國家安全 (National Security) - VoiceTube 看影片學英語

字幕列表影片播放

JONATHAN ZITTRAIN: Well, good morning.
My name is Jonathan Zittrain.
I teach here at the law school.
And we have a special treat today.
In some ways, it is a hearkening back
to the past of the '70s and '80s when there was a creature
called Socratic dialogue.
A guy named Fred Friendly got things started on PBS.
You may have seen such things.
It's people with plaid blazers--
I guess this is a subtle plaid --would pose hypotheticals
to one another and to a distinguished panel of guests,
which we have managed to replicate here,
and to see where the hypothetical plays out.
And because it's hypothetical, we
have the freedom to speak our minds,
how we would actually process it were we in the role
that we are in.
We have a number of folks who we're about to introduce them
in their current roles.
We can see how much wisdom and thought
they are going to bring to today's hypothetical.
First a warning that should not be needed on a panel involving
surveillance.
But we are all being surveilled.
This is being webcast live to an audience of indeterminate size
and may be used against you at any later time.
And I also just want to thank a number of the people that
have been involved in pulling together today's hypothetical.
That includes Samantha Bates, Jordy Winestock Adi Kamdar,
Lydia Licklider and others from our rare search group,
John Bowers, Annabel Kupke.
Who else am I missing?
Anybody else to thank for pulling together
our hypothetical today?
Really?
I'm sure I'll hear about it later,
but thank you all for having done it.
And without further ado, let's get
started but first let's introduce people
in their real world guises.
Alex MacGillivray, class of 2000, let's start with you.
You have a, not only checkered, but colored and kaleidoscopic
history with--
a coder before law school a coder during law school.
Then off to--
ALEXANDER MACGILLIVRAY: I really should just let you struggle.
This would be the one time that you--
JONATHAN ZITTRAIN: Well, you ended up at Twitter.
But I feel like there was something in between.
Was it MTV?
ALEXANDER MACGILLIVRAY: I did Wilson Sonsini and then Google.
JONATHAN ZITTRAIN: Wilson Sonsini, then
Google as a lawyer, working on the Google Books project.
ALEXANDER MACGILLIVRAY: Yep.
JONATHAN ZITTRAIN: Which was a great attempt at a success.
Then [INAUDIBLE],, then general council of Twitter,
which everybody loves.
And then the White House, which everybody loves.
And now in Spain convalescing.
ALEXANDER MACGILLIVRAY: Unemployment,
which everybody loves.
JONATHAN ZITTRAIN: So thank you for coming out
of your senescence to join us today on the panel.
Cindy Cohn, currently executive director of the Electronic
Frontier Foundation.
By way of disclosure I should say I'm on the board of that.
Cindy, what else should we know about your background?
CINDY COHN: Oh, I don't know.
I guess you might want to know that in the 1990s,
I helped free encryption from government regulatory control,
making an argument that code is speech protected by the First
Amendment and the government's regulations on code
didn't meet the First Amendment test.
JONATHAN ZITTRAIN: The days of the clipper chip.
CINDY COHN: That would be crypto wars part un.
Now we're in deux.
JONATHAN ZITTRAIN: Which we are now farther along the line.
CINDY COHN: Yes.
JONATHAN ZITTRAIN: Well, thank you for your service.
Alex Abdo, former torts student extraordinaire,
who then went on to the American Civil Liberties Union,
now at the brand new Knight Institute
for the First Amendment.
Any highlights we should know of from your work?
ALEX ABDO: If you think the president shouldn't block
critics on Twitter, then you should follow our work
at the Knight Institute.
JONATHAN ZITTRAIN: That's right.
There's a current suit challenging
the action of @realDonaldTrump blocing people.
ALEX ABDO: That's right.
JONATHAN ZITTRAIN: Got it.
For which the remedy they actually want
is to be able to read his tweets.
Or is it more the direct messaging they're looking for?
ALEX ABDO: There's a bit more to it than that.
JONATHAN ZITTRAIN: Fair enough.
There is a constitutional principle at stake.
I want the right not to read the tweets that I'm allowed to see.
Got it.
Bruce Schneier, cryptologist, cryptographer--
I never knew the difference-- security
technologist, Dungeons and Dragons player extraordinaire,
chef.
What else should we know?
BRUCE SCHNEIER: I like to think I
work in the intersection of security technology and policy,
writing about privacy and security and data.
I don't know.
I teach here now and fellow at Berkman Klein Center.
JONATHAN ZITTRAIN: Wonderful.
You are indeed at the intersection.
Thank you.
David Sanger from The New York Times.
What should we know of your background?
DAVID SANGER: Let's see, went to college here.
Foreign correspondent for many years.
Came back to Washington.
I'm in year 23 of a three-year assignment to Washington.
So when you get stuck in the swamp, you're really stuck.
And I've covered the White House, covered technology.
I cover a lot of national security issues.
I have had more leak investigations directed at me
than I probably would care to recall.
JONATHAN ZITTRAIN: All of them earned.
DAVID SANGER: All of them earned, I hope.
I hope.
And I teach national security here at the Kennedy School.
JONATHAN ZITTRAIN: Perfect.
Thank you.
Daphna Renin, assistant professor
here at the law school, former Department of Justice official,
yes?
DAPHNA RENIN: Yes.
JONATHAN ZITTRAIN: In the Office of Legal Counsel was it?
DAPHNA RENIN: Yes.
From 2009 to 2012, I was there, first
in the Deputy Attorney General's office
and then in the Office of Legal Counsel.
JONATHAN ZITTRAIN: And what is the Office of Legal Counsel?
Why does the Justice Department need a lawyer?
DAPHNA RENIN: Well, the Office of Legal Counsel
is the lawyer to more than the Justice Department.
It's the office located inside DOJ
that advises the White House, the intelligence community,
the executive branch agencies, and DOJ
on complex constitutional and statutory questions.
JONATHAN ZITTRAIN: Got it.
Does the OLC have a lawyer?
That's it.
The buck stops with the OLC.
DAPHNA RENIN: That's right.
JONATHAN ZITTRAIN: Got it.
Matt Olsen, class of 88, former general counsel
of the National Security Agency, former director of the US
Counterterrorism Center.
Anything else we should know about your background?
MATTHEW OLSEN: Probably a proud card
carrying member of the deep state after many, many years
doing that.
JONATHAN ZITTRAIN: Isn't it like being a hipster?
If you say that's what you are, [INAUDIBLE]..
MATTHEW OLSEN: That's it.
You own it.
You embrace that role.
JONATHAN ZITTRAIN: I see.
MATTHEW OLSEN: And I think I might
be one of the few government people,
as the introductions go around.
So I'm expecting to--
JONATHAN ZITTRAIN: You have quite a burden to carry.
MATTHEW OLSEN: --to have a lot on my shoulders.
JONATHAN ZITTRAIN: Yeah.
Great.
Thank you.
Macandrew-- Andrew McLaughlin, class of '94.
Former secretary of the board of the Internet Corporation
for Assigned Names and Numbers, ICAN.
ANDREW MCLAUGHLIN: That is true.
That's not really what my job was.
But if you want to pull out the weirdest title in my quiver--
JONATHAN ZITTRAIN: Generally dyspeptic and combative.
It's important to point out, Jonathan,
that you and I have shared a residence for something
like eight years of our adult lives.
JONATHAN ZITTRAIN: But not currently.
At least to my knowledge.
MATTHEW OLSEN: It's true, but so my combativeness with you
is earned.
JONATHAN ZITTRAIN: Yeah.
Very good.
MATTHEW OLSEN: Need I bring up--
JONATHAN ZITTRAIN: We were former law school roommates
and DC working roommates.
MATTHEW OLSEN: Also true.
JONATHAN ZITTRAIN: Yes, and I appreciate your lending me
your car all of times.
MATTHEW OLSEN: I'm not going to bring up the issue
of the breakfast bars again.
JONATHAN ZITTRAIN: Thank you again.
I will remind you this is being webcast.
And ended up working at Google, as basically
Google Secretary of State.
Is that the right description?
MATTHEW OLSEN: Policy guy.
JONATHAN ZITTRAIN: A policy guy.
Nothing to see here, folks, just a small cute little fox
in the chicken coop.
And then on to the White House, yes?
MATTHEW OLSEN: That's right.
JONATHAN ZITTRAIN: Deputy Chief Technology Officer
of the United States?
MATTHEW OLSEN: That's right.
My role was to screw up a bunch of stuff
that Alex then showed up to fix later.
JONATHAN ZITTRAIN: Got it.
Well, we hope you can replicate that again on the panel today.
And also more recently, you've been
at Betaworks which is an incubator/investor in a number
of companies, which also has made you,
I guess, CEO of such companies as Instapaper.
MATTHEW OLSEN: That's true.
Yeah.
JONATHAN ZITTRAIN: Thank you.
MATTHEW OLSEN: Yeah, that's right.
JONATHAN ZITTRAIN: Very good.
And now you are director of the new Center
for Innovation at Yale.
MATTHEW OLSEN: At Yale, that's right.
And off to the side, we've built kind
of like an investment firm for startups
that help Democrats win elections.
That's the thing I've been doing since November.
JONATHAN ZITTRAIN: Got it.
How is it going so far?
MATTHEW OLSEN: Obviously an overwhelming triumph.
JONATHAN ZITTRAIN: If they lose, do you still win?
MATTHEW OLSEN: No.
JONATHAN ZITTRAIN: Well, at least
the incentives are aligned.
MATTHEW OLSEN: None of us win.
JONATHAN ZITTRAIN: Very good.
All right.
So that is our opening panel.
And it's not only helpful to know their backgrounds,
but also to realize that for all of the organizations and roles
we've just described, our panel will emphatically not
be representing any of them as we get into our hypothetical.
And speaking of getting into a hypothetical, here it is.
David Sanger, you're sitting at your desk
at The New York Times.
Your plain old landline telephone rings.
You hear the shielded voice that's
been distorted by some dime-store, museum-of-spy kind
of thing.
This person says, I've got some neat documents for you
that you might be interested in.
It shows surveillance power abuse by a private company.
Are you interested in hearing more?
