Watch CBS News

Transcript: Glenn Gerstell talks with Michael Morell on "Intelligence Matters"

INTELLIGENCE MATTERS - GLENN GERSTELL
CORRESPONDENT: MICHAEL MORELL
PRODUCER: OLIVIA GAZIS

MICHAEL MORELL:
Glenn, welcome. It is great to have you on the show, and it's great to see you.
GLENN GERSTELL:
Thanks so much, Michael. I'm really delighted to be here and I'm also so happy that your ratings are so robust that they're going to be able to withstand my appearance. (LAUGH) So they'll probably bounce back after a month or two--
MICHAEL MORELL:
I'm absolutely certain that there's a lot of people out there, particularly my young listeners, who are going to pay a lot of attention to this. Glenn, let's start with, how does a lawyer who spent 40 years in private practice end up as the top lawyer at the National Security Agency?
GLENN GERSTELL:
Well, I'm half tempted to say through a series of clerical errors, but (LAUGH) actually, there was a little bit of method to the madness. I had the good fortune to work for a Wall Street law firm for 40 years, and as I was approaching our mandatory retirement age, I decided that I wanted to do something different and be involved in public service.

I had actually been a volunteer on some boards and commissions. I was on the president's National Infrastructure Advisory Council. I was on the District of Columbia Homeland Security Commission. And so I'd had some exposure to the Homeland Security sector, just as a private citizen, a volunteer capacity. And actually, some of my thinking in that regard was a product of 9/11.

Because on 9/11, I was in Los Angeles, having just arrived there the night before, having originally been scheduled and having been booked on American Airlines Flight 77. At the last minute, I cancelled that, fortunately, and for just unrelated reasons. And so it really obviously, for me and millions of Americans, had a very searing impact. But that was always in the back of my mind, that I wanted to do something in the public service sector.

So I started, at the end of my legal career, to look around in the federal government to see if I could find some way to be useful, and knocked on the doors of lots of federal agencies, and announced my availability, and discovered no one was (LAUGHTER) really particularly interested for two reasons I hadn't fully appreciated. One, in the second year of an administration, or second term of an administration, especially in the second half of the second term, there's always a deputy moving up to the major position.

And so if I wanted to be the, I don't know, deputy assistant secretary of paperclips somewhere, then there probably was an assistant deputy secretary who was interested in moving up to that job. And the second, which I hadn't really fully appreciated, and sounds a little silly, but you really do have to be qualified for these jobs. And of course, that sounds silly when you say it that way. But my experience had really been as a lawyer.

So even though I was looking for non-legal jobs, I found that I was really going to have to try to find something in the legal sector. One day, a friend who was in the general counsel of the Department of Defense called up and said the NSA legal department position was coming up, and I should apply for it. I thought that was a serious mistake on his part, to even suggest it, but I did apply and went through a series of interviews and wound up in the position, which has been just an extraordinary privilege.
MICHAEL MORELL:
So how is life different, between somebody who was at the very senior levels of a private law firm, and now somebody who is the very senior levels of the US government? How is life different?
GLENN GERSTELL:
Well, in some ways they're similar and in some ways they're different. And the difference certainly struck me the very first morning I showed up for work. As I walked into the new office and signed some papers, the first thing I did was get sworn in. You know, I hadn't taken an oath before. I represented clients around the world doing big transactions for 40 years, and I never took an oath for those clients.

But the significance of what I was about to enter on struck me that first morning when I took an oath of office. And you certainly get a sense of the extraordinary sense of mission, and the sense of the people that surround you in the senior levels of government, and particularly in the intelligence community, which is frankly just missing in the private sector.

