 All right. I think we are going to get started. Great. Hi. Welcome to New America and today's lunchtime event, listening in how encryption can preserve cybersecurity in an insecure age. My name is Kevin Bankston. I'm the director of the Open Technology Institute, which is the Internet Policy and Technology Development Program here at New America where we focus on ensuring that all communities have access to an Internet that is both open and secure. A big part of ensuring the security of the Internet and our communications and our data is ensuring the right to develop and access and use strong encryption technologies, a right that is under threat right now. The threats that we face and the role that encryption can play in protecting us from those threats is the subject of this book, which is the center of today's discussion, listening in cybersecurity in an insecure age. And we are very happy to welcome today the author of this book, Susan Landau, who I will just read her bio right here. Susan is Bridge Professor in the Fletcher School of Law and Diplomacy and the School of Engineering in the Department of Computer Science at Tufts University and is visiting professor at University College London. She was previously a senior staff privacy analyst at Google and a distinguished scientist at Sun Microsystems. She is an Association for Computing Machinery Fellow, a cybersecurity hall of fame inductee, and an American Association for Advancement of Science Fellow. She is also serving on the committee at the National Academies of Sciences that is currently weighing the encryption controversy and the issue of law enforcement and intelligence access to plain text. That report is in process so Susan won't be able to speak to that, but it is coming hopefully soon and I expect we'll have some real impact on the debate here. But we are lucky to have Susan here today for a conversation. She will come up and talk for 10 to 15 minutes about some of the ideas in her book. Then I will join her on stage along with our second guest for the day, Alvaro Bedoya. Alvaro is the founder and director of the Center on Privacy and Technology at Georgetown Law and is an adjunct professor there. He was previously chief counsel for the Senate Judiciary Subcommittee on Privacy, Technology and the Law, and senior counsel for the chairman of that committee, Al Franken. He and I will be engaging with Susan in conversation about some of the ideas in the book and in her opening comments, which we'll start now and then after that conversation we'll have some questions from the audience and we should be wrapping up by around 1.30. So thank you very much, thank you for coming and Susan, welcome. First of all I'm delighted to be here and thanks very much Kevin. So I want to talk about revolutions. Can you guys hear me if I stand over here? I want to talk about revolutions and I want to talk just very briefly. The agrarian revolution took between a hundred years and a thousand years no matter where on the planet you were. From the time people went from hunter-gatherers to doing crops, it was a hundred to a thousand years. And think about the number of generations that was. The industrial revolution, when it first started it was a two-stage revolution. First it was the mechanization of textiles and then it was the mechanization of mechanization. And that was about a hundred years in the parts of the world where it started. Now in many parts of the world it's happening much more rapidly. But in that period of a hundred years we've got two generations, three generations, four generations, four in terms of how quickly people had children. And now let's think about the digital revolution. When I think about the digital revolution I don't think about the computers that were part of the Second World War. And I don't think about the IBM mainframes of the 60s and 70s or even the PCs of the 80s and 90s. I think about iPhones and Facebook because that's when it became the way we really changed the way we live. And I think about how long that took. That's ten years. That's ten years. Now we think we've adapted to it. We walk down the street, we check the phone for whether we turn left or right to come to the New America Foundation. We walk down the street, we check our emails, we respond, we bump into people in the street because we're checking. I'm a New Yorker and I really hate it when people use their cell phones and they don't walk at the right pace. But we think we've adapted to that change. But we really haven't. And I want to tell you an example of why we haven't. Right now factory floors are being networked. They're being networked because some of the factory floors have very expensive machines. They have million-dollar machines to assemble things like cars and tractors, heavy machinery. These machines are great, much more efficient. What the company that built these machines, FANIC, realized is that if they networked the machines, they could start to notice when a particular type of robot, one of these million-dollar robots, was having trouble. If they saw the same kind of slowdown in a couple of machines, they could then recommend to different factories in different parts of the country, different parts of the world, certain kinds of proactive maintenance. Very useful. Now how do factory floors authenticate people on the floor? People to control the devices? By recognizing people. Everybody knows everybody on the factory floor. What happens when you network? That form of authentication disappears. Because we're using something that is no longer valid. Because we're controlling from somewhere else, but we haven't really thought about authentication. Authentication is not part of the control systems of factory floors, not in any real way. That's part of the story I described in the book, how we have moved very rapidly in one way, but our mental models haven't moved. I should have brought my phone up, but I didn't want it to ring, so I left it in another room, and I didn't think that I wanted it as a prop. But I wanted it as a prop, and the prop I wanted as is we need to authenticate ourselves all the time. We all know about the DNC hack, and the DNC hack happened for a number of reasons. Podesta and others were spearfished, but also they weren't using second factor authentication. They weren't using a second device aside from a password to authenticate themselves from the account. What do you use that's easy for second factor authentication? You use phones. What has the FBI been arguing for the last year and a half, two years, that they should be able to open phones no matter what. What my colleagues and I, in the paper and keys under Dormats, and in other work have talked about is, when you make phones easy to open, you make it easy to open for lots of people, not just law enforcement. And the problem with making a phone easy to open is not just the data in the phone, but also the software in the phone. Computer scientists don't think, computer scientists see software and data as exactly the same thing. If you make it easy to get at the data on the phone, you've made it easy to get at the software on the phone, and you've destroyed the ability to use the phone as a second factor for authentication. That's the argument I presented, somewhat more detail in the book, about why the FBI's arguments about making phones easy to open are a bad idea from a security viewpoint. The other thing that law enforcement complains about is end-to-end encryption. The idea that when I have a conversation with Kevin over electronic media, whether email or phone, that it'll be end-to-end encrypted so only Kevin and I can understand the conversation. Anybody else listening in gets white noise. And the FBI in law enforcement argues that it destroys a tool they've relied on for decades. They have relied on wiretapping for decades. But if you think about human communication, of course, human communication has always been ephemeral until quite recently. That's the first point. There's lots of reasons why it should stay ephemeral, and I suspect we'll talk about it later. But the point I want to make right now is you can't outlaw end-to-end encryption because it doesn't matter whether it's baked into the device. It's in apps. Is every phone that comes across the border going to be examined for every app to see whether or not it provides end-to-end encryption? Surely not. That battle is over. And it's over both because you can't do it and also because it's not good for our security. So with this, I want to just end with a very brief discussion of where our threats are. Every time law enforcement, whether it's the FBI or the DOJ, talks about threats. They talk about child pornographers. They talk about terrorists. They talk about drug dealers and so on. I posit that this is actually a far more serious threat that doesn't get mentioned or doesn't get mentioned as it should. And that's the threat to our democracy. It's a little bit funny to be talking about encryption right now when we have this much bigger threat, but in fact, encryption is what will protect us in many ways. I'll stop here because I know you too have lots to talk about in question, so I'll let us do it that way. Thank you. So I want to start on a small personal note because I was looking at the acknowledgements in your book and there was a very cute acknowledgement of your husband, Neil, who said, sure, write a book in six months. I'll do everything else. Was there a sense of urgency in writing this book? Why did you feel the need to hurry up and write a book in six months and make your husband do everything else? Well, so I should say he didn't do the leaves and we had a lot of arguments about that, but... and I just say that in the acknowledgements. So I testified in the Apple FBI case in March 2016, just at the height of the Apple FBI case I testified in Congress. And at that point, after I testified, I was largely on Apple's side, after I testified I had a lot of invitations, I had