Brad Smith: Electronic Privacy Update

CHARLIE GIBSON:  Good morning.  My name is Charlie Gibson.  I used to be a television host.  I used to be a television anchor.  I used to be a television reporter.  I don’t know what in the world I am today.  But I’m going to be sort of the wrangler today.

If you’re here today or if you’re watching on a computer screen somewhere either in Europe or Washington state or Washington city, then we’re going to presume that you know a good deal about this case and operate on the assumption that you know the particulars and the issues that lie behind it.

In the matter of a warrant to search a certain e-mail account controlled and maintained by Microsoft Corporation.  It’s not a very catchy title.  I think maybe 50 Shades of Privacy might get more attention.  Microsoft and those companies or organizations who support its position on the one side and the government on the other obviously have vastly different views of this case.

A quotation that was at the very top of the Magistrate Judge James Francis’ decision last April came from the Stanford Law Review, and I think it is something probably that everybody can agree on.  That quotation is:  “The rise of an electronic medium that disregards geographic boundaries throws the law into disarray by creating entirely new phenomenon that need to become the subject of clear legal rules.”  And the hope is that this case will produce clear, legal rules that establish lines laying people’s right to privacy against the government’s right to investigate potential crimes.

Both sides make powerful points.  We’re going to try to explore some of them today.  Microsoft has convened this meeting today and you’ll hear a lot about their point of view.  But in questions, I’m going to try and present some of the government’s points as well.  If you have followed the case, you are acquainted with Brad Smith.  He is the executive Vice President and General Counsel at Microsoft, and he’s going to start with some remarks about why he wanted to bring you all together today here in this room and those who are watching on the web.


BRAD SMITH:  Thank you, Charlie.  And thank you to those of you who are here with us in New York, or are watching in Washington, D.C., in Brussels, and Washington state, literally around the world.

Let me just take a few moments to set the context for some of this building on the video and Charlie’s comments.  In a sense we’re here today to talk about the latest chapter in a story that has literally been unfolding for over two centuries.

It’s really the story about the intersection between changing technology and the need to keep the public safe and also protect people’s privacy.  It’s a story that began in some ways when Benjamin Franklin founded the Post Office.  People sent their letters in the mail and law enforcement needed to investigate what criminals invented as a response, which was mail fraud.

In the 1800s people invented the telegraph.  Criminals invented wire fraud.  Law enforcement needed to investigate it.  In the last 30 years we saw the rise of the computer and then the Internet, and lo and behold, today we have Internet fraud, Internet crime, and just as in the past the question for our generation is how to strike the balance between strong privacy and public safety in an era where technology continues to change.  That story today brings us not only to New York, but to the story about e-mail that is stored in Microsoft’s data center in Dublin.

It’s in Dublin for a reason.  It’s because we tend, like most tech companies, to store e-mail and other private communications in a data center that is closest to the customer.  So for example, when we have a customer who is based in Europe, we store their e-mail in Europe that way they’re able to access it faster and more securely.  Of course all of this creates issues.  And one of these issues began literally a year ago this week.  That’s when Microsoft went to court to contest the search warrant issued by the United States government to access and obtain the e-mail that is stored in Dublin.

Now, last Monday we at Microsoft filed our brief in this legal case.  It’s a brief that gave us the opportunity to point out that while this may be a story and a case about Ireland it’s also a case about the rights of Americans, because if the United States government after all takes a certain approach and reaches into data centers in other countries we have to assume that other governments will follow.  And they’ll do the same thing.  And when they are interested in the e-mail of Americans stored in the United States we will have a difficult precedent with which to grapple.

It’s also a case that raises important questions about the rights of people in other countries.  Will they continue to have their privacy rights protected by their own laws?  And fundamentally it really raises the question how do we think about e-mail, or text messages, or photos, or all the documents that we create, because unlike the mail that you put in a letter and entrust to the government in the form of the Postal Service, the U.S. government has argued in this case that your e-mail when stored in the cloud and located in a data center ceases to belong to you alone.  Instead it becomes a business record of a tech company, as well, with profound implications, as you’ll hear this morning.

Now, last week was our brief.  The reason we’re here today is because this is the day when a number of groups are filling their amicus, or friend of the court briefs.  Ten briefs are being filed today.  And even in the final hours, as more entities are signing on to some of these briefs, it’s already clear that 28 tech and media companies are signing on to support these briefs, 35 leading computer scientists from 20 universities have submitted a brief.

You’ll hear a short video from Ed Lazowska, one of the professors who is involved in that brief explaining their point of view on some of the technology questions.  And there are signatories in the form of 23 different trade associations and advocacy groups, associations that represent literally millions of people in companies on both sides of the Atlantic.

All of these briefs make one thing abundantly clear, this is a case that involves not just a narrow legal issue, but a broad public policy issue that is fundamental to the future of technology in a global economy.  And that’s really why we organized this event this morning.  It’s an opportunity for people to begin to hear a little bit more about the wide array of interests that are at stake.  And indeed, as you’ll see in the briefs that are being filed today, this is an issue that has now brought together people from a cross section of groups.

You’ll see tech companies who are concerned about the impact on trust in American technology and the rights of customers.  There are briefs from the U.S. Chamber of Commerce and the National Association of Manufacturers concerned about what this means for the future of businesses’ ability to rely on the cloud.  There are civil liberties groups concerned about what the case means for the Constitutional and statutory protection of privacy rights.

There are media and news organizations concerned about what this means for the ability of journalists to protect their e-mail and ultimately shield sources from government access and investigation without their news organizations knowing about it.  And there are European groups who have an obvious concern about what this means for the privacy protection of people who live in Ireland and across the European Union.

Ultimately, though, this a part of an ongoing conversation, and one of the things that is always important for us at Microsoft, I think, to underscore is that we recognize that it is a conversation that is not all about one side being right and the other side being wrong.  It’s about safety and privacy.  And I think most of us would share the view that we want to live in a world that values both and finds a way to develop new solutions.

Those solutions may come from the court or they may come from the Congress, or they may come from the White House.  And one of the things we’ll have a chance to talk a little bit about this morning is what some of those solutions may look like as well.  It’s why this is an important conversation.  And it’s why the day where we’re filing and seeing the filing of amicus briefs, a day that ordinarily doesn’t attract as many headlines in this instance really creates a very powerful opportunity to talk not just about the narrow and the immediate but the broad and the long-term as well.

So as I said, thank you very much.  Thank you, Charlie.  We look forward to this conversation.

CHARLIE GIBSON:  We’re going to have a couple of panels.  I should introduce the members of the first panel who have jumped on stage here.  Victoria Espinel is President and CEO of BSA, The Software Alliance; and Andrew Pincus is a partner at Mayer Brown law firm, an advisor to the U.S. Chamber of Commerce and the National Association of Manufacturers.

The two panels are going to be about an hour.  So if you’re here in the room, we’ll get you out to lunch.  If you’re watching in Europe, we’ll get you off to dinner.  If you’re watching in Washington state, we’ll get you to breakfast.  And if you’re in Guam, you’re just out of luck, I guess.  I don’t know.

