivings that you do, 02:16:10.161 --> 02:16:11.596 then it makes you wonder what's going on. 02:16:11.596 --> 02:16:15.800 >> I just want to make one other point about the people 02:16:15.800 --> 02:16:19.203 who are being swept up in this-- in this surveillance. 02:16:19.203 --> 02:16:20.705 I think one of the reasons 02:16:20.705 --> 02:16:23.040 that more fine-grained accountability is really 02:16:23.040 --> 02:16:26.110 critical is we don't know 02:16:26.110 --> 02:16:29.380 but I think it's a safe assumption that, you know, 02:16:29.380 --> 02:16:32.683 somewhere north of 90 percent of the people who are on any 02:16:32.683 --> 02:16:36.153 of these terrorism watch list who were the targets of any 02:16:36.153 --> 02:16:38.623 of this surveillance are Arab-Americans 02:16:38.623 --> 02:16:40.424 who have some connection to the Middle East, 02:16:40.424 --> 02:16:42.826 many of whom are probably Muslims. 02:16:42.826 --> 02:16:45.563 In this country, we don't have a great history 02:16:45.563 --> 02:16:49.734 of treating minorities perfectly fairly. 02:16:49.734 --> 02:16:54.305 And part of the reason we have oversight mechanisms, 02:16:54.305 --> 02:16:57.174 part of reason we have open courts, part of reason we try 02:16:57.174 --> 02:17:02.713 to have due process with public visibility is to make sure 02:17:02.713 --> 02:17:05.516 that we actually do our job and really-- 02:17:05.516 --> 02:17:08.084 and really treating people fairly and not discriminating. 02:17:08.084 --> 02:17:11.522 And again, I don't-- I don't think-- 02:17:11.522 --> 02:17:13.591 I think it's really interesting, you hear this panel, 02:17:13.591 --> 02:17:14.892 you hear the public discussion. 02:17:14.892 --> 02:17:16.994 I don't think through that many people saying, 02:17:16.994 --> 02:17:18.896 "Stop the Surveillance." 02:17:18.896 --> 02:17:20.031 People are not saying that I was 02:17:20.031 --> 02:17:22.400 in Boston during the marathon bombings. 02:17:22.400 --> 02:17:25.036 People are clamoring for the instillation of more cameras. 02:17:25.036 --> 02:17:27.638 You know, the question I really believe is not 02:17:27.638 --> 02:17:30.508 about whether law enforcement should have these tools. 02:17:30.508 --> 02:17:32.109 It's about whether we can feel confident 02:17:32.109 --> 02:17:34.779 that they're using them responsibly. 02:17:34.779 --> 02:17:37.781 >> One of you made the point that-- 02:17:37.781 --> 02:17:39.483 actually, this is not a new issue-- 02:17:39.483 --> 02:17:42.852 that just a few years ago, Washington posted an expose, 02:17:42.852 --> 02:17:46.424 a very lengthy one, Diana Press [assumed spelling] and others. 02:17:46.424 --> 02:17:50.460 And there was not anything like the same kind of reaction 02:17:50.460 --> 02:17:52.263 that there's been lately. 02:17:52.263 --> 02:17:55.333 And I'm wondering why you think what's the difference, 02:17:55.333 --> 02:17:58.536 why has there been such-- why are we having this panel 02:17:58.536 --> 02:17:59.637 and not three years ago. 02:17:59.637 --> 02:18:01.572 Why is there so much conversation now 02:18:01.572 --> 02:18:04.674 about this issue when, in fact, when-- 02:18:04.674 --> 02:18:08.379 at least some of this was made known through-- 02:18:08.379 --> 02:18:10.448 to post another mechanisms some years ago? 02:18:10.448 --> 02:18:11.816 >> Smartphones. 02:18:11.816 --> 02:18:13.484 >> We didn't have the numbers, we didn't have the numbers. 02:18:13.484 --> 02:18:15.852 I mean, from the Verizon order, we now know. 02:18:15.852 --> 02:18:17.321 It's-- I don't remember how many millions 02:18:17.321 --> 02:18:18.723 of people's records were-- 02:18:18.723 --> 02:18:20.825 tens of millions of people's records were collected. 02:18:20.825 --> 02:18:23.294 We had-- we have general outlines 02:18:23.294 --> 02:18:26.931 from the post reporting, from, you know, from all kinds 02:18:26.931 --> 02:18:30.300 of things but we did-- it was not dramatized with numbers. 02:18:30.300 --> 02:18:33.637 And I think and now we know it's basically everyone's data. 02:18:33.637 --> 02:18:35.638 We never actually knew that was happening. 02:18:35.638 --> 02:18:36.540 >> Right. I think that's right. 02:18:36.540 --> 02:18:38.609 I also think there was an uproar 02:18:38.609 --> 02:18:43.280 when the warrantless wiretapping was first revealed. 02:18:43.280 --> 02:18:45.750 We had a very big battle in Congress. 02:18:45.750 --> 02:18:47.550 People were really worried about it. 02:18:47.550 --> 02:18:49.420 People who were not following it closely 02:18:49.420 --> 02:18:51.922 and they passed an amendment might have actually thought 02:18:51.922 --> 02:18:54.325 that what we wound up with was some kind 02:18:54.325 --> 02:18:56.093 of additional procedural protections. 02:18:56.093 --> 02:18:59.730 Instead, we wound up-- what we wound up with was a ratification 02:18:59.730 --> 02:19:01.898 of that program, immunity 02:19:01.898 --> 02:19:05.468 for the providers, and not much more. 02:19:05.468 --> 02:19:09.173 And so I, you know, I think a lot of us knew some 02:19:09.173 --> 02:19:12.009 of this was going on but I think we didn't know. 02:19:12.009 --> 02:19:14.844 One of my colleagues, Jim Dempsey who's on the Privacy 02:19:14.844 --> 02:19:19.884 and Civil Liberties Oversight Board wrote an article saying, 02:19:19.884 --> 02:19:22.852 "Did they just approve a vacuum cleaner?" 02:19:22.852 --> 02:19:25.489 And lots of people then responded with, "Oh, 02:19:25.489 --> 02:19:28.092 you know, that's ridiculous." 02:19:28.092 --> 02:19:31.529 Well, no, in fact, they approved a vacuum cleaner 02:19:31.529 --> 02:19:33.297 and we didn't know it. 02:19:33.297 --> 02:19:34.432 >> Laura? Laura. 02:19:34.432 --> 02:19:35.566 >> I agree with those points. 02:19:35.566 --> 02:19:38.035 I think it is a matter of scale in this case. 02:19:38.035 --> 02:19:39.670 But I think there are few other points, too, 02:19:39.670 --> 02:19:41.472 that are a little bit more subtle. 02:19:41.472 --> 02:19:43.207 So, one issue is that this came 02:19:43.207 --> 02:19:46.811 after Hillary Clinton's internet freedom speech 02:19:46.811 --> 02:19:50.981 and this entire mean [phonetic] that has been created 02:19:50.981 --> 02:19:54.318 and I think rightly replicated around the world 02:19:54.318 --> 02:19:55.786 about internet freedom. 02:19:55.786 --> 02:20:00.891 So, this is a very important issue and what this does is it-- 02:20:00.891 --> 02:20:03.727 it's providing an opportunity for people to challenge 02:20:03.727 --> 02:20:07.031 that notion of the internet freedom and to point 02:20:07.031 --> 02:20:09.567 out what they're calling hypocrisy. 02:20:09.567 --> 02:20:12.269 So, that to me is a problem. 02:20:12.269 --> 02:20:16.440 It can also be an opportunity if it's addressed appropriately. 02:20:16.440 --> 02:20:21.512 Another issue is that individual citizens are living their life 02:20:21.512 --> 02:20:23.380 online to a much greater extent 02:20:23.380 --> 02:20:25.049 than they did five years ago even. 02:20:25.049 --> 02:20:27.051 It's really amazing if you think. 02:20:27.051 --> 02:20:29.019 I mean, I'll just give you an example I was talking 02:20:29.019 --> 02:20:29.820 about today. 02:20:29.820 --> 02:20:31.856 So, five years ago, I was-- 02:20:31.856 --> 02:20:34.225 I would read the paper in the morning and now, 02:20:34.225 --> 02:20:37.194 I'm completely connected to my smartphone all the time 02:20:37.194 --> 02:20:40.397 and I am posting information, I'm communicating in it. 02:20:40.397 --> 02:20:42.800 So, the public sphere is what's at stake here. 02:20:42.800 --> 02:20:44.468 The public sphere is online. 02:20:44.468 --> 02:20:45.803 And I think that that is much greater 02:20:45.803 --> 02:20:48.606 than during these last instances a few years ago 02:20:48.606 --> 02:20:49.874 that were mentioned. 02:20:49.874 --> 02:20:53.143 So, scale, the issue of people being more cognizant 02:20:53.143 --> 02:20:56.247 about how their internal private life is lived 02:20:56.247 --> 02:20:59.183 out in the digital realm and also the mean 02:20:59.183 --> 02:21:01.685 that has been fairly successful 02:21:01.685 --> 02:21:03.988 about internet freedom has ensued 02:21:03.988 --> 02:21:06.857 in these intervening years. 02:21:06.857 --> 02:21:09.426 >> I think those were grilling [phonetic] points. 02:21:09.426 --> 02:21:10.394 >> Yeah. [Multiple Speakers] 02:21:10.394 --> 02:21:12.263 >> I was just going to say quickly 02:21:12.263 --> 02:21:15.733 that technology makes lots of things possible and it was clear 02:21:15.733 --> 02:21:17.167 at the time of those articles. 02:21:17.167 --> 02:21:18.502 It's clear today. 02:21:18.502 --> 02:21:21.238 It doesn't mean that it's eminently minable 02:21:21.238 --> 02:21:23.974 but that's done outside of due process. 02:21:23.974 --> 02:21:25.142 And I think those are the things 02:21:25.142 --> 02:21:26.510 that are getting people excitable. 02:21:26.510 --> 02:21:30.114 It's not technology and it's not what's technically possible 02:21:30.114 --> 02:21:32.016 or even what's technically feasible. 02:21:32.016 --> 02:21:37.221 It's actually ultimately the full mining 02:21:37.221 --> 02:21:39.790 and then the lack of public scrutiny. 02:21:39.790 --> 02:21:41.892 >> What about the argument that you hear from some people 02:21:41.892 --> 02:21:45.796 that not only are we three years farther away from 9/11? 02:21:45.796 --> 02:21:48.499 Several of you made the point that a lot 02:21:48.499 --> 02:21:52.169 of these original processes were passed almost 02:21:52.169 --> 02:21:55.673 in a battlefield mentality, one of you used that phrase. 