Good evening. I'm Sherry
Glied, the Dean of NYU Wagner. On behalf of
NYU Wagner, it's my distinct honor and pleasure
to welcome you to tonight's debate. This is
the third debate in an exciting new series
we've launched with our partners at The Century
Foundation. And we are thrilled to have such
a large and eager audience join us. We held
our first debate in early March on the topic
of free public college, and the second, just
a few weeks later on immigration reform. Both
debates proved to be informative, engaging,
and even fun discussions, and I know tonight's
debate will be the same. We at NYU Wagner
have a long history of making an impact on
public service, both here in New York City
and around the globe. For over
75 years, we've been preparing the world's
public service leaders to have an effective
and lasting impact on the public good. Through
a curriculum that blends theory and practice,
our students gain skills and experiences that
enable them to address significant public
problems, and actually get things done. Our
alumni all over the world apply their education
to make real improvement in people's lives
through healthcare, international development,
urban planning, non-profit management, finance,
and many other fields. Part of
making real improvements is understanding
all perspectives on an issue. Conversations
such as tonight's are vital to encouraging public
discourse and developing the best possible
policy solutions. These debates are an opportunity
for thought leaders, practitioners, students,
decision makers and any interested citizen
to hear varied perspectives on relevant and
timely issues. Tonight's topic on the intersection
of security and personal data is relevant
and important to all of us as citizens of
the world. As has become far too
evident with the attacks we witnessed in many
places, Paris, Brussels, closer to home in
San Bernardino, our safety is not guaranteed.
As citizens, we often take for granted that
our government will keep us out of harm's
way... But at what cost? Technology is ruling
our lives, continues to grow, and we increasingly
rely on our devices, please turn them off,
to communicate, work, and manage our day-to-day
routines. That raises the question of, "What
access the government should have to our information?"
Will giving the government that access make
us safer or is the infringement on our privacy
too high a price to pay? We are
so pleased to welcome tonight's debaters to
delve deeply into this important and challenging
subject. I want to offer a warm welcome to Fareed,
Bart, and Edward, and thank them for being
with us tonight whether in person or from
thousands of miles away. Fareed, you bring
a unique perspective grounded in the history
of American foreign policy and I'm eager to
hear what you have to say. Bart, you're one
of this country's premier and celebrated journalists,
and I know you'll do an excellent job tonight
keeping Fareed and Edward in line. We're also
very excited to have Edward Snowden join us
via live video. While you may not
be able to feel it personally, Edward, the
energy in this room tonight is palpable. I
understand that while you participated in
many interviews and conversations, this is
the first debate of this nature that you've
taken part in, and we're thrilled to have
you. Edward, Fareed, and Bart will all receive
proper introductions shortly. But on behalf
of NYU Wagner and the Century Foundation,
we thank you all for being a part of this
debate, and sharing your insights.
We're also live streaming tonight's debate,
so I want to welcome those of you joining online.
We hope you can join us virtually. I know
one person who is most certainly watching,
Century Foundation president, Mark Zuckerman,
wherever you are. He's been vital to the creation
and success of this series. He's been a wonderful
partner and colleague. He couldn't be here
with us tonight as he is overseas in Paris.
But his team assures me that he's taking time
from his vacation to participate via the live
stream. Hi. I'm sure you've noticed the cameras
from CNN in the audience. We're happy to say
that this conversation will continue after
tonight's event, when Fareed, airs a segment
on his show, "Fareed Zakaria GPS." Be sure
to tune in. When we first began
discussing this debate series with The Century
Foundation, we all agreed that a vital part
of the program would be hearing from you,
the audience. There are several ways you can
take part in tonight's conversation. First,
we encourage you to use the hashtag, DOTC
2016, which you will see in your programs
and on the screens to tweet about tonight's
discussion. You'll also have a chance to ask
the debaters questions. You could do this
by tweeting questions during the debate using
the DOTC 2016 hashtag. You could also ask
questions through the poll we'll be conducting.
Before we start, we want to take your pulse
about tonight's topic. We're gonna conduct
a poll now, and then again after the debate.
Instructions are in your program and on the
screens beside me, but I'm gonna walk you
through it. There are two ways to participate
in this poll. First, from your phone's browser
or from your computer for those of you at
home, go to the website, pollev.com/dotc2016,
and follow the prompts. There's no need to
register or log in. The second way is via
text. Simply text dotc2016 to 22333. 22333
to join the session. I'll give you all a second
to text or join through your browser.
Okay, ready? Let's poll. Tonight's resolution
is, "Government should have lawful access
to any encrypted message or device." Do you
agree with this statement? How are we doing?
Okay, now see the results? You can see them,
and they'll be changing in real time. We'll
do another poll after the debate to see if
our experts were able to sway any opinions.
It's now my pleasure to turn the stage over
to the Chairman of the Board of the Century
Foundation, Bradley Abelow.[applause]
I'm pleased to welcome everyone
to tonight's event on behalf of the Century
Foundation and NYU Wagner. The Century Foundation
is incredibly proud to be able to co-host
tonight's debate. I'd like to extend a big
thank you to Century Foundation President
Mark Zuckerman and NYU Dean Sherry Glied for
their work in creating Debates of the Century
events series. Thank you also to
the teams of the Century Foundation and NYU
Wagner for the time they've put in to organize
tonight's program. As one of the oldest public
policy institutes in the country, the Century
Foundation has dedicated itself to evidence-based
research and analysis with the aim of informing
citizens and policy-makers. Tonight's
debate on encryption and national security
is a topic area that we research in order
to encourage democracy and ensure civil liberties
are protected in today's technological age. I would also like to recognize some of
the Century Foundation's Trustees who are
in the audience with us tonight including
Trustee Emeritus Richard Ravitch, Trustee
John Alter, and our newest Trustee, Anne Milgram.
It is my pleasure to now introduce our moderator
for tonight's debate, Barton Gellman. Bart
is a much-honored author, journalist and blogger.
Mr. Gellman is a Senior Fellow at the Century
Foundation where he researches surveillance
and privacy. In 2013, while working at the
Washington Post, Bart was one of three journalists
worldwide to receive leaked documents revealing
previously undisclosed surveillance programs
from former NSA contractor Edward Snowden.
After 21 years at the Washington Post
writing about many of the most important events
of our times, Gellman joined Time Magazine
in 2010 as contributing editor. He's also
been a lecturer and author-in-residence at
Princeton. His professional distinctions include
three Pulitzer prizes, two George Polk awards,
Harvard's Goldsmith Prize for Investigative
Reporting, and the New York Times' Best Book
0f 2008 award for his bestseller Angler: The
Cheney Vice Presidency. Please join me in
welcoming Bart to the stage. [applause]
Right to it if I can, I'm
here to introduce our speakers. You all see
the motion, the proposition before us. Fareed
Zakaria will argue in the affirmative. Since
2008, he has hosted CNN's Peabody winning
award program on International Affairs, Fareed
Zakaria, GPS. His notable interviews have
included Barack Obama, Narendra Modi, King
Abdullah II, Muammar Gaddafi, and David Cameron.
I would like you to imagine that green room
for just a moment. Before his turn
to cable news, Fareed was managing editor
of Foreign Affairs, editor of Newsweek's International
Editions and a contributing editor for Time.
Alongside his CNN show now, he writes columns
for the Washington Post and The Atlantic.
