IGF 2017 - Day 3 - Room XXII - WS209 Legal Challenges in Cloud Forensics


The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> MODERATOR: Good morning, everyone.  We're just waiting for a technical issue so the online participants can join us.  So just a few more minutes, and we'll get started.

>> MODERATOR: Good morning everyone.  Thank you for coming in.  I appreciate you coming in this early in the morning for our session.  As we get started, for those that are listening online, we're working out any remaining issues, however, we don't want to lose any of the time we have allotted.  So we will begin.  That being said, there is one person ‑‑ we ask that the ear pieces you have in front of you, you can go ahead and put those on so you will be able to hear her presentation.  We will start with her.  As soon as we are confirmed that our technical issues are resolved.  That being said, I would like to introduce myself.  My name is Pace Frank.  I'm with the University of Groningen.  I'm with the law enforcement and background in law enforcement from the United States.  Joining me today online is Ms. Marie Angela Biasiotti, from the institute of technique at the Italian research council.  And to my right is Jan Ellerman ‑‑ yeah from Europe data protection office.  Next to him is Mr. Christopher Kelly from the Massachusetts Attorney General and Marcus Hartman, senior prosecutor at office of cologne.  And we have Mr. Ken Pennington and to his right is Mr. Patrick Curry with the BBFA, joining us as well. 

      So to kickoff our meeting, if you read the introduction to our session, we are focusing on what I think you have probably seen as a common theme here at IGF and also on the forefront and issues related to Internet governance.  That is the cross border access in criminal investigation and counterterrorism investigations as well.  Many issues are on the forefront, including current, pending court cases in the United States, legislation both here in Europe and the U.S. as well. 

      The goal today is to have each panelist involved in each of their respective fields to elaborate on the realities of how this is affecting law enforcement operations both here and in Europe.  We will begin with the presentation from Jan.  That is going to be on the perspectives of the Europe poll data protection. 

>> JAN ELLERMAN: Good morning, everyone.  It is a pleasure to be here.  When preparing the presentation for this panel here, I thought about ways on how to go about this.  If you can go to the next slide.

      What you see in the background now, fairly recent headlines, basically.  Being you start the presentation?  Go to ‑‑ yeah. 

      What you see raining down now, fairly recent headlines, and what is common in the theme is basically that all of them could be a topic for this panel.  I just let them rain down while introducing myself.  As mentioned, my name is Jan Ellerman.  I work for Europe poll data protection for a little over 10 years, and during that time I served as a public prosecutor during Germany which is very good experience for the job I'm doing now.

      Switch to the next slide.  So the common theme, basically, for all the things we will discuss here on this panel, as far as I'm concerned is that it is always about security and freedom and what you see here on the slide right now is a quote from Bruce Nia that many refer to as the godfather or rock star of security.  In 2008, he made this quote.  The security versus privacy, it is the better of the century, or at least the first to cave.  There are many legends surrounding this gentleman, one of them, go to the next slide, is this one here.  That's not what I wanted to talk about.  Basically, what I wanted to talk about ‑‑ next slide, please.  Whether it is a good idea to talk about security versus privacy, and whether it is not possible to do a little bit better than that. 

      So basically, I'm personally convinced that if we do it right, if we want to get it right, we need to increase both freedom and security.  So we need to move away from the tune freedom versus security.  That is what privacy by design and data protection by design is all about.  So I found this looks very cool.  Me and the famous Bruce shire.  And the truth is ‑‑ if you go to the next slide ‑‑ there are a lot of smart people who agree with that assessment, basically, that it is not freedom versus security, but it is both, and that includes Bruce in later publication.

      I want to issue a small warning.  I think if we want a reasonable debate on this topic, you need transparency.  You request transparency.  I have a number of slides that will illustrate what we are exposed to in the law enforcement world.  There are explicit ones.  With the United Nations unit, there were some refer units are about monitoring online content, propaganda, in the Internet referral unit.  When this was introduced, there was a huge debate on whether or not that starts the beginning of the Internet censorship in the European police office.  If you look at the next slide, this is what we're really looking at.  This has nothing to do with freedom of expression, but this is what our colleagues are exposed to and trying to prevent.

