MS. DIANE REHMThanks for joining us. I'm Diane Rehm. A 29-year-old former CIA employee came forward yesterday as the source of the explosive information on the NSA's gigantic data collection and analysis programs. Criminal charges could be filed. The leaks have galvanized national attention on privacy expectations and rights in the modern age. Joining me to talk about the disclosures and their implications: Stewart Baker, attorney and former general counsel at NSA, Marc Rotenberg of the Electronic Privacy Information Center and Siobhan Gorman of The Wall Street Journal.

MS. DIANE REHMI do invite you to join us this morning. Call us on 800-433-8850. Send us your email to drshow@wamu.org. Follow us on Facebook or send us a tweet. Good morning to all of you.

MR. STEWART BAKERGood morning.

MS. SIOBHAN GORMANGood morning.

MR. MARC ROTENBERGGood morning.

REHMGood to see you all. Siobhan, what do we know about this young man, Edward Snowden?

GORMANWell, Mr. Snowden is a 29-year-old consultant for Booz Allen Hamilton, which is a major defense contractor. It does a lot of work in the intelligence world. And he has been a consultant working at an NSA outpost in Hawaii for the last three months or so. Prior to that, he worked at the CIA for about four years, and prior to working for the CIA, he was a security officer for NSA at University of Maryland. And he is not a high school graduate. He obtained his GED, which is pretty unusual for an intelligence officer. So we're all looking to find out more about him today.

REHMOK. So he is reportedly in Hong Kong. What's involved with extraditing him?

GORMANWell, I think we're gonna have to see what happens 'cause this is gonna be almost more of a political decision on the part of China to decide how much it should be cooperating. Hong Kong does have an extradition agreement with the United States, but this is a process that could take months even if it's just going as planned.

REHMStewart Baker, how do you see that extradition or threat there going?

BAKERI agree with Siobhan. This is going to be a relatively political decision. The extradition treaty undoubtedly allows Hong Kong to say this would not be a crime in Hong Kong, and therefore, we're not gonna extradite him. And spying on the United States probably is not a crime in Hong Kong.

REHMAnd as we look at this, Marc Rotenberg, since when did the NSA outsource this kind of work to a firm like Booz Allen?

ROTENBERGThis has been one of the big changes in U.S. intelligence policy post 9/11. The federal government has looked increasingly to the private sector to provide the resources, the technology and the expertise. And, of course, questions have been raised about the adequacy of oversight. I think it was even Stewart Baker who pointed out that at least with government employees, there's an opportunity to go to inspector general if you have concerns about your agency's program. It's not clear what you do if you're in the private sector and you have concerns about what your company is doing.

REHMStewart, how do you respond?

BAKERThat's true. I think that there's at least that possibility that if he were working exclusively in contractors' bases that he would not have an idea how he could report abuses within the system. If he was working in NSA, in facilities alongside government employees, I don't think that would be a problem. And, of course, he doesn't seem to have given much thought to the idea of proceeding inside the system, which he thinks is rigged against the American people.

REHMSiobhan, what does he say are the reasons for coming forward?

GORMANWell, he feels that the NSA's reach into American communications is far beyond what the public understands, and he says that he wants to provoke a public debate about it. He's made an interesting argument, in fact, that there has been little discussion about the retention of this information. And he makes the point that if you keep enough information about everybody for a long enough period of time, almost anybody looks suspicious. And I think that we'll probably see some more discussion about that point in particular.

REHMMarc Rotenberg, are we clear as to the kinds of information that are being retained and how they're being used?

ROTENBERGWell, I don't think we have the full picture yet, but what we have learned about the PRISM program is extraordinary. It does appear that the large U.S. Internet companies have provided to the National Security Agency, on an ongoing basis, virtually all the details of their user activity. Now, they will say that they've done this pursuant to orders issued by the FISA Intelligence Surveillance Court, which I think is a topic we'll need to come back to, and the U.S. government will say that these orders are primarily directed toward non-U.S. citizens.

ROTENBERGBut I think the reality at this point is that neither answer is very satisfying. The FISA court does not seem to be doing a particularly good job of oversight. And to imagine the amount of information on non-U.S. citizens that's being released is going to trouble, of course, foreign governments. And still within the U.S., we have concerns about the U.S. data collection.

REHMGo ahead, Siobhan.

GORMANWell, one interesting thing that this whole episode has revealed, particularly with the phone records program where the NSA has agreements with the major telephone companies to take phone call records...