Brad, you’ve lost two rounds in this case.  You lost at the Magistrate level.  You lost at the District Court level.  Why don’t you give them the damned e-mails?

BRAD SMITH:  The amazing thing about a court case like this is that the only thing that matters is who wins the final round.  So I think that’s the short story.  The principle is important.  And this case has a long ways to go.

CHARLIE GIBSON:  And it seems to me as I look at this as a journalist that the results of this particular case may not be as important in the long run as the basis on which it is decided, and what the long-term rules that may be promulgated here will be.

You’re basing your argument on two things.  You base your argument on the fact that you shouldn’t have to turn over the content of e-mails held physically in another country.  And, second, you base your argument, not so heavily publicized, although you mentioned it a moment ago, on whether personal e-mails constitute business records or whether they’re the really sole possession of the person who was the correspondent.

In all seriousness, though, you base your argument that the data physically is overseas.  But this is a whole new world that has arisen since the operative law here that applies.  Nobody has to go to Ireland to get it.  It can be just retrieved by a simple keystroke.  So really it isn’t a search and seizure in Ireland, is it?

BRAD SMITH:  Well, that is an argument that the government makes.  We absolutely believe it is a search and seizure in Ireland.  We store this data in a physical place.  And we don’t choose the place at random.  We choose it because it is where the customer is located.  And that’s important for the way the technology works.  Frankly, it’s also important for the protection of people’s rights.

One thing you see around the world is everybody wants to have their rights protected by their own law.  Try telling an American that their rights are no longer going to be protected by the Constitution, they’re no longer going to be protected by U.S. law.  They are going to be protected by Irish law or Chinese law or Brazilian law.  People are not entirely happy about that for lots of good reasons.  And that principle, too, is at stake here.

CHARLIE GIBSON:  But isn’t it rather happenstance where you happen to store it.  You store it near, perhaps, where the correspondent is.  And I can certainly envision a world where if somebody felt that they had dicey e-mails that they didn’t want the U.S. government to look at, they’d go and say, I want you to store it overseas, put it overseas so that the government can’t get it.

BRAD SMITH:  That’s a very good point.  And it’s why we need to know where people are, and it’s why we’ve said throughout, look, if this were a matter of Americans trying to evade U.S. law by claiming to be a nationality that they’re not or claiming to live in a place where they’ve never been, that would be a different question.  And we do need legal rules that address those situations as well.

But, for the sake of those needs should we put the rights of the people in Ireland at risk?  Should we tell Europeans that they are now subject to U.S. law?  Should we tell Americans in the future that they’re subject to the law of some other country?  That doesn’t feel like the best way to strike the right balance.

CHARLIE GIBSON:  Judge Preska in her decision in the Second Circuit said nothing in the text or structure of the statute carves out an exception for records stored overseas, further quote, there is no overseas search here.

BRAD SMITH:  Well, there’s two different concepts there.  And the first is actually a point, frankly, we would say in our favor.  There’s a principle of law in the United States that exists for good reason.  The principle is that no law passed by Congress applies outside the territory of the United States unless Congress explicitly says that it will.  And Congress did not say so here, as that quote basically reflects.  And there’s a good reason for that principle.  If Congress just passed a law and didn’t even have to think about it and suddenly it’s applying in Europe, or in South America, or in Africa, you can imagine the impact on the foreign relations of the United States.  So, in fact, given that Congress did not intend, did not say that this law would apply outside the United States so in principle would say that it did not.

CHARLIE GIBSON:  But, Brad, it’s a 1986 law.  It’s the Electronic Security Act, or the Electronic Storage Act, I’m sorry.  It was passed in 1986.  Nobody had a clue that we were going to have something like the cloud in that day, or that you could simply put an e-mail in Ireland and with a keystroke retrieve it.  So yes, they didn’t specifically say that this would apply overseas, but they also didn’t specifically say that it wouldn’t apply overseas.  And the courts found that there is precedent for saying that it can apply overseas.

BRAD SMITH:  Well actually the law was passed in 1986.  It’s been amended in small ways since, in ways that made clear that it applied on a nationwide basis, so that a district court in one district could issue a warrant and it would be applied in other districts across the country.  And Congress chose to use that word nationwide for a reason.  It didn’t say internationally, it didn’t say globally.

CHARLIE GIBSON:  But, wasn’t that for issuance of a warrant or subpoena that it can be done nationwide, as opposed to actually applying to a search?

BRAD SMITH:  Well, you can’t execute a warrant to obtain information without searching for it.  So it’s hard to have a seizure without a search preceding it.  The two basically go hand-in-hand.  And the fundamental question here is both how to strike the right balance between what are clear cut needs for public safety and personal privacy and of course also who should strike the right balance.  We all live in a country where at the moment we are plagued by more gridlock than almost anyone would think is a good thing.  That is self-evident.  It is a problem and we would be among the first to acknowledge that.

But, nonetheless, we have a Constitution that obviously predates the year 1986 by almost literally 200 years.  There are certain values that have served us well over time and, frankly, one of the values that has served us well is for these kinds of broad issues to be addressed by the Congress, to be addressed by the White House, and then for the courts to interpret the law rather than to try to add to it in a ways that go beyond their traditional role.

CHARLIE GIBSON:  I don’t want to leave the two of you out.  You have both ‑‑ both the organizations that you represent have filed amicus briefs, basically supporting the position of Microsoft.  But, on this question I guess in playing my old role I’m trying to make you the experts.  I would throw in a sound bite in the middle of the piece.  But, is it as simple as what Brad says, because it’s in Ireland, because it’s in Ireland this law can’t apply and the privacy of those correspondence, e-mail correspondence needs to be protected, or are we in a technological world now where because you can simply retrieve this information in Europe, one guy sitting at a computer can get this information, that it’s a whole new ballgame?

VICTORIA ESPINEL:  I would say a couple of things.  One is you pointed out already that the age of some of the laws that we’re operating under, and technology moves very quickly, so if you think about it it’s not surprising that the laws that we have on the books today are outdated and outmoded for the world that we live in today.  And that’s why the software industry has been pushing the U.S. Congress to reform the laws that are on the books today so that they are in sync with both the technology and with our values.  And hopefully Congress will move on that.

But to the question you just asked, I think one of the things that we need to think about, and my background at an earlier point in time was as a trade negotiator, and so I’m well aware of the fact that other countries look to the United States as an example, as a good example or as a bad example.  And I think we need to think very carefully about the precedent that could be set here, and we need to think about what this means not just in terms of what U.S., what the Department of Justice wants to do overseas, but what that might mean for other governments who might see this, I think frankly almost definitely will see this as a precedent to reach into the e-mail of Americans.  And so I think this case is very important for the privacy of U.S. citizens.  But when you think about it as global context and the precedent that this sets for citizens around the world, and I think as Brad said we can talk maybe a little bit later on about some of the solutions there.


VICTORIA ESPINEL:  But I think keeping in mind the risk that this case brings in terms of undermining trust on both sides of the Atlantic is a very important part of this.