DAVID SANGER: Interested in hearing more, but the chances
that my landline would be either answered
or would work under current circumstances is pretty low.
But we'll take it.
JONATHAN ZITTRAIN: I will allow you to retcon the hypothetical
to be you receive an email from a Pluto mail
address from somebody who purports
to work for a small firm that few
have heard of called Faceplant.
And Faceplant is kind of one of the social network things.
It's like Peach, even better.
Remember Peach?
DAVID SANGER: I do, actually.
JONATHAN ZITTRAIN: Peach had its day in the sun,
but this is Faceplant.
And it allows people to exchange messages, to post stuff.
It's got a little Dropbox style functionality.
And they're ready to send you some documents.
Are you going to go ahead and take them?
DAVID SANGER: We'll take them encrypted.
JONATHAN ZITTRAIN: You'll take them encrypted.
And you have it, is it now easy peasy
to get encrypted documents to The New York Times?
DAVID SANGER: Easy peasy.
JONATHAN ZITTRAIN: Or in this case,
to The Ames County Gazette.
DAVID SANGER: I don't know how well Ames County's worked
on encryption, but you know, thanks to Cindy,
we were good on encryption now.
Yeah.
JONATHAN ZITTRAIN: Got it.
All right.
So this person sends along to you
a document that's going to be a little hard
to read on our screen.
But it appears to be from the Ames County Police Department,
the Crimes Against Children Division.
And it is addressed to a Simon Greenleaf,
who is director of law enforcement
relations at Faceplant.
And it appears to be requesting an urgent search
to be performed across the platform because
of a credible threat of violence against a person
in the real world, in fact, against a kid.
And they're asking that it go all the way across all
of Faceplant servers.
And what they're looking for is attached to this letter.
And, by the way, we see on the letter
that Simon Greenleaf, the recipient, has said,
yes, let's make it happen.
So he scrawled at the bottom an approval
for this kind of search.
And here's the exhibit.
It's a happy kid at a playground,
and there's a circle around him.
And it says, I know who you care about, and I will hurt them.
And apparently the parent of this child
received this, sent it to the Ames County Police.
The Ames County Police have, in turn, asked
Faceplant to search all of their records of all of their users.
And if this photo, exactly including
the circle and the menacing message
in that format, bit by bit--
if that is not found, nothing comes back.
If it is found, they may have a few users for whom they
can then do further process.
And it looks from this letter as if Faceplant
went ahead and did this search.
So I'm wondering first, on a scale of meh to 10,
how much is this a new story for you?
DAVID SANGER: It's probably a little closer to meh than 10.
But one of the first questions would be,
is this search driven by the terms of service at Faceplant?
Or is this something that would actually require a warrant?
JONATHAN ZITTRAIN: It appears to have
been done from that letter with no warrant at all.
It was just a request.
DAVID SANGER: So I'm assuming from that,
though we would have to go figure this out
with Faceplant, that they did this based
on their terms of service.
JONATHAN ZITTRAIN: Well, that's a good question.
Are you going to call Faceplant?
DAVID SANGER: I might after I learned a little bit more
about it.
But you wouldn't want to make Faceplant your first call
on something like that.
JONATHAN ZITTRAIN: Who would you call?
Would you read the terms of service first?
DAVID SANGER: You probably would,
or you'd go to somebody-- we probably have a reporter
someplace who covers Faceplant.
We may have five.
JONATHAN ZITTRAIN: Oh, it's a small startup.
Nobody's heard of it.
DAVID SANGER: Oh, OK.
JONATHAN ZITTRAIN: It's like Peach.
DAVID SANGER: Right.
But the other thing that we would go
do is try to go talk to the source
here and understand how the source got
the document a little bit, what the source's motives were
before we leaped off into the wild world of Faceplant.
JONATHAN ZITTRAIN: You've written back to the source.
The source wrote back to you and says, I'm so sorry.
I have to shampoo my cat.
I'll be back in a week and goes silent.
But you do have the documents.
And you've looked at the Face plant terms of service,
which, as typical, I think--
I don't know.
Maybe I should actually ask.
Who here has had fun drafting terms of service?
Alex, you're a terms of service person.
ALEXANDER MACGILLIVRAY: I think the Faceplant terms of service
say, all your base belong to us.
JONATHAN ZITTRAIN: Clever.
ALEXANDER MACGILLIVRAY: More or less that.
JONATHAN ZITTRAIN: And by that you
mean, we can do what we want when we want?
ALEXANDER MACGILLIVRAY: Yes.
JONATHAN ZITTRAIN: In which case,
why do we ever need a warrant?
Why do we ever need a warrant?
ALEXANDER MACGILLIVRAY: Well, so I
think the way a lot of these companies
think about the terms of service versus their internal policies
with respect to talking to law enforcement,
the terms of service are much more about protecting
from class actions from users.
Which is why they become extremely defensive,
non-user friendly documents for the most part.
There are exceptions.
But the way they think about it internally
in terms of responding is much different.
So they might have a terms of service that
allows them a broad latitude.
But internal policies-- and those policies
may even be public policies-- that
would say that they wouldn't respond to something like this
without a warrant.
JONATHAN ZITTRAIN: So let's say the terms of service,
translating your all your base comment,
basically say, in matters of protecting the public safety,
public property, and our own networks,
we reserve the right to perform searches
in support of those goals.
That's the kind of thing you're thinking of that's
class action immunity?
ALEXANDER MACGILLIVRAY: Yeah, a lot of them
will have even specific reference to child protection.
So that they're trying to wrap it in a particularly
resonant moral.
JONATHAN ZITTRAIN: And I feel like you've now made yourself
general counsel of Faceplant.
ALEXANDER MACGILLIVRAY: I really hope not.
I thought that as Andrew's job.
JONATHAN ZITTRAIN: No, no.
You've stepped up.
And this wasn't your letter though.
This was before your time.
But now you're in the hot seat, knowing
that this letter, which I guess maybe you
hear about if David has called you yet,
but he seems to be holding back.
DAVID SANGER: I won't hold back for too long
if we come to the conclusion fairly quickly this could well
be within the terms of service.
And you want to figure out if it's a news story
or it's not a news story, I might well
call Faceplant at that moment.
JONATHAN ZITTRAIN: Great.
All right.
So we have an old-fashioned telephone call going on.
Alex, do you take this call?
ALEXANDER MACGILLIVRAY: Yeah.
I probably do.
It's a good question as to whether--
so first of all, there's a question
about whether you would comment on a particular case.
This is about a particular person--
JONATHAN ZITTRAIN: But you're going to take the call.
ALEXANDER MACGILLIVRAY: --particular investigation.
Well, I think you always take a call from David Sanger.
JONATHAN ZITTRAIN: All right.
Let's hear the call.
David, Alex, you're now connected.
Go.
DAVID SANGER: Alex, how you been?
ALEXANDER MACGILLIVRAY: Great to hear from you.
DAVID SANGER: It's always good to have
a joyful greeting to the call.
So we have a letter here from--
appears to be a request from a police department asking
you to search for the photograph of a child
who, if you believe the information we were given,
his family was threatened over a Faceplant network.
Before we get to the specifics of it,
what are you general rules when you
receive a report of a threat that
is conveyed over your network?
ALEXANDER MACGILLIVRAY: So I just came on board here,
so I'm still coming up to speed on what our rules are.
So I think the way I would answer this to further
the hypothetical would be something
like, our general rules are that we
require a warrant when we're going
to give over user information.
We have some exceptions with that
for particular threats of violence
that seem to be urgent and actionable, where
we might cooperate with law enforcement
on those types of things.
But our general policy is require a warrant
and give notice to the user.
DAVID SANGER: OK.
So if you go into your email, I've just
shot you a picture of a letter.
Maybe you can put the letter back up.
And it seems to have some handwriting underneath it
that says yes, let's make this happen, SG.
Do you know who SG might be?
ALEXANDER MACGILLIVRAY: He must have been before my time.
I think we fired a director of law enforcement relations.
DAVID SANGER: Is he now teaching at a law school?
ALEXANDER MACGILLIVRAY: At the law school,
or he could be a partner at Betaworks.
JONATHAN ZITTRAIN: OK.
So recognizing that you're probably
hesitant to talk about specific and individual cases,
I'm going to ask you to talk about
a specific and individual case.
Because this one would seem to suggest--
and it might be perfectly reasonable--
that you help this police department because
of a photograph that appeared to threaten kidnapping
or harm of a small child.
Anything you can tell us about this one?
ALEXANDER MACGILLIVRAY: Yeah, I'm
not going to talk about the specific cases.
It's really between-- it's up to law enforcement
dealing with the current investigation.
It's not something that I would comment on.
Leave it at that.
DAVID SANGER: OK.
You might want to check back with your public affairs people
and so forth.
Because we're in one of those odd situations--
actually, not so odd, happens all the time--
in which a company doesn't want to comment
on the specific case.
But you can see we've got the material
from the specific case.
And usually my advice along those lines
is, you have two choices.
You can comment on it when we're getting
ready to write it the first time and give a good explanation
what you're doing.
Or you can wait for us to publish it,
and you can come in on tomorrow morning
when it goes viral on some network.
So I would consider about when you
want to do the timing of the comment that's inevitable.
JONATHAN ZITTRAIN: Boy, David's quite a good counselor.
ALEXANDER MACGILLIVRAY: He's very concerned about when
I'm going to get my whipping.
JONATHAN ZITTRAIN: Are you going to take his advice?
ALEXANDER MACGILLIVRAY: No.
I think the way I would respond, David,
is that I'm not going to comment on the specific case.
I will give you a little bit more detail about how
we handle these types of cases.
And, in particular, some of the thinking behind the philosophy
that Faceplant used to have before I came
on board, about being a little bit more cooperative with law
enforcement when there is a threat to a specific individual
that law enforcement is trying to prevent,
and where there is information that we could provide
that might help make it so that there wasn't a loss of life
or other violent physical harm.
So that was the thinking behind our policy.
DAVID SANGER: But now that you've
come in, you decided it's actually better
to let the physical harm happen more quickly
while somebody goes off and gets a warrant?