interviews and I thought, this isn't scaling. I expected that not much would happen on the encryption issue during the campaign. I did not expect us to have President Trump in office and I expected round about now we would be having a debate on the encryption issues and I needed to get the book out for now. So that was the six months. Well, and so the encryption debate did go pretty dark, no pun intended. This year, because in many ways the FBI has been preoccupied with a number of different things, including a change in leadership and the Mueller investigation, I'm sure, has been a big deal. But now in recent weeks, Deputy Attorney General Rod Rosenstein has come out and been renewing the FBI's calls against warrant-proof encryption and in favor of responsible encryption. I'm curious, first off, this debate is often framed by law enforcement as an issue of privacy versus security. What do you think of that framing? Is that accurate? And what do you make of this call for responsible encryption? And how long do I have? All the time you want. Okay. I'm going to talk about why it's not privacy versus security and then I'm sure Alvaro at some point will say, but privacy is really important and I absolutely 100% agree. But I'm going to say right now it's not about privacy versus security. It's about security versus security. I already briefly sketched out why making your phones easy to open is actually bad for security. It removes, long-term, the ability of your phones to act as a second factor authenticator. It also puts Apple's update process at risk and all sorts of things, long-term security risks. I want to step back and think a little bit about the risks we have as a result of the Russia investigation. I'm not going to talk about the stuff on social media, but I am going to talk about the stuff related to encryption at the same time that the Office of Director of National Intelligence issued its report back in January saying that, yes, there had indeed been Russian interference in the election. One of the points it made is that organizations viewed as likely to be shaping US policy, civil society organizations had also been the targets of Russian hacking. And I want to walk you through what happens when that occurs. And I want to walk you through by going back to 2008, the climate group at the University of South Anglia in the UK had been hacked and their emails went up on the web. And commentators who didn't believe or argued against the idea that climate change was occurring began selectively quoting and making it appear as if the scientists had messed up the data, tweaking the data to make things appear that climate change was happening when it wasn't. In 2008, when the theft occurred, a majority of the American population believed climate change was occurring. The House of Representatives had voted to support the bill that was coming up, the treaty that was coming, the agreement that was coming up in Copenhagen. Within two years, support within the US had dropped substantially. Support, trust of scientists working in climate change had dropped substantially and US Senate never acted on the Copenhagen agreement. The point is that civil society is really threatened. Civil society groups might need to protect their memberships. For example, they are a group of military personnel who have formed an LGBT group. That group would most want to protect its membership lists. If they're a group producing reports on climate change or other controversial issues, they might want to protect their reports or their email. Think about what happens to an organization like the Union of Concerned Scientists or the National Academy of Sciences or New America Foundation. They issue a report, and it turns out their data is off by 20% or 30% because somebody tampered. These organizations are not organizations that have the funds or the capability to do secure protections. They need to rely on consumer devices. They need to rely on end-to-end encryption. They need to rely on secure devices. Does something say that we need to rely on actually deleting stuff again? Learning to not keep everything forever. And it seems like what Rod Rosenstein has argued and what Comey argued before him, he's framing this debate as, well, you know, Gmail has the ability to give us access to the email. Facebook has the ability to give us access to the messages. That stuff is encrypted between the server and the user, but the company has the ability to access it. Why can't we just engineer everything like that? So I'll give you the example that occurred for me last week. I was exchanging mail with somebody about a delicate topic. I really wanted to go down the hallway or give this person a call, but I wasn't in a position to be able to do that. So I had to do it on an electronic medium that's sort of permanent. I looked at this piece of mail. I didn't want it on working mail. I looked at this piece of mail. I thought I could send it on a personal account. The person I was communicating with happened to have a personal account that was Gmail. I thought about saying, please hit the leak forever once I put this in. I thought this person will think I'm putting a lot of complexity and tension into the discussion. Do I really want to taint the discussion with all of that? In the end, I just said something like, I'm saying this, please be very discreet, but this was not something I wanted to put in email. This is not something I wanted in Gmail server forever. If you go back to the Sony case, one of the things that happened was a tremendous embarrassment because people said all sorts of gossipy things. We say things all the time. We have for hundreds of thousands of years said things all the time that we expect to be impermanent. Hey, you're not looking very good today. We don't want that around, or hey, they weren't looking very good today. We don't want that around forever. There's lots of reasons why communication should be ephemeral. Well, in speaking of the Sony hack, or the DNC email hack if all that email hadn't been sitting there, they couldn't have leaked it, or if it had been sitting there in an encrypted form, it couldn't have gotten out there. So it seems that there's definitely, there's a deep irony here that the FBI is arguing so strongly against encryption and yet had the DNC systems been strongly encrypted and protected in other ways, it would have undercut a good deal of the Russia scandal. That the FBI is now so essentially focused on fighting. And they seem to basically be arguing for a world where if you have any intermediated communication at all, it should always be accessible to a third party, ideally the provider, and preferably stored somewhere. Which is not great from a security perspective and I would guess it's not great from a privacy perspective, depending on how you conceptualize the difference between privacy and security. So, Les, we just argue about how much we agree with each other. I want to play devil's advocate here and press you on a couple things. I'm glad somebody is. Excellent. And by the way, one of the reasons I was really glad to do this is I'm not a cryptography guy. I'm not an encryption guy. I've been learning about it along with most everyone else. But so much of the rebuttal to this pro-encryption argument to this anti-encryption argument is the Berkman Don't Panic argument of, okay fine, you can't read the emails, you can't tap into the echo and you can, you know, listen from the smart television and you can use all of these other attack surfaces. What happens when those get locked down also? It would be great if they get locked down. Okay. Just a pause for context though. Berkman Center for Internet and Society at Harvard issued a report called Dote Panic which was basically about all the different things law enforcement can leverage other than encrypted communications, metadata, et cetera, et cetera. Yeah. And while I largely agree with the report to which I co-signed, I didn't agree with the title. I thought it was too flippant. I think there is a serious issue here. But it would be terrific if the Internet of Things got locked down. I don't expect it to happen anytime soon. That is, I don't expect it to happen not only within my lifetime but probably much longer than that. The problem is that that kind of regulatory burden is complicated. In the various groups of the National Academy of Sciences we talked about the idea wouldn't it be great if the Internet of Things devices that can't be updated had to die within two years? That there was a regulation that if you can't update the device then it has a two-year shelf life. Even a two-year shelf life isn't great. But even getting that kind of regulation would be hard. It wouldn't be regulation. So no one requires Apple to encrypt its stuff, right? The American company. Well I think there are some rules in certain circumstances but in most instances when you use encryption it's not regulation. It's the market. So what happens when Amazon locks the stuff down, Samsung locks the stuff down and companies start protecting metadata through differential privacy and other means? Maybe there's not a going dark problem now but is there really not a going dark problem in that hypothetical role? I don't think so. I really don't think so. There is some level of metadata in order to make things happen. So none of you ever think about the swipes you do on your phone. You just do the swipes on your phone. Those are collected. There's good reason for those to be collected. They're collected because Apple and Google want to know is the order in which they put things on the phone the right order for you or can they make it more convenient? That's a good reason. Suppose Apple or Google are really not doing this. But suppose they also collected it and said we could market a device that says you can't drive because you're really agitated right now. We can tell it from your phone and we're going to give the car manufacturer a way to lock down your