Now, also thanking the presence of Greg Nojeim
Greg Nojeim is the director of the Center for Democracy and Technology, in the United States
It's based in Washington. And Greg is an expert in many subjects related to Internet policy
It's always a pleasure to hear him speak and we invited Greg to specifically talk about a subject
in which he has been working a lot, he's been making a lot of connections, hearing all the stakeholders
and their visions about this and it's a subject that has been showing up a lot here in the Congress
and that is the international legal assistence. So, we've discussed this a little bit in the morning panel.
The format, the legal framework of the MLATs, these international mutual legal assistence treaties
and Greg is going to speak to us a little bit about the international framework, the proposals for reform
and all of this debate, how it has been seen outside of Brazil. So thanking Greg one more time, I handover to him.
Thank you. I'm Greg.
I'm with the Center for Democracy and technology. I want to thank the InternetLab for making
it possible for me to come here. Dennys, Francisco, Mariana, Jacqueline the entire
staff really thank you very much I really appreciate the opportunity.
I don't get many opportunities to talk to law students, but it always energizes me because
the students tend to have really good questions and respect and I find that a lot of fun
I see a lot of people who are not wearing earphones, is it really the case
that that many people understand English? How come we never see you in streets when
we're looking for directions? Well, just one more thank you and that's the thank you
for coming, you're in a wonderful city, there's a million things to do in here.
Thank you. So, with that said let me
tell a little bit about my organization. I work at a human rights group, the Center for
Democracy and Technology. We are based in Washington DC, we have about 25
people, roughly half of us are lawyers. Guess? We do hire interns but we don't
hate them. If you are able to come to Washington, if you are interested in
interning after I talk, come up afterwards and we'll talk about it.
Yes, yes. Riana was an intern at CDT ten years ago and look where she is!
So my piece of the puzzle at the Center for Democracy and Technology is to try to
ensure privacy as against invasion by the government or by other governments as
well not just the US government. Our major initiative in the United
States is to make the United States law, the statute, consistent with what the
courts have said so far which is that when law enforcement wants to get access
to the contents of communications it needs to get a court order, a warrant
based on a finding, a finding of probable cause that's one of
our major initiatives we won that issue in the courts so far but we don't yet
have it written into the law. I'd like to say that the specialty of my
organization is to bring people together from different backgrounds in within our
space, it's not about ethnic backgrounds or anything like that it's about law
enforcement interests, the interests of companies and the interests of consumers
and the interests of academics. Bring them all around a big table and deal
with a very tough issue and boy, we've got a lot of tough issues nowadays with
new technology. In this case the difficult problem that I want to put
in front of you is helping law enforcement including law enforcement in Brazil gain
access to communications content including content held by US companies
while protecting the rights of Brazilians and Americans and other
people around the world because the providers who hold this data at a
worldwide user base. I'm not going to talk about the surveillance that Edward
Snowden disclosed. I'm not going to do that, unless you ask me about it. The reason
I'm not doing that is because it's a different kind of surveillance, it's
under a whole different statutory scheme in the United States. Actually, there
isn't a really good statutory scheme for that surveillance it's very permissive
particularly with respect to people outside the United States if you ask me
about it and I hope to do there are some major developments I could talk to you about.
Instead, what I want to talk about is surveillance for criminal reasons
the Snowden surveillance was about national security this is surveillance
conducted to solve and prevent crimes.
And really it's the need to conduct the surveillance that law enforcement has is
growing all the time. And there are obstacles to it, Riana talked about one
it's encrypted communication, I'm talking about another: geography. Dealing with the
fact that the police often needs access to data that it is outside their country and
certainly remote from the scene of the crime they are investigating.
This isn't news to you but it was news to me there's been a technological revolution
we've moved data from from our desk drawers, from our homes, into computers
and then even out of computers and into the cloud. Now the data that law
enforcement needs is held by third parties, it's held by companies like Google
and Microsoft and Facebook and Twitter and they don't all get it in the same
way and then create some challenges for law enforcement.
Microsoft is what I call a data localizer, when you sign up for a Hotmail
account Microsoft asks you so where are you and they're asking you that because
they're going to locate your data near you often in your own country.