ANDREW PINCUS:  I think as a legal matter it really is that simple.  I mean if you think about the pre-digital era, if some bank that operated in the U.S. also had a branch in Ireland and somebody had documents in their safe deposit box in Ireland, no one in the world would think that by serving a document on the bank here the U.S. Government could force the bank to retrieve those documents and send them over.

CHARLIE GIBSON:  But that’s where everything has changed.  That’s a physical piece of paper that you have to go in and get out of a safe deposit box, or a safe, or whatever.  This is not.

ANDREW PINCUS:  But here’s the key, I think, that change, and you’re right technology has changed a lot, and the question is should that change in technology automatically without anyone thinking about it affect a huge expansion of the U.S. Government’s power at the expense of other nations?  Because if you think about it, that’s what’s happening here.  And I think there’s a really good analogy in the cell phone case that the Supreme Court decided last year.

Because the government’s arguments here are so similar.  There, as people probably know, the argument was when someone is arrested, the government has or the police have a right to search your person.  If they have a wallet, they can look inside.  And the government said, well, if you have a cell phone, we can download the entire digital content, same thing.  We’re just searching what’s on your body.

And the Supreme Court said, well, in some very remote sense that’s true, but the amount of information that the government would get by sort of mindlessly applying that same principle to this digital environment is vast and would undermine what the Fourth Amendment is trying to do.  And so the Supreme Court said, we’re not going to apply that rule in this mindless way to digitally stored data.  Here the government is saying, we’re not doing anything outside the U.S., so we get the benefit of the old warrant rules that said, oh, if you’re in the U.S. you’re fine.  But in the same way, of course, they’re doing something outside the U.S. in any real sense.  And I think the same rationale really compels the conclusion that courts shouldn’t do this.

As Brad said, if there’s an adjustment to be made, there’s a lot of weighing of privacy interest, of foreign relations interest that has to be taken account of.  But to sort of just say, we’re going to shoehorn this into this old rule because Microsoft happens to be in the U.S. really makes a dramatic change.

BRAD SMITH:  The other quick thing I would add is, look, the world migrated away from all communication being on paper to other forms of technology not in the 21st century but in the 19th when the telegraph was invented.  We went from paper to basically electrical impulses that could be intercepted in different ways, they crossed over wires, there was a transatlantic cable. And fundamentally what the people of that era needed to decide was what did technology change versus what were the values that they wanted to see endure.  And this is the newest form of that question being asked in ways that may seem different, and in some ways not so much.

CHARLIE GIBSON:  Let me up into ground where I may be on unsteady ground here.  What if ISIS decided to store all of its e-mails, and I presume they do some communication that way, with Microsoft and said, put them in Ireland.  Do you still deny the U.S. Government the right?

BRAD SMITH:  And this goes to Victoria’s point.  We need solutions, and we need solution that work.  And there are multiple solutions that work.  One of them is an existing agreement between the United States and Ireland.

CHARLIE GIBSON:  But you know the government says that’s cumbersome, it takes too much time, and it’s not definite that it will work.  And there are also countries where we don’t have these agreements.

BRAD SMITH:  Sure.  But let’s start ‑‑ we can decide where we’re going to build data centers, the whole industry can.  And the industry can build data centers in countries that have proper legal regimes, and that’s the kind of thing that’s definitely is a consideration.

First of all, there’s a convention under which basically a government can apply for an order to freeze all of the e-mail, and it’s basically done instantaneously.  So you don’t have to worry about the e-mail being destroyed.

Second, in the case of Ireland, for example, we produced evidence in this case from a former Irish Attorney General who said that the Irish move very quickly, they seldom if ever turn down the United States government.  Of course, imagine these situations, governments are going to want to move quickly.  They can move as fast as they want.  And in addition, let’s just think about the opportunity that we all have to move these treaties into the future.

I mean, look, we live in a world where in the wake of 9/11 we first found that it was difficult to move people just through an airport.  And then people realized that you had trusted travelers.  They could qualify for pre-clearance and they could move forward quickly.

CHARLIE GIBSON:  So you’re fine if the Irish government said OK, come on in get the e-mails.  You just don’t want Microsoft to be the organ that turns them over.

BRAD SMITH:  Yes, if the Irish government acts then you preserve a world where you have laws in both places and governments can work together and just put the shoe on the other foot.  If a government abroad needs data that’s in the United States we as Americans would want U.S. law and the U.S. government to be involved.  You can’t blame other people for feeling the same way.

CHARLIE GIBSON:  The other part of this is critical and I want all three of you to comment on this, which is the really interesting argument to me.  The government argues that e-mails are business records and that therefore, because of preexisting law, again back into the early ’80s, that you have an obligation to turn over business records.  You argue these are entirely personal communications that belong only to the communicant.  And yet the courts have sided with the government on that in both instances.  Comment on it some.

VICTORIA ESPINEL:  So I would say, going back to something that Brad had alluded to before, I think the government can’t say our process is cumbersome, we have a process that doesn’t work very well, and so therefore we are going to take an outdated law and apply it to the circumstances of today.  If we need to have a new process, and I believe that we do, then we need to figure out what that new process is and we can talk more about that later.  But, I think it’s an important point to make.

In terms of the government’s argument with respect to business records, I would just say I think people, individuals, human beings, and companies store a lot of information in the cloud and they store some information that they might be fine to remain public, and they store a lot of information that is confidential.  And I think they believe it to be confidential and I think they are appropriate in being able to have the trust that it will be kept confidential.

And so I think saying that because you have confidential information you put in the cloud it’s no longer yours and it now belongs to the tech company that stores it, I think that is very much at odds with what people would believe to be true, and certainly what people would believe to be right.

CHARLIE GIBSON:  Andy, you’re next.

ANDREW PINCUS:  I’ll give you an economic answer and a legal answer, as well.  I think in terms of the promise of cloud technology, which we haven’t talked that much about but we should, this is a revolution in terms of efficiency in data processing and in the lowering, significantly, company’s costs of managing their data, because it’s all pooled in one huge economy of scale.  But, companies, and certainly people, aren’t going to do that if it means they lose control over their proprietary information.  I mean, think about it from the company perspective, your intellectual property, your business plans, the legal records about your lawsuit, or about the merger that you’re thinking about, if by putting them in the cloud you lose control over them and the government just gets access whenever it wants, nobody is going to do that.  And so that economic benefit is lost.

CHARLIE GIBSON:  Brad, I wonder if you’d rename the cloud if you had a chance to do it, because it’s kind of a woo-woo word that sounds sort of soft and out there.  It’s like a soft toilet paper or something.  And yet you’re arguing this is hard information that exists in a place and it’s in Ireland, whatever.  What would you call it instead of cloud?

BRAD SMITH:  Well, first of all, you raise a very valid point and ours is an industry that basically renamed the mouse, renamed the virus, renamed spam and guess what, we renamed the weather, as well.  And I do think it’s a challenge, because it makes it seem more ephemeral than it is.  And what we are dealing with it hard information stored in a single location.  And the real issue here, because this is fundamental, is just the way the government’s argument actually turns fundamental principles upside down.