steering wheel so you can't actually drive. You would say that's really invasive. But the point is you're never going to give permission or not give permission to the collecting the swipes. There's all kinds of micro data that's getting collected. There's lots of data all over the place. I mean think about this morning I came here. There was a tax reader that if I had paid by credit card would have been a record. There was a metro card that recorded where I was. There was my phone location because I hadn't shut off my phone. That's all without my beam. Go ahead. Can we apply the same argument to encryption though which is again playing double. We're arguing encryption has to be this firewall, this impregnable firewall. Don't make us put a front door, a back door etc. But isn't it true that the place is chock full of windows? The FBI was able to get into this device. Not through the update, not through these other means. How can we be arguing so stridently against a back door or a front door when the place is full of windows? When the security is so terrible as it is. First of all security is believe it or not security is improving. In 2000 Microsoft had a terrible security story. By now Microsoft has a security development story that other companies are emulating software development story because their security is good within their development process. I was talking with somebody on the intelligence side who said yeah we find bugs, we break in. The good bugs that get into lots of systems are rare and getting harder to find. So that's one piece of the story. Another piece of the story is we've gone to automatic updates. What I discovered talking at Hoover Law Fair last night is that while all the security geeks I know have all their automatic updates automatically done, most of many of people in the audience who presumably were interested in the topic did not. Security updates are a really good security story. We've made them automatic, so they largely don't break things. My last Apple update was not great in certain ways. It slowed things down for a few days and then it got better. But automatic security updates fixes a large piece of the problem. I'm not saying that everything is good. I know that I am much more careful than probably most of the people in the room. It means that I don't get to do certain things. That's the tradeoff I'm willing to make. I'm willing to make it for two different reasons. One, I'm paranoid. Two, the bigger reason is I teach courses in security and privacy policy. If I'm going to do that I need to experiment on myself. Periodically I can't do things that my friends can. Big deal. I want to respond to some of your points, Alvaro, as well. First off if and when everything is super secure, won't we have a going dark problem? That's a problem I'd love to have and we're nowhere near that. Also there's this aspect of the FBI especially earlier in the debate would often raise these fears of a universally encrypted future where just everything would be encrypted while at the same time pointing out how Google and other companies often have access to content because it's part of their business model. Those two things are inconsistent. Looking at the future there will always be some services that are not encrypted against the provider so that it can serve you ads to provide you a free service or so it can have AI bots be your little concierge and help you with your content or a variety of other services. So in terms of the don't panic range of stuff available to investigators there always going to be a variety of services that aren't fully encrypted. The problem is that they want us as a society to make that trade off in one direction for every one and for every product and that is a problem because then it means that there is no circumstance where you can have a communication like the ephemeral communications we used to have unless we are hiding in a corner somewhere. But let me go on further there's another problem and we saw that we had the crypto wars back 20 years ago where there was regulation saying okay you can export devices with encryption but you need an exported license and if you don't want to get an export license which is a slow and lengthy process and with this process what you end up with is sometimes the government says yes and sometimes it says we're thinking and in Silicon Valley time we're thinking really kills things so the companies went with less strong encryption. Well communications does what's called backwards compatible. You probably never thought about the fact that your smartphone can ring at your grandparents house where they have the old smartphone that doesn't move and weighs three pounds and has a real bell. That's backwards compatibility. Communications protocols always have backwards compatibility. So now that we're allowed to have strong encryption we still have backwards compatibility with the weak encryption of 20 years ago and you know what people have found ways to force the strong encryption between two people who both have it on their communication ends be pushed back to go into the weak form that says let's push for weak you end up having it for far longer than you maybe want. Maybe you realize oh there was a problem but you're locking society and not yourself but all of society. A very specific recent example of this which was the freak attack which was there were all these browsers that had built into them the ability to communicate with the weaker encryption back from when the export regulations were stricter. Just in case they were dealing with a browser but then the attack was able to force people to downgrade to that level of security which now is easily breakable. But so you mentioned the crypto wars of the 90s there was the fight over export regulation there was a fight over the clippardship which was a thing that the NSA pushed so that there wouldn't be end to end encrypted voice that they couldn't unlock. What do you see as the major differences between the crypto wars of now often called crypto wars 2.0 although we might be hitting 2.5 or 3 at this point and the original crypto wars. So in the original crypto wars the instrument for regulating encryption was the export controls that I just mentioned and the NSA wanted those controls they were on computer and communications equipment shipped outside the country and anything with encryption for confidentiality purposes had to go through export license and for the NSA it served two purposes one it gave the NSA a pre-look at things that were being sent out and two it prevented deployment which was very useful because then the NSA could more easily listen in abroad but it also had the impact of limiting encryption use domestically because companies and I worked for one in Silicon Valley around that period towards the end of that period companies didn't want to support two different systems and didn't want to say to European and Asian customers we have strong encryption for use in the United States but we're selling you this thing with weak encryption it's really fine Lotus Notes did that actually being very public about it and the Swedish government the Swedish military hadn't been listening and when they found out they were furious at Lotus but most companies chose to have just one platform and it was weak encryption by the end of the 90s the Defense Department was no longer so happy with this and there were a couple of different reasons one was the Klinger-Konak which required the Defense Department by commercial off-the-shelf computer and communications equipment you want commercial off-the-shelf if you want cons equipment you want it to have security built in and so they wanted to see strong encryption there the other reason was that at that time we were already envisioning and participating in ad hoc military coalitions when you have a military coalition like NATO with trusted partners you work out communications security you have time to do it you trust the partners all is good when you're working out an ad hoc military coalition like happened in the first Iraq war you have a situation where these are trusted partners for this war they may not be trusted partners in three years you don't want to expose to them techniques you know from NSA you want something that you can use now and you don't care if they understand all the pieces of it because you're not showing the jewels and so commercial off-the-shelf equipment is really important and then you want the commercial off-the-shelf equipment to be strong encryption so it was for those two reasons that NSA switched NSA also got a large pile of money to modernize because NSA at that time was having trouble it was called going death whereas the FBI never really stopped fighting that war could you expand on that I thought this was the most valuable thing I read in your book which was you told this this really compelling story about how FBI and NSA used to be on the same side of the encryption debate i.e. they were for non-experts like me against it right but you described how the NSA doubled and tripled down on technology and technologists whereas the FBI did not remotely do that and so nowadays the NSA and the intelligence community is really pro encryption and is saying no we shouldn't build these back doors into these devices but they're not going some of the ex NSA people are saying got it that's a real thing that's right you're not hearing so many ex FBI folks say that I heard some but let me stick to your argument you also don't have NSA coming out with a full frontal assault on encryption that's more the point can you talk a little bit about that divergence and what happened there why NSA took this road and FBI took this road end of the 90s NSA is in a situation beautifully laid out by Cy Hirsch and the New Yorker around 1990-2000 there's a velocity variety and another V because of course everything has acronyms in DOD and the problem was that smaller nations that didn't used to have access to encryption