Google, I don't think they ask that. They didn't ask that that of me when I set up my Gmail account.
But Google is different, Google moves data around, Google is what I call a load
balancer, they are moving data around on their network to balance the load. If things
are busy in India, they might move data away from there to another place where it's
less busy so they can balance the load on their network. Google also shards data,
it devides data into different pieces so that even one email could be held in packets
that are held in different places, different countries even. So whereas Microsoft
is trying to pull data in a static basis and it can live with a rule that talks
about the location of the data as the basis for jurisdiction, for companies like
Google that move data around it's not such a good rule this idea of having
location be determinative of jurisdiction. And for us individuals, one thing that we
really like to know is where is our data, which might be something that is not
answerable by a company that's moving data around like Google. But we also want
to know what law is applying to the data and we can't be sure of that except
to the extent the company tells us what law they are thinking applies to the data.
That's for us, that's for the providers
for law enforcement, it's even harder. You got a policeman here in São Paulo
he's trying to investigate a crime, he wants access to data that could be held in
Seattle, Washington, could be held in Sillicon Valley, it could be somewhere else
it could be in Ireland. But he needs access to that data
to solve that crime and sometimes he needs access to the data of people who
are not Brazilians because the crimes that even local police are investigating
nowadays can be conducted by people who are outside of the country, not in the United
States, either France, they could be in China, they could be anywhere. We have
to deal with this problem, the criminals are not going to wait, they're not going to
not do their crimes while we figure out how to solve this problem and we just
can't keep waiting.
Before I talk about what I think the solution space for the problem is, I want to talk
about what the rules are that govern the surveillance right now
so each country has its own surveillance law and the reality is that because a
lot of the large providers are in the United States, US law becomes relatively
important in this area. So I'm going to talk to you a little bit about what it requires and
what it requires of the providers who operate under it. The law was written back
in 1986. It was a long time ago. The most popular movie at the time, it was Top Gun
with Tom Cruise. That tells you how long ago this was. They haven't really
updated the law in a substantial weight there has been little tinkers along the way
but there's been no real effort to update the statute since it was written
almost 30 years ago. We had the same debate in the United States
that Professor -- and I'll butcher his name -- Sampaio Ferraz
talked about yesterday. We had the same debate: is an electronic
communication, like an email, is it like letters sent through the mail or is it
like intercepting a communication through a wiretap? We had that exact same
debate and the debaters were probably the same types of people that were
debating in here. We had law enforcement, we had the privacy groups, and we had the
companies, all trying to reach decisions about what rules would apply. In the US
we had a compromise we always ends up with compromises.
But we had a compromise and the compromise was this: for content that is
probably not abandoned, that it's something that the person is probably going to want to
use in the future we adopted a rule that said there needs to be a court order
it's called a warrant based on a finding of probable cause which is a very high
level of proof. It requires a showing of a likelihood of crimes and a likelihood
that the information being sought will help solve that crime. Both of those forms are
required to get content in the United States. For non content or
information about who you emailed and who emailed you it's a lower standard
there's also a court order but you don't have to make that same level of
connection to the crime and that same level of certainty about a crime being
committed. For information that we call subscriber information it was a lower
standard still. This is information like who had this IP address -- Internet Protocol
Address -- at this day, at this time and that's relevant to a criminal
investigation because it shows where you went on the Internet
who is at the page at that time. Information like who belongs to this email address to
whose email address is this? That kind of information you don't need a court order for
under US law. Just a supoena, that's a demand written up by law enforcement. A subpoena
will do the trick. So they wrote this -- you can say the result, it kind of
makes sense for the most sensitive data you need the most evidence of crimes and
you need a judge to sign off on it. For intermediate level sensitive data --
traffic information -- you need a judge to sign off on it but you don't need the
same level of proof and for the less sensitive information you don't need a
judge and you don't need a strong level of proof. So I think that came out close to right
and it's very similar to the rules that have been adopted in Brazil and it's
similar to rules that are adopted in other countries. And one more thing, that
rule about needing probable cause, it applies without discrimination.
If you're in the United States and US law enforcement wants to investigate you
or they want to investigate me it's the same rule for both of us. it's not discriminatory.