      Next two things, such as this is what we call Hollywood style propaganda.  This is propaganda that is tailored to lure vulnerable people, in particular young people into the hands of the Islamic State.  We look for this kind of propaganda and we inform the Internet content providers, basically, about its existence, recommending deletion.  So what the next slide is about enforcement.  We don't have enforcement of removal.  What we show is this is noncompliance with their own rules and regulations.  As you can see here, you could do this, this afternoon or right away on the smartphone. 

      So my message here is, every average Internet user could be doing the same.  The lady you see on the slide, that is my grandma.  Really her.  She's 97 years old.  I told her how Twitter and things work, she's online, 24/7 to fight against the Islamic State.  That is confidential information, so it stays here for her protection.

      This is a screen shot into the sexual exploitation of children.  I give you a few seconds to read through that.  That is probably most efficient here. 

If you are reading that, basically, what you see is atrocities, not just physical abuse, psychological abuse, and my message here for you is we need the tools to effectively prevent and combat the things that happen online.  That's reality.  So when I read that, I found it really shocking. 

      On the other hand, I'm aware as a member of the data protection community that many of you argue whenever it is complicated law enforcement plays the terrorism cards and afterwards, you play the sexual exploitation of children card.  I do that here because that is the reality we're confronted with.  It is not limited to that.  If you look to the next slide, basically, this is a screen shot from the dark net.  Here somebody can order, you can order easily a handgun with the silencer.  I can ask you what is the business cases for the individual to order a handgun with a silencer.  There are none.  There are hundreds or thousands to buy with a mouse click.

      To conclude here, I want to convey to you that we take data protection and privacy seriously.  We have a quote from the executive director clearly acknowledging the necessity to have a robust data protection regime.  At the same time, I think we need a public debate, together with you, on how we can get it right.  And with these words, I conclude.  Thank you very much. 

>> PACE FRANK: Thank you, Jan.  Moving on to Chris, I would like you to discuss the efforts and challenges you worked on in the past.  The floor is yours.

>> CHRIS KELLY: My name is Chris Kelly, I run a cyber forensic labs in Massachusetts.  It is probably one of the larger ‑‑ certainly in the commonwealth of Massachusetts but across the country for the U.S.

I have been a prosecutor for the last 15 years, focused almost exclusively on cyber cases.  I will talk about some of the emerging issues, legal and policy issues that we see in the U.S. and how they're shaping what we do every day in law enforcement in terms of our forensic investigations, cyber investigations as well as any other nontraditional or traditional types of criminal cases that we use digital evidence in, for the purposes of detection, investigation or prosecution.  We have some rather significant challenges, like everybody else in the U.S.

But with the number of major providers that we have there, there are increasingly complex two major cases before the Supreme Court in the United States, that could have a profound effect on the law enforcement in the U.S., but also globally with the way they play out.  The first is one that is probably less well known in the international scale.  It is carpenter versus the U.S.

This is a case heard before the Supreme Court in the last month or so.  It is a case that deals with law enforcement surveillance of a suspect in a bank robbery case there was a court order issued for a cellular provider over the course of three or four months, they determined exactly all the different movements for the particular suspect, ultimately tied him to a series of bank robberies that he was tried and convicted in and ultimately sentenced. 

      The case was heard before the Supreme Court.  The challenge in this case is weather U.S. based law enforcement should use search warrants for the purpose of tracking a person for that period of time, based on constitutional needs and dealing specifically with the stored communications act.  The stored communicates act is a federal statute that all must adhere to for the purposes of demanding that third party providers ‑‑ cellular providers, Internet service providers, social network providers, provide that information to law enforcement in the course of an investigation.

      We deal now with the different security and privacy interests and balance those with public safety interests.  It is a difficult conversation to have.  It happens in board rooms, in courtrooms and certainly happens before all the different legislative bodies now. 

      This case, we don't have a resolution to the carpenter case, but indications from the Court were rather significant, questions to the government about how much surveillance is too much, how much is ‑‑ what type of order should be necessary for law enforcement to enhance what they can do visually by tracking somebody using the technology.  We don't necessarily have an analog to what we are dealing with it comes to the digital world we're in.  Courts are wrestling with the issues and having a difficult time.  It is interesting to see how it comes up because of the third‑party doctrines.