His most recent book is In Defense of A Liberal
Education. And finally, based on my personal
observations, Fareed is also the king of Davos,
which is not a reference to Game of Thrones,
but it should be.[laughter] Ed
Snowden is here to oppose the motion. For
those of you with ear pieces and sleeve microphones
here, I mean, Moscow at 4680 miles or so away,
by the miracles of Google Hangouts and the
speed of light, not necessarily in that order,
he should bridge the distance to the stage
in a fraction of a second. I'm told the lag
is a little bit longer today. Ed is a former
CIA technical officer, DIA Cyber Security
Trainer and NSA contractor assigned to the
regional operations center in Hawaii. We all
know about the disclosures he made about the
NSA in 2013. Since then, he has attracted
a global following which ranges from a US
government grand jury...[laughter]
to a shelf full of honors from NGOs, international
organizations and public service foundations.
Ed is not here as that NSA guy. He's here,
he comes to us here for his expertise in device
and communications security. Finally, in 2014,
Ed joined the Board of the Freedom of the
Press Foundation where he works principally
on the technology of human rights.
Fareed, will you please join us here onstage?
[applause] And fingers crossed
that Ed's link is working and we can put him
up on the screen now. Let's wait for it.
So we're about to begin. I need to explain
the rules and the format briefly. Our topic,
as you know, is government access to encrypted
messages and devices. We are not here to debate
surveillance for the NSA or the political
climate in Moscow or for me for that matter.
Both speakers have agreed to those boundaries.
Each speaker begins with a five-minute opening
statement. Fareed will go first, then Ed.
Next, Fareed will offer a three minute rebuttal
and Ed will follow suit. After that, comes
about half an hour of free-form debate where
I will toss in provocations as necessary.[chuckle]
Each speaker will also have a chance to
ask one question of the other. Sometime around
7:30, I will open the floor and there are
two ways to ask a question similar to the
poll business, you may either text your question
to 22333 or tweet it with a hashtag DOTC for
Debates Of The Century, DOTC 2016. I expect
a lot of questions and so I'll ask Ed and
Fareed to respond succinctly at that point.
To conclude the debate, I'll invite the speakers
to make a three-minute closing statements,
Fareed will close first and then Ed. Finally,
we'll take another live poll. Fareed, I invite
you to begin. Thank
you so much Bart, thank you all. It's a pleasure
to be here. I have to confess, looking at
that initial poll, I feel like I have been
the underdog before in my life but never quite
to this capacity. I thought these would be
retirees but it turns out to be students.[laughter] Anyway. Imagine tomorrow, the Bank of
America announced that it had a new product,
let's call it an iVault and Bank of America
said this is a vault, a virtual vault in which
you can put all your bank information, any
financial information you have, any other
kind of information you want. Remember, all
information is now digital, so it could be
your tax receipts, it could be your will,
it could be receipts for travel, it could
be whatever it is you want to keep secure
and safe. Now, imagine that there was a guy,
let's call him Bernie Madoff, who embezzled
billions of dollars from poor workers' pension
funds and it turned out he had one of these
iVaults and the government is trying to figure
out exactly the extent and the scale of the
crime, they need evidence for it, they need
to find out what else he might have embezzled
and they go to a court and ask for a search
warrant. The court provides it but Bank of
America says "No! This is encrypted digital
information. In fact, our whole sales pitch
to our customers says this is encrypted, so
you can't have access to it. How
would you get around that problem? Because
after all, if Apple says you cannot have access
to the information in an iPhone because it
is encrypted, why does Bank of America not
have the same right? Why does any institution
frankly, any company in the United States
not have the right to encrypt the information
it has, this is relatively routine software
at this point and then, argue that it has
in a sense created a zone of immunity in which
no laws can reach, no courts can reach, no
government can reach. That's really... It
seems to me the heart of the question here.
I could bring up the issue of terrorism and
scare you all with the ticking time bomb and
I might do that a little later...[laughter]
But right now, I'm gonna argue that the
case is very simple which is our way of society
of laws. Is there some process of law by which
a government, the democratically elected government
with independent courts, has the authority
to access information? Now I know what you're
thinking, you don't want people to see what's
on your iPhone, neither do I but I understand
that within a democracy, if you have rules
and a lot of laws, you have to sacrifice liberty
for security at some point. This is not an
absolute disposition, I believe in strong
protections for those liberties. I do not
want the government abusing its authority,
I believe it has but you cannot have an absolute
zone of privacy. First of all remember, you
actually don't have an absolute zone of privacy.
Your emails? Your employer has access to all
your emails. You know all the websites you
look at? Your employer has access to all your
websites as do all the technology companies
that you use when you look around the web.
Facebook says that it can provide you with
targeted ads appropriate for you with 90%
accuracy, how does it do that? All these companies are collecting the data
based on what you were doing in your digital life. They have it. I understand it's not
the same as the government, but there isn't
such a zone of privacy quite as you imagine.
Now, you're gonna hear a lot or you probably
have already heard a lot about the dangers,
technologically, that this... Now producers,
that it might mean a master key that unlocks
all information everywhere, that endangers
all kind of encryption everywhere. I'm not
a technology guy but I thought it'd be worth
listening to what a technology guy has to
say about this, somebody who ran the largest
technology company specializing in software
for two decades, Bill Gates. So here's what
Bill Gates says about Apple's request... The
Federal Government's request of Apple that
it unlock an iPhone. Bill Gates, "Apple has
access to this information, they're just refusing
to provide the access and the courts will
tell them whether to provide the access or
not. You shouldn't call the access some special
thing. It's no different than asking the phone
company to get information or bank records.
There is no difference between this information. The government comes asking for a specific
set of information and the bank can say it's
tied a ribbon around the disk drive and says,
'Don't make me cut this ribbon because if
I cut it this one time, I'll have to cut it
many times.'" As I say, I worry a great deal
about what the government might do with all
this information, which is why I believe
you need laws that clearly demarcate when
the government may have access to information,
when it may not, what it can do with that
information. But you cannot have liberty in
the absence of law, that is the rule of the
jungle. That's welcome to Haiti, welcome to
Somalia. If you want to live in a democratic
society that has rules, the laws, the authorities
have to have some recourse to lawful court
orders. Look, I love this phone. It is the
coolest thing that I have but there's something
even cooler, the United States constitution.
And it has to be possible for a government
of laws to operate in a way that legal authority
has the ability to access this kind of information.
Look. In 1974, we had a test of this basic
idea. The president of the Unites States argued
that a court could not force him to provide
information. At the time, the information
was, in his view, encrypted information communications
between the president and his top advisers.
And his argument was, executive privilege
meant the president did not have to provide
the court a court order with this kind of
information. [BG:] Sorry. Can you...
I will wrap up. Thank you.
He was arguing in a sense the information
was encrypted and if he revealed it, it
would set a dangerous precedent for the future.
In a unanimous ruling in the United States
versus Nixon, the supreme court ruled, "No
person, not even the president of the United
States is completely above the law. And the
president cannot use executive privilege as
an excuse to withhold evidence that is demonstrably
relevant in a criminal trial." That is the
issue. No one in America can withhold evidence
that is relevant to a court. Not the president,
not the world's most powerful company, not
any individual, not even the most shining
and alluring product, not even the iPhone
is above the law. [BG:] Thank you Fareed.[applause] Ed? [ES:] Edward Snowden: Okay. I'll
do my best. I am like Bill Gates, a technologist.
I am not... I will point out this little bit
of a technical problem for the people working
with the audio. I'm hearing a little bit of
echo on myself. But if I could continue...