ALEXANDER MACGILLIVRAY: We're in the process
of reassessing our policy and also
trying it to have a little bit of a better
understanding of what exactly is being asked
by law enforcement and what type of proof that they would have
and the types of searches that would
be reasonable in those situations and the ones that
would not be reasonable in those situations.
JONATHAN ZITTRAIN: Such placative words.
Are they working?
DAVID SANGER: I'm impressed, yeah.
So let me just make sure I get this straight
because we'd want to make sure if we publish anything--
we haven't decided yet whether it's a worthwhile news story,
but the only way you figure that out
is conversations like this one.
So in the old world at Faceplant, before you fired SG,
the thought was that as soon as you got a photograph like this
with a threatening note like that,
you would immediately search your databases
and see if you could be cooperative.
Why would you be tempted to move away from that if in fact
a life is at stake here?
If I told you I had a photograph of say, a terror
organization issuing a threat and we thought
a terror attack was imminent, would you wait for a warrant
as well?
ALEXANDER MACGILLIVRAY: Again, I think this--
not talking about this particular example,
but these types of questions are among the hardest
that we deal with at Faceplant.
What a great company name we've got.
Hope we've trademarked it far and wide.
They are some of the most important ones
we deal with at Faceplant and some of the hardest
because, on one hand, if you could know somehow
that the police organization was not just going on a fishing
expedition, actually didn't have the time to go get a warrant,
actually had credible evidence that would allow us to just get
the perpetrator of this action, then
that might be something that you would want to turn over.
But so many times you don't know that.
And so much of that determination
is based on the particular facts of a particular case
and the relationship with the law enforcement agency
that is doing the asking.
DAVID SANGER: So this picture could be a fake.
It could have been created by parents in a divorce case.
It could be something that is really not threatening at all.
And so, you'd want the warrant so at least you had top cover
before you did your search.
ALEXANDER MACGILLIVRAY: Well, we'd
want the warrant because courts are the right place
to make determinations like these,
to figure out whether it's the right thing
to do to give up information.
JONATHAN ZITTRAIN: You want the warrant.
But it sounds like the way you've
described the terms of service, you've written it
so you don't need the warrant.
ALEXANDER MACGILLIVRAY: That is definitely right.
We've written the terms of service
so that if we were sued--
and again, this wouldn't be something that would
be in the David conversation.
This is the all-seeing narrator conversation.
JONATHAN ZITTRAIN: Yeah, so right.
You put David on hold.
ALEXANDER MACGILLIVRAY: Yes.
DAVID SANGER: I'm used to that.
ALEXANDER MACGILLIVRAY: But we've
written the terms of service as a protection against class
actions with respect to information that we've
turned over when we were wrong.
JONATHAN ZITTRAIN: Now it turns out
our leaker wasn't just shampooing their cat,
they were impatient.
The New York Times hasn't yet published anything
because it's doing diligence.
So it's also sending this leak off to the Electric Frontier
Association.
Cindy--
CINDY COHN: Alex?
JONATHAN ZITTRAIN: Or Alex.
You can decide among you which wants to take it.
But I think, Cindy, maybe you are the right person to ask.
How unusual is this?
Are you with at a meh on this as David was at first?
CINDY COHN: Well, we tend to not take information like this
because our role is a little different.
We tend to try to help people get to other people who
might want to make use of it.
And then we talk about the policy implications
and the legal implications.
I would be concerned about the request for a systemwide search
for a piece of content, especially based
on really conclusory assertions about what's
actually going on here.
I think that this is exactly the kind of situation
where you want a judge to actually evaluate whether there
is a sufficient basis to really do
this kind of systemwide search.
JONATHAN ZITTRAIN: But this is the kind of thing
for which you think, if there's time at least,
a warrant could issue?
That a warrant could issue that says to Faceplant,
I hereby order you to perform this search
and return all information about accounts
that possess this image?
CINDY COHN: I don't think so.
It depends on what the other stuff is that--
the police letter says, well, we have
reason to believe the only person who would ever
have this is this person.
And we know lots about it.
So depending on those other facts, I've seen such orders.
I think they're inappropriate.
But you could also imagine a smaller order
that would, say, identify a user who
is somebody who's already been identified
as a potential suspect.
And then the searche is much more narrow.
JONATHAN ZITTRAIN: Yeah, it turns out
the image came from Pluto mail, really hard to track down.
They're using Tor and all these other things
I've heard rumor of.
So all we've got is the image, but they
think that it might be.
They're hoping they might find something in Faceplant.
And if they don't, they can't, I just
can't tell if what you're saying is they need a warrant,
and, second, they can't have a warrant.
CINDY COHN: I think they need to try for a warrant
in this situation.
And whether they get one or not will
depend on facts that are not in the circle
that we have yet right now.
And the question to me is, what else do the cops know?
And if the cops know enough more to get a warrant,
then they should get a warrant.
I think the mere issuance of this
is probably not sufficient.
JONATHAN ZITTRAIN: But if there's been, like,
threatening calls and other things that
are hard to trace, enough to raise the gravity of it,
you'd be ready to do the systemwide search.
CINDY COHN: Well, I wouldn't be the person who did it, but--
JONATHAN ZITTRAIN: Yes, but you'd
be ready to bless the systemwide search.
It would not be a--
I forget my acronym now--
E-F-A blast to all members, a call to arms over such a thing.
CINDY COHN: Again, I think that you
could imagine a scenario in which you
could do a broader search, a somewhat broad search.
I think a systemwide search would
be a line I wouldn't want to say was ever OK in this instance.
I think you can always narrow it more.
And if you can, you need to.
And that's what I would hope the judge would make them do.
JONATHAN ZITTRAIN: I wonder if we
should turn to law enforcement.
Matt, fresh off your work for the federal government,
you've found a cushy landing spot at the Ames County Police
Department.
Tell us about this warrant.
MATTHEW OLSEN: So it is interesting.
So if I were advising the Ames County Police Department--
I was a prosecutor for 10 years as well.
So I did, in a sense, advise, although pre
sort of these opportunities.
So I kind of agree with Cindy.
If I was talking to the police department,
I'd say, chief, look what else?
We need to know more, if we can, about this.
Who has a potential motive to hurt this child?
Talk to the parents.
Talk to the others in the photo, friends.
I mean, develop as much as we can.
Let's see if we can go back to Faceplant with a request
that's based on-- we would check to see if individuals in that
circle of suspicion have accounts, metadata--
JONATHAN ZITTRAIN: You want to start with and people
and search them rather than start with no one and search
everything.
MATTHEW OLSEN: That's right.
So the more targeted we can make it, the better.
JONATHAN ZITTRAIN: Yes.
MATTHEW OLSEN: So well go ahead.
So you're going to tell me I don't get
anything more specific, right?
JONATHAN ZITTRAIN: No, no.
I actually I feel a certain resistance
to this hypothetical.
It is, I think--
I forget, Bruce, the four horse people
of the apocalypse, one of them is child protection, is it not?
BRUCE SCHNEIER: Pornography.
JONATHAN ZITTRAIN: Yeah, so it has
a little bit of a tired feel to it perhaps
to the libertarians in the room.
So let me just rip from the headlines
for a moment something that just came out this week.
This is from the real world.
Hackers steal photos from plastic surgeon to the stars.
And they claim the trove includes
the royal family of Britain.
It's a group called the Dark Overlord
and has highly personal before and after photos
from plastic surgery.
And the plastic surgery firm agrees
that the photos have been completely compromised
and somebody stole them.
This is just from the news story.
"We're going to pitch it all up for everyone to nab.
The entire patient list with corresponding photos.
The world has never seen a medical dump
of a plastic surgeon to some degree."
I don't think we've ever seen one to any degree,
but maybe I'm not reading the right sites.
"The Dark Overlord told The Daily Beast last week."
Can I just say that is perhaps a sign of the apocalypse,
that the Dark Overlord is talking to The Daily Beast
and we're like, oh, yes, yes, of course.
"The images do not appear to be publicly available yet,
however, and it's unclear whether the group will follow
through on their threat."
Here is a narrow window of time.
This is a very real situation.
This is not a case of the four horse people.
This is not child protection.
What is at stake is just, I guess,
dignity, respect, privacy.
But these photos, if you've got them in your Faceplant account,
you're not supposed to have them.
There's no way there's supposed to be there.
They are highly sensitive, the most highly sensitive,
and therefore often the most protected
by various laws, medical records that the Dark Overlord
has seized.
Cindy, is this a case in which--
are there facts not in the circle?
Are you prepared to do this kind of-- to bless
the kind of search we're talking about where we're just
going to cast a net because the time is ticking
before they release this stuff?
Anybody that's got these photos has no business having.
CINDY COHN: No, I still don't think--
I still think you have to do the work
to try to figure out who you're looking for and why and where.
And I think doing a mass, general search as it were, for
even these would be too far.
I still think first of all, you can get a warrant
or there are emergency exceptions where you go
back later and get a warrant.
I just don't think that the legal process
is a barrier here.
And it provides an important check.
I mean, I appreciate The Daily Beast,
but a news story should not alone
be a basis of a mass search of everybody's content.
JONATHAN ZITTRAIN: Fair enough.
Let's see, Daphna, would you mind
being our magistrate for the purpose
of considering the warrant that everybody wants?
And once they all get a warrant, everybody
breathes a sigh of relief.
The warrant is here.
The warrant is here.
We are all blessed.
What do you need to know from Matt to consider
whether to grant this warrant?
DAPHNA REMIN: Matt, tell me what you have.
MATTHEW OLSEN: Going back to the child scenario--
JONATHAN ZITTRAIN: No, no.
We're talking this one now and make it the best you can,
the strongest possible application.
Bring in new facts if you need them.
MATTHEW OLSEN: OK so what we have
is a news story that we've seen indicating clear evidence
that a rogue hacker group has stolen
the most sensitive information-- medical records
of individuals-- and has threatened to put those
into the public domain.
We know that Faceplant is one of the key companies where
we might likely find these documents.
They are billions of users around the world.
They themselves don't prohibit this
by their own terms of service.
In fact, they have their own processes
for looking across content on their site
to target us with ads.
So they do this routinely.