      The second case is far more difficult and salient to the conversation we're having today.  This is what is known as the Microsoft Dublin matter.  Or Microsoft Dublin case.  It deals with U.S.‑based access to data that is stored on a foreign soil in Ireland. 

      The way the case came to be is federal law enforcement applied for a search warrant for data held by Microsoft.  They were granted that search warrant.  When I went to execute the search warrant, they received certain information back from Microsoft.  The response was that other data was stored overseas and this was content data and couldn't provide that to law enforcement.  There are a series of challenges that went all the way up.  Now the case is before our Supreme Court.  And the question now before the Court that we deal with is this.  Does the federal U.S. stored communications act allow for essentially the claim of extra territorial jurisdiction.  Extra territorial application of our search warrant capability? 

      This is a question that deals with not only the legislative history of the electronic communications privacy act, going back to 1986, but also additional constitutional dimensions and challenges that we'll see play out.  So far, I think a total of 36 states in the United States have come out in support of the Department of Justice's position.  When it comes to this petition.  Several district courts, federal district courts have also come out and rules in the opposite manner from the second circuit and therefore made it right for the Supreme Court to have heard this case.

      The case ‑‑ it will be ‑‑ you know, there is a number of legislative and policy considerations that surround, but the case is refined to the small issue of whether the stored communications act does or does not allow for this type of application of the search warrant.  Obviously, this has an impact on international, you know, cross‑border data sharing.  It will be interesting to see how this case turns out.  Want me to keep going?  I can come back. 

>> PACE FRANK: Thanks, Chris.  Moving on, I will go to Ken from PSNI and the perspective that we want to have Ken relate to the audience is that of the challenges and the realities of what is occurring on the ground in law enforcement at the investigative level.  With Ken, I will let you explain further.

>> KENNETH PENNINGTON: Thank you.  I have approximately 30 years in policing, spying, the period of conflict.  This may appear as a divergent, I mention it by way of reassurance.  If there is one thing that I learned, it is that the application of the law is a mechanism and not a rationale.  Why are we doing these things?  Fundamentally, whenever we came to deal with the field of terrorism, we need to establish legitimacy or can I say it in a simpler term, trust with communities that we would use whatever powers we were given in an appropriate manner. 

      What I find is in any form of an investigation, it is not security versus privacy.  It is rights versus rights.  We have the rights of the suspect, they're a suspect.  I don't consider their guilt.  I have to consider the rights I engage.  But I also have a positive obligation to protect the rights of others, the potential victims, the people you saw in Jan's examples, I have an obligation in law to act.  So I have to balance those two factors.  When I come to balance those things, I have a number of tests.  I have to be proportionate.  So the level of intrusion I will be looking for will be the minimum that I require in order to achieve my reassurance that I am meeting the positive obligation to protect the rights of the others.  And it will be a sliding scale determined by the level and severity of the offense that I'm considering.  I also need to have a legal power.  I can't act without a legal authorities.  I act on behalf of the state, hence the importance of getting powers in place to allow me to act.

      I also need to be accountable.  Whatever decision I take, I provide an audible, I need to be responsible for it and be prepared to stand in a court of law and defend it.  Because my proportionality test could be subjective.  It needs to be tested.  My interpretation of the law may or may not be correct, because that changes over time.  And my final test for normal policing is necessity.  Do I need to do this?  So when we look at the powers, those are the tests I will apply.  What I would add to that, in this realm of cyber is timeliness. 

      Some of the processes we have, you know, letters of request, the mutual legal assistance treaties, so forth, can take up to six months.  In that period of time, we are still seeing people's rights engaged, the risk of life being put to risk, the right to private life, security, liberty, all being put at risk during that time frame.  It could be postponed by the host country, not us, it could be postponed if there is a parallel investigation ongoing. 

      What I am hearing from the ground is some of the problems are in cloud storage access and the legislation we have nationally may not be fit for purpose.  And we have to interpret current legislation to just get some action.  We also have the problems of hackers using stolen servers from another jurisdiction.  Another big problem for us.  Cryptocurrency.  The ability to connect a virtual wallet with a real person.  That has to be done so quickly that we can really do it currently in the most serious of cases, which means criminals are basically getting away with criminality. 