Well, let me just get right into it. Let's
start with what tonight is not about. Fundamentally,
tonight is not about politics nor is it really
about the law. It's about science and for
that reason, it doesn't really matter whether
you're for or against surveillance because
by the end of this debate, we'll have established
that the proposition is not really a choice
between privacy and security. It's rather
about more security or less security. Here's
the problem. We're in the midst of the greatest
crisis in computer security in history. One
of my greatest critics personally, Director
of National Intelligence, General James Clapper
said just months ago, "A lot of people find
this surprising in our post 9/11 world but
computer security bumped terrorism out of
the top spot on our list of national security
threats." Now, let me underline
that. Our intelligence agencies say computer
security is a bigger problem than terrorism,
than crime, than anything else. The backbone
of computer security today is encryption.
Encryption is the thing that keeps your money
in your bank account rather than in a criminal's.
It is the thing that keeps our dams closed
and our roads open. Encryption is the only
thing that determines whether the medical
devices in our hospitals or the ones in your
body deliver a therapeutic dose or a fatal
one. Encryption saves lives, encryption protects
property. Without it, our economy stops, our
government stops, everything stops. Now, my
point of hope is that somebody could perhaps
find a way to make encryption work only for
the good guys. But encryption is a field of
mathematics and no matter how much we might
hope otherwise, math is math. It works the
same for Mother Teresa as it does for Osama
Bin Laden. And the signs of a consensus
on this next point is absolute, lawful access
to any device or communication cannot be provided
to anybody without fatally compromising the
security of everybody. And that's not my opinion
either, that's the formal conclusion from
gathering of the world's top computer scientists
and security experts at MIT to study precisely
this issue. And these weren't just a couple
of grad students either but names like Whitfield
Diffie, who literally invented the principles
of modern cryptography. Now, the fundamental
problem of the science in this phase is that
for the government to unlock everything, there
has to be a key to everything. Now, we can
pass a law to require a key under every doormat
in order to make things easier for police
but the problem is that every other person
in the world can find that key, too. And they
can use it. You might be saying,
"Oh well. That's all well and good." But what
about national security? This is a legitimate
interest. Now this debate is unusual on that
point. Now recently, when all of the top intelligence
officials who are free to talk about these
things, join in any conversation with which
I'm attached, they're always on the other
side. If I was for kittens, they would be
completely against them. But tonight, they're
actually on my side. The former director of
National Intelligence, two directors of the
CIA, the director of the National Security
Agency, the nation's former top counter-terrorism
official have all said that despite their
sympathy for the FBI, our nation's computer
security is simply more important than yet
another surveillance tool. In fact, that NSA
director former that I just cited, Michael
Hayden said this: "The FBI director, Jim Comey,
is wrong. America is simply more secure, America
is safer with unbreakable end-to-end encryption."
And I look forward to exploring the details
of all of this tonight with you and Mr. Zakaria,
but I can promise you, ladies and gentlemen,
one thing: If I am standing shoulder to shoulder
with a director of the National Security Agency
on something, there's a damn good reason for
that. Thank you very much. [applause]
Thank you, Ed. Our format now gives Fareed
three minutes to rebut.
So, part of the issue here, a very substantial part
of the issue, is whether it is possible to
provide the... Let me put it differently.
A large part of the issue at stake here is
whether it is possible to open a single device
without compromising all encryption of that
device, of other devices. And as I said, I'm
not a technologist, but I quoted to you from
possibly the world's most famous technologist,
who says it is possible. The evidence for
this is very plain. Apple had done it 70 times.
It only stopped... It had opened 70 iPhones
without, in its view, compromising the end-to-end
encrypted security it provided. It only decided
to file suit when the FBI, perhaps foolishly,
decided to disclose that Apple was cooperating
in this regard. Apple had been selling its
product in a way that suggested it had this
bulletproof end-to-end encryption. This was compromised by the FBI's announcement,
and so, it decided it needed to fight this
or contest it. Not just Apple, but technology
companies throughout the country have been
providing this kind of single key unlocking
routinely. Gates' statement again points out
that this has happened in phone companies,
this has happened with banks. If it isn't
the case, as I say, we have to explain how
we would create a system of laws in the United
States where banks would be required to provide
information. Otherwise, every bank in America
would become like a Swiss bank from 30 or
40 years ago, where everyone was able to keep
secret accounts, secret transactions, secret
information. We would look like the Republic
of Panama with large illegal transactions,
furtive bank accounts, and laundered money.
If we don't do that, we have to have some
system in place that allows for a process
by which you determine when it is lawful for
the government to access information, when
it is not. If you move to a system
where you say, it is an absolute disposition
and the government will never have lawful
entry, you are simply encouraging the government
itself to become part of the lawbreaking scheme
and use the kind of methods that I'm sure
Ed Snowden and I would agree on are not ones
that the government should be engaged in.
My final point would be about that panoply
of extraordinary officials, former officials,
that he pointed out surprisingly agree with
him. It is really very stunning, and what's
particularly stunning is that all these people,
only two years ago when they were in government,
or four years ago or six years ago, when in
government, had entirely diametrically opposed
positions on this issue. Remember, this is
not an issue that came up yesterday. They
all had public positions that said essentially
the opposite of what they're saying now. I
will point out that almost all of them now
work in consulting firms that have, as clients,
all the major technology companies that have
a huge vested interest in arguing the other
way. So to answer your puzzle, Ed Snowden,
the reason that Michael Hayden and others
agree with you might not be so complicated.[laughter]
BG: Thank you. Ed, you've got your own three
minutes now. ES: I do appreciate that
suggestion. However, I would point out one
important distinction. Not all officials leave
government under the same circumstances, for
the same reason, or change their ideas for
the same reason. I myself once worked for
the National Security Agency, I myself once
worked for the government, and now I work
for the public. I do have a different position,
but that doesn't mean I'm motivated by anything
other than the same allegiance to the same
society. The difference is that I don't have
a boss telling me what to say. Now, there's
one point that you can't really dodge on here,
which is that saying that the government should
have lawful access to any device, whether
it's a single device, whether it's all devices,
is no different than saying that we should
weaken the digital security of every device
and product and service that is produced in
the United States. That's the science of it.
That's simply how it works. That's the choice
we're faced with today. Ignoring that, otherwise,
we might as well be discussing well, what
if the earth is flat? Right? But
you do raise an important point there, a key
distinction which is that there are some types
of data that, despite encryption, despite
the fact that it is out there are still available,
that can still be shared with the government
and in fact, are. Now, this is the magic of
communications. This is the magic of how even
encrypted communications can be followed and
tracked and in fact, I did this personally
at the NSA. My target was not terrorists,
which are actually seen as the easy target
at the NSA. They were Chinese hackers working
for the Chinese government. These were extraordinarily
sophisticated individuals who used encryption
for everything they did. And yet, we followed
them back to their homes, their bases of operation
to their home computers, we broke in, we stole
everything, and we got around encryption,
seven days out of the week, twice on Sundays.
This is how the world works. Unlike the example
that you said in your introduction, which
is that, there's an iVault that can't be broken
into. It can't be broken into when
it's perfectly sealed, when no one sees it.
But it is then a brick. You can never go in
and enjoy the fruits of what you've stolen.
It's locked away from yourself, just as it
is for your adversary. If you ever try to
enter it, if you ever try to use it, if you
ever try to go in there, we can follow you,
and we will. We will steal the key and then,
we will own your vault. And this is the way
that law enforcement has, will, and will
continue to deal with the problem of encryption.