So advance the clock from 1986 when there was no Google, there was no Twitter, there
was no Facebook to today. When all these companies that hold all this data exist and they
have a global database. What did the Americans do? They took the law that had
been written around a domestic rule and applied it to the international request
they were receiving -- and other countries do the same thing. When a country wants
access to what's a physical search conducted in another country, they think
there's evidence in this house in France and they want a search to be done of
this house in France, they don't send their police officers across the border
into France to search the house. They go to the French authorities with which
they have a mutual legal assistance treaty and prevail on the French to
search that house in France and that's the way the Americans did it with data.
They treated it like physical searches, there was not another regime to provide assistance.
So when another government wants data held by a US provider, the
American government says to that government "don't demand it of the provider,
demand it of us and we will apply on your behalf for a warrant under US law to get
this information" that's the way it has been working for a number of years until, I
think, fairly recently. So what does that process action look like
I'm the police officer in São Paulo I want data that is held by a US company
I go to the central authority in Brazil which was represented here yesterday by
Carolina Yumi de Souza, they go to her and say "help us get this data" and what
does she do? She doesn't go to Google and say "give us the data" -- she might, but she shouldn't.
She goes to the United States Department of Justice --
our central authority and she says "we want this data" and the Department of Justice
says "well, if you want that data, give us what we need to go in front of a US
judge and prove probable cause" that's what's going on in most demands
for these disclosures of content that fail. Fail because of a failure to
provide enough information to reach this probable cause threshold.
Now, this is -- in the United States it is unlawful for a US provider to disclose
content subject to US jurisdiction to anyone absent a warrant issued by a US
judge based on a finding of probable cause. Now, as Jacqueline has pointed out
to me more than a few times, but some of the providers are disclosing content
to Brazilian authorities when they demand it. How can this be? I think
that that's either because they are taking the position that the data is
being held is not under US jurisdiction if they're a Microsoft, they have
localized data in Brazil, Microsoft will take the position that Brazilian process will
reach it or if they're a company that moves data round like a Google they are
probably taking the position that there's a conflict of laws and under
international law concepts of comity that means respect for different
countries' laws, they do an analysis and if the Brazilian interest in the data
exceeds the US interest, they make the disclosure
that way. Now in addition to this probable causes built in the US law, there's other
protections that are built in: free expression; the Department of Justice in the
United States does not insist went a demand for a disclosure which it made to
US authorities -- and it is being made to US authorities, right? Because they're going
from the judge, would violate a person's free expression rights. They
require tool criminality so that there's no effort by the US Department of Justice to
assist with a prosecution of a crime of insulting a King in Thailand and they get
those requests, they turn them down. And they only entertain requests
for serious crimes for which the punishment would be a year or more.
There was one case that the Department of Justice likes to talk about when it
received an MLAT request for a stolen chicken case.
And they said "no, this is a stolen chicken, we're not going to bother with
it because it's just not enough, it's just not important enough to put in the
resources". Enough information is given to the judge, the judge complies for the warrant -- I'm sorry
-- enough information is given to the Department of Justice, it applies for the
warrant from a judge, the judge grants the warrant, the word goes to the
provider, the provider makes the disclosure to the Department of Justice
in the United States, the Department of Justice in the United States removes your
relevant data and turns it over to central authority in Brazil, the central authority
-- I'm going too fast -- the central authority in Brazil discloses it to the São Paulo
policeman on average ten months after he made the request, he's grown a long beard
waiting for this data to show up for an Internet crime that he's
investigating. It doesn't take a scientist to know that's not a
system that's going to work. In addition, that policeman in São Paulo that wants this
data, this whole system is okay to him, it's opaque, he can't see through it
he doesn't know if the data is coming, he doesn't know when it's coming and it's
very frustrating for him to do this. I mean, on the US side it is
an expensive thing, it costs money to hire the prosecutor who goes in front of
the judge -- got to hire the judge too -- and to gather data and to make
these disclosures. It takes time and it takes money.
