for the u.s. government for number of years. every single company, if they are mandated, u.s. government can auditor supply chains. you start with the bills of materials. you only focus night items that can be tampered with, so not the wires, but the chemicals, not the plastic but the true hardware that can be tampered with, and through several layers of audit traces you can find the company can find what's in their system so they can rip and replace it. so the legalho authority exists. the capability exists, but across the board from industry to covet the will does not exist. thank you. >> thank you very much. we will now move to our next witness. >> mr. tsarynny. >> thank you very much, cochairs, commissioner wessel and commissioner helberg comfort by me to the hearing today. i'm the ceo of our company helps

position eliminate threats posed by software attracts people online. i test when will on china's i.t. products and risk they pose to americans users of data and privacy. so our research is given us an unprecedented loop into the techniques arenp adversaries use to steal sensitive information, therefore i'm going to cover the three important areas. number one, what our research has revealed on web tracking pixels the click sensitive informationn and make it accessible to entities under chinese jurisdiction, including the communist party of the chinese intelligence and the other authority. number two, number two, how software connected hardware has the potential to conduct and has been conducted equally damaging surveillance. anduagi number three, policy recommendations along the lines that the commission might make it to the congress.

so i will now start with the first part. we analyzed 3500 websites of major companies and government agencies to really establish the baseline data collection by tracking pixels. what is a tracking pixel? is a piece of code i website to track digital marketing campaigns, , ad campaigns, usuay remain on websites after ad campaigns and. found that bytedance tiktok clucks huge amount of u.s.-based users of data, even dated along to people who never signed up or ever used tiktok in their life. in fact, we worked with the "wall street journal" to inform government agencies that their sites were indeed activating tiktok web tracking pixels without their knowledge. so inwl march of 2023, less thaa year ago, tiktok was collecting user data on approximately 7.5%

of all of these business and government websites that looked at. by december of 23 the presence of tiktok pixels increased by 75% on financial services and banking sites rising from five to 8.5% of all site and increase by 178% 178% on healthcaree provider websites rising from two to 5% in just nine months. so while tracking pixels collect data for legitimate purposes, that collected data can also be used for illegitimate and defer purposes including spying ininterference in elections, spreading campaign ads and illegal surveillance. for instance, tiktok tracking pixels eyesight of the loaded on webpages where users enter their logins, passwords, you know, schedule a doctor's appointment or renew license or buy an airline ticket amongst any other things. and tiktok sees everything that users enter into those online forms.

and i'd like tracking pixels from other similar companies such as meta, what we saw and will be found is instances and tiktok also collects information that is shown to users on the pages themselves. so it's not just adds information. given this, it can capture various personal information, information such as search keywords that you enter, search results that you see on the page, purchases, transactions and any other information you exchange on or were shown on a page. the below real life examples on the screenshot and the testimony shows that happening on appointmentcr booking page for a healthcare provider. so overall, collection of data is a new overall for social media companies or data brokers. because tiktok is governed by china's cybersecurity law which requires all chinese companies to share the data with china's authorities, which are under the

ccp's control. it creates a large risk. for example, in 23 tiktok admitted to using application of dentist by oculus, specifically and place of tiktok's chinese parent company bytedance access data to track reporters physical movements. additionally, just on january 30th a couple days ago wall street journal reported that tiktok's workers are sometimes instructed to share data with bytedance employees without going through official channels. number two, another channel for china's surveillance backdoors in smart devices and appliances that can be used to allow someone to turn onme the camera, microphones, and silently modify software that anyone's permission to do whatever the vendor wants to do. .. backdoors that enable

chinese operators to silently modify software and take screenshots, and upload those screenshots to services in mainland china. last week, radio freedom published findings that there are tv cameras that still uploaded videos to their servers even after users disabled the >> to disable that feature. and also, these cameras have been found and to be used in russia in the second bombing of ukraine that killed civilians. and mainly tv's, refrigerators, speakers, even light switches, controlled by software and can be manipulated by chinese companies that control them which makes them particularly