So what we're simply asking for here
is to have Faceplant do a minimal check of these existing
photos to see if we can find any that match in order
to advance our investigation.
DAPHNA REMIN: Well, first of all,
do you have any reason to think that these photos exist
on Faceplant?
And second of all, can you give me
something more particularized that I can get behind
in terms of the search that you'd like
to run as an initial matter?
MATTHEW OLSEN: So what we have are from some of the victims.
These are obviously confidential,
and I can show them to you in camera, your honor.
But they are a number of the photos
that we believe were stolen.
These are from the actual patients,
and we have reason to believe that these
are the actual photos.
So what we're simply asking is that Faceplant
do a search across their platform for these three photos
as exemplars.
DAPHNA REMIN: And why Faceplant?
MATTHEW OLSEN: Faceplant the dominant use--
as I mentioned, there are 2 billion users
of Faceplant around the world.
They are--
BRUCE SCHNEIER: It's a small platform,
but there are those who love it.
MATTHEW OLSEN: And we also are considering this
for one or two other providers.
But at this point this is where we think we'd
like to start this process.
DAPHNA REMIN: And can you narrow this search request in any way?
MATTHEW OLSEN: Well, we would be happy to work
with the general counsel at Faceplant
to come up with a technologically available means
to do this that imposes really no burden on them
really consistent with how they currently
conduct their own business for their own advertising purposes.
So we're happy to work with Faceplant
to come up with a mutually agreeable means to do this.
DAPHNA REMIN: And what you're telling me
is consistent with the terms of service.
You could do the search.
You don't actually need the warrant,
but you're coming to me for an extra layer of protection.
MATTHEW OLSEN: Yeah, I think out of an abundance
of caution, that's the appropriate course at least
at this stage.
It's obvious that's Faceplant could
do this without a warrant.
This is not necessarily protected
under the Fourth Amendment given the terms of service
that all the users of Faceplant have already agreed to.
So they have no reasonable expectation
of privacy at this stage, as far as we're
aware, given what our understanding is
of the terms of service.
DAPHNA REMIN: And would there be privacy considerations
for third party users?
MATTHEW OLSEN: Sure, we are sensitive to,
in the government, the privacy implications of this.
This is not without privacy concerns.
So again, we'd work closely with Faceplant
to mitigate any third party considerations.
DAPHNA REMIN: And so basically what
you're telling me is that there's
documents that you believe were stolen
that could exist anywhere.
And you want to be able to search this company
because it's one of the companies that
might have them because they do a lot of business.
MATTHEW OLSEN: Yes, because of the expansive and ubiquitous
nature of the platform, we think it's
quite likely that this is--
and we can get an expert here to explain how broadly Faceplant
is present around the world.
JONATHAN ZITTRAIN: So the Bruce signal just went up.
MATTHEW OLSEN: Yes, we want Bruce to help.
JONATHAN ZITTRAIN: Bruce Schneier,
do you want to help on the technical part?
In fact, Matt has asked you to be a technical friend
to the prosecutor here, as he wants
to make sure he's doing this warrant
application to Daphna right.
BRUCE SCHNEIER: I think it's clear
that Faceplant does these kinds of searches all the time.
We will assume they're searching for blue-shirted children
for LL Bean, and before and after plastic surgery
photos for some other luxury goods advertiser.
So technically, this is not a big ask.
This is not the same as asking Apple to reverse engineer
their iPhone.
This is something they do for advertisers.
JONATHAN ZITTRAIN: You think they're looking--
you said they're looking for blue-shirted children, which
indicates a susceptibility to LL Bean advertising.
That's the idea?
LL Bean might be-- for anybody with lots
of pictures of blue-shirted kids, sell them the boots.
BRUCE SCHNEIER: Or something like that.
JONATHAN ZITTRAIN: Yeah, OK.
BRUCE SCHNEIER: But searching their content broadly, looking
for either specific things or general things,
is Faceplant's business model.
That is how they make money.
So what we're asking is nothing technically difficult.
Their terms of service permits that.
You're in a sense just saying, you know, do us a favor.
Do something you're already allowed to do.
We could discuss whether that is morally correct
or whether the law should change, but, as written,
there's no reason in the world why Faceplant can't just say
yes because they're being nice.
I don't actually even think it's much of a news story,
except that maybe to illustrate that Congress
needs to fix this.
So I think we're good asking.
I think getting the warrant certainly a nice check.
But I don't think you need it.
JONATHAN ZITTRAIN: And one of the reasons to get the warrant
is you don't need the warrant.
BRUCE SCHNEIER: I think, to what Matt
said, abundance of caution.
That if we can get it, it sort of makes everybody happier.
JONATHAN ZITTRAIN: And how about Daphna's
concern about any third party privacy?
Can you put her at ease on that?
BRUCE SCHNEIER: No, I can't.
But you're already not at ease because you're
a Faceplant user.
So the additional abuse is considerable.
I mean these Faceplant users already
have everything they do eavesdropped on and searched
in order to sell them stuff.
MATTHEW OLSEN: And we'd be happy to turn over
any of the returns from this search
to Judge Daphna for her independent review
before we get it.
So we'd be happy to put her in that position.
It sounds like we're about to move a car off this lot.
Yes, Daphna?
DAPHNA REMIN: Yeah.
And I think following what a number of magistrates judges
are doing even though it's not clearly
within the framework that they usually operate,
there's a lot of minimization procedures
and things like that that magistrates will impose
in a context like this, creating law
try to make the rules fit better in this new circumstance.
JONATHAN ZITTRAIN: But now Andrew
is looking a little dyspeptic.
So I want to give him a moment to express his thoughts.
But tell me what role you'd like to play here, Andrew.
ANDREW MCLAUGHLIN: I thought that's your job.
You're supposed to tell me what my role is.
JONATHAN ZITTRAIN: Well, if you can
tell me a little bit about how you're about to emote.
ANDREW MCLAUGHLIN: So, I don't know,
I'm sharing an office with Alex.
So here's--
JONATHAN ZITTRAIN: For eight years.
ANDREW MCLAUGHLIN: So here's the thing
that that's puzzling me a little bit,
though, about the conversation so far is that Faceplant
has at least three different clusters of services
that it offers.
And it seems to me that the expectation of privacy
around the different services is different for Fourth Amendment
purposes, and certainly different for user
expectations.
And my guess is that there's going
to be policies in terms of use that have been written
that are sensitive to that.
So one is the public post--
public defined as all the people that are members of Face plant.
And so for people to post something publicly,
there's absolutely no expectation
that it would not be associated back to you.
JONATHAN ZITTRAIN: But unfortunately, as we just
take it step by step, for this kind of search,
that's unlikely to yield anything.
We're looking for documents that haven't yet gone public.
ANDREW MCLAUGHLIN: Exactly right.
So then let me go to the other side.
So on the other side is one-to-one communication.
So Faceplant Messenger allows one person
to communicate with one person.
And by the way, there's maybe even a fourth service here,
which is personal data storage.
To go all the way out, I may have you--
because you said there was a dropbox-like service.
So I may have a storage folder where
I can place documents that are exclusively accessible by me.
And it may well be that Faceplant
has said that they treat those as private
and have strong protections, absolute warrant requirements,
a minimal zone of flexibility to operate outside the bounds
of legal compulsion.
JONATHAN ZITTRAIN: Let's just straighten
this out real quick between the two roommates here now.
Because, Alex, previously you were saying
you're going to try to draft the impenetrable terms of service
to be as anti class action suit as possible
and therefore to retain maximum flexibility.
But I hear Andrew saying he'd want to see a company,
and it's not implausible to expect it--
ALEX ABDO: Well, by the way, if I get to pick my role,
I'm CEO and founder of face plant.
I mean, like I am about to be are
the wealthiest people in the world as soon as we can IPO.
So we just have to get through this little crisis
here and move on to the public market.
JONATHAN ZITTRAIN: But for that, you're
saying you would disagree with Alex
and want to have stated protections.
ANDREW MCLAUGHLIN: Well, yes.
So in other words--
so, again, if I'm thinking about this from the business
perspective, my goal is to build a service that
gets the maximum number of users that
are using it the maximum amount of time
to drive the maximum amount of advertising
and related revenues.
And so means I need to--
JONATHAN ZITTRAIN: For whicih public safety
does not play into that at all.
ANDREW MCLAUGHLIN: No, no, it does.
JONATHAN ZITTRAIN: Oh, OK.
ANDREW MCLAUGHLIN: No, of course.
No, actually, it really does.
In fact, but for the different flavors of product
I have to have different considerations.
So if I want people to use a dropbox-like upload service,
I have to signal to the world that I'm
going to protect it as a matter of technical competence
and also as a matter of policy protection
that I would absolutely do everything in my power
to protect those files.
And basically not to say that I will never cooperate with law
enforcement, just that I will put law enforcement
through the paces of complying with whatever warrant system
might apply.
Now by the way, Faceplant is a global company,
and we should talk for a second about what that means.
But let me first just say that, on the other hand,
there's the fully public stuff.
There the zone of public dialogue and discourse
that happens on the platform, I very much want to be civil.
I want it to be friendly.
I want to fight against trolling,
hate speech, racism, all the other bad things
that can happen.
And so I will aggressively cooperate with law enforcement.
I will affirmatively police it.
I will look for images that I can associate with hate speech.
I will voluntarily turn them over to law enforcement.
I'll write terms of service that allow me to do that.
Just to point out, though, what the really hard zone here is,
I think the really hard zone for my company
is that we also have this set of services which
are group communications where I can define the cohort that I
want to communicate with.
So that could be like an open system,
like a sub Reddit of 10,000 people that
are all exchanging information.
It might be just a small group of 10 people that
are going to plan a crime, that are going
to trade child pornographic images, child sex abuse
imagery, or other nefarious sort of activities.
So what's hard for me and the assignment
that I've given to Alex that's tricky here
is in that gray zone, we are the only people
that can see what's going on in there if we choose to.
And so a general search, I think,
is kind of useless over here, also useless over here
because we can get into-- that sort
of like dropbox-type service requires
a lot of particularized detail because it's
going to have to penetrate my policies requiring a warrant.