Thank you [BG:] Thank you both. [applause] Ed, FBI Director Jim Comey has said that
he fears a moment when a child is kidnapped,
and there's evidence on a phone. And parents
with tears in their eyes look at him and say,
"What do you mean you can't get at it?" What
would you tell those parents? [ES:]
Well, the idea here is that there can always
be theoretical cases. There can always be
a worst case where something could go wrong.
But fortunately, we actually have a track
record on this. We have evidence. We don't
have to rely on hypotheticals, we don't have
to rely on potentialities, we can look at
the facts. And the fact is, encryption has
been around for a long time. We had this debate
previously in the 1990s, people said the sky
was gonna fall, the atmosphere was gonna boil
off, the world was over. And yet despite that,
law enforcement is sitting in a better position
today than they were before. Now, that's not
to say that this couldn't happen. That's not
to say that some crime could not potentially
occur in which encryption is the factor. But
we should focus on the world as it is, not
the world as it necessarily could be. And
the FBI has in no case, put forth a real smoking
gun where but for the presence of encryption,
criminals went free. However, there
are many, many, many cases and we have statistics
that I can talk about all night if you would
like, that show encryption is actually quite
a rare factor in investigations, and even
where it is, it doesn't stop prosecutions,
it doesn't stop investigations, and ultimately,
it doesn't stop prosecutions.
We have a question now for Fareed with a little
preamble. The language of this debate can
be very controversial and there are various
parties who don't like the term, "backdoor,"
"side door," "golden key," and so on. And
as the neutral moderator, I felt obliged to
make up my own term for it. So my term is
"fenestra," which is a noun from the Latin
which means any government mandated bypass
of encryption used to secure communications
device usage. Apple refuses adamantly to provide
a fenestra to the FBI. So, there is now...
This is the part of the argument that Snowden
has been making, a consensus that is akin
to the consensus on climate science, that
it is not possible for cryptographers to build
a fenestra without weakening encryption against
potential outsider adversaries. Now, do you
doubt the science of that, or are you prepared
to accept the costs to security of that weakness
or, do you have a third choice? [FZ:]
Well, I think firstly, if I could just to
the last point, in that same testimony, the
FBI Director did point out that there were
several cases where they genuinely were, these
were not hypothetical cases, there were cases
of an eight month pregnant woman who, there
was a murder, they had no clue as to why it
happened. The only thing they had was a phone.
They wanted to open the phone, they couldn't
find a way. There are many such cases, the
New York prosecutors have many others, so
this is not entirely a hypothetical situation.
On your point, look, as I said, what I can
do when I talk about these issues, I'm not
a technologist myself and I would respectfully
say that neither Mr. Snowden nor I are technologists
on the scale of Bill Gates. He has pointed
out that he... Has said pretty clearly what
the situation is, right? And as I pointed
out again, the history of it is that these
devices have been unlocked repeatedly, routinely.
There are a number of, strike me as highly
self-serving arguments now made by technology
companies saying that they cannot do it without
compromising the security. The way I would
put it is, as far as I can see as a consumer
of this stuff, any time you write code, you
know how to unwrite it. That it is not so
complicated. When you encrypt something in
software, there are obviously, logically ways
to un-encrypt it. For example, if you take
the case of the iPhone, the San Bernardino
iPhone, the issue was, can you figure out
a way to tell the iPhone not to auto erase
when it hits the tenth password? Well, since
it is their software and they're telling it
to auto erase after the tenth attempt, obviously,
logically, it's possible to write software
that can tell it how not to auto erase. Inherent
in the writing of encryption is the possibility
of unencryption. The person who wrote the
encryption in his head has that, it would
take a few hours to do it, but the idea that
you let it out there and somehow, this becomes
some dangerous virus that would then contaminate
the entire digital universe is not born out
by the evidence that these phones and these
devices have often been unlocked in the past,
is not born out by the testimony of the CEO
of the largest technology company in the world
for two decades, Bill Gates, and it doesn't
stand common sense. But what do I know? I'm
not a technologist.[laughter]
Actually, Ed, I'm gonna let you respond to that. If you could try to clarify what the technology
does and does not mean in this debate. [ES:] Right. So the challenge is, when you create
a way that a system can be broken by an outside
party, by a third party, that can be used
by any third party. It could be the FBI, right?
It could be the police going in for a lawful
purpose who wants to go in, they want to investigate
a case, which none of us would dispute, was
a good thing in that case. However it can
also be used by anybody else, and there's
a problem once you create these keys, these
sort of universal unlocking mechanisms that,
for example, in the case of San Bernardino,
now the FBI said, Apple had the exclusive
technical means to get in this phone, it simply
wasn't possible to get in unless they did
it. Now, six week later they said, "Oops,
we were actually wrong about that, there was
another way in." Which is often the case,
in fact, in all of the cases that we've seen
where this has been a significant technical
controversy, they've found a way in because
again, devices today are insecure. This is
really the challenge. You mentioned,
for example, these phones didn't used to be
encrypted, they used to be able to be broken
into much more easily and now, it's a little
bit harder which many people, particularly
surveillance authorities, once they become
accustomed to this sort of status quo, they
begin to feel entitled to it and they don't
have the same balancing of equities that the
broader society does, because they don't have
to deal with the risks of having things stolen
from their bank accounts. They don't have
to deal with their identity being stolen.
The victims have to do that. Now,
that thing that I mentioned in my introduction,
where General James Clapper, the Director
of National Intelligence, said that the US
Intelligence Community have said, "Computer
security is the biggest threat that we're
facing right now," that happened in 2013,
right? These devices didn't have that level
of encryption prior to 2013, because the threats
that we're facing are encrypted or are increasing
and therefore, our countermeasures, our defenses
must also increase or else, our lunch will
be eaten not just by every other criminal
group, but every other foreign adversary around
the world. And just one thing that
I would actually like to pass back to Mr.
Zakaria for comment is, let's presume for
a moment, hypothetically, I'll give away what
we really have here, which is the fact that
by the science, this is going to make everything
insecure, but let's say it didn't. Let's say
there was a golden key that could only be used
by governments. Now, you have a key that anybody with a court order can get and then get into
these devices, get into all of these services;
get into Microsoft, get in Google, get into
Facebook, get into your phone. Now, they're
only used for instance, court orders, but
who else has courts? It's not just the United
States. Kim Jong-un, in North Korea, he also
has courts. Syria, they have courts. Russia's
Vladimir Putin, he has courts. China, they
also have courts. What will you do when suddenly,
we have everyone in the world, every government
that has access, as long as they can get anybody
to stamp a sheet of paper that says court
order, they have access to every device including
our own, including those held by our own officials.
[FZ:] Can I get in on? Because I feel...
[BG:] Yeah, good. Do that.
First, I wanna point out, if the FBI now says, it can open that phone, I don't know. Is Apple
howling that, "Oh my God the security of every
iPhone is now in jeopardy," clearly it means
that this so-called master key is not so master
after all. But more importantly, to just answer
your central point, I think it's very important
for us to be honest in this debate and point
out that when large technology companies operate
in countries like Russia, where you have found
safe harbor, or China, those governments already
have considerable access to all information;
virtual, digital, real. They use every mechanism
possible. And I think the idea that by allowing
a legitimate court order to be pursued in
the United States, somehow we are empowering
the North Korean intelligence service, or
the Chinese intelligence service, I think
they're doing fine without that help. [ES:] So that's a fair point...
Go ahead. So, we've
got this time lag and I might have to raise
a flag here. I wanna ask you to address Fareed's
point of principle and I would put it historically.
