During the portion of the debate dedicated to audience questions a doctor stole the show:

I'm Jay Jacobson, an infectious disease physician from Utah. I take the phone calls from people who either have or worry about HIV or other STDs including people who are or imagine that they will soon be pregnant. One federal law, HIPPA, obliges me to fulfill my oath to protect their confidentiality. The metadata program makes me worry that my pledge has now been weakened and will potentially be broken. My question is some clarity about where metadata resides and who has access to it. Before 9/11, I was well aware that my telephone calls were kept by my telephone company. They acquired the same data: who I called and how long I spoke. They did it for billing purposes. I also understood, correct me if I'm wrong, that the government, under judicial authority, could access some of those records if indeed it could specify the reason for doing so. I was not so worried at that time about the phone company breaching the confidentiality pledge that I had made. I'm much more worried now. I wonder if both panelists could respond to where that data is now and why it cannot reside in an area where it can only be accessed with judicial authority.

Alexander acknowledged that call records are currently stored in a government database, said he wouldn't mind if someone other than the government kept the records so long as the NSA could access them, and explained the FISA court rules for querying the database. He claimed NSA analysts must always explain how a query is related to terrorism and said that there is 100 percent audit-ability. "Only 35 to 37 people are trained to look in that case, and we have emphatic access restrictions," Alexander stated. "The court, Congress, and the administration through multiple levels audit that 100 percent. Nobody has made a mistake on that program."

Retorted Anthony Romero, "I don't believe it, General Alexander. When you tell me that we have all these great controls, and forensic trails, and making sure that only this person can have access to this, I don't believe you anymore. You know why? Because you had a 28-year-old contractor in Hawaii who walked away with the crown jewels. And if your controls were that good then that would not have happened. So you'll have to forgive me. I don't trust the government when you say, trust us, we have all these great checks and balances in place. They can only access it if they need to, if they have the proper authority, I just see–"

"–So you admit your client took more than he needed," Alexander said.

"I didn't admit to anything," Romero replied.

"You said he took the crown jewels, that he took everything, when he only needed one. How are you going to defend that?"

Romero replied that while one document would have revealed the Section 215 dragnet, it wouldn't reveal all sorts of other NSA programs, like Bull Run, which revealed the way that the NSA deliberately installed backdoors that weakened the security of products made by American corporations. Alexander responded by talking about how many terrorist attacks happen in the world. "We're arguing about self-adctualization," he said, "when around the world they're trying to survive."