were now encrypting well the volume is the third one it was increased volume of communications moving to the internet increased the amount of communications everybody was doing so pulling out what you wanted was much harder and then there was variety now there was email there was all kinds of other kinds of electronic communications there was phone there was facts it was getting more and more complicated and for a while NSA was going deaf and they had to really change how they did things now if you think about encrypted communications sometimes NSA has ways of getting in if you looked at the Snowden papers those of you without clearance those of you with clearance could probably have looked at the papers before they were Snowden disclosures but if you look at Snowden disclosures there's a lot on the tailored access operations group and all sorts of different ways of getting into communications can you explain what tailored access is tailored access is you want to get into somebody's communications stream so you want to subvert their way of encrypting the communication it could be that you want to look between two Google data servers centers not centered in the United States BISA doesn't apply then you could just listen in but if it weren't encrypted and in fact there's a famous napkin sketch one of the early Snowden disclosures on the front page of the Washington Post that upset the internet companies quite a bit because it indicated perhaps that the internet companies were working with the government it does not appear that that was true and in fact Google was already encrypting communications between its data centers abroad it sped up that process and then Microsoft and Yahoo joined in a Cisco router being shipped abroad and changing the routing so that it stopped before it goes abroad and changing something in the physical layout of the router and then shipping it it can all sorts of techniques I mean we had tailored attack also a remote attack exploiting a vulnerability in a particular router or computer or server any of the above so the NSA went that route and you have to understand also NSA is doing a very different job than FBI and law enforcement generally FBI law enforcement arrests people and takes them to court and they have to prove a guilt beyond a reasonable doubt NSA is assembling intelligence it also doesn't have certain fourth amendment restrictions when it's operating outside the United States so they have different jobs with different equities they had wars NSA was fighting back in the in the 1990s pushing a kind of escrowed encryption in which you could have strong encryption domestically but the keys would be stored with agencies of federal government it didn't go over well in the United States it went over even less well abroad the idea that you could buy these phones that would encrypt but the US government would hold the keys, right it didn't sell but Mike McConnell NSA during that period said recently you know we lost that bell and you know what in the period since we've had better signals intelligence than ever I think it's worth noting that not only is the NSA less aggressive on this issue because they have their ways you know they actually have a variety of techniques that regular law enforcement don't but also they have a defensive mission they actually need to secure our systems and want to help you know secure systems across the country and to do that you need encryption and so that's why you have people like former NSA head Mike McConnell former NSA head Mike Hayden former DHS head Mike Chertoff and a whole bunch of people who aren't named Mike coming out of the security and the national security and homeland security space saying don't screw with encryption that's a really bad idea from a defensive perspective and during the course of doing the book I even had some FBI people say the same thing law enforcement on the other hand I've had conversations with state so in the United States half slightly over half of wiretaps are done by state and local police I testified in congress in 2011 and on that side was the general counsel for the FBI val Capone next to her was the president of the international chiefs of police he came from a small city in Virginia and he talked about how hard it was to open phones 2011 phones weren't locked not the way they are now he was talking about the variety of phones and he was overwhelmed so easy answer is federal law enforcement is in an easy position to provide that kind of information we're not talking about hard technical stuff talk about metadata metadata from communications who talked to whom which number which IP address each provider displays it in a different way sometimes communications go from one provider to another that's complicated for state and local enforcement to understand especially when they don't have a tech group so I suggested during the hearing I'm not the only person who suggested it but I said look feds need to set up an information sharing system with state and local it took 4 years to happen it doesn't sound like it's functioning terribly well I'm sure it's giving useful information but it doesn't have nice interfaces the way when you go to google or you go to apple or you go to your iphone to do things everything is set up as if you're a consumer and dumb dumb is real nice because then you just go to do what you need to do I'm not saying law enforcement is dumb I'm saying make it simple make it easy so law enforcement hasn't gone that route instead over the two decades from the change from the first encryption to now law enforcement keeps saying make it easy for us to wire tap you mentioned Kalea can I talk about Kalea the communications assistance for law enforcement act is a 1994 act that said build wire tapping capability into switches so I wanted to stop and think about what that means it means when I'm talking to someone there should be wire tapping capability in the middle of my communication ok now think about can you make that secure I went to the FCC about 8 years ago and I had a conversation there that for the first 25 minutes I felt like I was incredibly stupid I said what's your threat model against those routers who are you protecting against they had no idea what I was talking about in the last 5 minutes I finally redeemed myself or rather they redeemed my faith in myself they said we never thought about attacks on the routers they put a security hole that is the law put a security at the FBI's request put a security hole into the routers and switches of digital communication and nobody was thinking about what the security protection should be so am I talking theoretically no I am not the example I mentioned and I get pushed back from law enforcement because I always mention this example but I'll tell you why in a moment but the example I mention is that in Europe partially at FBI's urging they instituted a similar set of standards and Greek Vodafone bought a switch from Ericsson which did not have wire tapping capability in it they didn't want wire tapping capability so that was all cool but a little while later the switch was updated now Greek Vodafone had not paid for wire tapping capability so the wire tapping capability was put in but auditing capability which normally accompanies wire tapping was not in was fine wire tapping was not paid for by Greek Vodafone wasn't supposed to be switched on somebody switched it on we don't know if it was done physically at the telephone company or remotely but it was switched on for 10 months in 2004 2005 100 people in the Greek government were wire tapped the prime minister, the head of the ministry of the interior, the head of the ministry of defense the head of the opposition party it was discovered when SMS went awry so you say well one instance that doesn't prove anything second instance I talked to somebody at NSA about the period mid-2000s when NSA was evaluating switches and route switches the Kaliya compliance switches being sold to the department of defense they found security problems with every single switch they evaluated I said so the others were okay and the guy said I didn't say that okay every single switch so I testified in congress last year during the apple FBI case and I one of my signal intelligence friends said put in the Greek case I said I don't want to do that I do it all the time I said put in the Greek case and say there were other cases I said really and he said if they ask you tell them to ask Rick Ledger who at that point was deputy director of NSA no one asked me but I heard you to ask but the point is yes there were other cases there are cases we don't know about all of our cases in the internet context where we know that foreign governments have targeted our wiretapping capability as a counterintelligence mechanism the Aurora attacks by the Chinese Google and Microsoft's lawful intercept packages so they could find out whether their people were being intercepted on but I see Alvaro is trying to get a word in edgewise here so continuing my theme here so don't we have to weigh first of all I do think it's peculiar that we have to go to Greece for I mean we're five, six, seven times the size of Greece I actually don't have a Greek population I apologize we're significant larger than Greece isn't it strange that we have to go to Greece for an actual example of abuse of the back door and number one, number two don't we have to do a policy weighing between the fact that of a hundred windows yeah like the Greek window might get broken broken into against the value of creating a front door back door for law enforcement into these really compelling cases of murder, you know kidnapping, child molestation, etc or changing the route of the presidential election yes good, great, good but we need to weigh these things right so when you talk about building it into infrastructure you talk about building it in for everybody for long term it doesn't go away it's still there and it's very dangerous one, two as