Your telephone bill is a business record.  The government can get it by filing a subpoena with the telephone company.  But, your telephone call is not.  It’s a personal communication and it’s entitled to greater legal protection.  Your hotel bill is a business record, but if you are staying in New York and you came here this morning and you left your clothes in the closet and your documents on the desk the hotel needs to respect that that’s your personal possession, same for e-mail.

CHARLIE GIBSON:  Let me turn to something slightly different.  Someone pointed out that if the government wins this case that it’s a problem for privacy rights, but it’s also a big problem for the U.S. tech market, because people overseas, governments or individuals will be very wary of putting their information in the hands of an American company.  That’s a lot of money for you.  I’ve seen one estimate, it was an organ called Information Week, that the U.S. domestic cloud companies this is a $45 billion business, a $45 billion business that could be at risk.  So are your arguments totally high-minded, Brad, or are they very much concerned with the bottom line for Microsoft?

BRAD SMITH:  It’s a completely fair and appropriate question and the answer is they’re both.  Of course, the entire tech sector, which Victoria represents, understands that this is about this country’s ability to continue to basically create technology that leads the world and has access to the global market, because if we lose we expect foreign governments, as we’re already seeing, are going to lay down more rules that will basically prohibit, or prevent, or make it more difficult for us to serve their customers.

And it is about economics, but it also is about a fundamental principle.  Ultimately it’s about trust.  So I like say tech companies have become a bit like banks.  You wouldn’t put your money in a bank if you weren’t confident that it would be there when you wanted to withdraw it.  You’re not going to put your data in a data center, or the cloud, run by an American company if you don’t have confidence about who can and cannot get access to it.


VICTORIA ESPINEL:  So I think clearly there are fundamental privacy concerns here, which we’ve discussed.  And there are clearly significant business interests that are as at risk, as well.  And I think the two things are very much linked, because you need trust in business the way you need trust in international relations, and the way you need trust in your personal relations.  Trust is a fabric that makes things work.  And if that trust is being undermined, and I think this case very much puts that at risk, that’s a real problem.  But, I would also say there are real business risks today.  I think this case, or the outcome of this case could have a real impact today.  We represent 3 million jobs in the United States, but a point that I’d like to make clear, because I think this is really important, is this is not just about damage to the American economy.  I think that’s an issue, but I think it’s bigger than that.  We are all in this global world together and I think the impact would ripple beyond that.

You talked about the cloud and the benefits that come from it.  I think one of the things we haven’t talked about yet, but we really need to make sure that we do, is the fact that this will, I believe, make companies and individuals much more reluctant to use the cloud, for a good reason.  And that has real implications.  There was an economist recently who did an estimate that if companies, just talking about companies here, not even individuals, if companies use data services and use cloud services to become just 1 percent more efficient, which is actually vastly less than data is suggesting, and 1 percent is a very conservative estimate, that will add $15 trillion to the global economy in 15 years.  That is an enormous lost opportunity if companies start pulling back from cloud and from all the computing capacity that that brings, because they have concerns about how their information is going to be treated.


ANDREW PINCUS:  I was going to make the point Victoria did, which is this is certainly tech companies are on the front line, but this really is the whole economy, because these efficiencies ripple through the economy.  It means that there are billions more money to invest in new products, or jobs that previously were being spent on data processing, data management services, that are now cheaper because of the cloud.  And so for the U.S. government to say we are going to adopt a legal rule that is going to significantly discourage companies from doing that is going to hurt not just tech companies, but the whole economy.

CHARLIE GIBSON:  Brad, what percentage of people storing e-mails in Microsoft’s system come from overseas?

BRAD SMITH:  It’s a great question.  I don’t know the precise answer.  But, I can tell you that roughly 60 percent of our business today is with customers outside the United States.  One question I always like to ask myself, or the fact I like to remind myself every morning, 96 percent of the people in the world live outside the United States.  So if you want the American tech sector to serve the world you have to appreciate that 96 percent of our customers eventually will be outside the United States.

CHARLIE GIBSON:  I asked that question really, because obviously you’re worried about whether foreigners will lose confidence it eh system if the government prevails.  Would you be fighting so hard if there weren’t a crisis of confidence after Edward Snowden?

BRAD SMITH:  I will say no and yes.  We would, of course, devote our resources on any day of the week on the problems that are most pronounced and I would be sort of naïve, or less than genuine to say otherwise.

But I will say, yes, we would in important ways as well.  We’ve dealt with this tension since the early days of our company.  We dealt with it in the days after 9-11.  At the time, it was not public.  Some of this has become public because of the disclosures of the last 18 months.  So we’ve sought to really think hard about how to be principled, and principled in a way that serves public safety and protects fundamental privacy rights, regardless of how much attention this is getting.

CHARLIE GIBSON:  So let me turn to, you mentioned we should talk about potential solutions.  Are there solutions that would satisfy the privacy rights, would satisfy the government’s access to information, that would protect Americans from foreign incursion into our e-mails?  IS there a way to do that?  Some people have suggested a legislative solution.  Is there a way to do it?

VICTORIA ESPINEL:  I think that could be part of it.  So first, I think there has to be a way to do that.  There has to be a way that we can balance the values that we believe in with helping law enforcement do its job to protect us and all that.  The conversation and that balancing has been going on ‑‑

CHARLIE GIBSON:  There has to be a way.  From your mouth to god’s ears, what is it?

VICTORIA ESPINEL:  But I would say, and I think there’s at least three things that solution has to do.  One it has to be clear and predictable.  I think, at best, we are in the situation right now where there is a grave lack of clarity, and that is bad for everyone.

CHARLIE GIBSON:  Clear legal rules.

VICTORIA ESPINEL:  I think it has to be international.  You mentioned the U.S. Congress, and certainly we have work to do here at home in terms of reforming our system.  We have been and we’ll continue to push very hard for that.  But I think it has to be an international consensus.  It has to be something that comes from the international community.  And I think while it comes from the international community, I do think it has to be a solution that is consistent with American values of due process and civil liberty.

ANDREW PINCUS:  And there really are.  I just want to underline what Brad said before, there really are solutions in existence now.  I mean, the idea that we have to build something totally new I think is just not right.  There are these bilateral agreements between the U.S. and Ireland.  If the structure isn’t there to have an immediate request for data to the Irish authorities that’s immediately acted upon, it’s not rocket science to put that in place.

And there is this international convention on cybercrime that has very specific mechanisms for solving just this problem, how does Country A get electronic data that is in Country B?  And there are literally 24/7 mechanisms so that that data can be frozen and then gotten very rapidly.  So this is not the ‑‑ reinventing the wheel is not the problem here.

VICTORIA ESPINEL:  And I would say in terms of bringing the international community together, that is always difficult to do.  I was a former trade negotiator.  I’ve been in a lot of trade negotiations.  I know how hard they can be.  I would say one advantage we have here ‑‑

CHARLIE GIBSON:  You can’t get the international community to agree that it’s Tuesday or Monday or any day.

VICTORIA ESPINEL:  But here I think this is something where there is a real eagerness and real hunger to have a solution.  So unlike being in a negotiation where one side wants to be there and the other side really doesn’t, which is always a very difficult negotiating dynamic, I think this is, with perhaps a few countries as exceptions, I think this is an issue where you could find a broad swath of the international community that was willing to come together and find a process that works because it’s so important.