02:21:55.673 --> 02:22:01.478 And that there were extreme circumstances with the value 02:22:01.478 --> 02:22:02.479 of national security 02:22:02.479 --> 02:22:04.815 in protecting the homeland very much 02:22:04.815 --> 02:22:06.784 in the forefront of a public debate. 02:22:06.784 --> 02:22:10.654 So you got three years later but some people would argue-- 02:22:10.654 --> 02:22:12.289 there's almost a contradiction here. 02:22:12.289 --> 02:22:14.758 Certainly the intelligence community would say, "Well, 02:22:14.758 --> 02:22:18.329 actually people are more relaxed now and less concerned 02:22:18.329 --> 02:22:21.632 about the threat because our systems have worked 02:22:21.632 --> 02:22:24.468 and that you shouldn't be dismantling systems 02:22:24.468 --> 02:22:26.570 which have actually made people more secure." 02:22:26.570 --> 02:22:27.938 How would you answer that? 02:22:27.938 --> 02:22:29.340 >> Let's concentrate to what the President has said though. 02:22:29.340 --> 02:22:31.241 I mean, what the President has told us-- 02:22:31.241 --> 02:22:33.110 >> Although he has said he's in favor of the system. 02:22:33.110 --> 02:22:36.947 >> Yes. And he said that the capability is necessary. 02:22:36.947 --> 02:22:39.850 He's in no way precluded additional oversight. 02:22:39.850 --> 02:22:42.286 I think he's actually welcomed the discussion of-- 02:22:42.286 --> 02:22:43.354 >> Sure. 02:22:43.354 --> 02:22:44.688 >> -- of what kind of oversight we need. 02:22:44.688 --> 02:22:49.226 But he said we're living it in a lower threat level 02:22:49.226 --> 02:22:52.396 and that we need to make changes as a society 02:22:52.396 --> 02:22:54.465 and as government in response to that. 02:22:54.465 --> 02:22:57.968 So, not the other way around. 02:22:57.968 --> 02:23:03.941 >> Edward Snowden, to some people he's a traitor. 02:23:03.941 --> 02:23:05.376 To some people, he's a hero. 02:23:05.376 --> 02:23:07.111 What do you think? 02:23:07.111 --> 02:23:11.649 >> Everybody, on your clearance you signed a document that says, 02:23:11.649 --> 02:23:15.786 "If you disclose secrecy, there's a penalty." 02:23:15.786 --> 02:23:18.822 So, from that standpoint, you clearly violated 02:23:18.822 --> 02:23:23.927 that document and, you know, I don't have a problem with-- 02:23:23.927 --> 02:23:26.563 with being prosecuted because of that. 02:23:26.563 --> 02:23:27.865 On the oversight-- 02:23:27.865 --> 02:23:29.633 >> Because it this contractual-- 02:23:29.633 --> 02:23:30.868 >> Because it is contractual. 02:23:30.868 --> 02:23:32.336 I mean, it states, "Anybody who has a clearance." 02:23:32.336 --> 02:23:34.605 You have that-- it's in your-- in the agreement, 02:23:34.605 --> 02:23:38.308 and it says clearly that you, you know, 25 years in prison 02:23:38.308 --> 02:23:39.309 or whatever it is that-- 02:23:39.309 --> 02:23:40.044 >> You actually read that? 02:23:40.044 --> 02:23:41.812 >> No, it's-- yeah. 02:23:41.812 --> 02:23:44.515 It happens when you come from a family of lawyers, you know. 02:23:44.515 --> 02:23:45.849 >> It's privacy policy. 02:23:45.849 --> 02:23:48.052 >> No. I mean, you look-- yeah, I mean, if I'm going to go 02:23:48.052 --> 02:23:50.220 to jail, I want to know what I have to say, right? 02:23:50.220 --> 02:23:52.923 And, so I think-- I think from that standpoint, yes. 02:23:52.923 --> 02:23:54.792 I think the rest of the community is still trying 02:23:54.792 --> 02:23:57.895 to divide it as to whether or not the information 02:23:57.895 --> 02:24:01.065 that is disclosed is a problem. 02:24:01.065 --> 02:24:03.100 And some people go back kind 02:24:03.100 --> 02:24:06.070 of like what I was saying is there have been articles 02:24:06.070 --> 02:24:08.172 about this for, you know, a long time. 02:24:08.172 --> 02:24:10.374 You know, you can go back into the '70s 02:24:10.374 --> 02:24:14.445 when NSA had the ECHELON program, in the mid-'90s 02:24:14.445 --> 02:24:16.613 with Omnivore and Carnivore, you know, 02:24:16.613 --> 02:24:17.648 all of those type of things. 02:24:17.648 --> 02:24:18.816 You've had this type 02:24:18.816 --> 02:24:20.884 of electronic surveillance for quite sometime. 02:24:20.884 --> 02:24:24.054 So, we're not quite sure what it is and not having seen all 02:24:24.054 --> 02:24:27.224 that is disclosed but we're not quite sure of what it is 02:24:27.224 --> 02:24:31.829 that he's telling the world that we don't know already. 02:24:31.829 --> 02:24:35.299 And so from that stand point, I think part of my community, 02:24:35.299 --> 02:24:37.901 we're not sure about the content. 02:24:37.901 --> 02:24:40.738 But certainly he violated an agreement and he, you know, 02:24:40.738 --> 02:24:43.040 that's what they're going to go after him for. 02:24:43.040 --> 02:24:46.410 >> So I have mixed views about Snowden because I think 02:24:46.410 --> 02:24:49.213 that whistleblowing in a free society and a right 02:24:49.213 --> 02:24:51.348 to know is critically important. 02:24:51.348 --> 02:24:54.651 And if you go back to Pentagon Papers 02:24:54.651 --> 02:24:57.788 and terrible things did not happen with the publishing 02:24:57.788 --> 02:24:59.523 of the Pentagon Papers. 02:24:59.523 --> 02:25:02.226 [ Pause ] 02:25:02.226 --> 02:25:04.261 So-- so, part of-- 02:25:04.261 --> 02:25:05.796 >> I'll cover the Pentagon Papers story and-- 02:25:05.796 --> 02:25:06.797 >> I'm sure-- 02:25:06.797 --> 02:25:07.765 >> -- cover Daniel Ellsberg's trial. 02:25:07.765 --> 02:25:08.465 So, I'm-- 02:25:08.465 --> 02:25:09.099 >> And Ellsberg's trial. 02:25:09.099 --> 02:25:09.800 >> Yes. 02:25:09.800 --> 02:25:10.834 >> And Ellsberg is very, 02:25:10.834 --> 02:25:13.771 very out there right now about Snowden. 02:25:13.771 --> 02:25:16.073 I was kind of right with him 02:25:16.073 --> 02:25:21.311 until he started keeping away the US cyber security strategy 02:25:21.311 --> 02:25:24.114 with respect to China while he was in Hong Kong. 02:25:24.114 --> 02:25:29.253 And then I started to wonder exactly what he's motivations 02:25:29.253 --> 02:25:30.587 were, you know. 02:25:30.587 --> 02:25:35.526 And so, I do feel like there's a level or recklessness 02:25:35.526 --> 02:25:42.299 that worries me and although it's hard for me to really know 02:25:42.299 --> 02:25:45.836 if there's damage to national security because I've set 02:25:45.836 --> 02:25:48.972 in some of these meetings with national security people 02:25:48.972 --> 02:25:51.909 who I've held up the minimization guidelines 02:25:51.909 --> 02:25:53.277 and said, "Is there anything 02:25:53.277 --> 02:25:55.379 in here that's really secret or should be?" 02:25:55.379 --> 02:25:56.847 And they said, "No." 02:25:56.847 --> 02:26:00.184 The existence of these programs sort 02:26:00.184 --> 02:26:02.853 of have been broad-brushed some people knew. 02:26:02.853 --> 02:26:05.022 So, if at the end of the day, 02:26:05.022 --> 02:26:06.390 it's that the public finally knows 02:26:06.390 --> 02:26:08.325 that it's happening 'cause I'm not sure 02:26:08.325 --> 02:26:10.894 if any thing's been revealed that will allow people 02:26:10.894 --> 02:26:15.232 to somehow evade all of this, that, I think, you know, 02:26:15.232 --> 02:26:18.302 society has to make room for whistleblowers. 02:26:18.302 --> 02:26:20.304 I just wish we had whistleblowers 02:26:20.304 --> 02:26:23.407 who were a little less reckless. 02:26:23.407 --> 02:26:24.708 >> Well, you know, as a whistleblower, 02:26:24.708 --> 02:26:26.910 he appears to have delusions of grandeur. 02:26:26.910 --> 02:26:28.011 >> Well, right. 02:26:28.011 --> 02:26:28.979 >> I mean, the first couple of days, he had-- 02:26:28.979 --> 02:26:31.014 he'd made statements such as saying-- 02:26:31.014 --> 02:26:33.483 such as that he could order a wiretap of the President 02:26:33.483 --> 02:26:35.853 and he could, you know, had all the locations 02:26:35.853 --> 02:26:37.254 of all the NSA stations. 02:26:37.254 --> 02:26:42.626 Pretty unlikely, that said, I guess the, you know, 02:26:42.626 --> 02:26:45.796 I think that his disclosures have done a public service. 02:26:45.796 --> 02:26:47.931 I think he's a whistleblower in that sense. 02:26:47.931 --> 02:26:48.999 I actually agree. 02:26:48.999 --> 02:26:50.434 It seems like he just broken the law 02:26:50.434 --> 02:26:52.336 and doesn't seem very complicated. 02:26:52.336 --> 02:26:55.205 What I find confusing and-- 02:26:55.205 --> 02:26:59.676 is that somehow the traditional notion 02:26:59.676 --> 02:27:02.880 of civil disobedience seems to have been lost track 02:27:02.880 --> 02:27:04.514 of in what he's doing. 02:27:04.514 --> 02:27:06.250 I mean, I wish-- I mean, look, 02:27:06.250 --> 02:27:09.353 he's obviously has put his life at total risk and-- 02:27:09.353 --> 02:27:11.622 >> Although traditional idea is you pay the penalty 02:27:11.622 --> 02:27:12.956 for having broken the law. 02:27:12.956 --> 02:27:14.324 >> You pay the penalty and you [inaudible] having a trial 02:27:14.324 --> 02:27:16.994 and you expose-- you expose the things that you're concerned 02:27:16.994 --> 02:27:19.263 about and you expose them, further look at me. 02:27:19.263 --> 02:27:20.597 He's a civilian. 02:27:20.597 --> 02:27:23.667 He wouldn't be tried in a court martial the way Bradley 02:27:23.667 --> 02:27:24.401 Manning is. 02:27:24.401 --> 02:27:25.402 >> Right. 