REHMAnd that's the PRISM program.

GORMANNo, that's actually a separate -- that's the phone record program. I just -- but it applies to both.

REHMOK.

GORMANThere's sort of a -- there's a new legal theory -- and I'd be interested what Stewart has to say about this -- that you are now applying the investigative requirements of reasonable suspicion to the analysis of the data that's being received rather than the collection of it. So it's collect first and then determine later whether or not you can meet reasonable suspicion, which is a new way of approaching it.

REHMStewart.

BAKERThat's true. There really are two very separate things here, and I think that The Washington Post did a real disservice to the public by treating PRISM in the way it did. At most we know about the PRISM case is that the government has set up an arrangement with a number of companies that get a lot of FISA court orders. Say, they discover that Hotmail is being used by al-Qaida, they can serve a FISA Court order on the owners of Hotmail and say, please provide all of the contents of these emails.

BAKERAnd the only thing that we know PRISM seems to do is it allows for an electronic delivery of the request in the information, not exactly a big difference from what we always understood the government could do with FISA court orders. So in that area, there is really not much new, and The Post had a number of inaccuracies that made this seem like a much bigger deal than it did.

BAKERPlus, it came on the heels of the discovery that the government had gathered all of the call data, the numbers called and calling in to Americans, which made it sound as though the government had also gathered all of the email communications of Americans, which is not true so far as we can tell from what's been leaked so far.

REHMMarc Rotenberg, you look a little skeptical.

ROTENBERGWell, I'm a little surprised by Stewart's comment. I actually think Siobhan raised the right point in addressing this concern that the government has adopted a legal position, which says, in essence, we will gather all the data in the first instance and then meet the legal standard afterward as to the data that we intend to look at. And this is a particular problem putting the PRISM matter to the side for just a moment with the Verizon request. And I looked at that order.

ROTENBERGI've been studying, you know, the FISA court for many years, and I had never seen an order from that court where a judge said it was fine to compel a U.S. phone company to turn over records on U.S. customers engaged in solely domestic communications. And you have to take a step back and understand just how far removed that is from the purpose of the court or the purpose of the Foreign Intelligence Surveillance Act.

ROTENBERGThere is, even in the Patriot Act, a requirement that the request be reasonably related to some investigation. Well, it can't be the case that all telephone records on Verizon customers in the United States are reasonably related to an investigation.

REHMIt does sound pretty broad.

BAKERThat's a fair point of discussion. I just wanted to take all of our emails and all of the communications that go through electronic communications providers off the table because The Post has misled us on that. But there is a legitimate question about why the government would seek all of the call data about domestic calls. Now, call data is another word basically for billing records. It's the records that people used to get in their long distance bill about every number they call and how much they were being charged for it.

BAKERIt's always been available to the government, even local governments with a mere subpoena. It's been very easy to get. No one has treated it as having high-privacy value from the point of the view of the subscriber. What's new here is the agency that's getting it and the scale on which they're getting it. And those are certainly troubling. To have an intelligence agency gather that is something that you wanna understand about. But I don't think that it is a major change in the likelihood that someone is gonna look at our records.

REHMSiobhan.

GORMANWell, what's interesting about that is the Supreme Court determinations about the fact that there isn't a right to privacy when it comes to phone call data predate even cellphones, and so the law is way behind the technology in this case. And you're starting to hear people talk about things like dataveillance, which means that you take all of that data and you essentially conduct surveillance on that.

GORMANAnd so the idea is that once you aggregate all of this information, at some point, it may start raising some privacy concerns just because when the law was sort of last contemplated in this area, that just -- was not even conceived of as a possibility.

REHMSo it would seem that many people have had suspicions about how much data was being collected, but this young man has now made this very public in readiness for this kind of public discussion. Siobhan Gorman is with The Wall Street Journal, Marc Rotenberg of the Electronic Privacy Information Center, Stewart Baker. Short break. Right back.

REHMAnd welcome back. We're talking about new revelations in regard to what's private, what's no longer private. Here in the studio: Stewart Baker, he's an attorney at Steptoe and Johnson, former general counsel at the National Security Agency, former assistant secretary of policy at the Department of Homeland Security, Marc Rosen -- Rotenberg -- pardon me -- is executive director of the Electronic Privacy Information Center.