      The dark net and encryption presents us with difficulties.  We have ways of getting around those difficulties, none of which I can really discuss here.  None of them are quick, none of them are easy, and none of them come without a financial cost.

      ISPs, when we work with them, what I would say is generally helpful.  However, less so around large scale hacking.  And around more.  That is an area we might see on the increase.  I suppose as a law enforcement officer, whatever we develop, I would like to see it being future‑proofed, if at all possible, that is.  The reason I ask for that is that what I see is that legislation tends to be national and tends to be slow to develop.  But these technical problems and technology tends to be international and quick to develop.  So there have to be new mechanisms to address this problem.

>> PACE FRANK: Thank you, Ken.  Certainly a lot to digest and develop.  We will take your questions at the end, and with that said we will make up for lost time.  Next is Marcus Hartman.  The floor is yours, sir.

>> MARCUS HARTMAN: I would like to give you a quick overview of the cyber complications.  And what the complications the league has.  I'm a senior prosecutor with the cologne prosecutor's office, this office is responsible for the cologne district and the state of north (?).  That is one of the 16 states.  The biggest, it has about 18 million population in the area of Germany and one‑third of Germany's top 100 companies are located in my district.  We have quite a few high‑profile cyber crime cases that my department is in charge of.  One of the cases I would like to pick as one example is the ransomware that all of you heard about recently.  The ransomware has spread through clever compromise of a Ukrainian software.  This caused a lot of damage in the Ukraine themselves and the whole of Europe and abroad.  Because every company that has business relationships with the Ukraine has to use this software and thus got infected through the compromised update. 

      Basically, this is just one example of how such a sample thing as this can disrupt.  Every case is an international case.  There is no such thing as local or country‑based criminal investigations in the field of cybercrime.  We take that in mind, I have to keep that in mind and take that for all considerations as to how the legal framework for addressing these cases has to change.  I would like to print you with a few ‑‑ present you with a few ideas with what could be the keys to success in order to fix the present situation.

      First, I would like to mention that was said already is speech.  If we don't get access to the information relevant to the information in time, we don't get access at all.  Data that is delivered to us with a delay will lead us into nonexistent discovery of further investigations that means if we don't get the data in time, we cannot seize the servers, cannot arrest the data abroad, and in fact, all the investigation might stop if the access is not presented in a timely manner.

      Whether this could change through an improvement in international legislation may be allowing direct access from one country to another or whether we would fix this matter by investing more resources, people and technical resources into the given system of mutual legal assistance.  It is not relevant to fixing the practical issues, but we need to recognize that we have to do something about that, because speed is the main limiting factor at the moment.

      Second, we need to deal with efficiency of investigations.  At the very moment, we have lots of discussions ongoing with all types of organizations, with companies, and everybody is developing his own system for law enforcement access.  May be an online platform or traditional means of phone calls, whatever.  We need to find some sort of standards that allow for quick and efficient cooperation.  We need to establish some sort of level of trust in the international communities so that every prosecutor can see already by evaluating the formal grounds of request, whether this request comes from a party that is ‑‑ respectable party and should be followed or not.  For example, we have no agreed standard for shared, encrypted, authorized communications among law enforcement on a global perspective.  Somebody is using PGP, next are using S mime.  This is another technical issue that has to be dealt with on the grounds of efficiency.  The third one, I would like to think about the prosecution on an international scale as something like an international team.  I would like to see at some time in the future distribution of prosecution clusters.

      I will come back to at this time example I presented at the beginning of the talk.  The Peja ransomware.  We have 16 states in Germany alone investigating this Peja case.  If you see it in a broader perspective.  We have global infections.  Do we really have the need that every state is investigating this case on its own?  Everybody is analyzing the malware on its own?  Everybody is following the data and financial trades?  I think we have to find new ways of cooperation, and find legal grounds in order to organize such a form of distributed prosecution among a global law enforcement community.  That's it for now.  Thank you. 

>> PACE FRANK: Thank you, Marcus.  Very, very valid points.  I think to focus on the immediacy of need of access of data is key and efficiency.  These are items discussed and mentioned by companies like Microsoft, Brad Smith and Kent Walker from Google and comments from Eric Holder from the United States, Attorney General.  All to point to the issue that have to pertain to the MLAT procedures and access of information in a timely fashion.