That isn't to say you can't find a rewarding, important role for yourself in the private sector, but certainly, it's very different in government, partly because of the sense of mission. At the senior levels, you're dealing with the same kinds of issues, in the sense of ones that require judgment and wisdom and some perspicacity. So that's true whether you're a senior lawyer advising clients in the private sector or public sector, but obviously there're significant differences.
MICHAEL MORELL:
Glenn, what does it mean to be the general counsel of NSA? What are your fundamental responsibilities?
GLENN GERSTELL:
There are several responsibilities. The easiest one and the most obvious one is to be the head of the legal department. So it looks like the general counsel's office of almost any big corporation. The NSA, if it were a private corporation, would probably rank in the upper reaches of the Fortune 500. It's a worldwide organization with some, I don't know, 40,000-odd employees and a billions of dollar budget.

So its general counsel's office looks a lot like that of a big corporation. We have a litigation department, a patents department, so on and so forth. And running that job is similar to what a senior lawyer at any big corporate enterprise would do. The second is to be the chief legal advisor and counselor to the senior agency leadership, and most particularly, the director, which happens to be General Nakasone at the moment. And--
MICHAEL MORELL:
You first worked for Mike Rogers--
GLENN GERSTELL:
First had the privilege of working--
MICHAEL MORELL:
Admiral Rogers--
GLENN GERSTELL:
--for Admiral Mike Rogers, and now for General Nakasone, both talented directors of the agency. And serving as their sort of principal legal advisor. And that really bleeds over into a lot of policy issues, as well, because at those levels, if the problem is hitting your desk or the director's desk, at that point, it's probably not because there's a clear legal answer.

It's because there isn't a clear legal answer and you're probably in the realm of policy and you need to figure out something using your judgment and your approach to problems, generally. And then maybe the third area is as an external ambassador on some level, which is both dealing with the other agencies in the intelligence community, coordinating issues with the director, the office of the Director of National Intelligence, the agency that you came from, the CIA, the FBI, et cetera, as well as dealing with Congress and our many overseers. So there's a little bit of an external ambassador role to that, too.
MICHAEL MORELL:
In the first role, I'm sure you hire lawyers. And in terms of the entry level positions, what do you look for in a new lawyer?
GLENN GERSTELL:
We are unbelievably lucky in that we are able to attract literally the cream of the crop of law students. We also hire laterally for lawyers who are already well advanced in their career. But we're particularly focused-- I'm particularly focused on trying to get lawyers from some of our nation's top law schools to come and join us.

And we have an honors program that people can apply for you. The information's available on our website about it. And we're looking for lawyers who are coming right out of law school, or perhaps a judicial clerkship, who have an interest in national security. They don't necessarily have to be experts in national security. They don't necessarily have to have taken a course in national security.

But they have to have a genuine interest in the mission. And we're looking for people who of course meet the legal standards we want, which is namely very talented legal skills and good grades in law school, of course. That goes without saying. That's no different from anybody else. But we're particularly interested in people who are interested in A, the mission, and B, most importantly, have the judgment and wisdom to be addressing some of the very, very important issues that come across a lawyer's desk in the National Security Agency.
MICHAEL MORELL:
Glenn, I want to switch gears a little bit and spend a few minutes on how NSA adheres to the rule of law, hopefully straighten out some misconceptions and get into some of the issues that we've heard about in the news for the last year or so, and maybe the place to start is tell us the difference between rules for targeting foreign nationals, this is for intelligence collection, targeting foreign nationals overseas and targeting them here when they're here in the United States.
GLENN GERSTELL:
So you've underscored the main point of divide, which all grows out of our legal system, and in particular, the fourth amendment to the Constitution. The fourth amendment to the Constitution talks about the right of the people to be safe from unreasonable searches and seizures. And over the years, the Supreme Court has interpreted that to apply to a certain level of protection, to apply to people in the United States, both citizens as well as resident aliens and some other aspects of entities. US Corporations, for example.

So they are entitled to a certain level of protection, and government cannot do surveillance on them unless it meets certain rules, which I'll describe in a second. But that largely ends at our nation's borders. And overseas, the fourth amendment doesn't apply. Foreigners are not entitled to the protection of our US Constitution in not only the fourth amendment but in other areas, as well.