REHMHe teaches information privacy law at Georgetown University Center of Law. Siobhan Gorman is intelligence and Homeland Security correspondent at The Wall Street Journal. Here is a tweet, which kind of gets to the heart of it. It says, "No, no, no. Cellphone data with tower data and device ID is so much more than your billing record." Stewart Baker.

BAKERThere is no doubt that we are giving away more and more information to third parties than we ever did in the past.

REHMBut now we've got a fourth party, the U.S. government.

BAKERWell, the U.S. government is serving what amounts to a subpoena on people saying we want this information because it may be relevant to an investigation. What they are essentially saying is if we waited until we saw a crime and we're trying to figure out who committed it, we might not be able to find patterns prior to the crime. We might not be able to find the activities that led up to the crime. If we gather in one place, do not search it until we have a reason to search it, then we will be able to carry out a search that the court will approve.

REHMMarc Rotenberg, one thing we've learned is how advanced analyst techniques can put together these proverbial dots that Stewart's talking about.

ROTENBERGRight. I think the problem today, Diane, is that our privacy laws have not been adapted for a world in which it's the data...

REHMYeah.

ROTENBERG...as opposed to the underlying communication that has the real value because, you see, when you have the data, when you know identity, when you know time, when you know geolocation, you can look at networks and sequence of events, you're actually looking at a much richer world of information than simply trying to read through transcripts of telephone calls.

ROTENBERGAnd one of the concerns that we have is I think at this point, it's actually the NSA's analytic capabilities that are driving their surveillance investigations in the United States. In other words, it's a bit upside down. We're not saying, oh, here's a threat. Let's pursue this threat because we have the leads of some concern that needs to be investigated.

ROTENBERGThe starting point is we have this enormous data processing capability. Let's fill these servers with whatever data we can obtain from whichever U.S. companies have this data. And on that basis, we'll pursue our investigations.

REHMGo ahead, Siobhan.

GORMANWell, and the other development that has occurred in the last few years is just an enormous expansion of computing power. There have been a lot of advancements in Silicon Valley that have basically meant that you don't need supercomputers to do a lot of this really heavy duty analysis anymore. And so NSA has been piggybacking on some of these innovations, and it has adapted it into enormous sort of computing programs that it is now combining with very advanced algorithms.

GORMANAnd it's applied in places like Afghanistan where they say sometimes they can actually predict attacks. And so they are bringing enormous, different -- quantities of different types of data together thinking that in some cases, they can even predict the future.

REHMAnd, Marc, here's an email from David, who says, "How does prism differ from earlier reports a decade ago about ECHELON?"

ROTENBERGWell, I think one of the key differences, of course, is the rise of the U.S. Internet firms over the past decade, which we have all become so dependent on for our email and for our communications. And ECHELON, I will say frankly, I think was a bit overstated when those reports came out. It was really an intelligence sharing arrangement between five countries. It was described in the European press as a real-time intercept capability, which I don't think actually existed, not at least in the form described.

ROTENBERGBut the current information that we have about prism in some ways is much more troubling. We don't know the exact contours of the program, and the companies have been, you know, forcefully denying some of the characterizations.

REHMWhat companies?

ROTENBERGWell, Google and Facebook, both. Actually, over the last few days, both Mark Zuckerberg and Larry Page went out of their way to say that the reports notably in The Washington Post were not accurate with respect to their disclosure of user data. But even Google's own transparency reports reveal that they turn over about 90 percent of the information that the government seeks in the United States each year.

ROTENBERGSo whereas 10 years ago, the focus was on telephone communications and what type of information was being provided to the NSA. I think what we're learning today is that actually a lot more data across a lot -- many more U.S. companies is potentially being made available.

REHMAll right.

BAKERI think Marc has left out one significant difference between what was said about ECHELON and what is -- appears to be the case here. ECHELON was described as a worldwide global intercept capability looking at phone calls. It required almost no or no judicial oversight whatsoever. The program that's going by the name of PRISM, I think, incorrectly here, is entirely overseen by the courts.

BAKERNone of these companies will cooperate without court orders, and the courts will conduct and independent review of what is being done to make sure they think it's lawful. This is more oversight and more legal process than we have ever seen in the past.

ROTENBERGWell, look, I mean, Stewart's point really gets to the heart of the problem, and that is the question whether you think the FISA court really exercises independent oversight, and we don't. I mean, we think the system is just broken. You look at the reports of the court itself released last year. There was not a single order that was turned down. I think there were almost 1,800 orders that the government submitted to the FISA court. They may have been modified somewhat, but they were all approved.