I said earlier we're moving to a better and better security story I don't want to say we're at a great security story I mean I got asked the other day when I was at Tufts by a student reporter what are the three things you recommend and I said as if free were enough I said update automatic updates I said don't let yourself get spearfished or open attachments that requires a lot on the user end because it requires educating the user to take time I had an incident earlier that lasts about a year ago now where I got an email from somebody at Princeton reporting to be the secretary of the dean inviting me to something in Berlin and it was all in the attachment I did go to Princeton I worked in the area of security and liberty which was what this meeting was about this was plausible I'm not going to open the attachment I spent a whole lot of time figuring out whether or not someone by that name was a secretary to the dean turned out it was, I opened the letter you don't do this I complained when I got to Berlin and the computer scientist said it was the dean of the policy school who sent that out we would never have done it that way but the point is you have to educate everybody that's hard and the third thing is two factor authentication I mentioned that the vulnerabilities are getting more rare one of the problems about the kind of Russian attack we saw on civil society is less well protected one of the problems on attacks on industry is that they don't go after the large companies which are now getting much better at protecting themselves they go after the small contractors working for the large companies and they get in that way no we're never going to be perfect that doesn't mean you leave your house unlocked I want to address what you said Alvaro as well in the sense of yes, this is actually a weighing exercise I'm going to go back to what you said and try to figure out what the right answer is and ideally this isn't a religious debate this is a factual debate what's often missing from this factual debate from the law enforcement perspective is the recognition of all of the crimes that are prevented or could be prevented through the deployment of encryption financial crimes, other crimes people getting held up for their phones what, you're stealing a brick what's the point, and those are violent crimes often or even crimes that could fundamentally destabilize the nature of our democracy like this is a critical tool and in fact one of, basically only two Matt Blaze often discusses that a computer scientist who's one of my frequent colleagues which is basically the two things we have for security are maintaining the simplicity of our systems because they get more complex that introduces more errors and more ways of exploiting it or encryption and this fits into Susan's narrative of us just sort of barreling toward the future with extreme rapid change and these systems are just getting more and more complex so we can't rely on the simplicity to save us we need to rely on the encryption but let me give you a really concrete example let me be very compelling the national center to end domestic violence I think that's the right name women are subjected to vast amounts of domestic violence some of them get killed often evidence is on their phone but the national center for domestic violence believes that the devices should be locked and not openable why? because in the way they weigh things the number of investigations that are thwarted do not outweigh or rather the number of ways the protecting of women's communications and ability to get out of the situation is more important than the ability to easily investigate based on data on the phone and this is why I'm prone encryption I mean this is why this is why I'm prone encryption no I'm going to continue being devil's advocate but like yes encryption is important for everyone we all have bank accounts et cetera but let's face it there's certain people for whom encryption is particularly important some of those folks are bad guy criminals I shouldn't make a lot of it some terrible horrible people who are committing horrible acts and endanger our society but you know who else it's important for victims of domestic violence civil rights activists, political dissidents there's a really powerful account and I wish but that's the next one I was going to say about how in South Africa the ability to have secure communications was critical in the movement to end apartheid there are two political dissidents civil rights activists journalists can you imagine what reporting would be like today in Trump's America if reporters didn't have the ability to securely communicate with sources in the White House and in the executive branches I mean there are fundamentally strong pro-democracy arguments to encryption that we need to put on the table alongside these other things we need to weigh against I've taken probably for a dozen years now the security versus security argument it's a large part because people like you I think are better equipped to do the privacy to the liberty side it's not that I don't believe in it I believe in it strongly but I think there is this other piece that is an important part and we shouldn't just say oh yes privacy versus security because it's not it really is security versus security so we talked a bit about how we need to the way I always frame this is we should stop talking about how we can force security to adapt to law enforcement because that's a fool's errand we should focus on how we help law enforcement adapt to the technology a part of that is more resources for law enforcement so they actually understand what is available and have the resources to take advantage of it another thing that's come up and this comes back to one of Alvaro's questions is the question of investigative hacking I don't like to call it lawful hacking because it's based on the details of the case but hacking by the government the use of existing vulnerabilities rather than trying to mandate a cross world vulnerability that they can exploit this is something you've written about I'd love for you to talk a bit about that so I wrote about this with Matt Lay's Sandy Clark and Steve Bellavin and we talked about in some cases that's going to be the only way to get in and this is in fact what tailored access operations do at a much grander scale and not against American we know that ideally we know that the FBI has been employing it since the early 2000s that you did in a case a bombing threat case in the state of Washington to find out where the IP address where the computer where the person who was issuing the threats where that computer that he was issuing the threats through was and then we're able to get evidence and arrest him it's a two-step process the first thing is that you have to go into the device and find out what operating system it is what version that is what applications are on it then you have to go back in and actually put in an exploit use of vulnerability to collect data the data might be the communications that are coming off the machine the data might be simply the communication key and then you wire tap normally in the papers that we wrote on the subject we suggested that two warrants were needed one to actually investigate the machine and one to put things on it as far as we can tell law enforcement has used two warrants it's an important approach it's a necessary approach it's not an approach that scales real well because it scales well when people don't patch their machines and here I am urging everybody to patch their machines and vulnerabilities are really easy to find as vulnerabilities get harder to find it scales less well that said it is an important technique I mean I'd suggest one it's an important alternative to a backdoor mandate two it doesn't necessarily scale broadly but I'd argue that's a feature rather than a bug like if the state could easily in a scalable way surreptitiously break into any computer at once I'd say that's a problem but so this conversation about government hacking is a somewhat sensitive one that we've been talking about a lot more in DC since the crypto debate sparked back up especially in the context of something called vulnerability equities which you're very aware of that's policy wonk for how do we decide whether the government should be able to hold on to information about vulnerabilities to use that info versus disclosing it to the vendor so those things can be patched and everybody's security can be improved there's a way that happens about well we can use this to break into systems for investigations or intelligence but if we do that we are weaving other people vulnerable and how do we make that decision and so there's some legislation to try and codify some strong standards around this there's also a broader conversation about how do we impose clear strong safeguards for the hacking itself which we're kind of behind on but I'd like to go for a moment to the process which is even if the government would report the vulnerability at the time they find it it takes time to patch and it takes time for people to accept the patch sometimes companies or people won't accept the patch because it breaks things breaks other things that they're running on their machine so it is not the case that if a vulnerability gets reported everything is immediately gone for the government looks like you're thinking hard there I'll see this quickly and then I worry about a couple things so we've been having a policy conversation and I worry what happens when it becomes a legal conversation again because I think there was a very we what's the expression when you almost get hit by a car but it doesn't hit you we dodged the bullet yeah thank you I don't know why my English is slow today what do you call that we dodged the bullet there because I let me say two things I think the policy arguments for encryption are much stronger than the legal arguments we make fun of the fact that there's an 18th century