And you know what? Those prosecutors who are receiving these requests from the
central authority in the United States they have other things to do,
they do. There are big local crimes that need to be solved and if they aren't
solved they threaten the career of the prosecutor. So he's got a hundred cases,
one of them's from Brazil, 99 of them are from local, which one is he gonna
prioritize? Which ones are you going to prioritize? And that's the way it's been
working. They just haven't put in the resources
and the person power to process the requests that they're getting on a timely
basis. The United States receives more than 3,000 MLAT
requests -- I'm sorry -- it receives more than 3,000 MLAT
requests each year and it makes about a thousand MLAT requests itself. When
you look at the big picture here, what the United States is essentially doing
is exporting its own law, right? It's getting these requests, it's applying
US rules to the requests that are coming in from the rest of the world. It
means that for a country like Brazil where digital evidence becomes harder to
obtain -- and perhaps it should -- but you know what?
It also means that for countries like Russia and China digital evidence becomes
harder to obtain -- and it probably should be. It probably should be.
Because the way the US system is working, it is closing down requests that
can be used to persecute people, persecute dissenters those demands are
simply not matched in this system. So it does serve a valuable human rights
protective function. And when I think about solutions that solve problems and make it
easier for the prosecutor Brazil to get data I'm also thinking about the person
in China and the person in Russia who might need some protection from an MLAT
system that works. So before we get to the solutions, I want to mention one
other thing: I have been talking so far about the disclosure of contenThe
non content rules in the United States, they're very different. As I said, you don't
have to meet probable cause, but you know what else? The non content rules, they
don't apply to governmental demands when the government is a foreign
government. Hear this: under US law, if there is a demand for traffic data -- whom
emaild whom -- if that demand comes from Brazil or any other country, a US
provider can disclose that information voluntarily. If that demand comes from
the US government, they cannot. They can't. They have to tell the US
government "you go get a court order" even though we can disclose this data to
every other government in the world, the US government needs a court order. To my
mind, that's screwing. That needs to be changed, it shouldn't be
the case -- and the data that can be disclosed is not just data of non Americans, if
the government of Brazil comes to Google to get my Gmail, Google can
disclose that information to the government of Brazil, they couldn't do
that to the American government. They could do it to any other government and that
seems something that should be faced as well.
Well, I've described a problem. It's a big one.
It's not gonna last though because I think all the players in the system
believe it needs to be fixed. Criminal investigations that are too important to the public
safety and they're being ???. It's unfair to providers who are stuck in the
middle between competing legal regimes. I mean, people like to say about these "it's
hard to have a lot of sympathy about a billion-dollar company" but they really
are made up of real people, they have employees they have families and
when they get put in jail for not complying with a request it's a big deal
and I think that we have to account for that as well. It's unfair to us consumers
too because we don't know what rules apply to our data. So I'll talk about
three other solutions that I think are progressing along more than the others
that have been talked about these are not things that are at the discussion form
level there are more things that I think are real and are moving towards fruition
and they kind of fall into two categories.
One is what I call the brute force solutions and the other is the
collaborative legal solutions and you're never going to guess which ones I'm going to favor -- it is the
collaborative one. The brute force solutions, you know, some Brazilian judges are
engaging in some of these, they include arresting executives of providers who
fail to comply with demands even if there is a competing legal regime. They're
solutions like closing down services like WhatsApp. They are compel data
localization, that's another brute force solution which Marco Civil has rejected
in large part. Government hacking, of which Riana talked about a little bit,
which is government's hacking into services because they can't get the data
through other legal means, so they use their own means to get the data. And the
final brute force is compelling backdoors to encryption which again Riana talked
about. All those solutions have downsized. If you compel backdoors you make
everybody less secure because you make a backdoor for the bad guys as well. If
the government is hacking into email and sending you a message saying "click here",
you think it's from a friend and it turns out it's the government trying to
get your data to install malware on your device. Too much of that and people
aren't gonna trust the Internet anymore -- anymore than they do now. Compel data
localization hurts startups, and it's even fisher, it makes it harder for particularly voice
based services to function. So what we prefer are more collaborative legal
solutions. What are the goals of these solutions? First to protect rights,
rights to privacy, rights to free expression and not to facilitate
disclosures to violators of rights or to cases where the prosecution itself
is a violation of privacy. Our solutions have to facilitate
law-enforcement access and it has to be at scale and the scale is going to be as
large today and it's going to be immense going forward. Most crimes, I think, will be
investigated based on digital evidence as we move forward. It's got to be fast
it's got to be clear and it's got to be fair at the country level, there has to
be reciprocity. Meaning, if one country is required to live by particular rules
well, those rules have to be good for other countries as well. The three
solutions that are kind of meeting these criteria, they're being discussed right
now, are also grouped into three different types of groups. There's
bilateral agreements between countries, which in my view is probably the most
promising in the short term. There's multilateral approaches and then there's
what I call the club of nations approach. For the bilaterals,
what's going on in the United States as this idea starts to catch on, is the notion
that the United States would lift this block in US law which prohibits the
providers from disclosing information to requesting the countries, lift that block if the
requesting country meets a series of human rights based criteria so
this would this would supplement but not supplant mutual legal assistance treaties
so the way this would work would be there'd be a statute adopted in the
United States that would say "this requirement is probable cause" it doesn't
apply when there is an agreement between the two countries, it permits the demand.