      With that being said, we will move on to the last panelist, Marie Angela Biasiotti will be online.  If you put your ear pieces on, you can listen to her.  We will let her begin as soon as we are connected. 

     >> MARIE ANGELA BIASIOTTI: Yes.  Hello, good morning, can you hear me?  Can you hear me? 


     >> PACE FRANK: Okay.  Go ahead, share your screen with your presentation.  And we will begin. 

>> MARIE ANGELA BIASIOTTI: Can you hear me? 

>> Yes, we can hear you.

>> PACE FRANK: Yes, we can hear you. 

>> MARIE ANGELA BIASIOTTI: Okay.  Good morning, everybody.  Thank you for inviting me to this interesting session.  My presentation today would be one where we are working with.  I am with the international council of opacity, and three years of working with the evidence and treatment and alignment of practices in the European Union with the Attorney General.

      Before presenting my brief presentation, mainly focusing on the evidence in the cloud, I would like to say that our approach with the evidence project, we follow‑up with another project in the next year, in 2018, I think that will launch we are not law enforcement (?).  We are academic.  We are finding the way to a different cooperation between the stakeholders.  We think our approach also because it is (?) (Difficult to hear presenter)

so in our status at the evidence project, we have a one of the top issues that needs to be solved.  (No audio feed)

(No audio)

(Unable to hear remote presentation)

     >> PACE FRANK: Thank you very much, Marie Angela Biasiotti.  Thank you.  Before we get into questions and before we conclude the session, I think the presentation you just observed is a good example of the efforts that have been underway in the EU and abroad over the last several years to address both the technical policy and societal questions and challenges that are very much a part of this topic.  With that being said, I will take the remainder of the time to open up the floor to any questions any one ‑‑ to any one of our panelists.

>> QUESTION: I want to ask the panel, what is being done at the level of the UN?  Maybe there is ownership of the countries, but lots of ‑‑ you know, this opportunity from outside you and other countries.  So is there any effort of sharing the speed and efficiency?  You said because we find that phishing, the Yahoo e‑mail accounts.  They don't share data, it is ‑‑ is there anything being done on the U.N. level? 

>> PACE FRANK: I will let Patrick address that. 

>> PATRICK CURRY: My name is Patrick Curry I'm where a not for profit, which was created after the collapse of the U.K. identity scheme.  I am with military, cybercrime, country fraud.  And identity management, and particularly identity management, to come to this point, the short answer is a joined up approach at the U.N. level, I'm not aware of anything at all.  And my suggestion is a very simple one.  Criminals collaborate.  They don't feel hampered by borders.  If we deal with these challenges and make places safer to do business, in all its senses, then we need to collaborate more effectively.  And what we're saying is industry is having to do that.  If I look at the banking sector, in Europe, they're currently looking at 18 new pieces of legislation.  Because this is how governments respond.  They produce legislation, but they don't actually put in place the behaviors for collaboration to occur. 

      And in that legislation, the top legislation that is driving progress is the antimoney laundering directive, which now includes virtual currency, the payment service directive, too, which has the requirement of secure authentication at a high level, which impacts the financial sector into retail.  And general data protection regulation.  So privacy.  Why do I mention this, to get back to your point?  I will just illustrate this.  In the EU, and in many other parts of the world, nations have cybersecurity strategies.  The UI cybersecurity strategy was the top enabler of crime is identity fraud.  We have seen a rise in identity management related legislation and ID initiatives.  We have talked about Estonia residency, so on.  The ability to give accountability and traceability in supply chains, border control, national security, in regulatory compliance, the need is there in the prevention space.  So within the EU and working with other allies and partners in the U.S. and Asia, there has been a lot of effort looking at how we do collaborative risk management.  There are standards in place for risk mitigation, risk assessment, risk treatment, and we're beginning to see collaboration with the cyber information, threat, management, there are over 220 computer emergency response teams in Europe that have been formed within the last five years.  But we don't have those collaborative behaviors in the investigation side.  There are no standards for ‑‑ meaningful standards for those that are under attack.