02:27:25.402 --> 02:27:26.803 >> He could've staged a public trial 02:27:26.803 --> 02:27:30.540 and a big public discussion that he chose not to and I, you know, 02:27:30.540 --> 02:27:31.909 again, it's not for me 02:27:31.909 --> 02:27:35.512 to say how people should put their lives at risk as he'd has 02:27:35.512 --> 02:27:38.782 but I think it's a-- I think it's an incomplete active 02:27:38.782 --> 02:27:40.450 civil disobedience. 02:27:40.450 --> 02:27:42.519 >> Anybody else want it, got a view on that? 02:27:42.519 --> 02:27:45.155 Let me ask you another question. 02:27:45.155 --> 02:27:49.059 One of the things that Dan said that the-- 02:27:49.059 --> 02:27:51.261 are the very interesting analysis when he talked 02:27:51.261 --> 02:27:53.864 about the internet not being a creature of the state, 02:27:53.864 --> 02:27:55.933 how earlier forms 02:27:55.933 --> 02:27:59.937 of communication whether it's telephones and telegraph 02:27:59.937 --> 02:28:02.205 and so many of them grew up. 02:28:02.205 --> 02:28:05.142 Television spectrums, I mean, they were sold 02:28:05.142 --> 02:28:07.177 by the government, right, and still are. 02:28:07.177 --> 02:28:12.015 So, there was an inherent regulatory legal organic 02:28:12.015 --> 02:28:14.484 connection between earlier forms of communication 02:28:14.484 --> 02:28:18.288 and government regulation which, as you point out is missing 02:28:18.288 --> 02:28:22.159 in a large part in this particular system we've all been 02:28:22.159 --> 02:28:23.593 talking about. 02:28:23.593 --> 02:28:25.562 >> But it's more than a legal question it seems to me, 02:28:25.562 --> 02:28:30.767 it's also a cultural question, that a lot of you being soaked 02:28:30.767 --> 02:28:32.602 in this culture and committed 02:28:32.602 --> 02:28:37.607 to this culture have evinced skepticism of government 02:28:37.607 --> 02:28:42.045 and of regulation and yet at the same time, you're grappling 02:28:42.045 --> 02:28:46.016 with the notion of how do you bring some order to a system 02:28:46.016 --> 02:28:50.921 that continues to cry out for some kind of regulation. 02:28:50.921 --> 02:28:53.690 I'm interested for you to use a little bit 02:28:53.690 --> 02:28:58.095 about the contradiction between sort of the historic origins 02:28:58.095 --> 02:29:01.999 and the culture of this system and the need 02:29:01.999 --> 02:29:05.035 to bring some order and regulation to it. 02:29:05.035 --> 02:29:07.671 It seems to me there's an inherent conflict that's worth 02:29:07.671 --> 02:29:09.740 talking about. 02:29:09.740 --> 02:29:10.841 Start. 02:29:10.841 --> 02:29:11.942 >> I'll kick off the discussion about that. 02:29:11.942 --> 02:29:15.746 I think sometimes when you go to a workshop 02:29:15.746 --> 02:29:18.482 that discusses internet governance, 02:29:18.482 --> 02:29:23.687 it descends into a question such as who should grab the keys 02:29:23.687 --> 02:29:25.288 of internet governance, right? 02:29:25.288 --> 02:29:26.323 So, the question of-- 02:29:26.323 --> 02:29:27.624 so if question were asked 02:29:27.624 --> 02:29:30.794 such as should the United Nations control the internet 02:29:30.794 --> 02:29:32.829 or should the United States control it 02:29:32.829 --> 02:29:34.064 or should Google control it? 02:29:34.064 --> 02:29:36.166 Like those kinds of questions don't make any sense 02:29:36.166 --> 02:29:37.667 in their first instance. 02:29:37.667 --> 02:29:41.204 And part of that is because there is no monolithic system 02:29:41.204 --> 02:29:42.305 of internet governance. 02:29:42.305 --> 02:29:45.142 It's highly granular, it's multi layered. 02:29:45.142 --> 02:29:47.577 There are-- there are so many different levels 02:29:47.577 --> 02:29:49.746 of internet governance. 02:29:49.746 --> 02:29:51.381 I mean, I-- my book is very long 02:29:51.381 --> 02:29:53.316 and I only get into some of them. 02:29:53.316 --> 02:29:56.453 But the issue here is multistakeholder governance 02:29:56.453 --> 02:29:57.854 and what that means. 02:29:57.854 --> 02:30:01.191 So, internet governance is very interesting because it is not 02:30:01.191 --> 02:30:03.660 about governments necessarily but that doesn't mean 02:30:03.660 --> 02:30:05.295 that there's not a role for government 02:30:05.295 --> 02:30:06.963 in many different areas. 02:30:06.963 --> 02:30:09.599 So, if I have identity theft, I'd like the government 02:30:09.599 --> 02:30:10.600 to step in and help me. 02:30:10.600 --> 02:30:12.702 I expect antitrust enforcement. 02:30:12.702 --> 02:30:15.806 I expect laws about-- some laws about privacy. 02:30:15.806 --> 02:30:16.973 I expect some laws 02:30:16.973 --> 02:30:19.109 about intellectual property rights enforcement. 02:30:19.109 --> 02:30:22.079 I expect certain national statute on any variety 02:30:22.079 --> 02:30:25.515 of things related to trade, child protection. 02:30:25.515 --> 02:30:28.785 So, there are many places for the government to be 02:30:28.785 --> 02:30:31.054 in internet regulation and governance. 02:30:31.054 --> 02:30:34.157 But most functions that are related 02:30:34.157 --> 02:30:36.660 to the operational stability and security 02:30:36.660 --> 02:30:39.129 of the internet have not been the purview 02:30:39.129 --> 02:30:40.297 of traditional governments 02:30:40.297 --> 02:30:42.532 but they have been enacted by private industry. 02:30:42.532 --> 02:30:44.734 And I think that that's a very important point. 02:30:44.734 --> 02:30:47.270 Now, tying this back to the PRISM issue, 02:30:47.270 --> 02:30:52.109 one concern that I have is that the one separate area 02:30:52.109 --> 02:30:54.478 of how the internet is being used in the data 02:30:54.478 --> 02:30:56.713 that can be collected and gathered will bleed 02:30:56.713 --> 02:30:59.349 into this other area of the operational stability 02:30:59.349 --> 02:31:01.084 and security of the internet. 02:31:01.084 --> 02:31:05.455 So, we can expect to see this issue used as a proxy 02:31:05.455 --> 02:31:08.191 for governments that are interested in gaining control 02:31:08.191 --> 02:31:10.327 in certain operational areas of the internet. 02:31:10.327 --> 02:31:12.429 I guarantee that that will happen. 02:31:12.429 --> 02:31:14.531 So, we'll see that in some-- 02:31:14.531 --> 02:31:16.833 once he calls for international treaties. 02:31:16.833 --> 02:31:19.236 Again, that leave out private industry. 02:31:19.236 --> 02:31:21.071 That leave out civil society. 02:31:21.071 --> 02:31:23.874 We'll see it in additional calls for bringing 02:31:23.874 --> 02:31:26.443 in a more multilateral control 02:31:26.443 --> 02:31:28.245 of some critical internet resources. 02:31:28.245 --> 02:31:30.680 So, I think one bleeds into another. 02:31:30.680 --> 02:31:34.351 But that it's really not about private industry 02:31:34.351 --> 02:31:37.320 versus governments or civil society 02:31:37.320 --> 02:31:39.723 versus private industry, for example. 02:31:39.723 --> 02:31:42.359 It's about the more contextual question 02:31:42.359 --> 02:31:45.462 of what governance is necessary for what-- 02:31:45.462 --> 02:31:47.097 which particular area. 02:31:47.097 --> 02:31:50.033 So, in certain cases, it's completely appropriate 02:31:50.033 --> 02:31:52.536 for only the private sector to be involved. 02:31:52.536 --> 02:31:54.538 In other cases, it's the purview of government. 02:31:54.538 --> 02:31:57.841 So, it has to be asked in a contextual area, 02:31:57.841 --> 02:32:00.110 and that's what multistakeholder governance is. 02:32:00.110 --> 02:32:03.713 It's not everybody in charge of every-- it's granular area. 02:32:03.713 --> 02:32:04.781 That's not it. 02:32:04.781 --> 02:32:06.516 It's about what's the appropriate form 02:32:06.516 --> 02:32:08.718 of governance in a particular area. 02:32:08.718 --> 02:32:10.654 >> John? 02:32:10.654 --> 02:32:12.422 >> So the one thing we do know is 02:32:12.422 --> 02:32:15.692 that the internet evolves very quickly. 02:32:15.692 --> 02:32:22.766 I was involved 25 years of it and it changes rapidly. 02:32:22.766 --> 02:32:28.538 What was dial-up modems and just Telnet 02:32:28.538 --> 02:32:36.112 and FTP quickly became circuits and high speed fiber. 02:32:36.112 --> 02:32:37.881 Yeah, OK, sorry. 02:32:37.881 --> 02:32:39.149 [Inaudible] And the web-- 02:32:39.149 --> 02:32:41.084 >> My work here is done, yeah. 02:32:41.084 --> 02:32:47.891 >> The fact is that that evolution doesn't work well 02:32:47.891 --> 02:32:49.726 with government regulation. 02:32:49.726 --> 02:32:54.397 Having been involved in the telecommunication side 02:32:54.397 --> 02:32:57.400 of the industry as opposed the internet side, I also dealt 02:32:57.400 --> 02:32:59.102 with a lot of [inaudible] regulations. 02:32:59.102 --> 02:33:02.138 And generally, we're dealing with regulations that were three 02:33:02.138 --> 02:33:05.809 to ten years behind the time trying to drag them 02:33:05.809 --> 02:33:10.614 into current circumstance, and it was inevitable. 02:33:10.614 --> 02:33:14.918 The process of regulation doesn't work well 02:33:14.918 --> 02:33:17.954 with a forward-looking rapidly evolving internet. 02:33:17.954 --> 02:33:22.559 So, when we start thinking about-- 02:33:22.559 --> 02:33:27.764 about the non-governmental nature of the internet, 02:33:27.764 --> 02:33:31.635 as the internet grows up, we find ourselves in a conundrum 02:33:31.635 --> 02:33:35.038 because the internet is no longer optional. 