Okay? And each country entering into these agreements would do it voluntarily
evaluating the other country's laws and saying to itself "do we make these laws
meed good, strong human rights standards?". What this does -- and I should say there are
certain advantages to this bilateral approach, first it deals with what I call
"the Russia problem". Russia has probably a poor human rights
record when it comes to prosecuting people but it also needs to solve crimes and
so you've gotta have a system that allows the Russians to get data. In this
idea of a bilateral agreement, there would not be one between the United States
and Russia. The Russians would go through the MLAT system and it would be the
responsibility of the US government to turn down the request that seemed like a
violation of rights. But another country, for example a Brazil or United Kingdom
they might be able to get the agreement and make the direct demands of
providers.
In the way I'm looking at this as a human rights advocate is that this is an
opportunity to raise standards for surveillance demands. We're looking at
things like billing into the US law a requirement of due process, there'd have
to be basic trial rights from the country making the demands, no torture, no
cruel and inhumane treatment, there have to be a strong factual basis for the
demand, factual basis for the crime in to believe that the information about the
crime would be there in the data being sought, independent authorization --
preferably by a judge -- particularity which is kind of a proportionality
concept, no bulk collection under these bilateral agreements, there ought to be
notice, so if your data is demanded and it's given up you get noticed --
it can happen after the fact, but at least it would get noticed. Certain transparency
requirements so that people would know how often this power was being used and
also incredible process for choosing which countries would have this bilateral agreements.
The United States, as I think I mentioned, has already negotiated one of these
treaties, it's been appreciated with the United Kingdom. It can't come into effect
yet because the US law that would clear the way for these agreements has not
yet been introduced or passed and there's going to be a fight about what the
standards are for these agreements and we're going to be trying to get these
the strongest standards that we can. You know, when the UK -- until last year, the United
Kingdom did not require a judicial officer to
issue warrants for content. It was all done at the level of the Home Secretary
who is the equivalent of the chief prosecutor in the country, they changed
their law under pressure from privacy groups in the UK and under pressure from
the United States which wanted to have an agreement with them like I just
described so that the prospect of having one of these agreements helped the UK come
to the conclusion that it needed to have judicial involvement in the issue of these
warrants. When I think about these bilateral agreements, I think "well, what
countries will want them? Brazil will want one" and then I ask myself and
I'll be asking civil society groups in Brazil "what are the holes in
Brazilian law that ought to be plugged, that ought to be dealt with in this process
so that Brazil could get one of these agreements, and one hole that I
understand exists is that there's a good, strong standard, we know what it is but
law enforcement here wants access to information in real time -- a wiretap -- but
that the standard for stored data this is perhaps not so clear. Maybe there
could be some clarification that would be Brazil's ticket to one of these agreements.
That's how I'm looking into these things. What's the status of this legislation, of this idea?
There was a hearing at the US Senate Judiciary Committee last week, the idea
of bilateral agreements was well received, the Committee Chairman
expressed an interest in having legislation by year-end.
I think that's very ambitious and the other body would also have to act the House and I think
we're looking at an 18-month timeline or something like that.