ROTENBERGAnd when you're operate -- and the courts, you know, not only are the court's orders kept secret but even the interpretations of law in which the court relies, and the Department of Justice seeks this data, is kept secret. So to describe this as independent judicial review, I think, is a stretch.

REHMHow important, Siobhan, do you believe this disclosure by this young man Edward Snowden is?

GORMANI think it's important in that it sort of crystallizes what a lot of us, frankly, have been reporting over many years now.

REHMAnd concerned about.

GORMANWell, I mean, reporters aren't necessarily concerned about it, but they think it's an important issue to raise, right? I mean, we aren't taking a position on whether or not this is a problem, but certainly, raising the issue for public discussion is something that we're paid to do. So having reported on this over a number of years, when I first -- when I saw the headlines of The Guardian story, I thought, well, we kind of know this already.

GORMANBut what was different about it was actually having a document. I mean, I don't -- I've never seen a FISA court order before that wasn't actually released by the government. And I think that's maybe happened once before. So, you know, seeing it in black and white and seeing the verbiage that they used gives you a much better sense of how it is that these programs are being approached. And I think that that is what people were taken by.

GORMANI think that unfortunately, in the case of the PRISM program, we haven't seen as comprehensive a showing of what it is 'cause they're just a few PowerPoint slides that have been presented publicly. And I was speaking yesterday with the former director of national intelligence official asking about sort of this difference between what the government has said and what the slide seemed to say about direct access to these Internet companies.

GORMANAnd he said, well, you know, I mean, these are just government Internet, you know, government PowerPoint slides. You don't expect them to be accurate, do you? It's not a form of legal document. And this is somebody who's a lawyer by training. And so he said, you know, look, a presentation you have to make to the court is going to be very precise in its language.

GORMANA presentation that you're making to some colleagues, updating them, say, on the status of a program, may not be choosing its language so precisely. And if you're no expecting this is going to be released publicly, you may not think about how it would be received by another audience.

REHMSo how do you summarize all this, Marc Rotenberg? Do you simply say to the public here and now, nothing is private anymore?

ROTENBERGOh, absolutely not. I mean, I think what we need to do is look at how the privacy laws are operating, how the courts are operating and ask some hard questions, you know, is the court doing its job? Are the laws working? I don't think we take away from this, oh, that's the end of privacy. I think we say, we need to update some laws. We need to strengthen the courts. I think that's the discussion, in fact, that's taking place right now in Congress.

REHMStewart.

BAKERI think the fact is that we're fighting technology here and we're gonna lose. Technology is making it cheaper every day to gather, collect and analyze data. We can get mad at the U.S. government and say, well, the U.S. government will never be allowed to do this, but that just means that in five and 10 years from now, everybody else will be doing it, and the U.S. government will be constrained.

REHMAs the former general counsel at the NSA, how much do you care about your private information being kept private?

BAKERI would love to keep it private. I think the idea that I can do that is vanishing slowly but surely. And, you know, frankly, if I could just keep it out of the hands of the Chinese government, I would be happy, and I'm not trying to do that.

REHMHow can you? How can you? And, Marc Rotenberg, how are you feeling about it these days?

ROTENBERGWell, this is how privacy law comes about. I mean, I disagree with most people who say that because of technology, we have to give up privacy. The development of privacy law in the United States and other countries around the world proves almost the opposite point. When the telephone became wildly available and people said, this is a useful technology, and now we need some laws to ensure that communications are protected, countries put in place privacy laws.

ROTENBERGSame thing for computers. Same thing for emails. It's a challenge because the technology creates the opportunity for surveillance, but the law needs to respond, and it needs to carve out those circumstances where investigations are appropriate and make clear where prohibitions are necessary.

REHMBut all this information is shared by companies themselves, isn't it, Siobhan? If I order something online, that information gets shared all over the place.

GORMANYeah. I mean, it's interesting because obviously we've been providing more and more information to businesses over time. I mean, Amazon has quite a listing of the things that I've bought.

REHMExactly.

GORMANAnd so, you know, that's -- again, it's privacy law not quite catching up with where the technology is. You know, do we have a reasonable expectation that if I'm buying diapers online, the world's not gonna know whether or not I have a child? And so, you know, there are questions here that I think we just -- it hasn't reached crescendo, perhaps, until now, and we may well see a revisiting of some of these privacy laws just because I think that there is an increasing public awareness that we are giving more and more data away that, when pulled all together, can create quite a picture of what we're up to.