02:33:35.038 --> 02:33:38.108 The internet is intwined in everyone's life. 02:33:38.108 --> 02:33:40.910 Governments are looking at their economies and going, 02:33:40.910 --> 02:33:44.748 "Some percentage of my economy is tied to this?" 02:33:44.748 --> 02:33:47.517 You can say I have a choices to whether or not I'm going 02:33:47.517 --> 02:33:49.486 to participate but I don't. 02:33:49.486 --> 02:33:51.655 I have to be involved. 02:33:51.655 --> 02:33:55.025 So, governments are now realizing they have no choice, 02:33:55.025 --> 02:33:56.426 they need to be involved. 02:33:56.426 --> 02:33:59.296 They look at their duties, their responsibilities. 02:33:59.296 --> 02:34:01.898 And they go, "How do I affect what I'm required 02:34:01.898 --> 02:34:03.900 to do in this new media?" 02:34:03.900 --> 02:34:08.571 And it's a big challenge, folks, because the protocols 02:34:08.571 --> 02:34:11.074 and the operational conventions 02:34:11.074 --> 02:34:13.643 that hold the internet together have to be global. 02:34:13.643 --> 02:34:16.613 They have to interoperate on global basis. 02:34:16.613 --> 02:34:18.481 But governments are used to acting 02:34:18.481 --> 02:34:22.385 on a national basis occasionally regional, 02:34:22.385 --> 02:34:26.122 occasionally bilateral, multilateral, but generally, 02:34:26.122 --> 02:34:28.158 they act on a national basis 02:34:28.158 --> 02:34:31.895 and you can easily break the internet by attempting 02:34:31.895 --> 02:34:35.432 to regulate it without the idea of a global context 02:34:35.432 --> 02:34:36.766 in which it operates in. 02:34:36.766 --> 02:34:38.301 This is really what's been opened 02:34:38.301 --> 02:34:39.302 up in the last five years. 02:34:39.302 --> 02:34:40.637 In the last five years, 02:34:40.637 --> 02:34:42.772 governments are realizing they do need to get involved, 02:34:42.772 --> 02:34:44.374 they don't understand the framework 02:34:44.374 --> 02:34:46.476 by which they can do so safely. 02:34:46.476 --> 02:34:50.747 In general, this has resulted to not much regulation 02:34:50.747 --> 02:34:53.650 but that's not necessarily going to be the case going forward. 02:34:53.650 --> 02:34:57.187 And it's-- the internet community and I say 02:34:57.187 --> 02:35:00.256 that being the operators, the various entities 02:35:00.256 --> 02:35:01.458 that operate pieces 02:35:01.458 --> 02:35:04.894 of the infrastructure aren't exactly forthcoming 02:35:04.894 --> 02:35:06.696 to government saying, "Here, 02:35:06.696 --> 02:35:09.099 this is how to safely regulate the internet. 02:35:09.099 --> 02:35:11.334 That guide book has not been written." 02:35:11.334 --> 02:35:15.004 And so, without a meeting of the minds on this topic, 02:35:15.004 --> 02:35:18.875 we run the risk that governments are going to make regulations 02:35:18.875 --> 02:35:21.978 that make no sense or break portions of the internet. 02:35:21.978 --> 02:35:24.080 Until this an understood common framework 02:35:24.080 --> 02:35:26.616 for this, we're all at risk. 02:35:26.616 --> 02:35:29.219 >> Lynn, do you wanted to talk? 02:35:29.219 --> 02:35:32.188 >> Yeah, very good comments both from Laura and John, 02:35:32.188 --> 02:35:35.158 and I just want to make sure that we're left with a myth here 02:35:35.158 --> 02:35:36.693 that much of the internet committee believes 02:35:36.693 --> 02:35:38.528 that there's no rule for governments. 02:35:38.528 --> 02:35:40.230 We've been engaging with governments 02:35:40.230 --> 02:35:43.500 and certainly we could have done it better over the years. 02:35:43.500 --> 02:35:45.402 But, you know, for many, 02:35:45.402 --> 02:35:48.671 many years when ISOC had a very small staff of seven people, 02:35:48.671 --> 02:35:51.841 I was going to [inaudible] and spending weeks 02:35:51.841 --> 02:35:54.644 because you don't go to United Nations meeting for two days, 02:35:54.644 --> 02:35:56.679 you'd go for two and three weeks. 02:35:56.679 --> 02:35:58.648 That's a significant investment, 02:35:58.648 --> 02:36:00.483 and we went because we wanted people 02:36:00.483 --> 02:36:03.787 to understand how the internets actually worked. 02:36:03.787 --> 02:36:06.322 And I-- it's like a slight disagreement with John 02:36:06.322 --> 02:36:09.793 and nobody has the answer but how we regulate for a lot 02:36:09.793 --> 02:36:11.327 of this new environments. 02:36:11.327 --> 02:36:13.797 It's not because we think there should be no regulations 02:36:13.797 --> 02:36:15.465 because we can't figure out what sort 02:36:15.465 --> 02:36:17.367 of regulation there should be. 02:36:17.367 --> 02:36:20.403 And to John's other point, it is because of the pace 02:36:20.403 --> 02:36:22.472 with which the internet changes. 02:36:22.472 --> 02:36:23.907 And it is to the fact that it has broken 02:36:23.907 --> 02:36:25.108 so many global boundaries. 02:36:25.108 --> 02:36:28.211 You can do it within any single context. 02:36:28.211 --> 02:36:30.079 So, it is a very, very complex world. 02:36:30.079 --> 02:36:34.984 And we continue to advocate for dialogue discussion, thoughtful, 02:36:34.984 --> 02:36:36.619 let it take the time it needs. 02:36:36.619 --> 02:36:40.123 We need to pull apart lots of different complexities 02:36:40.123 --> 02:36:42.025 and let the right thing emerge. 02:36:42.025 --> 02:36:43.860 That is not the same as saying no rule 02:36:43.860 --> 02:36:46.729 for governments but it often gets-- 02:36:46.729 --> 02:36:49.666 >> And another dimension of this is not all governments are 02:36:49.666 --> 02:36:51.034 the same. 02:36:51.034 --> 02:36:56.706 Because you can talk about China being a pretty malign force 02:36:56.706 --> 02:37:00.043 in terms of internet freedom to say nothing of Iran 02:37:00.043 --> 02:37:03.980 which uses the internet to roll up all networks of descent, 02:37:03.980 --> 02:37:05.882 where in Tahrir Square, 02:37:05.882 --> 02:37:09.886 the internet is a mechanism for expression. 02:37:09.886 --> 02:37:12.689 So, part of it, you can-- 02:37:12.689 --> 02:37:15.024 part of the problem is government even 02:37:15.024 --> 02:37:17.827 as a concept is subject to many different definitions. 02:37:17.827 --> 02:37:19.028 Yeah. 02:37:19.028 --> 02:37:20.763 >> It is Steve but that's probably why the western 02:37:20.763 --> 02:37:26.302 governments that operate in democracies with legal 02:37:26.302 --> 02:37:28.538 and constitutional frameworks 02:37:28.538 --> 02:37:31.341 that it's particularly important. 02:37:31.341 --> 02:37:34.210 And one of the reasons people are particularly unhappy 02:37:34.210 --> 02:37:37.146 about this particular surveillance is if we're trying 02:37:37.146 --> 02:37:39.482 to come up with this nuanced role 02:37:39.482 --> 02:37:41.618 about where government belongs, 02:37:41.618 --> 02:37:43.987 we haven't exactly sent the right message 02:37:43.987 --> 02:37:45.188 to the rest of the world. 02:37:45.188 --> 02:37:47.423 And I think that's part of the problem here. 02:37:47.423 --> 02:37:50.393 >> I just want to offer a kind of a friendly amendment, 02:37:50.393 --> 02:37:52.662 I hope to John's view, you know. 02:37:52.662 --> 02:37:56.633 I think John correctly points out that attempting 02:37:56.633 --> 02:37:59.836 to regulate the internet infrastructure whether it's the 02:37:59.836 --> 02:38:02.105 institutions that operate and design it 02:38:02.105 --> 02:38:06.042 or the actual operators is very [inaudible] 02:38:06.042 --> 02:38:08.478 because it changes very quickly and it has 02:38:08.478 --> 02:38:09.746 to work on a global basis. 02:38:09.746 --> 02:38:11.915 That was the experience of the-- 02:38:11.915 --> 02:38:14.551 of SOPA, the Stop Online Privacy Act, 02:38:14.551 --> 02:38:18.721 was that policymakers thought they could reach in-- 02:38:18.721 --> 02:38:19.422 >> Piracy. 02:38:19.422 --> 02:38:21.057 >> -- sorry, Piracy Act. 02:38:21.057 --> 02:38:22.559 >> [Inaudible] is the stop-- 02:38:22.559 --> 02:38:23.993 >> That's right. 02:38:23.993 --> 02:38:27.430 Thank you, thank you, thank you. 02:38:27.430 --> 02:38:29.999 Right, you know, governments thought they could reach 02:38:29.999 --> 02:38:32.602 in to the internet infrastructure 02:38:32.602 --> 02:38:34.304 to solve a problem that is really 02:38:34.304 --> 02:38:37.473 about human behavior and violating laws. 02:38:37.473 --> 02:38:40.843 However, at the same time there are plenty of legal rules 02:38:40.843 --> 02:38:44.881 that actually work incredibly well on the internet. 02:38:44.881 --> 02:38:48.117 You know, the FTC is still using the Fair Credit Reporting Act 02:38:48.117 --> 02:38:51.054 from 1970 which was one of our first piracy laws 02:38:51.054 --> 02:38:54.691 in United States to stop very advanced sophisticated online 02:38:54.691 --> 02:38:56.292 services from harming people. 02:38:56.292 --> 02:38:58.394 That's not causing John any problems. 02:38:58.394 --> 02:39:01.030 He's not-- he [inaudible] even think about it. 02:39:01.030 --> 02:39:08.338 And so I think there's-- I think that it's when governments try 02:39:08.338 --> 02:39:10.173 to do this sort of shortcuts that they were used 02:39:10.173 --> 02:39:12.642 to doing is you were suggesting with the broadcasters, you know, 02:39:12.642 --> 02:39:14.978 say, "You guys have to behave this way in order for us 02:39:14.978 --> 02:39:16.813 to achieve a broader policy goal." 02:39:16.813 --> 02:39:18.848 That's where we really have problems 02:39:18.848 --> 02:39:20.583 in the internet environment. 02:39:20.583 --> 02:39:25.822 >> You know, number of you have used the word privacy as a value 02:39:25.822 --> 02:39:29.292 and as a very curious [phonetic] value. 