law used to try to compel Apple to do things the All Rits Act that's a good soundbite but it's not very effective legally I mean I think there were some very good briefs on behalf of Apple but in terms of the law I don't think our arguments are nearly as strong as the policy and as someone who was on Capitol Hill for five years it is pretty darn compelling when law enforcement comes to you and says I got a hundred phones murder investigation racketeering investigation you know child abuse investigation I can't unlock them you know can't you help me get in here so both of these arguments I think are much harder than we would like them to be you want me to get what's that you want me to get no the reason why compromising the security of the device or eliminating encryption by putting a backdoor front door exceptional access and you know you mentioned irresponsible encryption and what I would say back is my god what Rosenstein is talking about is irresponsible encryption I actually don't want you to get technical I want us to speak to people's hearts and minds rather than well hearts and minds rather than their brains because the arguments we're getting on the other side are very impactful that way and that's why I think these pro-democracy I wasn't saying anything because it's a little repetitive about why these pro-democracy arguments are so important to make because yeah in a room where folks care about facts and science you know these arguments are extremely powerful but we need to figure out how to bundle them in messages that speak the hearts and minds because that's what's coming at us on the other side and we will lose if we don't have the numbers that we would need in Congress so for me the most powerful arguments about protecting democracy because I think the threats are really quite serious I'm not going to address the Facebook threats and the Twitter threats and so on because there are outside the realm of cryptography that's quite different how do you control misinformation on social networks but on the going within organizations and undermining the organizations yes those organizations have to protect themselves in a myriad of ways but they can't do so effectively without end-to-end encryption and secure devices those are an essential piece that goes back to Matt's line I don't know I feel a challenge in terms of both resources skills and just mindset when it comes to civil society having to argue these things because if we argued like they did and I'm not saying this is good or bad I think it might actually be effective like that would mean we are putting in front of Congress here's a woman who got beaten nearly to death because her husband was able to get into her phone and find something that set him off here's the journalist in Mexico you know hanging from a street lamp murdered because the cartels were able to sniff his communications here's the person rotting in a cell in China for being a dissident you know like putting those people in front of policy makers but that's not actually a skill set that civil society really has but we need it we do no I know and I wonder how that right there is you know that 30 seconds is the most powerful argument I've heard for the democracy we are potentially losing because things weren't encrypted or because people did use their two factors and here's the thing about politics is the anecdote is extraordinarily powerful you get a real human being if you're organizing a hearing the first thing a good legislator says where's my human where's my person and any hearing you have where you can have either someone from law enforcement or a victim or someone a real human being is so much more powerful and I think we need to do more of that in this debate we're going to win indeed on that note let's let's shift over to questions and I see a number of hands being raised and we will start this young lady right here I am Rebecca McKinnon I work upstairs I have a few questions picking up on exactly what you were just talking about civil society civil dimensions and human rights dimensions of this you know you're hearing from a lot of not just in this country is encryption being challenged but say the United Kingdom Theresa May and other members of her cabinet you know the attack on encryption in many democracies is heavy and there's a challenge in that it runs sort of the usual organizations who specialize in the intersection of technology and human rights nobody's talking you're not hearing from Greenpeace you're not hearing from Transparency International about why encryption is so vital that kind of global civil society is not really joining this fight in the way it needs to and the way it needs to be fought across the entire democratic world and I was at a conference not too long ago about sort of the attacks on global civil society and there were all these different groups most of which were not expert in technology and kind of tried to talk to them about encryption it's just something that I hadn't thought and so I'm just wondering if there's any thoughts about how to kind of really raise the profile of the importance to democracy that global civil society really get on board with this issue can I answer that? Sure, yeah I actually, as I wrote the book I grew more and more concerned I handed in the manuscript March 30th and of course more came out about the Russian attack since so about a month ago I published something in Foreign Policy it exactly talks about the Russians coming after town halls in civil society and I did it for two reasons to get staffed in DC to think about it and I wanted civil society to think about it so if there are ways to push that out because it talks exactly about that problem that's one small piece that doesn't answer the question but it's a chink well, and a little bit of self-promotion that might perhaps also offer a little bit of enlightenment we at OTI did do a series of papers about the threat to encryption in three separate places the UK, France and Germany and I wish it gave us really great easy answers about how to counter those threats it more so was just an eye-opener on how clear and present those threats are and trying to figure out strategy for addressing that is something we're thinking very hard about I think it's a funny situation because you hear the Home Secretary saying one thing but I do not hear GCHQ echoing it and I have heard Sotovache the GCHQ which is their equivalent of NSA not agreeing but it's Sotovache which might say that we have a loud Home Secretary or they have a loud Home Secretary without necessarily having the support Germany is the bright spot where Germany seems to have a very strong committed federal position in support of encryption and they are instead focusing on targeted hacking operations instead but I don't know fully I did that one little trick it's not my expertise sometime I have to go back to Tufts and start teaching again but I completely agree with you that civil society needs to learn more I know the journalism schools are now educating people I don't know why that hasn't happened for civil society so it's both the education level but it's also the information level and that's the harder one Hi, I'm Chris Savage I'm a civil law and all my students came of age after 9-11 and so they have this different mindset than some of the older folks have and I try to frame it the following way and I appreciate your reaction the constitutional rights are expensive in terms of lives and in terms of money everyone knows we have a right to have guns and that costs us roughly 30,000 lives a year ok, society is ok with that how many lives is it worth to have good strong privacy I have people who are like law enforcement or it's like ok fine if you don't have access to this data how many people are gonna die that won't die today and is it anywhere near the number we let die every year with guns or with cars that's an interesting approach right to think to move out of emotions I think in a public policy point of view right what's their reaction of course it's totally different there's a personal right to have guns protecting us is different I'm the Holmesian bad man as a policy analyst I just care about how many die why do you care this and not that I'm astonished how completely unpersuasive those kinds of arguments are politically I mean I find them persuasive or arguments around terrorism where it's like ok well yes that was a horrible attack two days ago how many people have died of terrorism in the United States compared to slipping in the bathtub or anything else but like those arguments do not carry emotional ways we'll send the bathtubs to get more of them exactly yeah why aren't we having a war against you know we need more bath maths but no those kinds of arguments are considered to be insensitive and not recognizing the severity of the threat and also terrorism has too broad a definition but if you whittle away all the kind of racist stuff at its core is violence for a political purpose and we treat terrorism differently for the same reason we treat a hate crime differently which is you know when you're killing someone as a terrorist you're doing it to scare all these other people right whereas if someone kills another person you know in a bar fight it has it does not have that same impact and so you know there is a reason we weigh these lives differently and a pretty compelling one at that but I agree I think this is a good way to in law school right I teach you how to argue and I say sometimes you need to argue based on fear because that's your most effective argument sometimes you need to argue based on data but recognize what you're doing and recognize what your opponent's doing so I want to add one more thing to this which is that it's the law enforcement argument is not about security it's about more efficient investigations and once you frame it as more efficient investigations versus the right to secure ourselves it becomes a completely different dynamic and