But in the middle, in these kind of like group communication
zones, that's actually where a generalized search
could turn up the most valuable information, a general search
across the system looking for like a fingerprinted image.
JONATHAN ZITTRAIN: Because one of those
group might be the Dark Overlord's chat room.
ANDREW MCLAUGHLIN: Correct.
Exactly right.
And that's where you find the pressure.
Now as a business matter, the question is,
if I'm just thinking about this from the user perspective,
how much protection do I need to make that be an appealing
product for the long term?
Like, do I need to be more aggressive
and treat it more like a semi public space
because the risk of harassment, hate speech, and all
those other things is high?
Or is that more like just a slightly enlarged version
of one-to-one communications that I
want to have a lot of protection for so people
will feel comfortable chatting with each other
across the platform?
JONATHAN ZITTRAIN: Well, it sounded
like, before your intervention, we
were on the cusp of granting the warrant.
We hadn't yet specified which of the three zones
we were searching.
So I think it was safe to say we were thinking all of them.
You were going to say something more?
ANDREW MCLAUGHLIN: Just the weird thing
that the magistrate didn't consider
was whether there's any log evidence or anything
else that indicates that the images have been stolen.
Like, even the very first chain of a crime existing,
I would expect the magistrate to be
curious about whether there's anything
behind The Daily Beast, or just a bragging, anonymous account.
JONATHAN ZITTRAIN: Yeah, in this case, actually, if you read
the story, it turns out the surgery acknowledges
that they had a breach.
ANDREW MCLAUGHLIN: Again, the surgery
may be competent to read its server logs or not.
They may have just been for--
I would want to see some hard evidence.
DAPHNA REMIN: I'm not relying on The Daily Beast story.
I'm relying on the materials I was shown.
JONATHAN ZITTRAIN: That Matt was kindly sharing.
DAPHNA REMIN: But I do think that there is--
the idea that there's material stolen.
And so if you think it might be in a location that
has a billion users, billion data,
that that's a particularized showing for a warrant
is obviously not the way that the traditional framework
operates and why the warrant process is not really
the right process to get at this.
JONATHAN ZITTRAIN: Oh wait.
So you're maybe not ready to grant this warrant.
DAPHNA REMIN: So I have real concerns here.
ALEX ABDO: That's also why I would fight a warrant if it
was issued under these circumstances
on behalf of the company, because it can't
be that something goes missing in the world and, as a result,
we've got to search our servers.
CINDY COHN: And I would amicus in support of the company.
ALEX ABDO: And second.
JONATHAN ZITTRAIN: David, do we have a news story yet?
DAVID SANGER: Well, we've got a more interesting news
story about the policy than about the issues.
The material the Dark Overlord has
about the actual photographs of the plastic surgery
are probably a news story for someone.
They're probably not a news story for me.
OK?
I can think of some supermarket tabloids that might like them.
JONATHAN ZITTRAIN: Oh, yeah, no, I
was asking more about the conflict here.
DAVID SANGER: The conflict here is really interesting
because here I find the fascinating policy
story to be that first of all, people
have surrendered basically all of their privacy rights
here across all of this from the moment they
signed up with the set of terms of service
that they never read.
And then you have the companies going off
trying to get Judge Daphna over here to give them cover
for something they clearly could go do all by themselves
if they just wanted to and could do without telling any of us.
And for some reason or another, it's
a more compelling reason to go do searches
so they can get that LL Bean ad in the right place
than it is to go find someone's stolen plastic surgery pictures
or find a child who might be under threat.
JONATHAN ZITTRAIN: Wow.
That maybe puts us back--
DAVID SANGER: That's a story.
JONATHAN ZITTRAIN: --to Cindy or Alex.
Cindy's ready to write the amicus brief.
Alex, are you going to join with an amicus brief of your own?
ALEX ABDO: Yeah, and can I frame it?
So I think there are two sets of questions.
You know the first set of questions
is the one that Andrew was starting to help answer
and that Bruce had talked about, which is,
is what the government or the Ames County Police Department
trying to get a warrant for a search
within the meaning of the Fourth Amendment, which
turns on some of the factors that we've
been discussing whether people expect privacy
in each of these three zones?
I think that's the first question.
I'm not as maybe cynical as Bruce in terms of the fact
that some people accept some scanning of their email content
or their one-to-one messaging on the service
that they've sacrificed their privacy for Fourth Amendment
purposes.
I think that would undo privacy across most
of the internet right now.
But that's the debate one.
What bucket do each of these three services
fall in, a search or not a search?
And if they're not a search, then you don't need a warrant.
And we're fine.
If they are a search, then you have three options
because they're unquestionably in this context would
be a general search, which is generally not allowed
by the Fourth Amendment in the same way
that if my sensitive information over here
went missing in Cambridge, the police probably
couldn't get a warrant that would
allow them to search every house in Cambridge for it.
The same would apply to these one-to-one communications
or any other protected space within Faceplant's products.
So you have three options.
One, you apply that doctrine to the digital age
and say no general searches in the digital age.
Two, you discard that doctrine and say,
we do have general searches in the digital age.
But if we do that, you have to accept that that's
going apply whether what's being stolen
is sensitive medical photos or something totally trivial.
Or maybe it's just evidence of jaywalking
that happens to be on Faceplant's service
but the police have probable cause
to believe that jaywalking occurred.
JONATHAN ZITTRAIN: This is a classic ACLU trademark
slippery slope.
ALEX ABDO: But then option three.
Because I thought about this hypothetical
since the first time you posed it to me.
Option three is you could say as a general matter
no general searches of this sort.
But the Fourth Amendment has always
had an exigent circumstances exception.
And maybe we'll allow the government
to take advantage of that exception
for the purpose of a general search in very narrowly
defined circumstances,
I would have concerns even about that
because once you create the ticking time bomb authority,
everything starts to look like a ticking time bomb.
I am quite sure that next hypothetical is not
going to be these images, but a terrorist attack.
JONATHAN ZITTRAIN: We'll be taking a break shortly
while I rework my PowerPoint.
ALEX ABDO: But that's the framework
that I would use to analyze it.
And I think so far we've really just focused on one and two.
Is it a general search, and we shouldn't have it or we should.
If we're going to do it, I prefer it be in bucket three.
Although I'm not sure as between bucket one and three,
don't do it or exigent circumstances.
JONATHAN ZITTRAIN: But Alex, I hear
you then saying that you're ready to negotiate,
that you're nervous.
You're a little bit anxious about it.
But that you're not prepared to say no general searches ever.
ALEX ABDO: I don't know.
Because I suspect you could come up with a ticking time bomb
scenario, the same sort that are prevalent in many other human
rights debates.
And my instinct would be to resist
making policy on the basis of ticking time bomb scenarios.
JONATHAN ZITTRAIN: But does this qualify?
ALEX ABDO: No, I don't think so.
JONATHAN ZITTRAIN: Not at all.
ALEX ABDO: No.
JONATHAN ZITTRAIN: Then why not?
Because it's not literally threatening physical harm?
What interests are you vindicating and for whom
by not allowing a search for these images in zones two
and three that Andrew described, which
would be to say the dropbox zone and the closed group chat zone?
Whose interests are being vindicated?
ALEX ABDO: The interests of the millions
of people who rely on Faceplant to secure
their private information.
JONATHAN ZITTRAIN: Who do or don't have these photos?
ALEX ABDO: Who don't.
JONATHAN ZITTRAIN: Who don't have the photos.
ALEX ABDO: Yes.
JONATHAN ZITTRAIN: Because their interests in your view
are infringed when a touch is made
on their folder and nothing is found
and the robot moves along.
They have been harmed.
ALEX ABDO: In the same way that they
would if a police officer went through 10,000 houses
in Cambridge.
JONATHAN ZITTRAIN: In the same way?
ALEX ABDO: Yeah.
JONATHAN ZITTRAIN: You'd say, touching
that folder to see if a hash matches
is the same as a police officer coming to our doors and saying,
don't mind me, I'm just going to go
through every drawer of your house looking for photos.
And if I don't find anything, you're cool.
ALEX ABDO: Well, we can make a robot
to make it more analogous, but a robot doing the same thing
in the physical world.
JONATHAN ZITTRAIN: Uh, huh.
Bruce.
BRUCE SCHNEIER: So again putting my advising
of the prosecution hat on.
CINDY COHN: I want him on my side again.
BRUCE SCHNEIER: This is precisely what the NSA says,
that, in fact, if we have a computer doing this,
and they touch every photo and return no information--
if a match is not made--
that this is not a search.
And that is their doctrine.
Now we could argue about it.
But as long as it's their doctrine,
I think you go with it.
And you say that this is not a search,
that because no human being looks at, looks
through anybody's drawers, looks through anybody's material,
that it could only return matches,
that it's not a general search and try that on the judge.
JONATHAN ZITTRAIN: I'd love to hear Cindy get one more at bat.
Then Matt gets one last say, then
Daphna will render her decision on the warrant.
CINDY COHN: Well, I mean, if that were the rule,
then I guess at the time of the framers,
it's OK if the cops come through your house.
And it only counts as a search if they find something.
And right now, we store all of our sensitive-- a huge amount
of sensitive information in these digital worlds.
And it can be used against us.
And I think that that's an extremely dangerous rule.
Perhaps one of the people who has these photographs
is actually somebody who's doing a reveal
about this plastic surgeon and how bad they do.
We don't know from these facts.
JONATHAN ZITTRAIN: In which case,
I presume if it were found and then law enforcement
got in touch with them, they would tell their story
and that would be that.
CINDY COHN: I don't think that's actually
how it would work, honestly.
JONATHAN ZITTRAIN: They would not pass go.
They would go directly to jail.
CINDY COHN: Well, I think it would be
a tough place for them to be.
I just think that at this particular point in time,
the assumption that all of the patients
want this information off and that nobody could ever use it
for anything good, it could only be used to violate privacy,
as one of the things that we don't know.
And it's part of why we don't like general searches,
is because from the beginning, we don't necessarily
know that just because this information is
sitting in somebody's file that that
means that they're the bad guy.
And so I guess I would say in addition to what Alex says,
it's just all the rest of us can never
put anything in our digital lives
that wouldn't be subject to a search, the content of which
and the contours of which we are never going to know.