So overseas, we are not constrained. There may be local laws that are involved, but that's a separate issue. But generally speaking, if the United States government, for national security reasons, feels it needs to target a terrorist, let us say, overseas, by and large, it's free to do so. It gets a little more complicated, and we can talk about that, when that terrorist overseas happens to be using US communications infrastructure.

And that sort of may implicate the fourth amendment a little more, so we need to have a separate set of rules. But if it's clearly all overseas, no restrictions on the fourth amendment. If it's in the United States, we are-- if the United States government and the intelligence community wants to target an American living in the United States, or an American living overseas, then special rules apply. And as a broad matter, just as a general matter, no such targeting can occur absent a specific judicial finding at the probable cause standard that either a crime is being committed in the case of the United States, or that the person is an agent of a foreign power.

I'm glossing over a lot of details here, but basically, there needs to be a judicial determination, the equivalent essentially of a search warrant, before the United States government can target an American. That's not the case for a foreigner.
MICHAEL MORELL:
And that probable cause requirement is if the American's here or if the American's overseas?
GLENN GERSTELL:
Anywhere-- Americans enjoy the protection of the fourth amendment anywhere they are around the world outside the United States.
MICHAEL MORELL:
And what's the definition of an American in this context?
GLENN GERSTELL:
The definition isn't precise. The fourth amendment merely talks about the right of the people. And because the term is used in that amendment, as opposed to some other sections of the constitution where it talks about citizens, so on and so forth, the Supreme Court over the years has interpreted the people to be very broad.

It's not only US citizens but it's also green card holders, permanent residents. It applies to American corporations. It even applies to US registered ships and airplanes, for example. So the intelligence community takes a very broad definition of US persons in order to be safe, perhaps a little more than the constitution requires. We're being a little conservative, a little prudent in that regard. But the rules and regulations are written so as to protect the wideset possible range of US persons.
MICHAEL MORELL:
And all that's captured in that phrase, "US persons."
GLENN GERSTELL:
That's correct.
MICHAEL MORELL:
And how did all of this evolve over time? I mean, did this come out of legislation? Where did these rules come from? Where did the interpretation of the fourth amendment that imposes these rules on you come from?
GLENN GERSTELL:
All of it stems from court cases, basically, and essentially, the pronouncements of our highest court, the Supreme Court. The definition of "as relevant to surveillance," for example, is really a relatively recent phenomenon. You know, the fourth amendment, which was adopted a few years after the Constitution itself was adopted, didn't mention anything about privacy. It didn't have any particular references, of course, to electronic surveillance. No such thing even existed.

The first court case, interestingly enough, that really dealt with this issue was back in 1928, when telephones were sort of still new and it involved a bootlegger. The federal agents put old fashioned alligator clips on a person's telephone and did not get a search warrant for it. And the case went to the Supreme Court because the bootlegger said the evidence associated with the wiretapping should be thrown out and shouldn't be considered.

And the Supreme Court, Justice Taft at the time, said, "No, there's no search going on, there's no seizure. No fourth amendment implication. Putting wiretaps on a phone doesn't implicate the fourth amendment." Fascinatingly, you would have had to wait to 1967 in a famous case called Katz, in which the Supreme Court, for the first time, annunciated a right of privacy and they overturned that 1928 case called Olmstead, which, by the way, had a fascinating dissent by Louis Brandeis, and said, "There is a right of privacy."

And the fourth amendment does protect people and not places, and as a result, since that case, what, half a century ago, we've now had a steady evolution of judicial determinations in that area, which were sometimes a little hard to determine in terms of their forecastability.
MICHAEL MORELL:
So Glenn, when you target, say, a terrorist, or you're doing targeting more broadly, you can inadvertently collect information on an American, on a US person. What happens in that case?
GLENN GERSTELL:
Well, we do have situations in which there's what's called incidental collection of communications with an American. And the law is very clear, growing out in the domestic context, where, let us say, for example, the F.B.I. would obtain a search warrant or some other appropriate court order and undertake surveillance on someone for law enforcement purposes.