BRAD SMITH:  Wait a second, of course you can’t get the international community to agree it’s Tuesday, because it’s Monday.  (Laughter.)

CHARLIE GIBSON:  But I’m retired.  So I said to somebody the other day, my life is six Saturdays interrupted by a Sunday.

BRAD SMITH:  This is definitely Tuesday.

But more to the point, you may not be able to get every government to agree, but do we really think we can’t reach an agreement with the government of Ireland?  Do we really think we can’t reach an agreement with the United Kingdom or with Germany?

I mean, our governments have collaborated on vital issues of national security for decades.  Why is this so much harder than everything else that we’ve been able to work on?  Why don’t we at least start?

It’s very easy to say a problem is insurmountable if no one tries to solve it.  And fundamentally that’s our call.  It’s let’s work together and see what we can do.

CHARLIE GIBSON:  You made mention in your prepared remarks that there are various ways that this problem could be attacked.  That it could be attacked in the Congress.  We mentioned that the laws which govern here are outmoded because they were passed in the early ’80s or mid-’80s.  You mentioned that Congress could act.  You mentioned that the White House could intercede in this case.  But your immediate imperative is that you have a court case proceeding.

What would you have the ‑‑ given a perfect world where Congress did something, and that’s somewhat at odds these days, but given the perfect world where Congress did something, what would you have them do?

BRAD SMITH:  Well, I think there is actually a very good piece of legislation introduced a few months ago in the Senate by Senators Hatch, Heller and Coons.  And basically what it would affirm is that ordinarily this law does not reach outside the United States, but it would create an exception so that if you have an American citizen or a U.S. resident who somehow manages to store his or her e-mail outside the United States, then in that instance it would reach that contents.  And I think that’s a rule that other governments could get comfortable with and understand.

CHARLIE GIBSON:  So an American citizen?

BRAD SMITH:  Yes, an American citizen, if it’s in Ireland, the U.S. law could still reach it.  The other thing the law does is call on the executive branch to do what we’re asking for here, which is let’s focus on these treaties and let’s figure out how we modernize them.

CHARLIE GIBSON:  So that, in your world, you would say in your perfect world where Congress does something, I still can’t get my head around that concept, but if Congress would say, all right, American e-mails overseas can be accessed by American governmental jurisprudence, or by governments who are seeking, but governments cannot reach into the United States, they can’t govern what foreign governments can do, but it would set a precedent in your mind that would keep foreign governments from coming in and accessing the e-mails of United States citizens.

BRAD SMITH:  Exactly.  It would protect fundamentally the rights of Americans.

CHARLIE GIBSON:  How about encryption?  Is encryption the solution here?  If people encrypted their own e-mails, would that take care of the problem?

BRAD SMITH:  Encryption definitely is important.  It protects in a wide array of scenarios.  Ultimately, one of the big questions that I think we’ll find we’re all spending more time talking about two and three and five years from now is what happens when e-mail or other data is encrypted and the service provider doesn’t’ have the key to decrypt it.


BRAD SMITH:  Obviously, that’s where things have been going the last few years.  That’s gotten a lot of attention.  In many ways, I would argue that the two biggest challenges to law enforcement in the United States are not the position that we’re taking in this case, but it’s No. 1 what they’ll do if foreign governments don’t even allow us to operate data centers in other countries because of concerns about this kind of law; or, No. 2, how will they navigate a world where there is more encryption and they’re not able to get the key from anyone.

And one of the points we consistently make is, if everyone wants to avoid an arms race in the technology space, there’s only one way to avoid it.  It’s arms negotiations that led to better laws.  And so all of these things actually come back and intersect.

CHARLIE GIBSON:  Final word.  We’re out of time, final word from each of you?

ANDREW PINCUS:  Just to echo what Brad said, I think governments have a choice here.  One is to create laws that give their citizens confidence that there will be protection and due process before their information can be accessed, because if those aren’t in place then self-help through encryption really is the only choice.

CHARLIE GIBSON:  You’re going to get the final word.

VICTORIA ESPINEL:  I think you talked about technology solutions, and I think that’s an important part of the discussion.  I think turning to the tech companies to find the solution here is suboptimal.  I think what we all really want is to live in a world where our governments have come together to agree on a process that we agree with and we feel is consistent with our values.  And so I think this case illustrates one of the many circumstances where tech companies are being caught in the middle of government and law enforcement and the individuals and companies and the consumers that they serve.

And I think it’s not the place we want to be.  And that’s not really where we want to start in terms of finding solutions.

CHARLIE GIBSON:  All right.  Thanks to the three of you.  Brad is going to be back up in a minute.  But before we call our second panel up here, a few comments from a practiced eye who looks at this with a practical bent.

This case, when finally resolved, obviously is going to be studied in classrooms as well as in boardrooms and government offices.  Among those who wanted to comment today, Professor Ed Lazowska of the University of Washington.  You’ll see him on the screen.

ED LAZOWSKA:  (Via video) I’m Ed Lazowska.  I’ve been a professor of computer science at the University of Washington for 37 years, a long time.  The group of people who signed on to this brief are a set of senior computer scientists who are experts in the design of large-scale distributed systems.  So these are people who are in many cases responsible for or at least deeply familiar with the technologies that underlie the cloud.  The goal here is to help the courts understand the technology that underpins the cloud, this abstraction, and to let them make the legal decision.

So I think there are several points we try to make in the brief, but the important point as I understand it, from the point of view of this case, is that data, my e-mail messages that are in the cloud exist in some location, or perhaps several locations.  It’s not just out there somewhere.  It’s in a data center.  The system knows where those are.  So that’s really important.  It’s not on my PC, but it exists somewhere.

Secondly, there’s no really new technology.  What’s in these data centers are 10,000 single board computers, each of which has a processor some storage, a disk drive, some flash memory, a network interface, nothing magic here.  It’s not in the cloud.  And those seem like really important points.

Third, most companies treat my documents and my e-mail as my property, not the company’s property, not some abstract entity’s property.  That’s mine in both a legal way and a technical way, a legal way because the terms of the service that the cloud provider has offered me make it clear that it’s my data not their data.  And technically it may be encrypted, for example, or something like that.  At the very least there are layers of protections applied to keep people other than me from accessing that.  And that’s particularly important, because in many cases multiple companies, sometimes competing companies, may use the same cloud provider, as I understand it, and from reading the court decision, the question of whether the data is located in a specific place is of importance in determining the outcome of this case.

What I can say authoritatively, and what my several dozen colleagues have also said authoritatively, is that data is in some known place.  If the U.S. government wanted to get access to the contents of someone’s room in a Hilton Hotel in England, just because Hilton is a U.S. company they couldn’t say to Hilton, hey, open that room and rummage through it for us and see what you can find.  The laws of England would presumably govern the access to that room, because that’s where the room resides.  And I think of that as being a reasonable analogy of the location of cloud data.  It’s in some physical place and I would presume that the laws of that physical place govern access.