And in the national security context,
that becomes much more acute.
That's not only because of the time that the Eye of Sauron
passes over us.
It comes from the times that it actually identifies us as well.
JONATHAN ZITTRAIN: All right.
So back to our representative from Barad-dur,
Matt Olsen, Eye of Sauron.
I presume at some point you will be willing to allow the fact
that the search happened to be released,
that you know this was a leak of that request
and it being granted.
But I guess investigatively you might keep it quiet for a bit.
But after it's run, you'd let the public
know that it at least happened?
MATTHEW OLSEN: Sure that's the nature of search warrants.
They eventually become public.
And we might--
JONATHAN ZITTRAIN: At least if there's a prosecution.
[INAUDIBLE]
MATTHEW OLSEN: Well, even before but, yes.
They would be held under seal for some period of time.
But they would be eventually be disclosed.
In fact, they would obviously be disclosed to the company
and the company could disclose it.
The company is not under any obligation
not to disclose the fact that there was a search
in a general criminal search as opposed
to a national security search.
But I'm trying to stay in the game.
I mean, I get the issues here.
I mean I get that my conversations with colleagues
in my office with Bruce, this is not
the best test case for this.
That you know celebrities who've gotten
plastic surgery compared to national security
or a terrorism event.
And this is not a case where looking at people's files
across this broad platform has no privacy implications.
I think it certainly does.
It's just, we're in a different ball game
because of the nature of the technology,
both the nature of the collection,
but also what we can do to search quickly
and what the company itself does.
So I'm back before the judge saying,
trying to stay in the game, which
is to say, Judge, we're perfectly willing to work
closely with Faceplant's team to craft an order for you
to consider, that would be narrow,
would start at the outer edges in the first basket,
moving into the second basket where
people have already communicated with each other at some level.
So they're not holding this personally to themselves.
So we'll craft it to avoid going into any of the places
where there's a strong expectation of privacy
or an expectation of privacy among the communicants.
And then we are also willing then to have any responsive
document to any of the photos that show up go just to you
as the judge to review, to minimize any impact
on any third parties.
That seems like a reasonable approach here
that can accommodate the competing interests.
DAPHNA REMIN: So I look forward to that order
and to see how it's been narrowed and particularized
because one thing to emphasize is
that if these are Fourth Amendment protected contexts,
giving the warrant on the front end
makes it harder to think about reasonableness on the back end.
So what I want to see is how do we narrow this warrant
so that I'm not in the context of we think there's documents
somewhere in the city of New York
and therefore we're going to look at every house.
Give me something to hang onto that makes
this feel a bit different.
JONATHAN ZITTRAIN: Last question before we move on.
Andrew had raise the international dimension
of things.
Matt, are you wanting to restrict this only to US
jurisdiction or should it be a worldwide search?
MATTHEW OLSEN: Yes.
I'm just the police department lawyer.
So I don't even really--
I barely understand the implications
of beyond my little police department.
Right now we're talking you know world wide.
JONATHAN ZITTRAIN: What do you want in your heart?
Tell me what you want in your heart.
MATTHEW OLSEN: I want to win this case, right?
That's my [INAUDIBLE]
JONATHAN ZITTRAIN: So you want to search the world.
MATTHEW OLSEN: Yeah, I do.
Definitely, Faceplant's-- if I'm going down this path,
Faceplant's an American company based in the United States.
They have--
JONATHAN ZITTRAIN: The idea that only if it's
an American criminal is it found, but the Canadians walk
free, seems crazy.
Right?
MATTHEW OLSEN: That does not make sense to me.
And I think it's appropriate to search
all the available servers where this information may be stored.
JONATHAN ZITTRAIN: Daphna, you're OK with that?
DAPHNA REMIN: Well, are you asking me if I will
give a global search warrant?
Right.
JONATHAN ZITTRAIN: Well, I guess it's a local search warrant
to Faceplant to search everything it has,
which may turn out to be global.
DAPHNA REMIN: Well, so now we're getting into domain
that there's going to be a court decision on soon.
But probably the Stored Communications Act
needs to be considered and how it applies extraterritorially.
And I imagine I'm going to get a fair bit of briefing
on this issue from my amici.
JONATHAN ZITTRAIN: You're just a country magistrate.
Got it.
ALEXANDER MACGILLIVRAY: But also Matt
had said that he was happy to have
notice go out to all the users.
So we can tell all our users all over the world
that if they have a problem with this,
they can come to Daphna's courtroom.
MATTHEW OLSEN: I do think that's your call.
I do think that's your prerogative
to inform your users in a criminal search
warrant at some point.
JONATHAN ZITTRAIN: With a note to talk to Daphna
does seem like a distributed denial of justice attack.
ALEXANDER MACGILLIVRAY: I'm still curious.
I still don't know where we get to the, hey,
something bad happened.
There's an Ames.
I don't understand why we're in Ames.
Like why the Ames people care.
I think if this got reported to Ames, they would say, great.
That goes in the garbage.
Thank you for sending it to us.
JONATHAN ZITTRAIN: Well, remember, we
have both the plastic surgery and we had
the original harm to a child.
We just didn't seem to be getting
much traction with harm to a child
as we did with the plastic surgery.
ALEXANDER MACGILLIVRAY: I've dealt
with people who had real problems with stuff online.
And they go to their local police department
with the equivalent of a picture of a kid
and don't know who the kid is, don't know where it is,
don't have any clue.
The police department says, we can't help you.
We're not going to do anything.
MATTHEW OLSEN: Well, that's not very helpful.
I mean, with the kid situation, that
does seem to me that that is--
you would start with your local jurisdiction there.
I think that's an appropriate place for the police department
to say, what can we do here?
JONATHAN ZITTRAIN: That partly breaks are hypothetical, right?
If it's just a picture that got sent,
we don't know who the kid is.
BRUCE SCHNEIER: No, no, the picture
was sent to the parents in the hypothetical.
The picture was sent to the parents.
JONATHAN ZITTRAIN: The parents of the kid.
ALEXANDER MACGILLIVRAY: Parents go to their local--
BRUCE SCHNEIER: In Ames, Iowa or wherever we are.
ALEXANDER MACGILLIVRAY: And we might
do some police work about who might
have a gripe or a reason--
JONATHAN ZITTRAIN: But you would like
to see people who might have a gripe try
to get the threshold of a warrant and then,
as Lenny says in Law and Order, turn it, go into their houses
and look for everything, rather than
this much more modest just sift the topsoil a little bit
of everybody.
ALEXANDER MACGILLIVRAY: I don't know--
and this is partly to Alex's point and others
about the things that the search but not found users--
that that interest is not just in the searching.
It's in this rule that anytime anything happens,
we're going to toss everything that is in these containers
and look through it.
And I don't know how you-- like, that
was a rule that was abhorrent to the founders for a reason.
JONATHAN ZITTRAIN: Well, we have leak number two.
And I don't even know if David ended up writing a story.
He probably did.
MATTHEW OLSEN: You know, probably not about the content,
but about the policy debate inside Faceplant, that
might be pretty interesting.
Yeah, we could well have gotten a story on that.
But these would just be sort of examples
used to illustrate the problem inside Faceplant
as they try to struggle with this issue.
JONATHAN ZITTRAIN: Got it.
All right.
Well, next week you're a telex machine rattles
with an incoming telex from our leaker.
And it regards this.
This is an app used principally in China,
very few overseas users outside of China
and very few United States users.
It's a video chat app.
And this leaker discloses to you what
appears to be slide number 62 of 714
of a top secret, ultra mega top secret PowerPoint
deck from the Special Security Agency--
motto, "no bit left unflipped."
And it appears to be for internal use.
It's their Update on Counterterrorist Surveillance
Current Efforts--
SecretChat.
That's the app that we were just looking at.
And it appears to depict that the US Special Security
Agency has managed with a smiley face
to compromise the SecretChat servers.
And they are able to do facial recognition
so that if they are looking for that terrorist suspect,
dare I say--
I want to be true to Alex's expectations--
they can track down where that person might
be on the basis of if that person happens
to be using SecretChat.
And that's the way the app works.
So, David, if you are able to, at least to some satisfaction,
authenticate that this is an actual slide
from the actual Special Security Agency,
where are you between meh and 10?
DAVID SANGER: Now we're getting up in the six, seven, eights
here.
And a couple of questions so that I understand this.
I assume that though this was a Chinese user,
the Special Security Agency is a US agency?
JONATHAN ZITTRAIN: Correct.
It is.
DAVID SANGER: Right.
Because we're expecting that the Chinese services
all do this as a matter of routine.
JONATHAN ZITTRAIN: Yes.
No, it's a US agency.
DAVID SANGER: Right.
And so what we're learning here is
that the US agency has gotten in between the servers of US
companies or US-based companies?
JONATHAN ZITTRAIN: No, SecretChat appears
to be an app run out of China.
DAVID SANGER: Run out of China.
So they've gotten into a foreign service, for which the US
agency, the Special Security Agency,
since their job in the world is to go break
into foreign systems, they're probably acting legally.
That doesn't necessarily mean that it's not a news story,
but there isn't necessarily a legal issue here
of whether the Special Security Agency can legally
break into a foreign network.
JONATHAN ZITTRAIN: In which case,
what makes it newsworthy to you?
DAVID SANGER: Well, it may be newsworthy for a couple
of reasons.
First of all, we spend an enormous amount of time
in the United States being outraged
when foreign services come in and break into our networks.
When the Chinese came into the Office of Personnel Management
and cleared out with 21 and 1/2 million
security clearance files, including
a lot of people on this panel.
JONATHAN ZITTRAIN: Good times, we say.
DAVID SANGER: By the way, Alex, you
missed line 43 on the bottom of the form.
You might want to go back.
But when they did that, we show great outrage.
So there could be an interesting story in the fact that--
JONATHAN ZITTRAIN: There's a both sides-ism story.
DAVID SANGER: There's a both sides-ism story.
Secondly--
JONATHAN ZITTRAIN: Is it your concern at all
that it might blow a good functional operation by--
DAVID SANGER: It could be.
I'm getting to that in just a moment.