The fact that law enforcement might, for example, be targeting me because I'm suspected of a crime, and the F.B.I. listens to my phone calls, by definition means they're also going to be listening to whoever else I'm calling. So if I happen to be talking to my son or my wife, they're going to hear that, too. They're not interested in my son or my wife.

That's incidental collection. And the courts have been very clear that the mere fact, the inevitable fact, that incidental collection occurs doesn't defeat the original validity of the search warrant. And that principle has been applied to surveillance for national security purposes. So to use your example, where we have situations where we are, let us say, targeting a terrorist overseas and we find that he or she is communicating, let us say, with an American, either because it's an email or a telephone call or whatever, that's incidental collection.

We make attempts to make sure we do not-- we're not going to report on it because it's not valid foreign intelligence. We're not interested in it. We delete anything that relates to Americans to the extent we can, as a general rule. And where we are doing reporting on what the terrorist said, for example, we'll issue a report saying terrorist A was in contact with someone in the United States about a possible plot, or trying to recruit that person, or whatever. When we sent out our reports, we actually mask the name of the American. We do not state that the terrorist was talking to Glenn Gerstell--
MICHAEL MORELL:
In a conversation with--
GLENN GERSTELL:
--in a conversation with Glenn Gerstell. We'll just say, "With US person number one." And that's how the report goes out. If it turns out, when the F.B.I. gets that report, for example, and says, "Gee, we'd like to know, we have a valid law enforcement reason for knowing who US person is because we want to know who's being recruited," then there's a procedure for us to go back to the F.B.I. and unmask or reveal the name and say, "Well, he was actually talking to Glenn Gerstell." And then the F.B.I., pursuant to what their own legal authorities, might obtain whatever legal process they need to go pursue that. But that's separate, not part of the intelligence community's operations.
MICHAEL MORELL:
And who can ask for an unmasking?
GLENN GERSTELL:
So there are detailed procedures on the unmaskings, which are throughout the intelligence community. NSA has its own particular set of procedures. And the basic rule is that any legitimate recipient of the intelligence report-- and again, the reports are targeted, they're not just distributed generally to everybody in the federal government. They're on a need to know basis.

So different reports go to different people. But if you are a recipient of a report, you can go back to the NSA or the other agency, C.I.A., whoever, and say, "I have a legitimate need," and explain the reason you need to see. You just can't say, "I'd like to see the name here. This sounds interesting, let me-- tell me more." You need to articulate why it is. And assuming your position is such that it's appropriate and you annunciate a valid reason, then we will release the name.
MICHAEL MORELL:
So Glenn, you operate under very strict legal guidelines that have evolved over time that are very clear. How do you ensure, in a agency as large as yours, that the individuals who are doing the work every day are actually living up to those guidelines? What kind of controls do you have in place? What kind of auditing do you have in place? How do you guys do that?
GLENN GERSTELL:
You are right in the implicit premise of your question, which is that there is a daunting challenge there. But it's one that we absolutely rise to and relish embracing. The agency has a wide range of activities, whether it's in the surveillance area or the cybersecurity area. And all of those have the potential for implicating the rights of Americans and privacy. And we want to make sure that we scrupulously adhere to those rules.

So it's a multilayer approach. First, it starts with the people. All the people are very mission oriented. They're fully aware of the rules that are applied to them. There are training mandatory videos and mandatory classes that everyone at NSA must take. Everybody, every single employee takes varying levels of courses. So there's an extensive amount of training, number one.

Number two, there's a large compliance department that takes a look at the surveillance activities that we do and reports back on any failures. The place is so technically complicated, and there's so much technology going on, that it's almost inevitable, given the scope of what we do, that there'll be some, you know, small-- I'll make up a number.

You know, .0001% error rate where, oh, just for example, if you were conducting some kind of surveillance on a person who was traveling abroad and they happened to come into the United States and we fail to turn off, for example, the surveillance the minute they come into the United States but catch it a day later, just because the computer didn't turn off something, well that's technically not-- that's a compliance violation. We need to catch it. We need to deal with it and address it, which we do, scrupulously.