So those are really, I think, the three key points.  It’s in a specific physical location.  The technology is what we’re used to.  It’s scaled up a lot, but it’s memory and disks and processors and what I put in the cloud is mine by the terms of service and the technology.

CHARLIE GIBSON:  I would love to be able to ask him questions about exactly that, but you’re going to be the people who gets them instead.

Our second panel consists of three individuals representing three different organizations, each of which has filed or is filling an amicus brief expressing concerns that this case could undercut privacy rights of individuals.  And each group approaches this from a different perspective.

With us is Nuala O’Connor, she’s president and CEO of the Center for Democracy and Technology; Faiza Patel, Co-Director of the Liberty and National Security program at the Brennan Center for Justice; and Bruce Brown who is from my old field, who is Executive Director of the Reporters Committee for Freedom of the Press.

I just want to come to the title of your organization at the Brennan Center.  You’re Co-Director of the Liberty and National Security program.  So on the liberty aspect I’m sure you’re concerned with Microsoft’s position.  On the national security aspect you ought to be concerned about the government’s position, as well.

NUALA O’CONNOR:  I think that’s right.  But, I think it was explained in quite some detail in the previous panel.  It’s not as if Microsoft ‑‑ I’m sorry, the government has no way of getting this data.  There is a mechanism for getting this data, which is the Mutual Legal Assistance Treaty that they have with Ireland.  So it’s not a zero sum game where either Microsoft gets its way and the government gets no information or the government wins.

CHARLIE GIBSON:  You keep referring, and the other panel did, as well, to these mutual assistance treaties that exist.


CHARLIE GIBSON:  what if the data center was in a country with which we didn’t have an MLAT, as they’re referred to?

NUALA O’CONNOR:  Well, first of all ‑‑

CHARLIE GIBSON:  There are countries with which we do not.

NUALA O’CONNOR:  That’s right.  But, I mean, first of all, as I think Brad pointed out, it depends on where a company chooses to put its data centers, whether it’s in a country that has a developed legal system and with which we have relations.  But, realistically you don’t have to have an MLAT in order to get cooperation from another country to get data.  There are lots of other, longer, older ways in which you can get this information.  And there are very few places in the world where the United States government isn’t going to be able to get cooperation in a normal case, which is what we’re talking about here.

CHARLIE GIBSON:  Nuala, why is your organization filing a brief?

NUALA O’CONNOR:  We’re concerned about the individual whose data is at issue here.  Think about the baby pictures you’re seeing for your new granddaughter, and all the e-mails I sent this morning to my kids’ teachers, and the babysitter, and the 18 other e-mails I sent before you all got up this morning.  These are my communications.  And we don’t even just think of them as property.  We at the Center for Democracy and Technology think of this as the digital self.  Your expression, our daily lives, it’s not just going to be e-mails.  Ten years from now it’s going to be every thought and every communication and every transaction I do will be online.  That’s not a business record, that’s my life.

CHARLIE GIBSON:  But listen, it’s all out there.  I know that in polls Americans say we’re very concerned with our privacy rights.  But so too do we know it’s all out there.  You put your credit card number out there six times a day, and now you even add the security number, which I don’t understand quite why it’s the security number if you’re telling everybody.

NUALA O’CONNOR:  It’s going to get worse.

CHARLIE GIBSON:  It’s out there.  It is available.  And, frankly, I’m not worried about the government coming in and taking my granddaughter’s baby pictures.  That doesn’t concern me.  You’re welcome to them.  I’ll show them to you.

NUALA O’CONNOR:  I know you will.  But today it’s is your granddaughter’s baby pictures.  Tomorrow it’s something else, it’s your ‑‑ god willing, I don’t even want to go to what it could be.  It’s ‑‑

CHARLIE GIBSON:  You don’t know me that well.  (Laughter.)

NUALA O’CONNOR:  I’ve done my research.  It’s all online, right?

This is about the sanctity of your communications with each other, your family, your community, the companies, the good brand names you do business with online.  But even more, it’s about the blurring of the lines between the individual’s communication with corporations and community and the government.

The default setting for all of the technology in our daily lives cannot be that everything is going to end up in the hands of the federal government.  That should not be the presumption.  That wasn’t the presumption when it was paper letters stuffed under your bed.  It cannot be the presumption for e-mail.  We have to keep that separate.

And new technologies, as I think Andy Pincus said so well before, don’t change the principles of the law.  They change the fact pattern.  And it’s not just changing our relationship as a U.S. government with other countries, it’s changing the relationship between the government and the self.  And that’s a fight I’m willing to take on and keep fighting.

CHARLIE GIBSON:  And, Bruce, does it impact substantially freedom of the press?

BRUCE D. BROWN:  Well, this is a really important case for freedom of the press.  We joined the brief along with your old pals at ABC, and dozens of news organizations, they’re up on the screen here, authors like Laura Heiman (ph), who is here today, and the case hits on a number of cylinders for us.

One, we see it as a digital analog to the Jim Risen case, which has been fought now for eight years.  The government is in court tomorrow deciding whether or not to call Jim for trial testimony.  And that case has raised public awareness about issue surrounding reporters privilege.  This case is the digital analog to that because we hope that it raises public awareness about issues surrounding the security of everyone’s communications in the cloud, but particularly reporters and news organizations are watching this case and involved in this case because we have stuff governments around the world want.  And this case may not have been about journalism, but the next case will be.

And for us being a part of this case is, therefore, essential to ensuring that whatever gains we as an industry may make if the government backs down from Jim Risen, as it looks like it intends to, whatever extra tweaks we get in media subpoena policy from the Attorney General before he leaves office, we want to make sure all those advances are protected.  And if the government uses this kind of end run in this case involving Microsoft, we have great concerns that the next case involving journalism could see a similar maneuver from the government.

And the second thing I would say is that I think this case is incredibly important for the media and the technology industries in terms of their collaboration with each other.  That the technology companies are so important to journalism today as a platform on the front end to distribute our content, on the backend they’re creating virtual newsrooms for us.  And the fact that the two industries are work together in a case like this I think is incredibly important for the future development of First and Fourth Amendment law.

CHARLIE GIBSON:  And in a case where a reporter, Reporter X, is working for the Minneapolis Star Tribune has got a very important story that involves malfeasance, for instance, let’s say in the Minnesota government.  I don’t mean to pick out Minnesota, but I just take it as an example.

Almost all of the communications now going back to my day would be face-to-face in terms of talking to sources.  But now it’s almost all done by e-mail.

BRUCE D. BROWN:  Right.  The fact that to be a reporter today working sources, not just locally, but internationally, storing e-mail in the cloud, news organizations, I think, in the post-Snowden, post-Risen era are taking every precaution they can in terms of data security protection.  But, for us it’s essential that the gains were able to make Attorney General Lee’s office and it looks like he’s recalibrating in some very important ways that those gains then aren’t lost if the government starts using other tools, other mechanisms that could impact journalism down the road.

CHARLIE GIBSON:  Let me come back to your argument.  I’m hung up in my head about the pictures of the grandchildren.  And I actually don’t even carry any.   But, because I’m not worried about that, because I’m not worried about the humdrum of the daily stuff that I exchange in e-mail, at some point you have to trust.  And in this world that we live, where everything, as I said a moment ago, is out there, it seems to me at some point the government that you elected you have to trust to be judicious in what it will go after.  And given the fact that it is also easily obtainable, hackers get into it all the time; we basically have to put our faith in somebody, don’t we?