Has there ever been a time, in American history,
when a citizen could store evidence, not just
have a whispered conversation, but store evidence
in such a way that authorities could not possibly
reach it? And we haven't built a safe that
no one can ever crack. So, in that sense,
are you not asking for something that's without
precedent? [ES:] No, I would argue actually
that's been the status quo throughout American
history. In fact, it's still happening today.
When you think about banks for example, the
ones we see quite recently in the Panama Papers,
they store documents and records on their
premises all the time. They have very little
fear of anyone getting in, and when the police
cars pull up, they've got shredders running.
And many times, they don't wait for the police
to show up. At the same time, we've
also had people who store drugs in their home,
and when they're concerned, when they have
any fear, they place themselves, you might
argue, above the law, by flushing it down
the toilet. But that doesn't mean that we
pass a law to re-order the whole of our society
for the convenience of our investigators and,
as I believe, the Director of Homeland Security
previously argued. Because look, we're not
gonna say these things that are necessary,
that are critical to the operation of society.
For example, our economy. For example, all
of our communications as the internet is,
has to be restructured for the benefit of
the police. Now, this isn't to
say that we intentionally make their life
harder, this isn't to say, that we do this, that or the other. But we recognize that
look, yes, the needs of law enforcement are
legitimate. Yes, we want to enable them as
best we can, but we do not stop innovation
in this country. We do not require the production
of a new service, we do not require the next
version of the iPhone to first go to the FBI,
and get a stamp of approval before we say
that it's lawful. [BG:] So I wanna address
maybe a somewhat comparable point of principle
to you, Fareed, which is this. We, in this
country accept all kinds of inefficiencies
in law enforcement, probable cause, proof
beyond a reasonable doubt, unanimity in juries,
suppression of evidence. Honestly, looking
around this crowd, the FBI could probably
find something fishy if it turned out everybody's
pockets...[chuckle] But it can't
do that. Sometimes, it can't see inside encrypted
containers. Why is that different? If there
is any... If you accept what the technologists
say, which is that there is a large risk in
giving FBI mandatory access, then why is that
any different from the other examples I mentioned? [FZ:] It's a very good question and
it gets to the heart I think of what the resolution
argues, and what I'm arguing for. It is simply
not the case that banks were allowed to keep
vaults with secret information in American
history. Of course, they're able to keep secret
information. The question that this resolution
asks is, if there is a legitimate court order
requiring you to open that safe deposit, requiring
you to disclose information in that account,
does the bank have to comply?
That's the issue, not, "Are you able to keep
whatever you want in your house, whatever
you want in your bank?" The presumption is
that you don't have anything illegal going
on, but if the law enforcement authorities
believe there is reasonable suspicion, if
they can convince a court to issue a search
warrant, if that warrant is then upheld, do
you have the obligation to provide that? That
is a much higher standard. I would
argue that what I'm trying to persuade people
of, is to take a middle position here. The
government at times seems to want this all
Ritz petition argument which says effectively,
they can do whatever they want, whenever they
want. Mr. Snowden is arguing for an absolute
zone of privacy. What I'm saying is, we need
to clarify this. And we need to clarify it
now, not in the wake of the next terrorist
attack. Because when that happens just as
with the Patriot Act, we will overreact, and
whatever you saw about the poll and this audience,
it ain't gonna be that way with the American
people. It's gonna look a whole lot different,
and we'd be much better off coming up with
sensible constraints and guidelines now.
So...[ES:] I'd like to follow up
on that because there's a little bit of nuance
there actually, that I think is quite interesting
which is, I'm not arguing for an absolute
zone of privacy. I'm not saying that people
should place themselves above the law, or
beyond the reach of court orders, or even
companies to do the same. We're talking about
who is being compelled here, and how our investigators
are going about their work. Now,
Apple quite recently gave sworn testimony
I believe in a court filing where they said,
or in response to the court controversy of
course, over San Bernardino, that they said,
in fact even China, the China that you said
previously is doing quite well on their own,
has not asked them for this capability. They
have not asked them to go so far as to re-engineer
their products and services to make them able
to comply with all these kind of things.
Now, however, intelligence services everywhere,
whether they're in China, or whether they're
in the United States, whether they're in France,
whether they're in Germany, whether they're
in Brazil, are doing quite well. And again,
this is why I don't say that I'm arguing for
an absolute zone of privacy. I
sat at that desk, right? I've read actual
terrorist communications, I've read the communications
of hackers, I've read the communications of
all kinds of malicious sort of forces you
might call them from adversary nations. Now,
the thing is, encryption is not an unbreakable
wall, or rather if it is an unbreakable wall,
it is one that we can get around if we are
patient, if we are careful. If
we think, and plan about how to go about our
investigations... And this really works. We
have seen this, for example, in the United
States quite recently. For someone who is
really sort of, Mr. Zakaria, your worst case
scenario. This would be the case quite recently
of the Silk Road. Sort of a dark net drug
market as it's alleged to be, where this is
a space online, it's all perfectly encrypted.
There's all anonymous communications, you're
not supposed to be able to see who's even
involved in it. And yet the king
pin, the one who's actually operating this
site turned out to be an American citizen.
Now, because he made mistakes, because he
wasn't perfect everyday of every year for
the entire time he's operating this site,
we saw where he was operating from, we followed
him and then even though his devices were
perfectly encrypted, sort of the iVault from
your introductory statement, we created a
pretext. The FBI did the same, FBI now complaining
about unbreakable encryption, where when he
goes into the library, he was actually operating
out of public libraries just from what we see,
so he wasn't using his home connection, he
logs into his dark net sort of drug market
as it is, and at that moment, his computer
is unencrypted because remember, if it's perfectly
encrypted, it's a brick to him as well. The
FBI agents standing to his left, create a
sort of an appearance of a domestic dispute,
a man and a woman arguing. As soon as his
head turns to the left, an agent on the right,
physically grabs his open, unencrypted laptop
and now, they're reading his diaries in court,
or at least they did before they convicted
him to life sentence. [BG:] So I wanna
follow up here because you said before we
do quite well. And I wanna think about who
we are, when you talk about using sophisticated
means of getting around an unbreakable vault.
As long as you support the idea that there
ought to be... They build it to do targeted
surveillance for law enforcement or intelligence,
if companies sell strong crypto and they won't
give you a fenestra, authorities need something
like a seven-figure budget or maybe even an
eight-figure budget to conduct the kinds of
operations you're talking about or to buy
hacks from private companies or grey market
afters as the FBI did in San Bernardino. How
does the average police department get in
and get this evidence? [ES:] Well, I
think the Silk Road case again, shows quite clearly that when you think carefully
enough, the actual budget you need are just
the police officers who are already on your
force, it's really thinking about how you
use them. But there are cases... We can imagine
cases where these are people very far away,
a teenager in a basement in Moldova somewhere,
and you have to actually do some kind of remote
attack, right? In theory, you shouldn't have
to do this. And in practice, we actually very
rarely need to. We have what are called mutual
legal assistance treaties with many nations
around the world where we can go through established
processes through court orders which again,
Mr. Zakaria prefers, and then we can rely
on the services, the police forces that are
available in that country to act as an arm
of our own investigation. And again, we do
the same in turn for them. So it's mutually
beneficial and it's tightly controlled. But let's say we couldn't do that and
let's say there were an extraordinary rare
situation, you've got an arms dealer, you've
got a human trafficker, a truly terrible villain
out there who is incredibly sophisticated
in terms of the level of the defenses they're
using, they don't get lazy, they don't get
sloppy, like the Silk Road guy, they
never make a mistake so you have to hack them.