ROTENBERGBut let's be clear on this very important point. I don't think any Verizon telephone customer reasonably expected that the details of their telephone calls, unrelated to any investigation or any foreign intelligence collection, would be routinely made available to the National Security Agency. So there's...

BAKERWell, you're using made available in a very special way. That is to say, in a computer database...

ROTENBERGI'd use a stronger term. Verizon was compelled to turn over the information. That's what the court authorization does. It forces the company to make customer records available.

BAKERBut you know as well as I do the minimization rules that restrict the ability to search that data.

REHMAll right. And you're listening to "The Diane Rehm Show." I'm going to open the phones now. We'll go first to Homestead, Fla. Good morning, Stuart. You're on the air.

STUARTGood morning. Great show. I think it goes beyond privacy. I think it goes beyond -- it deals with the Constitution. Aren't we all presumed innocent until proven guilty? They are now presuming all of us guilty by casting this wide net. And my belief is there are either two reasons: Either we have a shadow government that is the most paranoid entity the world has ever seen, or we are under dire, imminent attack.

GORMANWell, I think he's raising an issue we were talking about a little bit earlier, and I think that this is why it's valuable to have a public discussion about these things and I think why we saw senators talking about the U.S. government practicing secret law, that if the presumption of reasonable -- or the requirement to show reasonable suspicion is now applied after the government collects data. That's an important discussion to have, and I think we're now having it.

REHMStewart.

BAKERLet me give just one example. The Tsarnaev brothers, they were not suspects prior to the Boston bombing. If we wanted to find out who they were talking to a month ago, two months ago, the only way we're gonna be able to do that is if we have the data and it's readily searchable.

REHMBut then the question is why didn't we?

BAKERWell, because they weren't suspects, and because we did not have a basis for searching that database.

ROTENBERGAlthough apparently we were notified twice by the Russian government that we should investigate them. So we'll put that aside for the moment. I think your caller actually raised a very important point. Sometimes when you talk about these privacy issues, we focus a little too narrowly about who has access to personal information, but there are typically other interests involved. And the key interest here, of course, is the transparency of government...

REHMExactly.

ROTENBERG...and the independence of the judicial authorities. And our view is that this surveillance program has also imposed an enormous cost in terms of government secrecy that also needs to be considered.

REHMIt also raises, I think, a great deal of paranoia on the part of some people who may believe -- who argue that the government is too big. It has too much power. Rush Limbaugh even used the word government coup taking place, Siobhan.

GORMANWell, it's interesting that we're now seeing sort of the right and the left ends of the spectrum coming together on this issue. I mean, you're seeing Rand Paul make the same kinds of arguments that Marc would make, and I don't know that they're always on the same page when it comes to political issues. But I think that -- especially when it comes to civil liberties -- you are starting to see the political beliefs come full circle here.

ROTENBERGOne other point -- and, of course, I think privacy is one of the issues that tends to unite Americans. It's something we all feel strongly about. Now, this problem of secrecy is a serious one, and the U.S. Supreme Court this year heard an important challenge to the FISA Amendments Act, the Clapper case. We wrote a brief for the court.

ROTENBERGOne of the points we made is that the government's secrecy regarding the program does, in fact, contribute to people's reasonable belief that they may be subject to unlawful surveillance, because without the oversight and accountability, we simply don't know how the authorities are used.

REHMBut, Stewart, the argument that the president made, the argument that those in the security industry are making is if you wanna stay safe, you may lose part of your security.

BAKERI think there's no doubt that that's a significant risk. The last time we saw this sort of left-right coalition over privacy was toward the -- in the second term of Bill Clinton. Not -- it's not a coincidence. And the fever of attacks on government efforts to investigate terrorism helped to set the stage for 9/11 in very significant ways, including the FISA court's excesses.

REHMStewart Baker, former general counsel at the National Security Agency. Short break here. When we come back, more of your calls, your email. I look forward to speaking with you.

REHMAnd we're back, talking about privacy and security. And I must mention that Booz Allen is one of the corporate sponsors of WAMU FM, and I did want to be transparent about that. Here's a tweet, "Are the records gathered by the NSA subject to Freedom of Information Act request? Could we all file FOIA request for our records?" Marc.