NUALA O’CONNOR:  Really?  Listen, I love this country.  I served at the Department of Homeland Security.  In was the first Chief Privacy Officer there.  I believe in what we do to keep this country safe.  I want my children; I want your grandchildren, to be safe, absolutely.  We’ve got great men and women working in law enforcement and national security.  However, they have to ‑‑

CHARLIE GIBSON:  I had a feeling there was going to be a “but” in the sentence.

NUALA O’CONNOR:  There have got to be rules and the rules have got to be followed.  And just because the technology allows us unfettered access into the voluminous amount of data that is out there about people’s daily lives does not mean they should have unfettered access to it.  And this case is part of a larger national conversation.  You were right to bring up Edward Snowden.  We are really looking hard as a country at where the boundary is between our self and the government.  And the presumption in the United States always has been that what is mine is mine until there is a legal predicate for the government to come a calling and asking for it.  And in this case they haven’t proven that they need access to this data.

There has got to be a compelling public policy or legal interest in getting that data and, again, the bulk data collection issues that we’re working on in Washington show that.  The presumption cannot be that everything just goes to the government and then they get to look at it and then they get to figure out what is necessary.  That’s not the America my parents brought me to and that’s not the America I want my children to grow up in.

CHARLIE GIBSON:  Let me come back to the Snowden case, because it’s an interesting one.  Would we be having this discussion today, would this be as much of an issue if Snowden hadn’t told us the way NSA was able basically to get everything in real time, unencrypted?

NUALA O’CONNOR:  I think we actually would.  We’ve been seeing a number of cases come up through the legal system going through Supreme Court:  The case about GPS tracking; the case about search incident to arrest that was discussed in the previous panel.  You’re seeing these cases kind of percolate up through the legal system where the courts are being faced again and again with rules that are made for the physical world and to try and adapt them for the virtual, or digital world.  And so I think we would be having this conversation.  I think what’s unique about the Snowden moment is that public attention is very sensitized to invasions of privacy in a way that it wasn’t prior to Snowden.  And so that adds an extra dimension to the conversation.

CHARLIE GIBSON:  So let me flip the question that I just asked Nuala.  I kept saying at some point we have to trust.  But, basically did Snowden show us that we can’t trust anybody, the government, the large companies who gave them the access, et cetera?

FAIZA PATEL:  Can I jump in and say I do trust the Supreme Court after the last few decisions in technology.

NUALA O’CONNOR:  I think Faiza is absolutely right that what this shows, and Snowden certainly catapulted us forward probably about 5 or 10 years in the conversation, but we were going to have the conversation about the increasing use of technology, or increasing connectivity through the digital world.  We were going to have that conversation eventually.  And we’re going to have the conversation about what’s in the private sector and what’s in the government’s hand and whether those are blurring data sets.  But, I do see ‑‑ I have hope.  I am actually one of the most optimistic people in Washington, actually.  I have probably more hope for the courts ‑‑

CHARLIE GIBSON:  That’s one.

NUALA O’CONNOR:  That’s me.  I’m alone in that.  I have a lot of hope, given what we’ve seen out of the Supreme Court in the last few technology cases.  Andy Pincus and the Center for Democracy and Technology, we have all filed amicus briefs in a number of these cases.  And the court has a growing realization that the old rules still apply.  So just because it’s new and different and we can get more data does not mean we need to abandon our fundamental principles of privacy and individual liberty.

CHARLIE GIBSON:  Even though it was Microsoft that called this thing together and even though there are Microsoft people in the room, rank the Microsoft arguments for me.  What is more troubling to you, the fact that the government is going after material in Ireland, or is it the fact that the government maintains that these are business records and not private communications?

BRUCE D. BROWN:  I think the extra-territoriality argument is really troubling.  And one issue we haven’t mentioned here yet today is the right to be forgotten, which the EU imposed on companies like Microsoft, Google, Yahoo!  And just last week they said, it’s not enough that you honor take down requests in the EU, you need to honor them across your whole network.  And so think about that, if we reach into Ireland to grab these e-mails how can we then say that the EU can’t reach into Mountain View and Redmond and tell Microsoft and Google to honor these takedown requests from EU citizens.

And so I do think that the larger question that this case and others addresses about efforts of governments to reach across state borders is one we would be having regardless of Snowden, because I think these kinds of cases would be materializing in the Internet now that we’re 10, 15 years, 20 years into Internet publishing.  These are the kinds of cases that are now materializing.

CHARLIE GIBSON:  Let me ask the same question to you about the two arguments that Microsoft makes?

FAIZA PATEL:  I think it depends on what perspective you’re coming from.  But, from the perspective of where I sit I would say two things are the most troubling for me about the government’s case, one which was covered extensively in the first panel, was this idea that e-mails are business records, because, as was explained many times, e-mails are the record of our lives, some would argue more than that.  And the government isn’t just trying to get at e-mails it’s also trying to get at all of the other information that’s stored in this individual’s account.  So that could include your contact list, your photographs, whatever else you’ve loaded into the cloud, which can be a great deal of information.

And I wanted to just mention one thing about your earlier point, right, where you said you weren’t worried about the government coming after your granddaughter’s, or grandson’s photographs.  And I think that’s probably right, but I think we’ve also seen in the past that these kinds of authorities can and have been abused and particularly if you are not right in the mainstream of society and if you are, for example, an activist, or you’re somebody who is organizing protests, there are a lot of incentives for government to come after your information.  If you look at the protests that are breaking out across the country now, the Ferguson, Eric Garner protests, do you think law enforcement doesn’t want to know what’s going on in those protest movements?  Sure they would.  So I think that’s one thing to keep in mind when you talk about very broad government surveillance.

The other point that I wanted to make in terms of what’s most disturbing to me about the arguments that the government is making in this case is the idea that the search and seizure doesn’t occur until somebody in the government, sitting here in the United States, actually looks at the documents.  That has enormous implications.  It’s sort of like saying, well, I can collect the e-mails of everybody in this room, everything in all of our accounts, and until somebody from the FBI takes a look at them I haven’t done anything that relates to the Fourth Amendment.  That’s a sweeping argument and one that really needs to be pushed back.

CHARLIE GIBSON:  But, it’s the argument that distinguishes between a physical piece of paper or some sort of document, something that somebody has to go into Ireland to get as opposed to simply a document, which can travel through the cloud and be on your desk within seconds?

FAIZA PATEL:  But, the argument isn’t even so much about where, it’s about when.  So in this case they’ve conflated that the when and the where are the same.  The documents are being retrieved at the point at which they’re being retrieved, not at the point that somebody back in the United States is actually looking at them.

CHARLIE GIBSON:  Although the court said there is no search and seizure overseas.  It occurs here.

FAIZA PATEL:  That’s precisely it.