But there's technical reasons. We don't really find situations where people deliberately are trying to violate the rules. That's just not the culture. That just really doesn't happen. But there are inadvertent lapses, in part because of the technology, and in part because in some places, the rules aren't that clear. So there's a multilayered approach, which, as I said, involves the people, involves training, a compliance department, my own department.

And then finally, and most importantly, a wide and deeply redundant and deliberately deeply redundant layers of oversight, from people from the Department of Justice National Security division who come in every month and they check individually, one by one, the list of people whom we have targeted for surveillance under certain programs. The office of the Director of National Intelligence does that, too. They have a completely overlapping function.

There's the privacy and civil liberties oversight board that also looks over our shoulder. The president's intelligence advisory board, two committees of Congress. So there's lots and lots of layers of oversight, which consumes a lot of my time in addressing. I'm not in any way complaining about that. There's a good reason we have redundant oversight, and it's just designed to make sure the very point you said, which is that we want to scrupulously adhere to the rule of law.
MICHAEL MORELL:
So I think there's a general perception in the population that you guys are just out there doing what you want to do, right? And the reality is that there's an incredible amount of rigor around protecting--
GLENN GERSTELL:
Nothing could be further from the truth, yes--
MICHAEL MORELL:
--and living up to the fourth amendment, right?
GLENN GERSTELL:
Absolutely--
MICHAEL MORELL:
Do you run into that myth when you're out talking to people, or not?
GLENN GERSTELL:
I think there probably was a little more of that myth floating around in the immediate aftermath of the disclosures, the unauthorized disclosures by Snowden. So that sort of fed into it. I might add that in all those disclosures, nothing was shown to be illegal. Nothing was shown to be illegal--
MICHAEL MORELL:
Correct.
GLENN GERSTELL:
Now, there maybe were some things that people weren't aware of and were surprised about. I'll certainly grant that. And there's no doubt that it definitely ignited a public debate. But there was nothing illegal. And since then, we have made a real, genuine effort to do two things. One, to make it clear that what we're doing is fully in compliance with law, and it is.

And second, the intelligence community, and NSA in particular, have been trying to be more transparent, trying to tell a little more about our operations, so that people feel comfortable in knowing what we're doing. Obviously, there's limits to how far we can go in this area. There're a bunch of times I'd love to be able to explain something to the public, but we can't, because it's classified.

And that doesn't end the debate. It's not classified-- it's classified for a good reason. We don't want to tip off our adversaries to what we're doing or exactly how we're doing it. So unfortunately, some of the pieces of information that would like to be able to share with the public must inevitably remain secret.

And I think ultimately, the American people have to feel comfortable that with all these layers of oversight and congressional committees and so on, so forth, they're the ones who are able to, in connection with our transparency efforts, they're the ones who are able to provide the assurance that what we're doing is scrupulously within the law.
MICHAEL MORELL:
So I want to come back to the transparency point, and the public point. So as you know, I was on President Obama's commission on telecommunications and intelligence.

And I thought, in the aftermath of Snowden, that one of the most important moments, one of the most important turning moments was when Keith Alexander and his deputy agreed to a 60 Minutes interview. And I thought they knocked it out of the park. And I thought they dampened-- by doing that, they dampened a lot of the concerns about what NSA was doing. So I think that transparency piece is really important. And at C.I.A., I always thought that we brought the fence line in too close, where we could have pushed it out more and given people a greater sense of what it is we were doing, and the appropriateness of it.
GLENN GERSTELL:
Yeah, it's clearly something we need to do, and it's also something that we struggle with. We struggle with for two reasons. One, culturally, as you said, you were referring to your agency, the C.I.A. But even in NSA, you know, NSA, the old joke was that NSA stood for No Such Agency. And--
MICHAEL MORELL:
And there was a time where the existence was classified--
GLENN GERSTELL:
And-- exactly. So when President Truman created it back in 1952, I remember it well, I was one year old. The agency's very existence-- in fact, the very letter that the president signed creating it was itself a state secret and not acknowledged until many years later. So the culture is definitely one of secrecy. And again, for good reasons. We don't want to tip off our adversaries.