02:39:29.292 --> 02:39:32.195 But I want you to play with the idea 02:39:32.195 --> 02:39:34.297 that perhaps we're actually really ambivalent 02:39:34.297 --> 02:39:37.767 about the question of privacy because in fact in many ways, 02:39:37.767 --> 02:39:43.940 the wide availability of data is actually an enormous convenient. 02:39:43.940 --> 02:39:46.843 Every time you go to a website and you put 02:39:46.843 --> 02:39:49.779 in your e-mail address and up comes your password 02:39:49.779 --> 02:39:52.048 and all your credit card information 02:39:52.048 --> 02:39:54.984 and at one stop shopping at Amazon, right? 02:39:54.984 --> 02:39:58.821 We all love it but isn't that-- 02:39:58.821 --> 02:40:01.024 >> But we've made a decision to share that with them, so. 02:40:01.024 --> 02:40:01.724 >> Well-- 02:40:01.724 --> 02:40:02.792 >> Wait just a minute. 02:40:02.792 --> 02:40:04.861 I want a-- I want a-- I understand that. 02:40:04.861 --> 02:40:08.798 But I want to pose a question about whether at some point, 02:40:08.798 --> 02:40:11.534 aren't we really ambivalent about this question 02:40:11.534 --> 02:40:17.173 that we actually like people to have information about us 02:40:17.173 --> 02:40:20.610 when it serves our purposes of convenience and accessibility. 02:40:20.610 --> 02:40:22.945 And that there was a certain-- 02:40:22.945 --> 02:40:25.214 I understand your point about voluntary. 02:40:25.214 --> 02:40:27.650 But this will mark [phonetic] a point here as well. 02:40:27.650 --> 02:40:29.752 >> I think part of the problem is-- 02:40:29.752 --> 02:40:32.088 is the public is realizing that the people 02:40:32.088 --> 02:40:34.357 that are storing the information that we give 02:40:34.357 --> 02:40:37.827 to them aren't doing a good a job in protecting it. 02:40:37.827 --> 02:40:39.962 I could go to my local bank-- I grew up in Falls Church. 02:40:39.962 --> 02:40:42.098 I used to go to the local First Virginia Bank right there 02:40:42.098 --> 02:40:43.232 in Falls Church. 02:40:43.232 --> 02:40:45.068 I gave them all my information when I opened 02:40:45.068 --> 02:40:47.170 up my first account when I was a teenager. 02:40:47.170 --> 02:40:49.539 And I had a reasonable expectation 02:40:49.539 --> 02:40:51.107 that the only way they were going to get that-- 02:40:51.107 --> 02:40:53.409 anybody else is going to get that information was 02:40:53.409 --> 02:40:56.713 if they actually went in and rob the bank and stole the file, 02:40:56.713 --> 02:40:59.048 you know, the file cabinet or whatever. 02:40:59.048 --> 02:41:00.717 >> Or if anyone in the government wanted it? 02:41:00.717 --> 02:41:02.318 >> Or if anyone in the government want it? 02:41:02.318 --> 02:41:04.754 I mean that-- I mean that, you know, that-- 02:41:04.754 --> 02:41:05.588 that's a reasonable thing. 02:41:05.588 --> 02:41:07.056 But nowadays when we find 02:41:07.056 --> 02:41:09.992 out that you have all these massive data leaks, you know, 02:41:09.992 --> 02:41:13.096 and when you examine the root cause of what-- 02:41:13.096 --> 02:41:15.565 what the leak was from a tactical standpoint, 02:41:15.565 --> 02:41:17.900 I should have been fixed 15 years ago. 02:41:17.900 --> 02:41:22.238 You know, some of these attacks, I do a talk now if they ask me, 02:41:22.238 --> 02:41:24.741 you know, I guess it's because I had gray hair and I've been 02:41:24.741 --> 02:41:26.943 in the security business for 20 years. 02:41:26.943 --> 02:41:29.011 I think I noticed something 02:41:29.011 --> 02:41:32.648 but I do [inaudible] that the contract-- 02:41:32.648 --> 02:41:33.750 >> It's because of the ponytail. 02:41:33.750 --> 02:41:35.151 >> I think it is. 02:41:35.151 --> 02:41:37.086 You know, it's the-- it's the same attack methods that we saw 02:41:37.086 --> 02:41:41.157 in the early '90s are still effective in 2013. 02:41:41.157 --> 02:41:44.494 And so my question to the technical community was, 02:41:44.494 --> 02:41:47.764 what have we been doing this last 20 years? 02:41:47.764 --> 02:41:53.035 I mean, you know, I in the SANS Institute that I was a part of, 02:41:53.035 --> 02:41:56.672 we drew up a top ten threats in 2001. 02:41:56.672 --> 02:42:00.810 I pulled it out and today in 2013, every single one 02:42:00.810 --> 02:42:05.181 of those top ten threats from 2001 is still affecting today. 02:42:05.181 --> 02:42:07.850 So, what have we been doing to protect ourselves? 02:42:07.850 --> 02:42:09.218 And I think it's that type 02:42:09.218 --> 02:42:13.322 of thing that's causing this rumble about, you know, well, 02:42:13.322 --> 02:42:15.491 private industry isn't doing anything about it, 02:42:15.491 --> 02:42:17.493 individuals aren't doing anything about it. 02:42:17.493 --> 02:42:19.629 So, that only leaves a government 02:42:19.629 --> 02:42:22.331 to do something about it, you know. 02:42:22.331 --> 02:42:25.301 And so I think that's why we're seeing that pushing 02:42:25.301 --> 02:42:27.670 that direction, 'cause historically when you look 02:42:27.670 --> 02:42:30.840 at it, the same things are still affecting us, 02:42:30.840 --> 02:42:33.342 it's just that what's happening now is back in 2001, 02:42:33.342 --> 02:42:37.013 the scope of a data breach was much less than the scope 02:42:37.013 --> 02:42:38.014 of the data breach now. 02:42:38.014 --> 02:42:39.048 >> Sure, sure. 02:42:39.048 --> 02:42:40.016 >> And just one last aside [phonetic]. 02:42:40.016 --> 02:42:41.050 The iPhone, I think, I looked it up, 02:42:41.050 --> 02:42:43.586 is five years old today-- this year. 02:42:43.586 --> 02:42:47.690 So, to answer your question about why the difference from-- 02:42:47.690 --> 02:42:49.091 >> Hold on just a second. 02:42:49.091 --> 02:42:50.493 John and Leslie, you want a-- is there a point you wanted to make 02:42:50.493 --> 02:42:52.962 about the voluntary submission of data. 02:42:52.962 --> 02:42:54.697 >> I don't think so. 02:42:54.697 --> 02:42:58.234 I think every point has been made by everybody quite well. 02:42:58.234 --> 02:42:59.669 >> OK. John? 02:42:59.669 --> 02:43:03.306 >> You thought-- say that maybe people don't value privacy 02:43:03.306 --> 02:43:06.809 over convenience, and that that we give up privacy 02:43:06.809 --> 02:43:10.146 and there's no outrage about that. 02:43:10.146 --> 02:43:12.815 Why is there an outrage in some cases? 02:43:12.815 --> 02:43:15.117 And I guess the question that comes up is, 02:43:15.117 --> 02:43:18.120 a lot of people voluntarily give up privacy 02:43:18.120 --> 02:43:19.755 because we want the convenience. 02:43:19.755 --> 02:43:22.091 We want to click the button and get the order done. 02:43:22.091 --> 02:43:24.293 We want the website to know who we are. 02:43:24.293 --> 02:43:26.195 We want to fill out all the information 02:43:26.195 --> 02:43:30.233 on the airline profile because it just makes traveling a little 02:43:30.233 --> 02:43:31.868 easier and anything that makes it easier-- 02:43:31.868 --> 02:43:34.303 >> And who can not remember all those damn passwords anyway, 02:43:34.303 --> 02:43:35.271 right? 02:43:35.271 --> 02:43:36.806 >> So there are times we do that. 02:43:36.806 --> 02:43:40.109 But the reality is that there's also times when you consent 02:43:40.109 --> 02:43:43.846 to losing your privacy in situations that aren't 02:43:43.846 --> 02:43:46.582 for your convenience but you're going to anyway. 02:43:46.582 --> 02:43:47.950 Next time you're going to your doctor, 02:43:47.950 --> 02:43:51.153 pick up that HIPAA form and look at it, OK? 02:43:51.153 --> 02:43:53.890 It says, "We're going to share your data with the CDC 02:43:53.890 --> 02:43:55.925 because if there's an outbreak of something, 02:43:55.925 --> 02:43:57.693 we're going to do that, OK?" 02:43:57.693 --> 02:44:00.096 It's not for my convenience, hopefully, I'm not relevant, 02:44:00.096 --> 02:44:02.598 but the fact is they're going to do what-- 02:44:02.598 --> 02:44:06.135 and we consent with because well, we knew about it. 02:44:06.135 --> 02:44:07.370 We understand-- 02:44:07.370 --> 02:44:08.771 >> And there's a public interest involved because-- 02:44:08.771 --> 02:44:12.275 >> There's a public interest but also as annoying 02:44:12.275 --> 02:44:15.177 as that form is, they took the time to tell us. 02:44:15.177 --> 02:44:17.480 I do think that's a different question 02:44:17.480 --> 02:44:19.181 when there's surveillance is going on 02:44:19.181 --> 02:44:20.917 and you don't know about it at all. 02:44:20.917 --> 02:44:25.021 And I think that might be the angst behind a lot of this. 02:44:25.021 --> 02:44:26.155 >> Leslie? 02:44:26.155 --> 02:44:27.456 >> Well, I also think that there's difference 02:44:27.456 --> 02:44:30.393 between surveillance by the government 02:44:30.393 --> 02:44:33.729 and surveillance by companies. 02:44:33.729 --> 02:44:35.898 I mean I think they've become more joined together 02:44:35.898 --> 02:44:39.101 because they are now the source of all the information 02:44:39.101 --> 02:44:40.403 that the government is collecting. 02:44:40.403 --> 02:44:43.439 But I think at least in the constitutional system, 02:44:43.439 --> 02:44:46.042 not in Europe where they're making a distinction. 02:44:46.042 --> 02:44:51.847 Having that government who has the capacity to impose penalties 02:44:51.847 --> 02:44:59.155 on people and make choices about who is going to be prosecuted, 02:44:59.155 --> 02:45:03.859 et cetera, is entirely different matter than whether I like 02:45:03.859 --> 02:45:05.428 or disliked it, you know, 02:45:05.428 --> 02:45:08.731 Google Profiles keep sending me the same crib 02:45:08.731 --> 02:45:11.600 for my pregnant daughter over and over again. 