And hacking, as you implied, can be quite
difficult particularly as we eventually some
day, not in the next ten years but maybe 30
years from now, finally solve our computer
security crisis, what do you do? Well, the
FBI faced this, they would argue in the San
Bernardino case where they said, "We can't
get in this iPhone" and then someone calls
them and says, "If you sprinkle a pot of money
over top of us, we'll solve your problem."
The FBI director said they spent something
like $1.3 million, based on his salary, it
was sort of extrapolating here, which is a
lot of money. But the point is, these are
exceptional cases with exceptional needs.
They should be rare and one could argue that
actually, the best process constraint that
we can impose on the police is a cost constraint.
It ensures that they only use the most exceptional,
most intrusive, most expansive capabilities,
the biggest guns if you will, when they're
absolutely necessary to achieve their goals,
rather than when they wanna snoop in the pockets
of everyone in the room as you suggested
earlier. [BG:] Thank you, Ed. Fareed,
I wanna ask you a different question. The
key driver of this debate where it started
was that law enforcement, particularly the
FBI, so they've got a going dark problem,
that more and more of the world is opaque
to them and they can't do their jobs. So I
wanna test that proposition in a kind of thought
experiment. So by the power vested in me as
moderator, you are now the FBI director. presto.
And you have to choose between two investigative
packages. One of them is the 1990 package.
You can send agents anywhere, seize anything
you like, get business records, anything you
get a hold of you can read 'cause it's not
encrypted. The 2016 package, lets you do those
things with those kinds of old analogue records
but also, let's you track anybody's movements
24/7 now or in the past with GPS and license
tag readers, cell tower records. You can tap
into exaBytes of data at Google and Facebook.
You can identify conspirators and their networks
through metadata, the trails they left of
who they talked to and when, and the price
of all that is that there are sometimes gonna
be containers you can't open. If you really
had to choose one or the other, would you
go back to 1990? [FZ:] No of course
not, I'd much rather be in today's world,
I'd much rather have all the tools that you're
describing. I would also like to have the
ability to convince the court when I thought
it was appropriate to have a bank give me
the digital information or technology company , give
me digital information or whoever. The question
you posed though gets at an issue that Mr.
Snowden just highlighted, which I think is
important to understand. The word that he's
describing is one which American law enforcement
and/or intelligence and I think his background
with the NSA is perhaps biasing him in this
respect, has enormous power, resources, very
talented people like him and they can throw
this at these problems and they will find
a way around the law and the dark zones themselves.
They can play this cat and mouse game which
is fine and great. And I suppose that that's
all well and good. But what about
the local police department in a poor precinct,
in a poor neighborhood. We have enough inequality
in America. The picture that Mr. Snowden was
painting, is frankly, one of frightening inequality
of law enforcement, where what you're saying
is that the Beverly Hills police department
will be able to hire hackers to get into whatever
iPhones they want. But up in Harlem and the
Bronx, "Well, there you're on your own
and those murders will go unsolved." I don't
think that's an equal justice under the law.
I don't think that's how it should operate,
there have to be rules. [BG:] I've got
time for...[ES:] I think this is your...
To each... I'm gonna ask you each one
last question. You have about a minute each
to answer them before we go into closing.
Before we go into the audience questions.
For Ed, I guess I'd like to ask you this.
Let's assume there's a 100% probability that
authorities are going to do one of the following
things: Ban strong encryption altogether,
require encryption bypasses by law, secretly
weaken encryption standards, hack into encrypted
devices or buy fenestras from hackers. What's
the least bad outcome? How would you want
them to do it given that they have to try
to find evidence? [ES:] I'm not sure
I caught the distinction. There was between
sort of getting around it and banning it,
that was the distinction there? [BG:]
Ban it, hack it, weaken it, build your own
hacks, buy hacks from others. [ES:] Right.
So I don't agree that buying hacks, building
hacks and everything like that is wonderful.
That's not what we want and that's not something
that I particularly support. What I'm saying
is that that's the least bad means we have
available. The world, if they ban encryption
totally, looks like this. American jurisdiction
only goes so far. If you were for the proposal
tonight, right, and you think the government
should have lawful access, you think they
should mandate insecurity for every device,
every product, every service here, the problem
is that that stops at our own borders. Every
competing product, every computing service
from every other country will still be able
to provide perfect security. We will be the
only ones without it. So clearly, given that
context, banning encryption is simply the
worst move. Arguing that we must create a
lawful access mechanism hurts only us because
we won't be safe, right? Terrorists won't
use our phones but we will be less free.
[BG:] Alright. And one last point of philosophy
maybe for you, Fareed. How much does your
argument rely on a belief in the fundamental
goodness of government authorities, that they're
well-intentioned and sufficiently bound by
oversight to prevent serious abuse? And in
that case, how would you answer the Nixon
problem or the J. Edgar Hoover problem? [FZ:] Yeah. So, two very quick points. One,
we don't make the argument that Mr. Snowden
just made with regard to foreign companies
for anything else. We don't say we're not
gonna have laws for our banks because people
could just go and use foreign banks. We have
laws for companies that operate in the United
States and foreign companies that operate
in the United States are bound by those same
laws. The same is gonna be true of technology
companies. Do I have faith in the goodness
of people, the American people? No. I think
I believe as James Madison did, "If men were
angels, no government would be necessary".
But I do have faith in the constitution and
in America's democratic system. I've grown
up in another country, I've travelled the
world, this country has lots of flaws but
at the end of the day, the checks and balances
do provide greater protections for liberty
than almost anywhere else in the world. I
will remind you, that Richard Nixon was impeached.
Well had to resign for fear of impeachment.
Which is why, which is a symbol surely of
the system working.[laughter] [BG:] I'm
going now to audience questions from our potentially
global audience here. There's a question for
Ed, from Juan Pablo Geraldo, an employee of
UNICEF who asks, "Are we as citizens, less
safe because hackers unlock the San Bernardino
phone for one or more millions of dollars?"
Yeah. One of the points actually that
was raised by Mr. Zakaria earlier that was
that he said, "Well, Apple hasn't really made
any response, they haven't made any stink,"
in response to this. Now in fact they have,
they've challenged the FBI, I believe in court
where they tried to get them to compel, that
already may have simply been through internal
processes before they get to court, to get
the FBI to disclose the vulnerability that
was used to get into this phone so that they
could close it. So they could protect the
millions of Americans who are using these
kind of devices. And I think that is proper,
when the FBI finds a case that is so exceptional
that they have to break the security of the
device to get in, right? It merits these kind
of exceptional circumstances, they should
try to do that. At the same time, they should
make sure they close the door behind them
so that the rest of us, whether we work at
UNICEF or whether we work at Starbucks, are
safe and don't face the same threats tomorrow. [BG:] Okay. Thank you for a concise answer.
I'll ask you both to keep that in mind. For
Fareed, there's a question from Sajid Mahmood,
a software engineer, and I'm gonna translate
it a little bit. He asks, "Should it be legal
for WhatsApp, a messaging app, to use end-to-end
encryption?" And I'll give you a little context
for the question. Apple security is very good,
but in the past, has had side doors. Apple
has had the ability to decrypt certain portions
of it. There are services and products being
offered right now, that as far as the best
auditing can tell, do not have those flaws.
So WhatsApp uses a protocol that the company
that makes it cannot read, period. Should
it be legal or not legal to sell encryption
that you cannot break yourself?