Another option is what I call the multilateral privilege and this is
coming mostly from Europe, it would be a protocol to an existing convention
called the Budapest Cybercrimes Convention to which Brazil
is not a party but it could be a party to the protocol even though it's not a
party to the treaty itself. This treaty was negotiated mostly among European
countries and it mostly applies to European and North American countries. It governs
with a light touch access to data across borders, it's mostly about process not
power. The protocol could well be about power, many of the civil liberties
advocates around the world criticize the Budapest convention
because it doesn't pay enough attention to human rights, ensuring that the
demands that it facilitates respect human rights. The protocol could worsen
the problem but we don't yet know what the
parameters for this protocol will be, there's to be an announcement sometime
in mid-June -- that's next month -- about what the parameters of that protocol will be and
their goal is to adopt one within the next few years. And finally another
approach is what I call the club of patience approach, it is being
discussed at the EU at a meeting on June 8th when the Justice and Home
Affairs ministers of the member states, they're going to be discussing-making
production orders issued in one member state in the EU binding in another
state, provided that state is given notice. They're also discussing
non-binding options and they're also looking beyond the twelve of Nations
that are in the European Union toward multilateral and bilateral approaches.
So what I'd like to leave you with us is just this thought. There are options, these
brute-force options that are being exercised by some countries I think they
are not healthy for the Internet and there is a prospect for I think other
solutions that are bilateral multilateral or group of
Nations that could work to serve the interests of law enforcement, of human
rights advocates, and of the providers that have to live
with that decision to make. Thanks much, I look forward to your questions.
I want to thank Greg Nojeim for his presentation, that in a very didactic manner offered us
a general panorama of what are the existing questions in this discussion about international legal assistance.
I think it was a great complement for this morning's panel
in which we were discussing these difficulties from the standpoint of the Public Attorney's Office here in Brazil
and now we could hear a little bit more about how is this situation it the US.
I'm going to open for questions, so who has questions, please manifest yourself.
But I'm going to exercise my prerogative of being on the table and I'm going to make a question myself.
During your presentation, and this is an argument and a diagnosis that we hear when talking about this subject --
the recurring idea that the US Department of Justice has little interest in reforming this system
or in investing more money, training more people --
indeed it is an expansive system, indeed there is the clear necessity of prioritizing cases
being investigated in the US, and not international cases.
In your opinion, what could generate or raise any interest in the US government for maybe
investing more in a solution or in restructuring it in a way to tend to the expectations and demands
of authorities in other countries, so is the pressure for American interests that needs to be done in the US government?
Since it subsidiaries in other countries are going through different pressures and drastic measures.
How do these drastic measures impact the government?
So, for example, when there is the blocking of an application like WhatsApp, does this
impact any major interest of the government in establishing these systems or
is there any strategy that can be carried out in order to increase the interest in this kind of mechanism in the US?
That's a really good question. So, I think that actually the problem is
less with the Department of Justice and more with the US Congress. It's partly
with the Department of Justice because they could prioritize foreign demands
higher than domestic demands and that's very hard for them to do, just because of
the pressures that they're under. To their credit, the Department of Justice
they've done two things: first they asked Congress "okay, let's
centralize the processing of MLAT requests from foreign governments, when
the MLAT request comes in to the Department of Justice, give us the
ability to go in front of a judge in Washington DC as opposed to having to go
out to California or Washington State or Chicago, let us process it in Washington
DC. We'll build up a cadre of really smart prosecutors and they'll go in front of a
judge who is really experienced in dealing with these MLAT requests from
from other governments, and we'll do it all in Washington". And they got a statutory
authority to do that but they didn't get the money that they asked for to do it.
So Congress said "yeah, go ahead, great idea here Jane, but we're not going to
give you more money to do it .We're not going to give you more people and
I'm going to ask you spend your money elsewhere". To me that's
a problem of the Congress as opposed to of the Department of Justice. They could
do things that I consider small helps but they would I think make the world a
little better for the policeman in São Paulo who has grown that long beard
and is investigating this crime, they could adopt an electronic filing system that
would better prompt the foreign law enforcement to provide the information
needed to meet the US standards. They could have a tracking system so that the
policeman who was wondering "is my MLAT request going to be granted?" would know
where it stands in the process. They could even give an estimate of how long
they think it will take for that MLAT to be processed. They could report
numbers, they don't even report numbers on a regular basis. The numbers that I
gave you were reported just to support their request for more money. I don't
have an annual report from them on the numbers of MLAT requests they make or the
numbers that they receive. And there is not a public accounting of
the size of the backlog. We know the backlog is thousands of MLAT
requests but they don't report it, we don't know what these numbers are. So I
think there's some things they could do but they're not going to solve the big problem.