NUALA O’CONNOR:  Building on what Faiza said, I completely agree that the government is torturing the definition of the words collection and search and to collect it and to have access to it means the government could do something where they could process it.  But, I see you struggling with the analogy between paper and digital, which is interesting, because we often in tech use analogues to previous versions of the same content so that people will understand.  I always use party line telephone as an example so people understand what Twitter is, and try to make analogs for other new technologies.

The content is what matters, right?  It’s not the physical form.  Whether it’s on paper or whether it’s in the cloud.  If I’m writing to myself or my child’s teacher or my lawyer, that’s privileged, that’s a communications.  That’s a one-to-one communication.  And just because I’ve used a different technology, I’ve used an e-mail service provider, does not necessarily mean that I have given up my expectation of privacy in the content of that.

CHARLIE GIBSON:  So am I putting words in your mouth that the argument about privacy versus business records is more disturbing to you than location?

NUALA O’CONNOR:  For me that’s profoundly offensive to describe my personal transactions.  And, again, whether it’s in my personal capacity of my work capacity, they are my communications with another.  And simply by virtue of using an e-mail service provider, I do not abdicate my sense of privacy about that.

CHARLIE GIBSON:  OK.  So we did with the last panel, so I make you king for a day.  How do you solve this problem?  Is there a way to solve it?  Is it to be done legislatively, or is it to be done judicially?

NUALA O’CONNOR:  First, I would echo what some of the other panelists have said in that there are actually processes in place.  And for the Justice Department to complain that the MLATs don’t work fast enough, well, I’m not entirely sympathetic to that argument, and they’ve also asked for $24 million in additional funds, which we are very supportive of their getting to strengthen those processes that already exist.

CHARLIE GIBSON:  You going to write the check?

NUALA O’CONNOR:  Personally, yes.  Absolutely.  The first you are all going to donate to CDT, and then ‑‑ how’s that?

CHARLIE GIBSON:  You knew there would be a commercial somewhere.

NUALA O’CONNOR:, get your checks in by the end of the year for tax-deductible purposes, 501(c)(3).

Legislation, sure.  There’s also a role for good companies of all the big brand names that we are aware of and do business with this holiday season to have good rules in place, and to explain to their customers when you’re doing business in this country, you know, your expectation of legal coverage is this.

There are also technological solutions.  You brought up encryption.  I’m a great believer in if technology created this problem, then technology can be part of this solution.  The great minds we have working in engineering, again, in Seattle and Silicon Valley, elsewhere, can come up with solutions that say, I will have an expectation of privacy.  I will know where my data is.  I will be able to follow it.  I will be able to understand as an ordinary customer whose rules apply, who is going to have their hands on it.

But, again, the big picture issue to me here is the data that I do business with in my private capacity, whether it’s as a mom, as a working person, whatever, does not mean that I say it’s OK for the federal government to see whatever it is, whether it’s my social media profile or my personal communications.


FAIZA PATEL:  So I think legislation would be very helpful in solving the U.S. problem.  But I don’t think it’s just a U.S. problem.  It’s not just an American problem, because it is a global problem.  And one of the issues that has come out in this case is the difficulty that an American corporation would have if a government overseas asked for information that’s sitting in the United States.  So you really do need to have some kind of international agreement that takes account of the various national interests that are involved.

So you have the interest of the country that wants the information.  You have the interest of the country where the information is stored.  And you potentially have a third country of interest, which is where the person whose information you’re looking for is from.  So you could have as many as three parties.

And I think at the end of the day, the international community has to come together to figure out how you balance out those interests and what the most efficient way is for making this process work quickly.  We have found ways to do that in the past.  We do it in a number of different areas, banking for example, there’s a lot of work that goes on which is transnational, and this requires a transnational solution.

CHARLIE GIBSON:  So you have hopes that we can agree it’s Monday.

FAIZA PATEL:  Afternoon.

BRUCE D. BROWN:  I was going to say, since Nuala and Faiza have talked a lot about the international and global perspective, one thing I would just pitch is that we just keep on working on the DOJ.  And in the year-and-a-half since disclosures came out about the subpoena, the secret subpoena to obtain AP phone records, and then the grab for e-mails at Google owned by a Fox News reporter.  We’ve been talking regularly with the DOJ on these press subpoena and search warrant policies.  As part of the new guidelines that the AG issued in February, he has now established a permanent news media DOJ dialogue group, and we’ve met once with the AG and his top staff.  The lawyers have been continuing to talk throughout the year, and we hope that when there is a new AG in place that there will be a transition and that will continue.

In some ways, that dialogue was modeled after what the Aspen Institute had run for years as a dialogue between press and national security people, and they used to convene annually out in Wye, Maryland.  There has been some talk about doing something like that again.  And I think the table looks different now because it’s got to include technology companies as well.  And I think that that process of having regular contact and dialogue with the DOJ we have found has borne some fruit this year.  And I think that even as we think globally, we are thinking locally down on Pennsylvania Avenue and the DOJ I think makes sense, too.

CHARLIE GIBSON:  All right.  Well, thanks to all three of you.  As I said at the outset, this is an important case.  And that’s why it warrants this kind of discussion.

As Professor Lazowska said, these are just e-mails and servers and age-old privacy questions, but new technologies like the cloud do change the landscape.  Governmental attorneys have their imperatives.  Microsoft and those who are filing amicus briefs today have their imperatives.  I, for one, am awfully glad I’m not a judge and have to parse these competing needs.  But we’ll get a final word now.

Thanks all for coming.

Brad Smith.

BRAD SMITH:  I’ll close by thanking everybody in the room and thank you to everybody who is watching on the web.

I think that Charlie Gibson actually framed these questions amazingly well.  As you heard, the technology is new, but the principles that are at stake really are not.  And the fundamental question is whether governments or companies, or others will do things simply because they can, or whether we’ll think through the principles that we want to see endure.

And fundamentally there are two very important questions at stake.  Will your e-mails get the same kind of protection as your paper mail or your telephone calls, or what you might put in a safety deposit box in a bank, or even what you might leave in your hotel room while you’re out and about in a city during the day, or will instead that protection be lost.  That is a question of fundamental importance.

The there thing I thought Charlie put amazingly well was this question should we feel comfortable trusting our government.  Well, actually I would say this case is about whether people will have the opportunity to trust their government, because this is about e-mail in Ireland the Irish people don’t get to vote in U.S. elections.  The German people don’t get to vote in U.S. elections.  And if they’re comes a day when the British government, for example, seeks to obtain e-mail that is stored in a data center in the United States we’ll all be reminded that the American people don’t get to vote in British elections either.

So ultimately this case, among many other things, is about whether people will have the right to have their e-mail protected by their own laws and their own governments and their own constitutions.  That’s at stake, too.

As this conversation this morning showed, it’s a big issue.  At times it’s a complicated question.  But, more than anything else, we need not just problems, but we need solutions.  And it’s conversations like this that we hope can move us forward.  As we look to the New Year the case will move forward, but we hope the conversation will broaden and move forward in new ways, as well, not just here in court in New York, but in Congress and in the executive branch in Washington, and in national capitals and in international dialogues across the Atlantic and around the world.  Hopefully today takes us one step farther.

Thank you very much.