ROTENBERGWell, having tried to sue the NSA several times on privacy issues, the right exists. But these are difficult cases to pursue, in part, because the National Security Agency has a very broad exemption for its activities. And it can even, in some circumstances, deny the existence of records that it has in its possession. We ran into that in one case. But I do think the person who sent you this note is onto a key issue, which is that, by tradition, in U.S. law and the Privacy Act, we are supposed to know what information the government is keeping about us.

ROTENBERGThat was the post-Watergate response to the concern of government spying on its citizens, that we would have the ability to know what is known about us by the government.

REHMAll right. Let's go to Virginia Beach. Good morning, David. You're on the air.

DAVIDGood morning, Diane. Great show. Wonderful topic. I'm an attorney who practices in the security clearance world. So both as an attorney and with regard to Mr. Snowden's release, I have two comments both related to the comment of one of your speakers who said that there is very little difference between the government's ability to get your records under this blanket order from the FISA court and the distinction between that and the ability to mine the data.

DAVIDFirst off, for a typical court, you have to -- the government has to prove that they have probable cause before the access to information is granted. Whereas here, they're simply asking for the information and then once they have the information, of course, once they actually can mine the data, they'll find what they're looking for.

DAVIDAnd for those who say, well, why didn't we know this about the Boston bombers, the fact that the technology that the government has not yet provided the capacity to adequately and efficiently mine that data does not mean that it won't exist at some point in the future.

DAVIDSo I'm extremely troubled that the government can simply get any data they want and then look to see if there's something, as opposed to the requirement that we've always relied upon that the government prove first that they have probable cause...

REHMStewart Baker.

BAKERYou know, David, I think there is a misunderstanding here, and I understand how that would happen because of the way the stories broke. But the fact is that the government is collecting this information, but it is still subject to a host of minimization rules that mean that it has to establish the relevance of each inquiry into the data. And so in a sense, the government is collecting it first but being overseen in its searches of the data as opposed to having the oversight come before it can collect the data.

BAKERBut that's a very basic, you know, there's a long tradition of putting restrictions on the collection. But as a practical matter, the question whether you impose those restrictions before the collection or before the search may make less difference than you think.

REHMStewart, do you believe we are safer because the government is doing this kind of data collection?

BAKERI have no doubt.

REHMYou have no doubt?

BAKERYes.

REHMSiobhan.

GORMANWell, I think that the remains to be seen because what we can't know is, if they had collected the information another way, could they have basically gotten the same result? And this is the problem that we run into with a lot of the controversial counterterrorism programs. One thing I did want to hit on, though, it's a good point that the caller made, which is that the analytical capabilities of the U.S. government and everybody are developing very rapidly.

GORMANAnd so the notion that we can't necessarily make all the use of the data now, so maybe we don't need to be so worried, is a tough one to sort of see through down the line just because we've seen the analytical capabilities, particularly of NSA, improve over the years. And -- I mean, my understanding is, they still have much more data that they can every truly manage. But you don't know what sorts of technological evolutions are gonna take place down the line.

ROTENBERGWell this last point is critical, actually, because it's those analytical capabilities that are eroding the minimization requirement in law. And so to say, for example, the government will collect the data but will then be very good about using the data only in certain ways, I think completely misses the evolution of the techniques that the government is using.

REHMAnd here's an email on that point from Marylyn in St. Augustine. She says, "Remember how outraged we were when the government wanted to know what books we were checking at the library? We have come a long way in just a few years. It's beyond scary to me." Stewart Baker.

BAKERYeah. Actually, I'm not sure the government was ever all that interested in getting access to the books we were checking out. That was...

REHMSomebody was.

BAKERYeah. That was mostly a story in which the librarian said, we wanna be sure the government can't get access to that data as opposed to a host of such requests.

REHMAll right. Let's go now to Scranton, Pa. Good morning, Michael.

MICHAELYes. Hi. I was just wondering. There are a very strict HIPAA laws regarding medical information and restricting the access to medical information. How do you feel in light of this trusting the government with your medical information?

REHMWhat do you think about that, Siobhan?

GORMANWell, I have had people raise that issue with me, speaking with former NSA officials. They are concerned that it may be possible for NSA in certain inquiries to get access to medical records and that it will become increasingly the case. I mean, my understanding is that NSA has also been tapping so-called data brokers that have a whole host of information, and I don't have the details on the circumstances governing that. But those types of repositories of information, over time, could become, you know, quite informative when it comes to what's going in our personal lives.