So the second is, it could tell us
a little bit about what the Special Security Agency's
capabilities are inside China.
So that might be good as an interesting story.
But before I ran the story, I would almost certainly
go to the Special Security Agency and say,
we have a document here.
Looks almost as genuine as the documents
that came out of, say, Edward Snowden's material.
In fact, we had documents out of Edward Snowden's material
about US operations inside China to get inside Huawei's servers,
right?
And we ran that story.
And so we're thinking about writing something
along the lines here.
And it's really time to sit down and have
that discussion about what the risks of that story
would be and whether or not we would be interrupting
an ongoing operation.
JONATHAN ZITTRAIN: So the Special Security Agency
has just received your call and heard that.
And they have invoked a little known clause
to pull Matt out of his cozy retirement
at the Ames County Police Department
back to a general counsel position
of the Special Security Agency.
Matt, what's your conversation with David?
Are you going to take his call?
MATTHEW OLSEN: Yeah, I would take the call.
I mean, I would obviously--
I would first realize it's David.
JONATHAN ZITTRAIN: Let's hear the call.
MATTHEW OLSEN: So here's the call.
So, hey David, good to talk to you again, not really.
DAVID SANGER: And we just want it
for the record that Matt and I have never
had such conversations before.
MATTHEW OLSEN: That's right.
So what's going on?
DAVID SANGER: So Matt, remember Snowden?
How could you forget him?
MATTHEW OLSEN: I start shaking.
DAVID SANGER: So remember when Snowden happened
you said this was the worst possible leak of all
these documents that could go on.
But since Snowden's happened, we've had more leaks.
We've had leaks that took place with a group
called Shadow Brokers, which started
publishing various stuff.
And now we've had another set of leaks, not entirely
clear where it's coming from.
But we've got some documents that
seem to indicate that you're inside Chinese servers.
So I've got a couple of concerns here first.
One is we believe this document to be authentic.
If it's not, that's important for us and for you
to know beforehand.
And secondly, we'd want to know before we made our decision
whether to publish whether publishing would harm
an ongoing intelligence operation so that we can
make an appropriate decision.
MATTHEW OLSEN: And so going through my mind
is one, that David, that's a sincere point.
That's not just a something he has to say,
that we care about intelligence equities and national security,
that that's a genuine comment and that there
is an opportunity here for me to talk--
I obviously would round up folks in the agency
and have a broader conversation.
DAVID SANGER: But Matt would know that we
have withheld stories before.
We've delayed them.
In some cases, we've delayed them for several years.
MATTHEW OLSEN: And I also know David wants to get this right.
So one question is, is this real?
And so, David, this sounds like something
that we need to be concerned about from what you've told me.
I think it would be helpful if we could meet,
if I could see what you have.
I think I need to understand what it is that you have,
if you would share that with me and my team.
And I think we would take it from there one step at a time.
Obviously, I'm not going to just go to DEFCON and say,
oh, this can never get out because--
JONATHAN ZITTRAIN: Are you prepared to confirm it?
Are you allowed under the law to confirm it?
MATTHEW OLSEN: I think that I would not confirm it to David.
I would want to see it and be able to make an argument then
about what the implications are of releasing it.
JONATHAN ZITTRAIN: But you'd never be able to say,
I can confirm this.
MATTHEW OLSEN: I don't know about that.
I don't know if we would come close.
I mean David, you may have more experience
with in what cases there's been a confirmation.
But I think just by virtue of how we responded,
there would be an implicit perhaps, confirmation.
DAVID SANGER: If it's serious enough,
I know that Matt has the authority
to go up through the director of national intelligence
and national security adviser, even the president
to get at least an authorization to have a conversation with me
without putting Matt at liability that he's
revealing national security information just
by having a conversation.
MATTHEW OLSEN: Right.
JONATHAN ZITTRAIN: Now let me turn back
for a moment to Cindy and Alex.
If you're catching wind of this-- maybe from David,
who's gathering more background on the story, maybe not--
is this a civil liberties concern for you guys?
CINDY COHN: Yes.
Sure.
I mean, there are innocent people in China
who would like to be able to have a private conversation.
This is mass surveillance of lots and lots
of innocent people in China.
And then subjecting-- well, there's facial recognition.
So there's content that's being taken and done.
And then it looks like just metadata
they're using to match the terrorist database.
But still this is massive, looks like they're
attempting to surveil all of the users of this service
on the off chance that some of them
might be people who they're interested in.
JONATHAN ZITTRAIN: And is this a basis for a lawsuit?
CINDY COHN: I don't see standing so far for a lawsuit
in the United States.
But at the Electronic Freedom Foundation
or whatever you called us, we don't just
care about Americans.
We care about building a digital world where people
feel safe to be able to talk to each other without a kind
of invisible third person or fourth or fifth listening
in on the conversation on the off chance
that they might be doing something wrong.
So my international team would definitely
be very interested in this even if my domestic lawyers would
not, I think, at this point have the basis
for an American lawsuit.
JONATHAN ZITTRAIN: Imagine that it
further leaks, slide number 97.
There's a picture of somebody using
the app who appears to be in front of the Statue of Liberty.
And they do somewhat drolly observe,
"We have experienced some challenges involving
incidental collection of data corresponding to US persons.
Our team is hard at work improving our filtering
and minimization protocols."
Anything lawsuit worthy now?
CINDY COHN: Well, I'd like know who
that guy is because I'd have a conversation with him about--
JONATHAN ZITTRAIN: He's everywhere,
I gotta say, that guy.
CINDY COHN: --needing counsel.
Yeah, certainly.
You're in the US now.
So presumably there are US persons
who are being subjected to the facial recognition
unless that guy's a--
he might not be an American.
And none of those people might be Americans.
But I think that we would certainly
think that there are at least, there
are US persons that are going to be [INAUDIBLE]..
JONATHAN ZITTRAIN: And they might not even be US persons,
but they are on US soil, which might accord them
certain protections.
I don't know.
Alex, is your litigation bug awakening?
ALEX ABDO: There's a possibility--
especially if that individual is the one sending
the communication and it ended up in this slide--
that that person would have standing to sue,
to challenge what's going on.
Although that I think avoids the bigger and the harder question,
which is the one that Cindy raised,
which is that privacy is not just a domestic civil right.
It is an international human right.
The rules of privacy internationally
are unsettled at the moment, and there is a hard fight
for what they should be.
And that's where I still see this mostly in.
But to the extent--
JONATHAN ZITTRAIN: Alex, is what you're asking for,
that basically the Special Security Agency
just like take a nap?
Should it just cease its efforts overseas [INAUDIBLE]??
ALEX ABDO: Definitely not, no.
But the one dividing line that international law might
settle on is between targeted surveillance and mass
surveillance.
And I don't know whether we know enough about the program yet
to say that this is mass surveillance.
From the last slide, it looked as though that they
were decrypting everything.
And if so, that's mass surveillance.
If they're doing that you know decryption
with the intent and the actuality of targeting
specific people, then I think it's a different question.
But if the Special Security Agency
is sweeping in all the communications that it can,
irrespective at the outset of whether there
are communications between targets and not,
between bad actors and not, then that raises
the threat of mass surveillance and
whether international human rights are
consistent with that kind of surveillance.
JONATHAN ZITTRAIN: Bruce, does this distinction sing to you?
BRUCE SCHNEIER: It definitely is an important distinction.
And this is certainly a mass surveillance system,
that the entire database is being searched,
there's pattern matching and anything
that is a match goes back.
And it's either real or a false positive.
JONATHAN ZITTRAIN: And are you with Alex
in saying, if you're the Special Security Agency,
we need the equivalent kind of the particularization
of a warrant before you should be cracking stuff overseas
because doing a mass search of everybody
to try to grab something relevant
is somehow a form of rights infringement
that we shouldn't accept?
BRUCE SCHNEIER: I think it is.
It's clear that this is allowed.
This is allowed by current law.
I don't think there's any challenge to the NSA,
that they're exceeding their authority in any way.
And so this is much more a question of what should
the authority be?
And do we want to live in a world,
as Cindy said, where even people outside the US
have this presumption of privacy in their conversations?
Or do you live in a world where NSA
can grab whatever they can because it
happens to be outside the US?
CINDY COHN: I would say that-- just a small addition
to something that Bruce said.
I mean, I think in an international human rights
context, we look at whether a tool is
necessary and proportionate.
Those are the kind of magic words.
And I think there is a very serious
international legal analysis that
says this kind of mass surveillance
would never meet the proportionate wing,
even if you've got the necessary wing.
So I don't think it's clear that this is legal.
It's certainly clear that the US government has issued
an executive order granting this authority to its things,
but those are not the same thing, I think.
JONATHAN ZITTRAIN: Andrew?
ANDREW MCLAUGHLIN: So if I'm still the CEO of Faceplant,
what's interesting to me about this and troubling
and feeds into the kind of conundrums
that we're trying to unravel, is that we're operating globally.
We'd like to be able to compete in China.
We would like very much there to be
a rule of broad international recognition of minimization
because, for the reasons that we were sort of alluding
to earlier, for me to operate internationally
and to both merit and maintain the trust of users,
I need to not only protect Azerbaijani users from being
wantonly searched by the US, but also by Russia and also
by South Africa.
I'm hiring sales organizations and putting engineers
all over the planet.
In order to deliver services I have
to put data centers in many different jurisdictions
in order to serve up content subjecting me
to many jurisdictions.
So I would like that very much.
What's interesting about this case though is, I wonder,
does it change your thinking, Alex and Cindy,
to know that the Chinese government is conducting
real time mass surveillance through SecretChat 24/7,
every single communication getting stored?
Does that make it any more or less troubling for the NSA
to do the same thing?
ALEX ABDO: No, I don't think so.
I don't think the answer can be, they're
doing it so we can do it, too.
That's a kind of least common denominator
approach to human rights.
And that's not one that I would endorse.
CINDY COHN: Yeah, absolutely.
To me, the fact that they're doing it
is a reason why we should actually
pick a different course and one that actually
protects people's rights.
I don't--
JONATHAN ZITTRAIN: Even if the expectation of privacy
of the users themselves may be gosh,
everybody is watching everybody.