02:45:11.600 --> 02:45:14.403 I'm annoyed, I'm extremely annoyed. 02:45:14.403 --> 02:45:15.638 But I also think-- 02:45:15.638 --> 02:45:17.039 >> They knew she was pregnant before she did, yes? 02:45:17.039 --> 02:45:18.107 >> Yes. 02:45:18.107 --> 02:45:19.308 >> Well, they probably did, but they knew 02:45:19.308 --> 02:45:21.277 that I did this thing once and it's following the-- 02:45:21.277 --> 02:45:23.512 it's literally following me around the world. 02:45:23.512 --> 02:45:24.947 I mean it's became kind of a joke. 02:45:24.947 --> 02:45:28.250 But I find that annoying and I'm somebody who knows how 02:45:28.250 --> 02:45:29.819 to set my privacy settings. 02:45:29.819 --> 02:45:33.889 So, you know, in one-- in one circumstance it's a loss 02:45:33.889 --> 02:45:37.393 of some measure of control, we ought to have more control, 02:45:37.393 --> 02:45:39.762 it's one of the reasons we ought to have a baseline build 02:45:39.762 --> 02:45:42.498 to give us some fair information practices. 02:45:42.498 --> 02:45:46.869 In the other, you know, the government has the capacity 02:45:46.869 --> 02:45:49.271 to make very important decisions about us. 02:45:49.271 --> 02:45:53.309 And we have a constitution that says they have to follow rules. 02:45:53.309 --> 02:45:59.548 And so we do react differently to the crib and to the NSA. 02:45:59.548 --> 02:46:00.683 >> Yeah. 02:46:00.683 --> 02:46:04.987 >> The one thing I would say about our tension 02:46:04.987 --> 02:46:09.358 between convenience and privacy is-- I just think that-- 02:46:09.358 --> 02:46:14.296 I think privacy has always been a kind of a contested concept. 02:46:14.296 --> 02:46:15.865 I mean, it's not an absolute. 02:46:15.865 --> 02:46:18.300 I don't think there's anyone hardly in the world 02:46:18.300 --> 02:46:21.670 who thinks it's-- it's an absolute condition. 02:46:21.670 --> 02:46:23.572 But we know, as Leslie is saying, 02:46:23.572 --> 02:46:26.709 we have different privacy expectations. 02:46:26.709 --> 02:46:30.346 We want different privacy results at different times. 02:46:30.346 --> 02:46:34.016 And some of the-- some of the privacy promise 02:46:34.016 --> 02:46:35.484 that we have [inaudible] 02:46:35.484 --> 02:46:38.454 like seeing the same crib too many times. 02:46:38.454 --> 02:46:40.923 Others have real consequence 02:46:40.923 --> 02:46:42.291 like if you're credit report is wrong 02:46:42.291 --> 02:46:44.293 and you can't get a mortgage, you're really, you know, 02:46:44.293 --> 02:46:46.529 it really-- or you don't get a job, you know, 02:46:46.529 --> 02:46:47.730 it really makes a difference. 02:46:47.730 --> 02:46:52.701 And I think that-- I think in a way the phrase-- 02:46:52.701 --> 02:46:54.703 I think categorizing privacy 02:46:54.703 --> 02:46:58.007 as a single right is what makes the conversation a little 02:46:58.007 --> 02:47:00.476 confused because it-- the reality is it's a number 02:47:00.476 --> 02:47:02.845 of concerns wrapped up into one. 02:47:02.845 --> 02:47:06.882 >> But in this day and age, isn't it a little naive to say, 02:47:06.882 --> 02:47:08.984 I'm going to give my information to Amazon? 02:47:08.984 --> 02:47:11.087 Or I'm going to give my information to Google 02:47:11.087 --> 02:47:14.824 for my own purposes because I choose to, and somehow I'm going 02:47:14.824 --> 02:47:16.959 to be able to control-- 02:47:16.959 --> 02:47:17.993 >> Oh, yes. 02:47:17.993 --> 02:47:19.829 >> -- all the use of that information. 02:47:19.829 --> 02:47:21.630 >> Yeah, that's not-- that's not doable, 02:47:21.630 --> 02:47:24.033 and I don't think any privacy law we would pass 02:47:24.033 --> 02:47:27.803 in this country would change that. 02:47:27.803 --> 02:47:29.238 >> It is naive but I think-- 02:47:29.238 --> 02:47:33.542 I think the problem is I don't mind giving you any information 02:47:33.542 --> 02:47:37.179 you ask about me if you tell me ahead of time what you're going 02:47:37.179 --> 02:47:38.380 to do with that information. 02:47:38.380 --> 02:47:40.816 So, what John was talking about in the HIPAA thing 02:47:40.816 --> 02:47:43.853 when they say, "We're going to give it out to the CDC," 02:47:43.853 --> 02:47:46.655 and you tell me ahead of time before I give you 02:47:46.655 --> 02:47:48.724 that information, that's much-- 02:47:48.724 --> 02:47:51.927 that's a much different environment than giving it here 02:47:51.927 --> 02:47:54.563 and then buried in [inaudible] fine print is a little click 02:47:54.563 --> 02:47:55.764 thing that says, "Oh, by the way, 02:47:55.764 --> 02:47:57.500 we're going to just give this to anybody we want." 02:47:57.500 --> 02:47:59.235 >> We only have few minutes, and I want to-- 02:47:59.235 --> 02:48:02.771 you've mentioned out, a number of you, the fact that we're-- 02:48:02.771 --> 02:48:06.308 we're dealing with a very complex system as Laura said 02:48:06.308 --> 02:48:08.310 with a lot of stakeholders here. 02:48:08.310 --> 02:48:13.015 And one of the stakeholders are these providers whether it's 02:48:13.015 --> 02:48:18.220 Google, whether it's Yahoo, who take that information. 02:48:18.220 --> 02:48:20.389 They don't warn you in some ways that they're going 02:48:20.389 --> 02:48:23.259 to give it away because they're not voluntarily giving it away. 02:48:23.259 --> 02:48:24.393 They're being subpoenaed, 02:48:24.393 --> 02:48:26.295 they're being ordered to by the government. 02:48:26.295 --> 02:48:27.296 And they are caught. 02:48:27.296 --> 02:48:29.765 We have-- this institution, 02:48:29.765 --> 02:48:33.536 these huge institutions are private institutions, 02:48:33.536 --> 02:48:34.970 but as we've learned through PRISM 02:48:34.970 --> 02:48:39.909 and all the revelation subject to government orders 02:48:39.909 --> 02:48:42.244 and government warrants. 02:48:42.244 --> 02:48:45.814 And many of them are fighting this at least fighting 02:48:45.814 --> 02:48:49.552 to be able to be more transparent because they have-- 02:48:49.552 --> 02:48:51.620 they're stakeholders, too. 02:48:51.620 --> 02:48:54.523 And-- and they are worried that their brands are going 02:48:54.523 --> 02:48:57.059 to be tarnished by being swept up in this. 02:48:57.059 --> 02:48:59.562 And to talk a little bit about the special role 02:48:59.562 --> 02:49:02.097 of this institution, these intermediary institutions, 02:49:02.097 --> 02:49:04.867 the Apples, the Microsofts, the Googles who are 02:49:04.867 --> 02:49:06.869 on one hand are getting pulled by the government 02:49:06.869 --> 02:49:08.270 to release information. 02:49:08.270 --> 02:49:10.940 On the other hand, they're being pressured to keep it private. 02:49:10.940 --> 02:49:12.041 >> Yeah. 02:49:12.041 --> 02:49:14.877 >> Yeah, that's a really important question. 02:49:14.877 --> 02:49:18.781 And if you look at-- Let me just back it up to before PRISM. 02:49:18.781 --> 02:49:21.951 If you look at even just the Google transparency reports 02:49:21.951 --> 02:49:24.353 which probably don't have everything and I think 02:49:24.353 --> 02:49:27.723 and even Google says that national security isn't-- 02:49:27.723 --> 02:49:30.459 not everything is reflected in the transparency reports. 02:49:30.459 --> 02:49:32.428 But when you do look at something like that, 02:49:32.428 --> 02:49:34.430 you can see that there is a very big disconnect 02:49:34.430 --> 02:49:36.966 between what governments are asking information 02:49:36.966 --> 02:49:40.102 intermediaries to do and what they actually do. 02:49:40.102 --> 02:49:43.706 So, you can see that-- just to give an example. 02:49:43.706 --> 02:49:49.411 Maybe they disclosed data about an individual in 37 percent, 02:49:49.411 --> 02:49:53.816 37 percent of the time in-- to the Brazilian government 02:49:53.816 --> 02:49:56.685 or 47 percent of the time to another government. 02:49:56.685 --> 02:49:58.087 Do you see what I'm saying? 02:49:58.087 --> 02:50:01.223 There is a disconnect in that differential between the request 02:50:01.223 --> 02:50:04.260 to turn over user data and the actual instances 02:50:04.260 --> 02:50:05.494 of turning over the data. 02:50:05.494 --> 02:50:09.064 That's where they have this special governance role. 02:50:09.064 --> 02:50:10.933 And that's an important point the make. 02:50:10.933 --> 02:50:15.938 But they also bear a burden in carrying out a request 02:50:15.938 --> 02:50:18.207 such as the more recent revelations 02:50:18.207 --> 02:50:20.843 because there is a public relations hit. 02:50:20.843 --> 02:50:25.648 There is the cost of hiring numerous attorneys to deal 02:50:25.648 --> 02:50:27.316 with the fallout from this. 02:50:27.316 --> 02:50:29.485 And there's the possible economic impact 02:50:29.485 --> 02:50:32.755 of having trouble doing business in other parts of the world 02:50:32.755 --> 02:50:35.924 that might be suspicious towards those companies. 02:50:35.924 --> 02:50:39.194 >> Yeah, you might be thanking-- they might be thanking Snowden 02:50:39.194 --> 02:50:41.563 for the revelations because and, of course, 02:50:41.563 --> 02:50:44.600 by the national security letters. 02:50:44.600 --> 02:50:45.734 They're not allowed to-- 02:50:45.734 --> 02:50:48.304 to let anyone know that they collected the data. 02:50:48.304 --> 02:50:49.805 So, now on the other hand, you have the-- 02:50:49.805 --> 02:50:51.707 the Snowden revelations which were saying, "Hey, 02:50:51.707 --> 02:50:53.976 these guys had to give out the data". 