REHMMarc Rotenberg, you would acknowledge, I think, that we live in a more dangerous world today than perhaps 20 years ago?

ROTENBERGWell, I don't know, Diane. I've actually thought about this issue quite a bit. I thought about the period in time when the Foreign Intelligence Surveillance Act was enacted. You know, it was the mid-1970s. We were looking at the Soviet Union, a great superpower with nuclear capabilities. Are we really more at risk today than we were in the mid-1970s? I'm, you know, I'm sure Stewart could help make that case. But nonetheless, in the 1970s, Congress said we need to establish some meaningful oversight even in national security matters.

ROTENBERGAnd I think it's important to keep that a bit of history in mind because we've now entered the current era where we don't face these great superpowers as adversaries, and yet we have significantly diminished those safeguards that were put in place in the 1970s.

REHMBut we do face the existence of this overwhelming web of messaging, of Internet use, and that does create a huge difference from, say, 20, 30 years ago.

ROTENBERGRight. But this actually comes back to my original point, which is a concern, and that is that our surveillance activities are being driven today by our surveillance capabilities as opposed to the identification and pursuit of threats. And I think that particular paradigm will not end well. I don't think we should be allowing our laws to bend so that the NSA has greater abilities to capture data on U.S. citizens.

REHMSiobhan.

GORMANWell, I'm also interested to see how much discussion and -- because I'm not a technical person. But my sense is that there's also a lot of technology out there to promote privacy. I mean, there are anonymization on capabilities and things like that. I'm sort of wondering whether or not we will see maybe more of a push for development of those types of capabilities, and the kinds of things that would drive that development would be changes in law or at least changes in sort of parameter and understanding of privacy rights.

REHMSo how are we going to find this balance between safety and privacy?

BAKERSo I -- it seems to me that we -- the government has tried just about everything that can be done consistent with maintaining the confidentiality of our capabilities. All three branches of government were briefed on this, presidents from both parties, congressional delegations from both parties, a dozen members of the judiciary allowed these things to go forward. If that's not sufficient, then I don't think it's possible to do intelligence gathering with the kind of constraints that people may want effectively. I think we really are at the moment of great choice.

REHMSo Sen. Feinstein, for example, has said that the Congress was fully informed. But you've got Congressman Udall and others hinting otherwise.

ROTENBERGWell, Sen. Feinstein, of course, chairs the Senate Foreign Intelligence Committee. She's intimately familiar with the program and certainly, you know, is defending it. But I think many members of Congress are very surprised. I think, again, coming back to the Verizon order where it's pure domestic communications that that court authorized access to is just -- it's almost breathtaking.

ROTENBERGAnd I would disagree with Stewart when he talks about imposing constraints. I don't know if there's so much talk about imposing constraints. I think what we're talking about is imposing accountability. And it isn't just the three branches of government. You actually need public reporting. This is in our federal wiretap laws. You need the public and journalists and others to be able to see how many of these orders are being issued, how effective this program is. I think the one thing we've learned over the years about these secret surveillance programs is that secrecy is the wrong approach.

REHMAll right. To San Antonio, Texas. Blake, you're on air.

BLAKEHi. I just wanted to comment on, you know, the dichotomy, I guess, of trying to not attack the bad guys on their own turf. I mean, they're using computers and cellphones and all that sort of thing, and if we're gonna foil or catch them, we're gonna have to use comparable technology.

REHMSiobhan.

GORMANWell, yeah. I mean, that certainly is the case, and that's what NSA is doing. However, the question that you're raising is, well, what is on their own turf? And when you're talking about the Internet, turf is a lot less clear, and I think that's the challenge that NSA has been running into, that these things don't neatly fit into geography anymore.

REHMStewart.

BAKERSo it does seem to me, though, this comes to the question of whether we face greater risk now. There is no doubt that the development of this technology has empowered individuals and small groups to have a kind of security of communication, ability to coordinate across the globe that didn't exist before in the hands of a small group. And, you know, in 1974, we would not have seen a few people in Afghanistan able to kill 3,000 Americans. It's just a development of the technology that has empowered a lot of people. And if we don't take advantage of it, their empowerment will hurt us.

REHMAll right. To Gwendolyn in Fresno, Calif. Good morning.

GWENDOLYNHi, Diane.