Look, I think that... This gets it to the
kind of level of the hard cases that are more
difficult to solve. What I would say is if
a court requires... Asks for information and
if the company has the ability to access that
information with some reasonable effort, it
should provide it. By Apple estimated that
it would've taken six people, two weeks to
write the code, to overwrite the auto erase
function. If WhatsApp says, "We literally
do not know how to write this code." I am
myself skeptical of this, but I want that
issue defer to people who are more expert
than I. It seems to me, very difficult to
understand how you could be able to write
encryption that you cannot unencrypt. As I
say, I have talked to many technologists who
agree with that. But if it is the consensus,
the scientific consensus that that is in fact
the case, then I think that WhatsApp could
demonstrate to a court that they don't have
to do it. And that I suppose is where it would
stand. Strikes me as a pretty hard case. And
hard cases make bad law. [BG:] Well,
it may be a hard case, but it's going to be
a very common case and it is increasingly
a very common case. And for that reason, the
people who are most on the side of the FBI...
In Congress, Feinstein and Burr have proposed
a law that would outlaw strong encryption,
that would outlaw unbreakable encryption,
that would outlaw encryption that the company
that provides it cannot crack. So do I take
it that you would not be in favor of that?
Yeah, I don't think so. I think
that there are even precedents for this. If
you have a safe that the manufacturer cannot
open, I believe I'm right that case history
is that the government does not somehow hold
the safe-maker liable if genuinely, the safe-maker
cannot open the safe. [BG:] Ed, there's
a question for you saying... Looking, again,
for sort of a least-bad solution, would it
be better simply to say that if you're a suspect
and they have your phone and they can't open
it, you are compelled to provide access, you
are compelled to decrypt it, that therefore
doesn't compromise the technology itself?
No, we can't do that because it's
prohibited by our Constitution. Of course
the Fifth Amendment gives us a right against
self-incrimination. And if it was to basically
voluntarily provide something that's going
to be used against us in an incriminatory
form, obviously that... I would argue at least,
and there has been no court that has actually
held that that is the case, at least certainly
not the Supreme Court, that you can be compelled
to testify against yourself whether it's in
court saying "I did it," or whether you're
sort of unlocking your diary that says, "I
did it." [BG:] Yeah. And just for the
record as factual intervention, right now,
the Supreme Court has not made a final holding
on either of these, but the state of the law
in various districts and circuits seems to
be that you can be compelled to put your thumb
print on the reader and open a phone that
way, but you cannot be compelled to supply
a pass phrase. The reason being that one,
is like the compulsory provision of fingerprints
in any other context, and the other is testimonial
evidence. So if you really care...
Turn off touch
ID, yeah.[laughter] Question for
you, Fareed. From Chris Soghoian at the ACLU
is that... He says you told him in a CNN makeup
room once that you don't encrypt your communications
and wonders if you do that now.[laughter]
Or plan to after this evening?
I am the lamest person with regard to
this stuff. I don't encrypt anything, I...
Perhaps CNN does what it does. But I'm the
kind of guy who, when the fire alarm goes
off in a hotel, I just keep sleeping. I assume
it's a false alarm and I would have died in
the towers in 9/11 for sure for that reason.
I always assume that these things... That
the odds are gonna stay with me. But I've
been lucky so far. [BG:] I guess... Just
a quick followup on that, that would be sort
of more illustrative is do you have an iPhone?
I do have an iPhone. Here it is.[laughter]
[ES]: Do you use encryption? [BG:] Ed
is reading it right now.[laughter] [FZ:] Yeah. I imagine...Oh, you
have a standard operating procedure Ed, it's
slightly different from mine. [BG:] Ed,
you... If I understand you correctly, tend
to believe that if the FBI has found the security
hole in the iPhone for example, it got into
the San Bernardino phone that way with it's
million dollar exploit, that it ought to disclose
what the flaw was to Apple so that Apple can
fix it, so that Apple can close the security
hole against attack by foreign governments
or hackers or criminals. If that's the case
though, if Apple won't help and FBI needs
the information and spends a million bucks
to find a way in, can you really expect them
to hand over that recipe to the company that
refused to help? [ES:] Absolutely, because
they're not doing it to help the company.
They're doing it to help the country, right?
They're doing it to help everybody in America
who uses those products, who uses those services.
And what we think about this, if they're buying
exceptional exploits that have exceptional
impact, that could be used against any senator,
any federal judge, anybody who uses one of
these devices. They're not really wasting
this money or subsidizing Apple. What they're
doing is they're investing in an infrastructural
cyber security improvement plan for every
US product service company. Now,
you could make a distinction here where they
go, "Well, what about this or what about that?"
But I think even in the case of foreign companies,
if it is a product or service that is used
by majority of American customers, majority
of American citizens, there's a clear, actually,
one might even argue prevailing public interest
enclosing that vulnerability. Now, where it
would get tricky, where we would get into
a nuance and perhaps, we could ask Mr. Zakaria
his opinion here is, what if it were a service
that were used not by Americans, right? It
were only used extensively overseas, but it
were in a hostile regime, should they close
a vulnerability in a Chinese product, in a
Russian product, maybe an Indian product.
[FZ:] I have to confess, here I am much more
cautious about what strikes me as collusion
between big business and government. I don't
think it's the FBI's job to improve and refine
the products of the world's most valuable
corporation. I think that if Apple is not
able to provide the encryption that its customers
like, well maybe somebody else will. I haven't
thought this through completely but it doesn't
strike me that it is the FBI's job to perfect
the security systems of Apple or Microsoft
or Google or Facebook. That's up to them and
if they can do it, great. If not, somebody
else will provide a product that people will
use. [ES:] Just a pressure on that...
I wanna add a point of factor. There is
an arm of the FBI, whose job is to try to
secure US computer networks and devices. There's
a big chunk of Department of Homeland Security,
half of the NSA has a defensive mission, the
National Institute of Standards and Technology.
I mean government typically says, there's
a White House statement to this effect that
when it finds a vulnerability, it's default
option will be to disclose it to improve everyone's
security. But that there can be exceptions
in cases of exceptional need for law enforcement
and intelligence gathering. So I guess, I'm
wondering sort of where you see the equities
in this particular case, in the San Bernardino
case. [FZ:] Well as I said, I think they're
slightly different because this is not...
What you're describing is foreign agents,
etcetera hacking into a large digital network,
perhaps corporate, perhaps non-governmental,
perhaps the nuclear energy administration.
The NSA detects it, tries to, in some way,
fill the gap. What we're doing with here is
single phone, the FBI wanted access for information,
got the access to the information and moves
on. It strikes me one is a... One you're talking
about systemic breaches and systemic problems
and the other you're not. As I point out,
this has happened 70 times before. And I don't
recall massive repair operations
going on. [BG:] Oh. There were.
Apple is.. [FZ:] No, by the FBI.
BG: Ah. Right. [FZ:] The FBI. The FBI,
they're not rush to provide, to tell Tim Cook
"Please let us help you improve your product." [ES:] I would, if I could just point out here.
BG: Sure. Go ahead. [ES:] Let's remember
when we talk about yes, corporate products,
the president of the United States was famous
for using Blackberry. [BG:] Yeah.
FZ: Yeah.[laughter] FZ: And he uses
Colgate toothpaste also. I don't think the
government should be refining that product
either. I'm guessing he uses Colgate.
ES: Even if there's a known threat in the
Colgate toothpaste, you think they shouldn't
warn it even if they know the president's
going to use it and it could cause harm to
him or any other American.FZ: Well
there's poison in the toothpaste, yes he should
take it out but that's...[laughter]
FZ: You see, I don't think it should be the
job of the FBI to improve the products of
American corporations. I guess, let me put
it that way. That strikes... ES: Fair
enough. I would simply point out that vulnerabilities
in digital devices are poison on the internet.