      So without effective prosecution, we don't have effective deterrents of criminals.  So we keep coming into a cycle of prevention, detection, and response.  That's what happens at a government and industry level.  But there is no dialogue running with law enforcement.  Law enforcement is just left to do the prosecution and investigation piece without much help from government or from industry.  So what needs to happen, in my view, is A, law enforcement needs to be much more involved in the development of collaborative standards.  It is completely absent from that debate. 

      B, they need to establish collaborative trust mechanisms that we have in NATO, we have in the systems point of view between governments and industry.  And I'm looking particularly at things like PKI federation high assurance.  Or the EI activity in Europe.  Or the e‑Residency activity, which again, is cross border.  None of these identity standards are being leveraged in support of prosecution, forensics, and investigation in a meaningful way today.  My personal view is I would like to see a lot more work being done in ICANN and other bodies, IRR to put help to stop the groups you're talking about.  It can only happen if we ask for it.  I hope that happens. 

>> PACE FRANK: Thank you.  Are there any other questions? 

>> QUESTION: (Off microphone) Can you hear me now?  If I understood you correctly, you thought it was a bad thing that you could see all what the terrorists were doing, the terrorist groups, et cetera, et cetera.  Why on earth would you want to change it?  Why on earth would you want to take that off the web?  Isn't it wonderful that the people are so stupid they're showing us all the information, who they're friends with, where they're going, when they're going on a trip?  Why would you want to change that? 

>> JAN ELLERMAN:  Thank you very much.  I agree with you as far as the terrorists are stupid enough to provide us with leads.  What I have shown you basically is the issue of Islamic terrorism propaganda.  That is out there in order to lure vulnerable people into the hands.  So these are recruitment measures, basically. 

(Off microphone)

     >> This is information on the web on how they made the pressure bombs in Boston, Belfast and other locations.  There is encouragement to adopt techniques such as that, the use of vehicles as weapons that we have seen in Westminster, Nice, Stockholm, et cetera.  They're using it as a platform to train, not just propaganda, and trying to remove that from the web as well. 

     >> PACE FRANK: In the white shirt in the back. 

>> QUESTION: Chris Kelly with the U.S. Department of Justice.  They use the data to store abroad in Ireland.  If the Department of Justice wins and the shoe is put on the other foot and for example, a Belgian court says that what would the Department of Justice of Massachusetts say about that attempt to compel a disclosure.

>> PANELIST: The simple response is there is no Department of Justice in the commonwealth of Massachusetts.  But I think this is one of those really difficult areas.  There are man countries that already do have this method of compulsion for data that is stored within their own sovereign nations, that is one of ‑‑ that is going on right now.  It has been for some time.  The real key for the communications act with this particular case, and the way that the Supreme Court comes out is whether they decide that the compelled production within the United States is something allowable.  It is U.S.‑based investigation, U.S.‑based court order, search warrant.  It is a domestic provider.  So it is within the United States.  And production and access to the data is also done within the United States as well.  And the question is, regardless of where the data lives, should that company be compelled or can Congress, more appropriately, compel that company to provide that data within the United States?  I think that that is the confined, you know, issue that is being dealt with here in the stored communications act. 

      The short answer to the question is that lots of different countries are treating this in a similar way.  We saw instances of it in Brazil as well.  Where Brazilian authorities went to Yahoo, Microsoft ‑‑ or Yahoo and Facebook at some time and arrested members of their staff that did not produce records that were there.  These are obviously difficult and complex questions that are going to be answered in the wake of this.  Many, you know, of the folks that are at the table here all have come to the same conclusion, that really the proper forum for this is to Congress to deal with the different issues.  Having different party, stakeholders come together.  I think communication and collaboration, and people sitting down and making concessions and understanding, you know, the more broad dynamic here is really the critical factor. 

     >> PANELIST: I want to add a quick note.  When you ask for data that is stored abroad, you need to be ready to provide data to everybody else with the data stored on your grounds.  That is why I mentioned I'm not ready to give up on the traditional means of assistance too early.  But we need to realize the given system is on a mass level understaffed and under equipped with resources.  If we count in how many prosecutors with the ministries responsible for dealing with the requests and the bottleneck to deal with this in a more efficient way is not a general issue that the mutually assistance is not working, but not adequately staffed. 

>> PACE FRANK: Thank you.  In the back? 