useful for silent surveillance. what can be done about it. the ccp has created channels doing it by embedding their software into building blocks. and our existing regulations do not adequately protect data against surveillance by china while creating a nightmare in terms of compliance and cost for businesses that follow the law. so, i have four recommendations. number one, establish clear rules for everyone that are compatible with other major regulations such as the european gdpr and other rules. prohibiting granting access to and transfer off u.s.-based user's data to entities who are under chinese control. number three, companies should be required to secure the technology supply chain of u.s.-based users date a creation to data destruction,

and number five-- number four, accountability, companies who collect data from u.s. easters should be accountable similar how the company executives are accountable for compliance with regulations. thank you. >> thank you. mr. corgan. >> co-chairs, and commissioners and staff, thank you for the opportunity to testify in today's hearing in this panel and two panels in this day. i'm currently a research analyst for the center of security and technology at georgetown, university where i study the u.s. eco system, the flow of tech talent in the united states and u.s.-china competition, and today's opinions expressed are my own. for manufacturing technology and services itcs across u.s.

digital networks. i'll begin with u.s. technology procurement, and challenge of implementing the policies-- >> we will leave this program briefly here to hear from senate majority leader chuck schumer after the senate approved funding for israel, ukraine, and taiwan. this is live coverage on c-span2. >> how many got more than three hours' sleep. raise your hand. well, thank you all who had to stay up. all right. so good morning, everybody and thank you for joining us after a long night. today, after not just a long night and weekend, but after months of work we can say it's been worth it. today we witnessed one of the most historic and consequential bills pass the senate, a bill so greatly impacts not just on national security, not just the security of our allies, but

also the security of western democracy as we know it. tonight, finally, america led the way for freedom and democracy and with this bill, the senate declares that american leadership will not waiver, faulter or fail. today the senate keeps its word to ukrainians in need, desperate need of supplies and ammunition, to innocent palestinians civilians in need, so much need of relief, to israelis in need of support and to u.s. service members on patrol in the indo-pacific, the red sea and around the world. today we sent a clear, bipartisan message of resolve to our allies in n.a.t.o. with the strong, bipartisan vote in

the senate, it's clear that if speaker johnson brings this bill to the house floor, it will pass with that same bipartisan support. the responsibility now falls on speaker johnson and house republicans to approve this bill swiftly. and i call on speaker johnson to rise to the occasion, to do the right thing, bring this bill to the floor. as i said, given the large, robust majority here in the senate, it is clear that if that bill is brought to the floor, our bill is brought to the floor, it will pass. but if the hard right kills this bill, it would be an enormous gift to vladimir putin. it would be a betrayal of our partners and allies and abandonment of our service members and as i said, i

believe if this bill is brought to the house floor, it will pass with strong, bipartisan support. there are large numbers of democrats and republicans in the house who know we have to stand up to our responsibilities and aid ukraine. i thank all of my colleagues in the senate who supported this bill. thank you to senators murray and murphy, sinema and lankford, collins, leader mcconnell as well and thank you to the senators and staff who worked through thanksgiving, christmas, new year's and even the super bowl to get this done. finally. these past few months have been a great test for the u.s. senate to see if we could escape the centrifugal full of partnership and summon the will to defend western democracy and our own country's values when it matters most.

today the senate passed that test and makes me proud of the senate. today the senate makes sure that the united states is closer to meeting the monumental and consequential moment that we are in and now it's up to the house to meet this moment, do the right thing, and save democracy as we know it. questions? we'll take this subject first. ryan, go bills. >> next year. >> you're wearing your ukrainian outfit. mine is on purpose as you can probably tell. >> speaker johnson has already put out a statement great skepticism with the package. will you speak to him directly and if you do talk to him directly, what will your message be? >> my message, i would hope to speak to speaker johnson directly and my message is this is a rare moment where history is looking upon the united states and seeing if we will