CINDY COHN: Well, I think the expectation of privacy analysis
is reaching a bit of its ending point--
JONATHAN ZITTRAIN: Expiration date.
CINDY COHN: --in lots of places in the digital world.
And this assumption, by the way, that by agreeing
to the terms of service, which you never ever read,
you've handed over your constitutional rights
is also one that we kind of slid by earlier,
but that I would want a pause on.
I don't think that you can contract away things
certainly not in the way that we think of contracts
in the digital age.
So no, I think that I would not say that that's the right path.
ANDREW MCLAUGHLIN: So to just put
this in a nutshell, what's troubling for me,
then, is to try to figure out whether I architect my services
and policies around a subjective expectation of privacy
or a normative rule about what privacy should be.
And I'd rather do the latter, but there
are lots of countries that force me to do the former.
CINDY COHN: Yeah, that's why we have
to join together to try to raise the bar for everybody.
I mean, that's our work.
That's why I run a little nonprofit.
If it were already done, then I could go
do something else, which would be kind of fun.
But I want you to join--
JONATHAN ZITTRAIN: Ames County Police Department
will have you.
CINDY COHN: You, as the CEO, I want
you to join with me because we want to build a world that we
want to live in.
JONATHAN ZITTRAIN: So not to interrupt the kumbaya
moment here, but Alex, wearing your deputy CTO hat,
if it landed in your lap from a brand
new president who, let us hypothesize,
has thought about any of this not at all, and was like,
give me a memo.
I only deal in bullet points and pictures.
Give me a three bullet point, one picture memo that tells me
what the new policy should be.
And I am very open to completely undoing
whatever the prior policy was even
though I'm not sure what it is.
ALEXANDER MACGILLIVRAY: I mean, I
think it's hard to divorce my personal feelings from the role
that you've put me in.
And I think we are trying to move to a world
where there is a sense of privacy,
even though we have a number of different things working
against it.
And so I take Andrew's point to be a really good one, which is,
we should be trying to raise this bar across the world.
And as far as the US company's interests within the general,
in this general conversation, if most people don't think
that they can put stuff through a US company
or in this case, a Chinese company,
without giving it up to every single law enforcement
agency around the globe, we're going to be in a position
where two things are going to happen.
Either we're going to move away from that model
and move back towards a first person storage, first person
trust model.
JONATHAN ZITTRAIN: Freedom box, we literally
have something in our house.
ALEXANDER MACGILLIVRAY: Or we're going to move to a model
where that opportunity that the Secret Service agency currently
has to go after that particular box
where there is opportunity to look
at the information in unencrypted form
goes away, because the only way that I can answer CEO Andrew
as engineer at his company--
how do I how do I protect a particular user's
communication-- is to make it so that the company itself,
Faceplant, doesn't have that, doesn't have that access.
So I think we quickly move, and this is the point
that I think Bruce raised earlier
but this move away from a first person and a government
needing to come at me or to compromise me in order
to get my information to all of the stuff being done
through intermediaries and going to SecretChat
to get everything.
The only other thing I would raise
is I also want to be talking about how the Special Security
Agency compromised the box.
And is that a compromise that I'm
going to be reading about in The New York Times in three weeks
that actually, that compromise was also picked up
by a bunch of other intelligence agencies
and all of the companies all over the world, including
the White House, are having trouble with a breach because
of the compromise.
CINDY COHN: That's how Dark Lord got the pictures.
DAVID SANGER: He just got at what the central news
story is here, which is, where did this, how did this happen?
Was it based on some kind of a flaw that the United States
government may have found and stockpiled
and its stockpile of cyber weapons?
Did it happen from somebody outside who might have
stolen part of that stockpile?
That's all pretty interesting news stories.
And that's part of what I would take up
in my conversation with Matt.
JONATHAN ZITTRAIN: And Bruce, I know you want to say something.
I was just going to ask you quickly,
from the tail end of Alex's observations,
if somebody, an enlightened CEO like Andrew at Faceplant,
is kind of feeling like he's wanting the system
to be less open to general searches--
so that when he's given the warrant if he's given it,
he can just do a shruggy and say, I can't make that happen,
in part, because he doesn't want every country around the world
to demand that of him, is it possible these days
to architect global services so they are inured
from these kinds of global searches but still able
to turn a profit from the kind of ubiquitous advertising
that LL Bean wants?
BRUCE SCHNEIER: So, I'm going to pull this apart
because we have two very different use cases here.
That we have the Justice Department coming
in and saying, do this search.
And, yes, Faceplant can architect their systems
so they can't do that search.
This is very different.
This is the SSA breaking the encryption.
And I'm now going to invoke the trope of technologists
always look for legal solutions and lawyers look
for technological solutions, that, in fact, the NSA is
happy with Faceplant or whoever this Chinese company is,
saying, we are going to have the tech solve this.
Because the SSA is in the business of breaking security
tech.
And they're very good at it.
So tech solutions that will have flaws and vulnerabilities--
JONATHAN ZITTRAIN: Just a quick check in.
Matt, is the SSA OK--
I assume the SSA is OK with doing what I've just described.
This slide is not like, oh, my god,
I can't believe we did that.
MATTHEW OLSEN: Yeah.
I mean, generally foreign intelligence collection
around the world targeted in this way,
I mean, I would argue potentially not.
I wouldn't necessarily use the term mass surveillance.
This is a company that there's a foreign intelligence reason
to believe that there is information
that's being collected through this company that is valuable.
JONATHAN ZITTRAIN: But Bruce is saying if the law doesn't work,
you've always got the tech.
BRUCE SCHNEIER: I mean, we have this NSA claiming every phone
call out of Bermuda.
I mean, we have examples of this from the Snowden archives.
JONATHAN ZITTRAIN: I just wanted to ask Matt,
would you see the SSA exploiting the same vulnerability
if it knew about it to get at Faceplant's servers
if Faceplant is an American company on US soil?
MATTHEW OLSEN: Different calculus
with an American company.
BRUCE SCHNEIER: Even if the servers
are not in the United States?
I'm thinking about what they do with Google.
MATTHEW OLSEN: Generally different calculus.
JONATHAN ZITTRAIN: Got it.
BRUCE SCHNEIER: So it's very, very different.
I mean, yes.
We can architect Faceplant systems that Faceplant
can say, no, we can't do that.
We have a lot more trouble architecting Faceplant systems
so that the SSA can't surreptitiously and maliciously
go into Faceplant servers and do it without their knowledge
or consent.
JONATHAN ZITTRAIN: And that's just a fact
that it's just really hard to build good security.
BRUCE SCHNEIER: It is really hard to build good security.
And it is easier, if you have the SSA's budget, which
we have seen from Snowden's documents,
to defeat that security.
And this is why I think legal and policy solutions are
very important here.
Because I can't rely solely on the tech.
JONATHAN ZITTRAIN: And David, just
as you're about to maybe go to press with this story,
one of your tech folks does discover
some metadata that suggests that your leaker is,
in fact, from Vladivostok.
And I'm just wondering, does that at all
change the equities of your publishing?
DAVID SANGER: Well, it could well.
It's possible that the leaker made up this document.
That's one of the things you would be concerned about.
JONATHAN ZITTRAIN: Yeah, but Matt gave away
the game there it seems.
DAVID SANGER: Right.
But it's also possible that while the leaker was Russian
and maybe the leaker was a troll farm for all I know,
that the document's still genuine.
And so at that point, part of the story
becomes the motivation of the leak.
It's very possible that the leaker here
is trying to sow some discord in the world.
It could be the leaker is trying to make
life miserable between China and the United States.
And I'd want to know that.
JONATHAN ZITTRAIN: And is that motivation something worth
factoring into your decision whether to go ahead
with the story?
DAVID SANGER: It certainly is something
that I would want to note in the story
if we go ahead with the story.
JONATHAN ZITTRAIN: We realize this will sow great dissension.
That appears to be the motivation of the leak.
Sorry, please enjoy this story.
DAVID SANGER: Yeah, I mean as long
as you're up front with the reader about what
the motivations of your leaker is, then absolutely,
the fundamental news story could be central to this.
And you know, a point that I would make, and probably would
have in my conversation with Matt,
is that we already had in the example of OPM
when the Chinese came in and stole all those documents, what
was the reaction of the director of National Intelligence?
He said, this was pretty good.
Nice work.
If I could do the same thing, I would have done it.
And now the document may have indicated he did.
MATTHEW OLSEN: There would be again,
assuming this is authentic, this is a real program,
there would be a serious conversation.
And I do think The New York Times would take it seriously,
that this is a valuable program that has produced results.
And if it's in The New York Times,
the program will be shot.
JONATHAN ZITTRAIN: Yes.
Well, our time is drawing to a close.
Our effort in this series of hypotheticals
was to go deep on one of the many leaves of the tree,
national security, privacy, and rule of law,
and get some flavor for how the different actors, who
in some way are quite used to working with one another,
even though they may be in very different positions
with respect to one another, how they think this stuff through.
And maybe moving to the observation
that it used to be that debates over individualized searches,
that was a lot of what we argued about in national security
and Fourth Amendment doctrine.
You had some target already in mind.
And then did you have what you needed to do the warrant?
And you can hear in our discussion,
some efforts to bring back the good old days of those kinds
of particularized warrants, in part
because they're constitutional.
And yet we see a future that is quite tempting for some parties
of this kind of bulk metadata or even content surveillance
that we're going to have to contend with,
for which we're seeing some of the second order effects of,
do we architect systems so that they are inured to this?
Even though, we started off with potentially--
they tug at the heart--
some case studies when, if it's good enough for LL Bean,
how could it not be good enough for,
if we could characterize it and it's
hypothetical so we can as long as it's plausible,
a poor kid who may be under threat
or a celebrity or some such?
So among this group, it's an amazing brain trust.
I see people like Chris Babbitts, Ed Felten,
others in the room, who themselves
have had great experience in these areas.
And I just hope we'll have some time when
we adjourn to talk about all this stuff as a group
informally before lunch.
In the meantime, I just want to thank our panelists so much
for being game to have today's conversation,
and for thinking about these issues.
Thank you all very much.
Thank you.