But at the same time, we recognize that in this day and age, with so much information available to our citizens, which is a good thing, we can't hide behind the wall of secrecy completely. And transparency, at some level, is appropriate, and we do that in the form of issuing annual reports on surveillance, by having the directors of the agencies testify in public before Congress.

That, you know, didn't always happen at the early days of the agency. And then finally, this podcast itself is an example of the agency's outreach. I mean, as the general counsel, I've gone around the country trying to explain a little bit about how the agency does, indeed, adhere to the rule of law, the kinds of privacy issues we wrestle with, and how we view the future.
MICHAEL MORELL:
And you've actually been quite active in giving speeches and talking to groups, so that's exactly what we're talking about.

So Glenn, the technological revolution. You know, we thought it was rapid five years ago, and it seems to get more rapid every day. And that doesn't look like it's going to change. I know you've done a lot of thinking about the implications of that for privacy, the implications of that for the fourth amendment, the implications of that for what your agency does. Can you talk a little bit about that, and what does, in this age of the technological revolutions we're under, what does privacy even mean anymore?
GLENN GERSTELL:
A good question, and it's too bad we can't do a 24 hour podcast, (LAUGHTER) because we'd probably need that to address some of these issues. But let's take a stab at some of them. So, you know, we are either in the midst of or on the cusp of what some have referred to as the fourth industrial revolution, the digital revolution.

It's a function of the technology we see, which is accelerating at an almost incredible and unbelievable pace, a pace that we really don't fully understand. It's going to get exponentially more complicated and more expansive and more pervasive with the advent of 5G telecommunications, cloud computing, artificial intelligence, and so many other factors. So people are talking now about that being next year something like 20 billion devices connected to the internet, whether that's telephones, or there already are some--
MICHAEL MORELL:
Your refrigerator or washing machines, yes--
GLENN GERSTELL:
Refrigerator, thermostat, your toaster. I'm not sure why my toaster needs to be connected to the internet, (LAUGHTER) but it's coming. And, you know, when we say these numbers, like 20 billion, they sort of don't-- I mean, it's just such a big number. No one even knows what that means. But if you just sort OF think about it in terms of just the growth rate, when we wake up tomorrow morning, there will be 5.5 million more devices connected to the internet than this morning.

And that's going to happen the morning after that and the morning after that. So, you know, 5.5 million, while that's still a pretty big number, it gives you a sense of just the sheer enormity of what we're talking about. So what are the implications of this? And as you said earlier, what does it really mean to have privacy in the digital age?

And if you just think ten years out from now, and this isn't really a pure NSA point, this is just sort of my personal musings. But if you think five and ten years out, we're going to be in a world in which your precise location is going to be known everywhere to everybody, both the private sector and the government. So there'll be a camera on every street, which, because of facial recognition and artificial intelligence, will realize that it's Glenn Gerstell and Michael Morell.

And that information is going to be available in some form, whether it's to the government or to the private sector. Because of your cell phone location, not only will the Facebooks and whatevers of the world know where you are and where you're shopping, but so, too, will-- the department store will know that you've now entered Macy's department store, or whatever the department. Pick a name. Whatever you wish.

And perhaps your spouse will be able to instantly find out where you are and where you're going. And then complicate that, for example, because what if some malevolent actor decides to fake that? And while you truly are shopping at the drugstore, someone intercepts your signal and sends out a mischievous signal and indicates that you're really in a bar somewhere? But you aren't, but your spouse gets that information, or the government gets that information, or whatever.