BG: Is there a sense in which this debate
is weirdly hypothetical and pointless? [laughter]
BG: And I purposely didn't ask this question
at the start. FZ: You set it up.[laughter]
BG: In the following sense. We're talking
about using legal means to regulate science
or mathematics or technology and even if Congress
wants to pass a law saying, "Thou shall decrypt
upon command," I can tell you as a heavy user
of security products myself that something
like four out of five encryption programs
that exist in the world, 400, some of them
are made overseas beyond the reach of US law.
And so, what you have theoretically is the
ability for anybody who's a bad guy and knows
that authorities will be looking for them
to adopt some of those tools and the legislative
idea will be irrelevant. So, is there a point
to having this debate on the law with all
that in mind?  FZ: Look, you raise
a very important problem which is we do not
live in the world alone. There are other countries
that operate on very different standards than
the United States does. It's been true for
a long time. It's true in many other areas
as well. As I point out, we don't say that
American banks don't have to follow the laws
and regulations because Swiss banks don't,
or because Hong Kong banks don't, or because
banks in the Cayman Islands don't. We have
an expectation that the operations that take
place within the United States will follow
American law. I will grant you this. We are
unusual and have an unusual advantage in that
we have a very large market. We are a very
important country and as a result, we have
more bargaining power than if you were a small,
developing country with a small population,
small market, and that does mean the United
States can make certain demands which are
not possible for other countries. So, I'm
grateful that in that context, the United
States is a liberal democracy and not a dictatorship.
BG: So we're out of time, but I wanted to
ask Ed, if you wanna take a crack at that
in 30 seconds. That question about whether...
And even is it rational to have a legal debate
here? ES: I do think it's rational
because importantly this is a problem about
public education. As we began in this debate,
right? You heard a lot about politics, about
iVault, about things like that which sound
convincing and they sound threatening, but
then when you actually start drilling down
on the signs, you start drilling into the
math, and you start drilling down into the
facts, things look very different, right?
And this also applies to Congress. These are
generalists who have to focus on many different
issues in many different areas all of the
time., right? Same thing with everyone in
this room. You guys don't have time. You shouldn't
have to study and become experts in encryption
just to relate and interact with your world.
But when we come together as a community,
when we have people with different opinions
such as Mr. Zakaria and myself, come together
and actually debate these topics in a reason
and respectful way, we can produce a public
good that serves the wider body and hopefully,
can actually result in better policies.
BG: Toward that end, in a reasoned and respectful
way, we're gonna have closing statements beginning
with Fareed for three minutes. FZ:
So, this is the 30th anniversary of a terrible,
terrible accident. This week is the 30th anniversary
of the Chernobyl nuclear accident. That accident
spewed more radiation into its region than
all the radiation that emanated from Hiroshima
and Nagasaki, the two bombs that the United
States dropped on Japan. The reason I bring
it up is because this is the kind of problem
we might face in the future. It is not a hypothetical
or speculative point I'm making. There is
now ample evidence that the perpetrators of
the Brussel's terrorist attacks were initially
or at some point, planning to try to explode
or to cause an explosion at a Belgium nuclear
power plant. If they had done that, you would've
had an absolutely catastrophic fall-out both
in terms of the radiation of course, the thousands,
and thousands of lives lost, the tens of thousands
of people displaced, but also politically.
There would have been a dramatic shift in
the attitude of publics in the western world
everywhere toward this whole debate that we're
having. And I think that's the point I really
feel is important to understand. FZ:
We do face real threats out there. This is
not the figment of somebody's imagination.
There are people out there trying to do bad
things. It is much better that we figure out
what the government is allowed to do, what
it is not allowed to do, what information
it can have access to, what information it
cannot have access to before you face one
of these terrible events because once they
happen, the public will react with fury. The
Government will be given carte blanche and
they will be able to do many, many, more things
than Mr. Snowden or I would want governments
to do. If you imagine the world
we are talking about without any kind of framework
of law. As we are talking about a world in
which there is a huge zone of privacy, safety,
immunity for terrorists, drug dealers, bank
launderers, criminals of all kinds to operate
and then you have these furtive attempts by
law enforcement authorities by the NSA, by
the FBI, to play in that dark zone. All of
this taking place in a kind of law of the
digital jungle. Is that really the kind of
world we want to end-up in? What I'm suggesting
is a more recent path which is we try to figure
out what are the laws that we can agree on
democratically? What are the systems that
we think courts should enforce so that we
can end-up in a situation where we balance
security and liberty in the way frankly, that
the United States and western democracies
have had to do since their founding. Technology
always sounds new and shiny and it changes
everything. Yeah, but it doesn't change this
age-old debate between security and liberty. Thank you, Fareed.[applause]
Ed, your three minute closing, please.
ES: First of all, I'd like to say, those are
important thoughts, and I think everyone in
the National Security Agency and other areas
of the US Intelligence community that I mentioned
previously, also considered those thoughts
when they said that America is safer, America
is more secure with unbreakable end-to-end
data encryption. But more generally, those
thoughts, important though they were, did
not address the proposition, which is not,
should we consider the powers that government
could have, but what powers should the government
have. Should the government have access, lawful
access to any communications or device even
though we know it would cause fatal harm to
the actual security that we have.
Now, the FBI director spoke on this saying
things very similar to what Mr. Zakaria said,
unbreakable encryption will allow drug lords,
spies, terrorists, even violent gangs to communicate
about their crimes and conspiracies with impunity.
We will lose one of the few remaining vulnerabilities
of the worst criminals and terrorists upon
law enforcement, upon which law enforcement
depends to successfully investigate and often,
prevent the worst crimes. The FBI also said,
if we didn't get the kind of lawful access
we're discussing right now, in three years,
wire taps worked by the FBI would be useless.
Only 40% would provide anything and a few
years later, they would provide nothing at
all.The problem is that's not
from 2016. That's not from 2015. Those numbers
are from 1992. And the laws did not provide
an encryption backdoor. Despite the fact that
in 1992, we did not change our laws nor in
'95 to compromise fatally the security over
every American product and device, law enforcement
is in a better place today than they have
ever been before for means of investigation.
The NSA's own classified documents but they
don't say it in public say that we are in
the golden age of surveillance. And they are
right. Computer security is a real threat.
And I must thank Mr. Zakaria for joining me
in this very important conversation tonight. And I wanna thank you all for spending
the evening with us. I hopefully learned or
I hope that he learned from me as I learned
from him. He is a master debater and this
was my first. So, it was very helpful.[laughter]
ES: But I would say, let's remember ultimately,
that saying the government should have lawful
access to any encrypted communication is identical
to saying that the government should mandate
weak security for all of us. Mandatory in
security might be convenient for investigators
here or there, no argument. And let's not
forget, also China. But the cost of doing
so would be fatal. Thank you very much.[applause] BG: Thank you both very much and all that's
left for us now is do our second and final
poll of the evening. So, you know what the
proposition is. Again, text DOTC2016 to the
number 22333, follow the prompt, and cast
your vote, yes for the proposition, no or
undecided.[pause] [BG:] I think we might
have fewer undecided. That's good. People
have formed conclusions. I'm not sure when
we call an end to this, who could tell me?
Are we, are we good? Alright. Thank you, everyone.
Thanks for coming. Thank you, Ed. Thank you,
Fareed. And goodnight.[applause]