02:50:53.976 --> 02:50:56.812 So, you know, and now that's come out. 02:50:56.812 --> 02:50:58.580 What they should have said is instead of trying 02:50:58.580 --> 02:50:59.648 to back [inaudible] been saying, "You know, 02:50:59.648 --> 02:51:01.717 trying to save their reputation." 02:51:01.717 --> 02:51:03.018 We said, "Look, you got subpoenaed, 02:51:03.018 --> 02:51:04.086 we know you got subpoenaed, 02:51:04.086 --> 02:51:07.089 you gave up the data because it's a law." 02:51:07.089 --> 02:51:11.760 But I think that that piece of it is the secrecy, 02:51:11.760 --> 02:51:15.964 not being able to say why something was collected, 02:51:15.964 --> 02:51:18.567 you know, and not being able to even say anything about it. 02:51:18.567 --> 02:51:19.835 Lesley? 02:51:19.835 --> 02:51:23.706 >> Well, the question raised is this bigger question 02:51:23.706 --> 02:51:27.576 when we talk about players in the internet echo system. 02:51:27.576 --> 02:51:31.413 The intermediaries are a critical part. 02:51:31.413 --> 02:51:35.584 And we have-- under our law, we sort of provide them with a lot 02:51:35.584 --> 02:51:39.455 of special protections because they can't be liable 02:51:39.455 --> 02:51:42.524 for everything that's going on in their platforms. 02:51:42.524 --> 02:51:44.526 And yet there under enormous pressure, 02:51:44.526 --> 02:51:50.265 this national security revelation is one small piece 02:51:50.265 --> 02:51:53.502 of this very complex environment where when you ask 02:51:53.502 --> 02:51:57.339 about governments and government is trying to regulate, 02:51:57.339 --> 02:52:01.944 the first place that governments go in trying to solve anything, 02:52:01.944 --> 02:52:05.013 a social problem is to try to figure out how 02:52:05.013 --> 02:52:08.283 to get the intermediaries to take on that responsibility. 02:52:08.283 --> 02:52:11.620 So, this has been sort of a tension that's existed 02:52:11.620 --> 02:52:15.858 since we actually had any kind of powerful intermediary. 02:52:15.858 --> 02:52:18.527 So, that's one side, and the other side is the amounts 02:52:18.527 --> 02:52:21.163 of power they have as a governance entity 02:52:21.163 --> 02:52:22.831 to set the rules of [inaudible] for the internet. 02:52:22.831 --> 02:52:24.032 And so-- 02:52:24.032 --> 02:52:25.801 >> And one of the interesting variables here is, 02:52:25.801 --> 02:52:28.737 I noticed just recently that several of the big players, 02:52:28.737 --> 02:52:30.939 Microsoft, Google, Yahoo, 02:52:30.939 --> 02:52:33.575 I think three have all filed suit-- 02:52:33.575 --> 02:52:34.877 >> Right. 02:52:34.877 --> 02:52:38.080 >> -- in an attempt to be able to be more transparent 02:52:38.080 --> 02:52:40.883 about the role and the-- and the requirements they're under. 02:52:40.883 --> 02:52:43.185 I think in part because of the point Laura was raising 02:52:43.185 --> 02:52:46.955 that they themselves, given the culture that they're part of 02:52:46.955 --> 02:52:48.857 and the stakeholders they have, 02:52:48.857 --> 02:52:52.060 they are taking a big public relations in branding hit 02:52:52.060 --> 02:52:53.162 for this kind of cooperation. 02:52:53.162 --> 02:52:55.063 >> And they also have real leverage here 02:52:55.063 --> 02:52:58.600 which they have exercised on occasion, you know. 02:52:58.600 --> 02:53:02.838 Many of the big intermediaries Google, Twitter, 02:53:02.838 --> 02:53:06.975 others have at times gone to court to challenge subpoenas 02:53:06.975 --> 02:53:09.144 and other kinds of court orders they receive saying 02:53:09.144 --> 02:53:10.345 that they're too broad. 02:53:10.345 --> 02:53:11.780 I mean, Google had been-- 02:53:11.780 --> 02:53:15.617 had been under order to turnover large volumes 02:53:15.617 --> 02:53:17.686 of search log data, this was just a criminal case, 02:53:17.686 --> 02:53:18.287 it's not [inaudible] cases. 02:53:18.287 --> 02:53:19.555 >> Right. 02:53:19.555 --> 02:53:20.923 >> And they've challenged those and they, you know, 02:53:20.923 --> 02:53:24.126 so the intermediaries have a really important role 02:53:24.126 --> 02:53:26.829 because at least until there's a change in the law, 02:53:26.829 --> 02:53:29.865 they are often the only ones who can actually bring any kind 02:53:29.865 --> 02:53:31.400 of challenge to the scope of the-- 02:53:31.400 --> 02:53:34.102 of the authority that the government is claiming. 02:53:34.102 --> 02:53:37.473 >> This is nothing new because in World War II, 02:53:37.473 --> 02:53:41.009 the federal government used to look at the telegraphs at RCA 02:53:41.009 --> 02:53:44.112 and look at the phone system for records and stuff like that. 02:53:44.112 --> 02:53:46.448 I mean what's changed is the number of players 02:53:46.448 --> 02:53:48.550 because back then it was just those two, I suppose, 02:53:48.550 --> 02:53:49.885 plus maybe some minors. 02:53:49.885 --> 02:53:51.220 Now you have you know multi-- 02:53:51.220 --> 02:53:53.255 multinational groups all over the place. 02:53:53.255 --> 02:53:56.725 But the technique, I mean, the tactic of government going 02:53:56.725 --> 02:54:01.964 to a provider and getting the information they need, it's-- 02:54:01.964 --> 02:54:03.098 it's [inaudible] been there. 02:54:03.098 --> 02:54:04.733 >> I would assume the Egyptian government did 02:54:04.733 --> 02:54:07.102 that when the communications were chiseled, you know, 02:54:07.102 --> 02:54:08.637 letters chiseled on stone tablets. 02:54:08.637 --> 02:54:11.206 >> I'm going to-- We have five minutes left. 02:54:11.206 --> 02:54:13.709 I'm going to give each you one minute to-- 02:54:13.709 --> 02:54:14.776 we've had a long day, 02:54:14.776 --> 02:54:18.080 very attentive audience, lot of issues. 02:54:18.080 --> 02:54:23.385 But I want to give each of you a chance to make a final point 02:54:23.385 --> 02:54:25.120 after this conversation. 02:54:25.120 --> 02:54:27.322 You started with your initial remarks. 02:54:27.322 --> 02:54:29.691 But what do you want the audience to be left with? 02:54:29.691 --> 02:54:33.562 What-- in each of your mind is something significant we've 02:54:33.562 --> 02:54:36.164 talked about today, an issue that you want to reinforce? 02:54:36.164 --> 02:54:37.866 I want to give each you a chance to do that, 02:54:37.866 --> 02:54:39.601 and since we've started with you earlier, 02:54:39.601 --> 02:54:43.572 I'll start with you this way and we'll go down. 02:54:43.572 --> 02:54:47.376 >> So as contentious this processes is, 02:54:47.376 --> 02:54:49.578 I think it's incredibly important, 02:54:49.578 --> 02:54:52.648 the dialogue that's happening in the United States. 02:54:52.648 --> 02:54:57.052 Hopefully, we can do more than just, you know, have battles 02:54:57.052 --> 02:55:00.489 in the newspapers and on panels like this and really look 02:55:00.489 --> 02:55:04.326 at our legal system and make sure that it has the kind 02:55:04.326 --> 02:55:06.595 of accountability that we needed. 02:55:06.595 --> 02:55:09.131 Laura said, you know, the problem here is scale 02:55:09.131 --> 02:55:10.666 and I really agree with that. 02:55:10.666 --> 02:55:11.967 Courts have been good 02:55:11.967 --> 02:55:14.736 at supervising electronic surveillance [inaudible] one 02:55:14.736 --> 02:55:18.373 wiretap on one phone number or a handful of phone numbers. 02:55:18.373 --> 02:55:22.911 The scale of intrusion here is such that we can only manage it 02:55:22.911 --> 02:55:27.516 and have it a proper oversight with using exactly the same kind 02:55:27.516 --> 02:55:29.518 of computational tools and analytic tools 02:55:29.518 --> 02:55:32.454 that are being used by the intelligence agencies to try 02:55:32.454 --> 02:55:34.423 to mind this data to begin with. 02:55:34.423 --> 02:55:38.260 And the one other thing I would just say is, this is-- 02:55:38.260 --> 02:55:40.729 as several people said, this is a global discussion. 02:55:40.729 --> 02:55:48.003 The US is obviously an important part of the internet environment 02:55:48.003 --> 02:55:50.839 but we are not the only country on the internet 02:55:50.839 --> 02:55:55.644 and we do not control the whole internet and I think that just 02:55:55.644 --> 02:55:58.714 as we are examining the behavior of our intelligence agencies, 02:55:58.714 --> 02:56:01.483 I think it's very important that other countries 02:56:01.483 --> 02:56:04.953 that have democratic values that believe in transparency 02:56:04.953 --> 02:56:08.223 and due process really look very hard at their intelligence 02:56:08.223 --> 02:56:10.258 and surveillance practices as well. 02:56:10.258 --> 02:56:11.293 >> Thanks, Dan. 02:56:11.293 --> 02:56:12.394 Lynn. 02:56:12.394 --> 02:56:15.530 >> I guess I'd start with saying 02:56:15.530 --> 02:56:18.467 that everybody's voice is extraordinarily important, 02:56:18.467 --> 02:56:19.601 not only here in the US 02:56:19.601 --> 02:56:21.403 but every individual around the world. 02:56:21.403 --> 02:56:23.805 And we need attention and we need voice 02:56:23.805 --> 02:56:27.676 to every issue whether it's this particular set of issues 02:56:27.676 --> 02:56:31.980 or it's United Nation's expressed interest 02:56:31.980 --> 02:56:34.549 in some portions of the internet ecosystem. 02:56:34.549 --> 02:56:37.753 And I think specific to this issue, 02:56:37.753 --> 02:56:39.821 the only thing I would say is-- 02:56:39.821 --> 02:56:41.890 [inaudible] we're all very interconnected 02:56:41.890 --> 02:56:43.725 and very interdependent. 