I think that's the right dynamic to put it in once you frame it as more efficient investigations from an agency that has not modernized in 25 years that's a different dynamic another question yes sir hi so Jason from the global network initiative Susan just wanted to thank you not just for your book but for your public advocacy and education on this issue in a prior life I worked in the state department and was involved in the last round of conversations around encryption and the last administration and it was incredibly enlightening one of the things that was very useful was having a guy like Ed Felton in the government being able to help sort of educate and inform the conversation from a technical perspective but I worry that a lot of governments don't have people like that who are not working for a particular agency and therefore bound to try and sort of represent the views of whatever interests that agency is seeking to advance and I worry also that in our judicial branch where a lot of these things are going to get sorted out most judges have no idea and the law clerks are also kind of woefully undereducated and that's just here in the US where you think about overseas and other countries I think that those gaps are even larger so I wonder what can be done, I think it's really important to continue to have people who are seen as neutral academics with technical or neutral sort of policy advisors with technical expertise who can be seen to be providing level setting information I don't, that's happened ad hoc, people just sort of establishing levels but I wonder if there isn't some way to elevate that role and offer those kinds of services to other governments who are all not just in the UK and Australia and others who have been vocal about it but every government in the world is seeking to crack this nut somehow and whether you've been aware of any efforts along those lines or have thoughts about how that could be done So in the last few years suddenly schools are thinking about educating in this intersection of cyber policy and I am at Tufts in part because of the efforts of my colleague Jeff Talaferro in the political science department at Tufts to actually hire somebody that bridges and therefore the point is to educate kids that bridge with some technical expertise, they're not going to have eds expertise because they're not computer scientists but trying to teach some of the computer scientists policy material so that they can come down here and teaching some of the policy students including international because Fletcher is international there's also, I should say that a large kick start to the academic efforts has been from the Hewlett Foundation which gave 15 million each to Harvard, not sorry, not Harvard, to MIT, Stanford and Berkeley to start programs in cyber security policy without actually knowing what it meant, what a program in that would be and that was four years ago I suspect there's some, is there Hewlett money here funding people? I spoke to somebody Hewlett is a supporter of some of our cyber security work and I was in Congress yesterday talking to one of Widen's staff who was half supported by some Hewlett Foundation money Also there's the Tech Congress program again I will self promote New America OTI hosts a program called Tech Congress which puts technical fellows on the hill you may have actually been speaking, were you talking to Chris? Yeah, okay, so that's actually a Tech Congress fellow they're actually doing interviews for the next year of fellowships right now, so isn't she doing some of this stuff? We have a public interest technology program that's doing work but not directly related to this. One response to what you're suggesting part of what you're talking about Jason is how do we actually get the technology expertise for the policy makers? I'm more focused on how do we actually scare them I fear that we don't convince them based on making sure they all have a strong technical understanding of this and I always think back to the VPPA which is the Video Privacy Production Act this is the strongest privacy law on the planet basically and certainly in US law this is a law that protects the privacy of your video rental and video viewing records and the reason this was passed and passed very quickly once the inciting event happened was when Bork was up for being confirmed for the Supreme Court and records of his video rentals were leaked to the press there was nothing particularly compromising in them but you could hear every lawmaker on Capitol Hill thinking back about what they have rented and what might happen if that got out and within a year they had passed the strongest privacy law ever because they were afraid and how do we get them to recognize the level of threat how do we get them to think about their phone getting compromised and they're thinking more and more about it now and that's why we're seeing top level people in the political parties and in the White House and on the Hill starting to use signal starting to use encrypted communications so once we have them all doing that and then we can say to them well guys we all use the same infrastructure if you want to have it everybody else has to have it too there's no way of separating out the good guys and the bad guys in the consumer technology economy that we have that is when we win I worry how many more massive awful Russian or Chinese or other state based attacks and leaks it will take to get us there but that seems possibly the only trajectory by which we win so in that line when I was preparing testimony last year on the Apple FBI case I wanted to talk about phones as authenticators because that's the follow on to Kalea Kalea undermined the security of the network you undermine the security of the phones and you undermine the phones as authenticators that was my real argument that was my real concern I'm a geek pocket protector or not I'm a geek but I talked about photos within my first paragraph because everybody has photos on their phone and just like they worry about their messages they worry about their photos so I think Kevin and Alvaro are absolutely right you have to talk emotionally but you also at least I can't lose my being a scientist at heart you want the factual arguments they're just not going to create a day yes please wait for mine that's Bob Bob Gelman privacy consultant you talked about how the VPPA got passed and that's exactly right why isn't John Podesta the horror story of the Congress to realize and if that didn't do it I don't know that anything what was partisan he was for Hillary and half the country is not for Hillary or at least 78% of the Republicans are not for Hillary well I mean one thing I wonder we have all this concern about fake news and propaganda which I think is a legitimate concern we don't want anyone messing with our elections but at the same time I think there's a legitimate question of what does fake news content have versus all the legitimate news content based on stolen emails that the Russians stole and leaked wasn't that probably the bigger impact so why are we having a national freak out over fake news instead of a national freak out about like why isn't everybody using two-factor and or how do we make email more secure isn't that perhaps the more important issue and isn't encryption a linchpin to that hi Amanda Lopez setting mostly IoT but security issues on how they impact IoT blockchain technology removes the old identification protocols for example like no longer identifying a computer by its MAC address you know the IP address so I'm wondering will using blockchain in the future with two-factor encryption alleviate some of these security issues that you're talking about today one there's a certain advantage to devices being a certain level of anonymous we actually want that for political speech and all sorts of other reasons it's we want it for investigations the U.S. government funded the development of Tor the onion router which enables you to browse without the site knowing who you are or anybody eavesdropping along the way knowing who you are and that's because you know some military person in the safe house in the Mideast wants to be able to communicate with anapolis and the safe house doesn't want to let the ISP in the Mideast know that they're communicating with anapolis or an FBI investigator looking at child porn site doing an investigation doesn't want the address to resolve to FBI.gov there are lots of legitimate strong reasons for anonymity so I don't see blockchain catching on in the realm in which you're suggesting blockchain catching on in other areas absolutely but I don't see it catching on for devices Can you provide a little more connected tissue there? Sure Blockchain is a technology that essentially authenticates a device by connecting it to a previously known device which is authenticated by connecting to a previously known device and so on so on the internet nobody knows if you're a dog except these days we can figure out if you're a dog how old you are but this will say well you're really authentic because we know you're connected to this other thing which we knew was authentic. It's useful some kinds of transactions like financial transactions. Bob was asking me earlier about healthcare transactions I haven't thought enough about blockchain to be able to answer him in an intelligent way or to answer him at all in fact intelligent or not but blockchain is useful in some domains I think it's perhaps a little bit over sold. It is also a technology that's 20 years old and catch on 20 years ago but it's but it will be useful in some domains I just don't see it useful here. Any more questions? Thanks Ryan for the internet society so I really like how you broke down encryption between the encryption debate with intelligence community and also with the law enforcement community I think that there's an issue right now where the debate gets a little bit oversimplified where it's just about encryption as