So you can see there's lots and lots of potential for mischief. There's lots of potential for real benefit. But I think our society hasn't even now, let alone in the future, figured out what privacy really means. So what does it really mean? We haven't been faced with a technology like this, that has become this ubiquitous, this impactful, ever in the history of the world. So when-- every time we've had technologies develop, whether it was the telephone, electricity, the automobile, it took decades for the technology to become pervasive.

And during that period of time, we were able to sort the rules of the road out. We were able to figure out what kind of safety we want in automobiles. Did we want seatbelts, not? How are we going to regulate electricity? How are we -- whatever. And so we, as a society, worked this out. We haven't worked that out yet in the cyber world. We are willing, seemingly, to tolerate some level of cyber insecurity. There're lots of data breaches that go on, and yet our life continues and we don't yet have laws dealing with them.

And again, I'm not-- this is my personal comments here. But we just haven't come to terms, yet, with how we want to regulate cybersecurity, what the international norms are, what the domestic norms are, how we want the private sector to behave in this area versus the government. So lots and lots of questions that our society's going to have to sort out.
MICHAEL MORELL:
So Glenn, where does this need to get worked out? What's the process that would make sense for starting to think these things through? Should it be in Congress? Should it be the courts? What's the role of the private sector? How do you think about how we need to work through this?
GLENN GERSTELL:
All a complicated question. So historically, in the United States, at least, these concepts of privacy, as-- to go back to what I was earlier talking about before, have been rooted in the fourth amendment. So as a result, most of these issues have been defined through court cases, rather than legislation.

Yes, we've had some legislation in some very specific areas. So for example, there's federal legislation about how to treat your health and insurance records. There's some federal legislation about the privacy associated with your credit reporting. But generally, we don't have broad federal privacy legislation the way they do, for example, in Europe. One state, California, has just recently gone ahead with some privacy legislation, and some people are thinking that's a good idea for states to tackle it.

Others say, "No, no, no, we can't have a situation where we have 50 states each doing their own thing. We need federal laws in this area." So that debate has yet to play out. But the courts, to go back to that for a second, I think-- this is again my personal view-- have not been a particularly good mechanism for articulating the rules in this area. And just to spend a second on it, you know, in areas that make intuitive sense, like negligence, it's appropriate for the courts to just have a general rule about negligence.

So we all sort of know what that means. If I leave my eight-year-old kid with a bunch of matches and kerosene and the house burns down, everyone will say, "Well, you're negligent." We don't need to think a lot about that. It's just sort of intuitively obvious. But if I say to you, as a privacy matter, "The government should be able to track your whereabouts through your cellphone," or, "The government should or should not be able to find out who you've been calling," you know, the answer's maybe yes, maybe no.

And in fact, the court cases are split on some of those questions. And so in the area where the courts annunciate rules about privacy, they're doing it with regard to the specific technology before them, and that really doesn't work in a situation which the technology's so rapidly developing.

So we may have court cases that talk about whether it's appropriate to use cell tower location today, but what does that mean ten years from now when there aren't cell towers and it's all a 5G dispersed world and your whereabouts are known everywhere and everyone knows your whereabouts? So what does that court case tell us about it? I think that is going to drive us to two things. One, I think it's going to drive us to more industry regulation in this area.

We're already seeing signs of that. Silicon Valley is talking about privacy rules and privacy legislation. People are talking about how, in the internet of things, privacy needs to be baked into devices at the beginning, at the manufacturing stage, which is a real challenge. And then I think it's also going to require some level of legislation. And again, I'm not here on behalf of NSA to articulate any particular piece of legislation.

But I think it's just inevitable that we're going to see significant legislative action in this area. And now the question is, will our country be able to get ahead of the technological revolution, or are we going to, for a number of years, be dealing with the problems before we can come up with a societal solution? It's yet to be seen.
MICHAEL MORELL:
Glenn, thank you so much for being with us. It's been great to have you on the show.
GLENN GERSTELL:
This has just been terrific. And your show is just terrific, as well.
MICHAEL MORELL:
Thank you, Glenn.
GLENN GERSTELL:
Thank you.
* * *END OF TRANSCRIPT* * *

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.