>> QUESTION: I realize the answer to my question depends on the jurisdiction, I would love an American and European response to this.  How do we draw the line between legitimate speech and terrorist propaganda?  For example, if somebody is very angry about a certain group, certain country or has feelings about a certain religion and wants to express them, perhaps in very strong terminology, how do we draw the line between that and somebody we think is likely to do harm to that or other groups that we should have some kind of intervention?  It seems to me, especially in the U.S., to be very tricky.  I know Europe has different kind of laws on this.  I wonder if you folks would comment. 

>> PANELIST: I can briefly.  Hopefully, formally we applies the terrorism director definition, according to EU law.  We would make an assessment down those lines.  In practical terms we have these discussions.  For instance, when it comes to the Islamic State, I had the Internet colleagues approaching me with pictures where you saw palm trees, sunset and black flag swinging, all of that.  That is something ‑‑ it is IS propaganda, but basically my advice let's not refer that stuff because there is so much out there which is clearly within the boundaries of the definition, that at least for the time being we don't have to go to the borderline cases.

>> QUESTION: I'm curious from one much the U.S. colleagues.  Our First Amendment ‑‑ for example, I know Germany has certain hate speech laws that would not be accepted in the U.S.

I'm curious, from our perspective, if anybody had any thoughts on that? 

>> PACE FRANK: Go ahead.

>> PANELIST: I'm not particular with the German statute ‑‑

>> QUESTION: For example, NASA propaganda or depiction of swastika would be illegal there, but in the U.S., it is protected speech.

>> PANELIST: Obviously, the First Amendment gives you the freedom of speech and protection.  Or point of views, things you say.  But none of our rights that are protected are absolute in their nature.  Right?  So anytime that you yell "fire" in a movie and put other people's safety at risk, you might be committing some type of offense that your words become actions to a certain extent.  So it would be ‑‑ it is very difficult without an example or tangible to say whether something is or is not protected speech under the First Amendment.  It is all done on a case‑by‑case type of analysis. 

>> PACE FRANK: Marcus? 

>> MARCUS HARTMAN: It is a misunderstanding to say the hate speech laws.  So to say in Germany, are vastly different from that in the U.S.

I think 80%, 85%, maybe 90% of the cases referred to my department that are considered from the information of the providers to be hate speech, when evaluated by a prosecutor not to be considered a criminal act are just some angry person announcing his personal opinion.  So I think the cases that really ask for an answer by a prosecutor's body offer of a level and intensity that can be agreed that they should be consider in Germany and states and other countries as well.  I think if you look at the practical cases, the difference margin between what counts as a criminal act is not that different from my perspective. 

>> PACE FRANK: Ken, you had a comment? 

>> KENNETH PENNINGTON: How do you balance the freedom of speech and hate speech?  The answer is carefully and proportionally.  I would say the criminal justice system may not be the best place to start.  I have seen criminalization work, which is (?) Where that low level type of stuff that we saw, the first point of contact is social services.  Because usually parents, maybe teenagers.  Rather than criminalizing them at an early stage, trying to address their views, and only extreme cases passing that to law enforcement.

>> PACE FRANK: Time for one more comment and then we have to close.


>> QUESTION: Would it be appropriate for another element of Germany to flag the speech to the provider as a violation of the provider's terms of service and then get the speech removed even though it is not unlawful? 

     >> PANELIST: This is not with government bodies but nongovernmental organizations.  The organization that takes complaints from people that come up with postings online and refers them to the providers themselves.  If you are referring to the discussion of the new net (speaking non‑English language), the law that requests social media platforms to delete online postings when they're considered to be unlawful.  I as a prosecutor in my personal view think that the right point to judge whether something is lawful or unlawful is not the provider, but the prosecutor.  We have started with the social media network, in order to streamline want process of flagging the content, reviewing it on legal grounds and figure out what is to be deleted or not deleted and providing the necessary help to the providers and establish a common agreement on that. 

I think there is still lots of work to be done.  We will see where this discussion leads us. 

>> PACE FRANK: Thank you.  I would like to thank all the panelists for all their time and contributions and all of you for attending our sessions.  Thank you, have a great day. 

(Presentation concluded 10:11 a.m. CET)