REHMHi. Go right ahead, please.

GWENDOLYNI'm sorry. As I understand it, our Constitution protect us from illegal searches and seizures. However, it almost seems that we have stopped addressing the potential illegality of the seizure in lieu of this future oversight of the search.

REHMMarc.

ROTENBERGWell, this is very important question. And it's the point that we raised last week in objecting to the Verizon where -- which has there is a Fourth Amendment prohibition as to the seizure of personal information in addition to the search. And so the question becomes, you know, how can the government compel a private company, which is what a court order does, to turn over information about all of its customer's detailed information, by the way, without meeting some Fourth Amendment standard?

BAKERWell, the Fourth Amendment standard is unreasonableness, and the question is what's reasonable.

REHMAnd you're...

ROTENBERGThis was not.

REHMAnd you're listening to "The Diane Rehm Show." Is that what it comes down to reasonable versus unreasonable, Siobhan?

GORMANWell, certainly, I mean, that's the standard in the Fourth Amendment. But I think that what we are now seeing with the development of technology is a new sense of what's reasonable because, yes, phone call records, what you get on your phone bill, maybe you don't -- you may or may not feel like that's private information. Your location on a moment-to-moment basis you may feel is private information.

GORMANHowever, you know, former government officials have pointed out to me that the FBI is actually empowered to follow you around on the street if it so chooses, and it doesn't need a warrant to do that. So the question is, if you can do that en masse electronically, is it substantially different, and is it unreasonable?

REHMAnd here is another tweet, "The EU is light-years ahead of the U.S. in terms of privacy protection." Your thoughts, Marc.

ROTENBERGThis is a very interesting aspect of the story that I think most of your listeners are probably not aware of. But the Europeans, for the last several years, have been making steps to update their privacy laws. And it was appropriate and sensible that they would do this. They were also being told on the U.S. side that they were taking privacy too seriously and that they shouldn't worry so much.

ROTENBERGAnd that self-regulation and, you know, the other U.S. approaches were sufficient. And there were some effort actually to try to reach an accommodation between Europe and the U.S. I think now, based on the news of the past week, the response in Europe is likely to be, you know, we had this right. We need new privacy safeguards. And I think that's where the movement will be.

BAKERIf I could, I negotiated with them on some of those things. And it is my observation they are not light-years ahead of the United States on restrictions on the government. If this kind of program were operating as it probably is in many European countries, the government would simply say to the providers, why don't you volunteer us that information? Just give it to us. And that would be lawful everywhere in many places in Europe. It's not lawful here. We are way ahead of them in posing restrictions.

ROTENBERGThat's actually not correct, Stewart, 'cause if you look at the recent opinions of the European Court of Human Rights, the Article 8 authority has been expanded significantly with respect to those disclosures from private companies to police agencies. There's been a significant pushback within the European courts against the type of practices you're describing.

BAKERBut the practice doesn't get reviewed.

ROTENBERGAnd I think in the U.S. interestingly, if the Clapper case had been decided later in this time, you might have also seen the U.S. court reach a decision similar to what the European courts have.

REHMSo where do you think we're headed, Stewart?

BAKERWe're gonna have a debate about this for sure. I do not think there's a solution here that involves making public our classified intelligence gathering programs. And, therefore, there are relatively few easy answers in this area. And it really will boil down to a question of, are we willing to take action that will harm our ability to respond to threats or -- in the name of privacy? Some people will obviously feel that that's necessary, but I don't.

REHMStewart -- go ahead, Marc.

ROTENBERGI think Congress needs to look much more closely at the operation of the Foreign Intelligence Surveillance Court. Right now, the oversight system has simply broken down, and I think people in Washington are aware of that. And it means there is going to be a need to reestablish those structures that I'm sure the government pursues lawful investigation.

REHMSiobhan.

GORMANI also think that we're gonna see a discussion about the role of the Foreign Intelligence Surveillance Court. And there may be a press against the government to actually show a little bit more information about what it is that this court does because there's gonna have to be a decision as to whether we can outsource accountability to this court.

REHMSiobhan Gorman of The Wall Street Journal, Marc Rotenberg of the Electronic Privacy Information Center, Stewart Baker, he is the former general counsel at the National Security Agency. Thank you all so much.

GORMANThank you.

ROTENBERGThank you.

BAKERThanks.

REHMAnd thanks for listening. I'm Diane Rehm.