02:56:43.725 --> 02:56:46.194 And when we think about things such as security 02:56:46.194 --> 02:56:50.198 or managing risk or trying to manage those tradeoffs, 02:56:50.198 --> 02:56:52.367 we actually need to do that in a-- 02:56:52.367 --> 02:56:54.002 with both sides of the dialogue. 02:56:54.002 --> 02:56:56.938 One actually looking at what we can actually do to protect 02:56:56.938 --> 02:57:00.909 and ensure things that support economic prosperity 02:57:00.909 --> 02:57:04.146 and social development while trading off 02:57:04.146 --> 02:57:07.015 against preventing any perceived harm. 02:57:07.015 --> 02:57:10.852 I think we're far too much to [inaudible] over in the side 02:57:10.852 --> 02:57:12.821 of preventing perceived harm, 02:57:12.821 --> 02:57:15.223 and that we don't quite have the balanced rate yet. 02:57:15.223 --> 02:57:16.625 >> Laura. 02:57:16.625 --> 02:57:22.698 >> I think it's important not to take the stability and success 02:57:22.698 --> 02:57:25.701 and the security of the internet for granted. 02:57:25.701 --> 02:57:29.104 So, we're used to it working for the most part because of efforts 02:57:29.104 --> 02:57:32.274 like John's organization and others and it is working, 02:57:32.274 --> 02:57:36.144 but we also have examples of problems with denial 02:57:36.144 --> 02:57:38.046 of service attacks, examples 02:57:38.046 --> 02:57:40.082 of government is cutting off access, 02:57:40.082 --> 02:57:42.350 examples of interconnection problems. 02:57:42.350 --> 02:57:44.519 We have trends away from interoperability 02:57:44.519 --> 02:57:46.488 which I think is a really big problem. 02:57:46.488 --> 02:57:48.356 We have trends away from anonymity 02:57:48.356 --> 02:57:50.992 which changes the nature of the technical infrastructure. 02:57:50.992 --> 02:57:53.695 So, point one is that we cannot take the stability 02:57:53.695 --> 02:57:54.863 and security for granted. 02:57:54.863 --> 02:57:57.699 It has required a tremendous amount of effort 02:57:57.699 --> 02:58:00.068 on the parts of many, many people. 02:58:00.068 --> 02:58:04.439 And it's something that concerns me everyday when I see some 02:58:04.439 --> 02:58:07.776 of the trends away from interoperability and security 02:58:07.776 --> 02:58:11.747 and interconnection security, basically. 02:58:11.747 --> 02:58:13.115 So, that's point number one. 02:58:13.115 --> 02:58:15.550 The second point is if we believe 02:58:15.550 --> 02:58:19.955 that we have the public sphere in the online environment, 02:58:19.955 --> 02:58:21.990 if we believe that there's a technical mediation 02:58:21.990 --> 02:58:24.292 of the public sphere, then we have to think 02:58:24.292 --> 02:58:25.494 about what that means. 02:58:25.494 --> 02:58:27.095 What does the democracy look 02:58:27.095 --> 02:58:30.699 like when the public sphere is now digital? 02:58:30.699 --> 02:58:35.170 So, we know historically that possibility is for anonymity 02:58:35.170 --> 02:58:37.806 or at least traceable anonymity have been closely linked 02:58:37.806 --> 02:58:39.007 to democracy. 02:58:39.007 --> 02:58:43.645 So, I think it's important to just ask the question 02:58:43.645 --> 02:58:45.280 of what does democracy look 02:58:45.280 --> 02:58:48.817 like when we have this technical mediation of the public sphere 02:58:48.817 --> 02:58:51.319 and the privatization of conditions of civil liberties 02:58:51.319 --> 02:58:55.690 where private companies are getting a request delegated 02:58:55.690 --> 02:58:58.994 from governments or carrying out their own governance 02:58:58.994 --> 02:59:00.362 of these infrastructures. 02:59:00.362 --> 02:59:01.863 So, don't take the internet security 02:59:01.863 --> 02:59:03.765 and instability for granted. 02:59:03.765 --> 02:59:05.801 Remember that we have the technical mediation 02:59:05.801 --> 02:59:07.569 of the public sphere and the privatization 02:59:07.569 --> 02:59:09.171 of conditions of civil liberties. 02:59:09.171 --> 02:59:14.042 And the final point is that internet governance is something 02:59:14.042 --> 02:59:19.381 that is-- that the public can be engaged in. 02:59:19.381 --> 02:59:22.217 We've seen examples of civil society action 02:59:22.217 --> 02:59:27.255 of private action, civil liberties advocates involved 02:59:27.255 --> 02:59:28.990 in decisions about internet governance. 02:59:28.990 --> 02:59:30.826 There are many avenues to do that. 02:59:30.826 --> 02:59:33.495 That the-- I do have an engineering background 02:59:33.495 --> 02:59:35.664 but the technology is not that hard 02:59:35.664 --> 02:59:38.600 that people can learn the technology, learn the issues 02:59:38.600 --> 02:59:41.369 and get engaged in these debates which are very important 02:59:41.369 --> 02:59:43.104 because as goes internet governance, 02:59:43.104 --> 02:59:44.906 so goes internet freedom. 02:59:44.906 --> 02:59:46.908 >> Randy? 02:59:46.908 --> 02:59:51.379 >> All of you here that are attending this panel discussion, 02:59:51.379 --> 02:59:54.249 you all have stake in what we've been talking about. 02:59:54.249 --> 02:59:57.519 And so I would challenge you guys to not only make sure 02:59:57.519 --> 02:59:59.321 that your peers understand what some of the pressures are 02:59:59.321 --> 03:00:00.622 and what some of the pitfalls and what are some 03:00:00.622 --> 03:00:02.023 of the disadvantages are of working with the internet. 03:00:02.023 --> 03:00:07.462 But also, you guys are probably going to be on a track 03:00:07.462 --> 03:00:11.433 where you're going to be working with legislators 03:00:11.433 --> 03:00:13.568 and policy makers and things like that. 03:00:13.568 --> 03:00:16.905 And make sure that they understand the implications 03:00:16.905 --> 03:00:20.408 of whatever it is that they're trying to write up or implement, 03:00:20.408 --> 03:00:23.311 both on the legal side and on the policy side. 03:00:23.311 --> 03:00:27.115 That's to me what I see your contribution to the whole thing. 03:00:27.115 --> 03:00:28.884 It's going to be very incremental. 03:00:28.884 --> 03:00:30.619 It's going to take a long time. 03:00:30.619 --> 03:00:33.021 You know if some people talk about the fact that it's 03:00:33.021 --> 03:00:35.490 like when the automobile was first introduced at the turn 03:00:35.490 --> 03:00:39.261 of the century and it took us 25 years to come up with the set 03:00:39.261 --> 03:00:41.162 of laws and procedures to make things work 03:00:41.162 --> 03:00:42.497 when we didn't do that. 03:00:42.497 --> 03:00:44.799 But you guys are the ones that are going to be talking to 03:00:44.799 --> 03:00:48.670 and down the road influencing policy and laws. 03:00:48.670 --> 03:00:51.239 And so, you know, take the challenge, 03:00:51.239 --> 03:00:55.143 do it and influence what you can. 03:00:55.143 --> 03:00:56.177 >> Leslie. 03:00:56.177 --> 03:00:59.080 >> So I'm just going to make one point. 03:00:59.080 --> 03:01:03.051 And that's that those of us who are Americans or people 03:01:03.051 --> 03:01:07.322 in the United States have a voice in this debate 03:01:07.322 --> 03:01:09.257 that we need to exercise. 03:01:09.257 --> 03:01:11.092 But we need to exercise it with more 03:01:11.092 --> 03:01:12.961 than our own rights in mind. 03:01:12.961 --> 03:01:16.965 If-- the interesting thing about the internet and the lack 03:01:16.965 --> 03:01:19.334 of a government control is the-- 03:01:19.334 --> 03:01:23.371 it's also very unclear about who's responsible 03:01:23.371 --> 03:01:29.577 for the human rights of people in the online environment. 03:01:29.577 --> 03:01:33.682 And we-- I think the NSA example that we have data flowing all 03:01:33.682 --> 03:01:37.352 over the world, states have obligations to people 03:01:37.352 --> 03:01:43.758 within their borders, and a few other kinds of places 03:01:43.758 --> 03:01:45.627 that the law has developed. 03:01:45.627 --> 03:01:48.964 We're not sure who has the obligation for the rights 03:01:48.964 --> 03:01:51.399 of internet users in this kind of environment. 03:01:51.399 --> 03:01:56.538 And it's a conversation that really needs to happen 03:01:56.538 --> 03:01:59.007 because the-- our lives, some significant part 03:01:59.007 --> 03:02:03.878 of who we are is now online and flowing through these wires 03:02:03.878 --> 03:02:07.248 and who ultimately is responsible to make sure 03:02:07.248 --> 03:02:10.185 that basic privacy and free expression rights are honored 03:02:10.185 --> 03:02:12.954 has become increasingly complex. 03:02:12.954 --> 03:02:15.657 So, people need to take that on as well. 03:02:15.657 --> 03:02:16.424 >> Last word, John. 03:02:16.424 --> 03:02:20.628 >> It's a global internet. 03:02:20.628 --> 03:02:23.965 There needs to be an equally global discussion 03:02:23.965 --> 03:02:28.203 about the principles by which we operate it. 03:02:28.203 --> 03:02:30.538 And part of what's occurred 03:02:30.538 --> 03:02:34.709 over the last few months will help encourage one aspect 03:02:34.709 --> 03:02:35.677 of that discussion. 03:02:35.677 --> 03:02:37.746 So, it's a probably a good thing. 03:02:37.746 --> 03:02:39.214 >> I want to thank all of you for being here. 03:02:39.214 --> 03:02:40.548 I want to thank the Internet Society. 03:02:40.548 --> 03:02:43.184 I want to thank the GW Engineering Department 03:02:43.184 --> 03:02:45.553 and their [inaudible] Lance Hoffman's Institute. 03:02:45.553 --> 03:02:48.189 Long afternoon, thanks for your patience. 03:02:48.189 --> 03:02:49.324 I hope you learned something. 03:02:49.324 --> 03:02:50.825 Come back again. 03:02:50.825 --> 03:02:51.860 Thanks a lot. 03:02:51.860 --> 03:02:53.928 [Applause]