Questions?
Good evening, my name is Pedro. I'm also a law student, but in PUC.
And you talked a lot about international assitance, etc.
But I wanted, one the one hand, to bring up the Snowden topic that you wanted to talk about and also
ask about the Patriot Act, that allows the US government to intercept
with a legal process different from the one you mentioned and I wanted to know how does this process
work and how can it be used to attack activists and people like Snowden?
So, the USA Patriot Act was enacted right after the attacks of 9/11 and it has a
number of different provisions that -- a lot of them are not really relevant to
what we're talking about today, some of the more objectionable provisions of
Patriot Act are related to immigrants and there was a provision that allowed the
government to detain a person who is coming to United States for seven days
without explanation, which is not permitted under the Constitution. Other
provisions, I don't remember one that specifically went after the dissenters.
Do you, Riana? What a lot of what it did was loosen rules around surveillance, it
enacted one of the statutes section 215 which was the authority for some of the
disclosures that Edward Snowden made. They were the disclosures about the
collecting of phone records in the United States but I think the Patriot
Act compared to this other statute that perhaps they wouldn't talk about but I'm going to
talk about now. The Foreign Intelligence Surveillance Act,
it's really not that impactful on people outside the United States.
There was this other statute that was enacted, the Foreign Intelligence Surveillance Act
section 702 of that statute it's the one that authorizes the government to
surveil people outside the United States without a court order, without a warrant
and based on just the collection of information relevant to foreign policy.
That statute actually expires at the end of this year, it's going to get
reauthorized and we're going to fight about what reforms the statute will undergo in
connection with this reauthorization debate. One major development that
happened just last week was 30 of the largest tech companies in the United
States got behind a substantial reform agenda and the most substantial piece of
it is to say that this surveillance can only be conducted for good reasons
like to prevent terrorism, to prevent sabotage, espionage, attacks on US forces
and allied forces. So it really was, I thought, in important statement from some of
these tech companies. You know, we civil liberties groups, we're going to say this
all the time but to have the tech companies come out and say the same thing
it was very useful and I think it will be important to this debate.
Any more questions?
Artur? Jacqueline?
Good evening, my name is Artur Péricles, I'm a masters student here at the faculty. My question has more
to do with the subject that we were discussing. I wanted to know what you
think about the problem of data collection at the borders, when people arrive by plane in the US,
the new policy on this, of demanding
that people unblock their phones so that immigration officers
can examine them.
I think it's a disaster.
I really do, I really do.
It affects non-citizens who are visiting the United States, it makes them less
likely to visit, there are conferences that have been moved outside the United
States because of those requirements. It also chills people's use of the very
communications tools that have made them more productive and more integrated into
into society. I really think it's a disastrous move for United States and I'm
really worried that other countries are going to follow and it doesn't apply just to
non-citizens coming in, for citizens when we're at the border, we don't have the
same constitutional rights -- we have the same rights but there are more
exceptions built into them as we're entering the United States. My company has
required all of these international travelers to delete their email accounts
before returning to the United States, we reinstall them once we get in, but we
have to delete them when we come in and the idea is that we don't want the
government to have access to our communications even though we're not
doing anything wrong and I gotta say as an American it really hurts me
especially that it's my government doing this to me
and there's not a lot that it can be done about it. There are challenges that
are pending to this, and I know that the Electronic Frontier Foundation is actively
looking for more cases. I don't know exactly where they're going to go but I
anticipate that this problem is going to get worse
because we've got Mr. Trump talking about extreme vetting. His first order on
extreme vetting was held up by the courts so is the second order but
they're looking for more and more ways to do it and they're looking at social
media passwords, that's one of the things that they might demand.
I want once again to thank Greg and ask for a round of applause.
Không có nhận xét nào:
Đăng nhận xét