a whole so what I've been wondering is in terms of framing this debate and moving this debate forward is how would you break down this debate into more manageable pieces and where should these discussions take place should this happen at congress or should it happen somewhere else so I think the debate has many different pieces and thank you for asking that question I'm sure Alvaro has other pieces and perhaps Kevin too but I would talk about communication and as I said I think that debate is over I think you'll even find the FBI saying that debate is over despite Rosenstein's speech three weeks ago and that's because you can't control the apps that cross the border you know somebody comes with a phone border control is not going to look at every single app to see whether or not it enables end to end encryption I think the end to end encryption debate is over devices is not over although devices is a funny kind of thing because while Apple controls the whole manufacturing process Google does not where do you put those controls in so I would separate into devices end to end encryption and perhaps cloud and then make of course the point that most of cloud is going to be accessible via a court order because somebody has to be able to get at the data in the cloud I by the way use a cloud provider where the data is encrypted in the cloud and only I have the key I lose the key my data is gone because nobody else has the key it's a Spyroc and when I first started using it it was really hard to use and now it's become easy not because I'm expert but because they've become easier I would split it that way I would split it into talking about what are the real threats I would split it into talking about what national security did and what law enforcement needs to do what law enforcement needs to do is complicated in part because I'm not a law enforcement investigator I've never been a policeman I don't know how investigations work I can tell you some things I'm hearing from them that don't make sense but how they move forward is an interesting part of the debate so I have argued on the one hand I argue that they're not doing things right and then I say let's give them 10 times as much money to do their going dark efforts because they need to improve there let's give them more money here in those various dimensions what one would do I wrote the book because I wanted to have a voice and I wanted a voice there in the public debate I think having op-eds and articles in different places around the country not just in Washington I blog for law fair blog because it gets the attention of staffers but I think it's important to get attention elsewhere too to explain to real people that they're better at connecting to real people and to a scientist but talking about real people with real issues the kinds that Kevin was describing that Ovaro was talking about I think that's a very useful way to discuss the issue so my name is Wajid I work for U.S. Department of Agriculture as a technical leading network so there are two laws Communications Act of 1934 and Telecommunications Act of 1996 so do you think they are already obsolete in the light of new changes in cloud computing with security most of the things that they talk about they are like from antiquity what are your thoughts on this you know I haven't looked at the Telecommunications Act of 96 in a long time and in like one of 34 much longer when I looked at the one in 34 I only looked at one small piece so I don't really have an answer I mean I'll go to something else that I do have an answer for which is you need to frame the laws in a general way without being specific to the technology so Matt Blaise, Steve Belevin Stephanie Pell and I wrote a paper a year ago now on how IP communications really changed the Smith and Katz decisions about separating content from metadata now there have been a lot of law professors who have talked about how the old wire tap regime doesn't work philosophically with the new IP technology we didn't do a philosophical argument we did a simply technical argument and showed where places where the wire tap law simply didn't make sense because of IP communications in the end of the paper we talked about what judges who do now what law enforcement should do now and how legislators should begin to think and that's why I bring up the paper and we said you want to think about technology broadly but don't ever legislate in a way that's tied to specific technology because the only thing you know it will be outdated very quickly so one note on that the paper by the way is called it's complicated or it's too complicated I'll just I think we're okay so let me just briefly say the following as a former legislative staffer you hear this a lot the issue is what happens you write the broad law you write the technology neutral law and then lobbyists come and they're like well this is so big how does this apply to me I mean what are the rules does this apply to me you say oh okay I need to clarify this is who it applies to this is who it doesn't apply to and then folks will come in and say well my thing doesn't really fit in your framework following good reasons right or someone shows up and say oh you want to pass this bill get me out of it and so suddenly you're carving out these folks and then you're saying oh it doesn't really work in these instances and before you know it you've got this technology specific law that is outdated and so I think in DC we use this trope of don't use technology specific laws but the choice isn't technology specific laws versus technology neutral laws it's usually a technology specific law versus no law at all because you can't pass the thing so I just wanted to add a little asterisk there I'll add another flip side where I guess there's a little disagreement could have a little disagreement technology neutrality or technology agnosticism in drafting often means that it will later get expanded and extended to stuff that you did not contemplate that you maybe didn't want it to apply to you and so in some ways being somewhat specific is smart lawmaking but I also share Alvaro's concern about there is this problem of we try to be non specific but we have to be specific enough and so then you end up having weird legal categories in the law that don't actually map to meaningful technical or practical categories like say in a law that I'll just say it's called ECPA don't worry about what it is where there's these categories of electronic communication service providers and remote computing service providers which are kind of specific to 1986 kind of don't really map to anything in particular right now in a clear way and it's just a mess and so if you're looking for outdated laws the ECPA of 1986 ugh so outdated and how long have we been trying to oh god we've been we've been trying to reform it for the past 10 years basically and uh but yeah by weekly calls I think this is the last question so I agree with you what you said on the the when the lobbyists come and you have to put way like unrelated things in there so in communications act there is a particular section that talks about boats which has no way related to communications act and it is like how you travel and see in boats and all that so I'm guessing that in that time somebody who wanted to put might be after the T.J. Hopper case it was I mean I have read it and I was like well this is might be after a famous case of two barges going up to the east coast during the storm and not having radios I think it is very complicated forming laws one last question this gentleman here I mean I'm a big fan of everybody up there and I think the arguments you make are very powerful and one thing I worry about is that the discussion does become a little bit binary in some places where we say the math hasn't changed none of this stuff can be done there are ways that you can architect the technology to everybody could use phones that are completely locked down use cloud based services where there is no recovery key and encrypted messaging applications but there are compromises that we make in order to be able to make the services usable or for other purposes and so I do think that one of the ways that we break this down a little bit is to start talking about the ways in which compromises would have impacts on security in a very technical way what are the trade-offs if you were to architect the technology in a certain way what would the impact be on security rather than to say we need encryption or if we don't have encryption or if encryption is not unbreakable so one way you do it is you say if you require exceptional access and we said this in keys under doormats you break forward secrecy forward secrecy says every communication is encrypted with its own key so when you connect to google and you do a search it's under forward secrecy now in fact google saves the searches that's how it informs its quality of search and anybody listening in and collecting all those communications to google would have to break the key for each individual communication that's one way you can talk about it there I was just going to say she talks about four others there are basically four categories of risk that Susan lays out on page 92 at least of this I think it's the same page 92 of the book where she lists the four I think you're right saying it's impossible or saying it's going to break the internet or whatever is not going to win the day and is not really accurate you can build a key escrow system the question is how risky is that going to be how much risk is that going to introduce and is that worth the trade off and I would expect that the NAS report will help us think through some of those questions when it comes out which I hope will be soon and I'm not allowed to comment and I think that is it for time thank you everybody for showing up thank you to both of you for joining us and thank you for a great book which I think is going to contribute a lot to the conversation thank you