stand up for our values, stand up to bullies like putin and do the right thing. i will say to speaker johnson, i am confident that there's a large majority in the house who will vote for this bill. i am confident there are many republicans in his caucus. i know, i've spoken to a whole bunch of them who feel strongly we ought to pass this bill and i will urge speaker johnson to step up to the moment and do the right thing. >> yes. >> do you think it's time for the white house and speaker johnson, and with the-- >> i think the house should pass the senate's bill. it's been through lots of negotiation. it's got a large robust vote, 22 republican votes in the senate, they should pass this bill. >> are you ruling out adding any border security language to this bill, either through

amendment in the house or congress negotiation, ruling out anything-- >> look, the bottom line, this bill passed with a majority. and we cannot dither back and forth. we must pass this bill. we democrats as you know were willing to go steps and a bill supported by the wall street journal editorial page a bill supported by the border patrol union, very much a republican organization, supported by the chamber of commerce and unfortunately too many republicans succumbed to administration of donald trump and too many who said the border is in an emergency. in his own words, crass political purposes, let's delay this for a whole year because

it might bring me help in my election, that's not going to wash with the american people. >> would you encourage house democrats and others to discharge petition and if speaker johnson doesn't-- >> i leave that-- i speak regularly to hakeem jeffries, maybe as much, maybe as much as i spoke with speaker pelosi, and his great help in getting this done. >> this funding, ukraine through the end of the year, how long do you think the u.s. needs to fight ukraine's fight and how do you build a coalition given this took several months to build for the next round of funding? >> i think that the strong vote, particularly on the republican side in the senate, despite the fact that they're, you know, punitive presidential candidate argued so strongly against it gives us more momentum and i think that it will be, if we have to pass future aid to ukraine, it will be easier, not harder, but right now this is a robust

package that lasts until the end. year so i'm glad it was full and robust, yes. >> when you come back from recess, it will be a very short period of time until we have government funding deadlines. where does that stand? and what are your thoughts on that. do you think that ukraine aid, would you like to see that possibly rolled in. >> first, patty murray and susan collins are working as a really good team together. there's broad support in the senate and i believe in the house where we worked with speaker johnson on the last bill, to not shut down the government and fund things. we've done our 302a's, 302b's, and almost as we speak, maybe not early this morning after we were all up last night, but as we speak in day-to-day talk, they're working on getting these bills done. so i'm very optimistic that we can get them done by march 1st. as for adding one they think or another, we'll have to wait and

see. the first step, the next step is for the house to bill the house the senate passed. >> former president trump seemed to suggest the other day he might want to see foreign aids be turned to loans and this package would that be a nonstarter? >> look, the house should pass our bill. it's been through the crucible of four months of negotiations and ups and downs. it passed the crucible on the republican side of almost a majority of republicans, rejecting the results of their punitive presidential candidate. we ought to stick with this bill. i mean, no one even knows how this loan program would work, you know, because donald trump says something off the cuff doesn't mean republicans should march in lock step to do it. >> and polls shows that voters president biden, the state of his memory, you deal with him a lot what is your personal information on that and what

about your practical political concerns that he might not be able to get reelected. >> okay, on the first one, i talk to president biden you know, regularly, off, sometimes several times in a week, usually several times in a week. his mental acute is great, it's fine, as good as it's been over the years. i've been speaking to him for 30 years since we worked on the brady bill and the assault weapons ban when i was a young congressman and he's fine. all of this right wing propaganda that his mental acutety is wrong. he's going to win because of his record, because the americans see the record, the economy is improving, and a large number of republicans fear a donald trump presidency for the future of our democracy. >> last one. >> you talked a little how trump was able to influence or attempt to influence this

negotiation, is that something you're expecting to deal with for government funding, everything else this year, the trump factor? >> look, donald trump inserts himself almost always for his own political purposes and it's no way to govern and i think the american people are getting wise to that. thank you, everybody. >> thank you. >> thank you for staying here and for next year, go bills. >> go bills. [inaudible conversations] >> the senate is now in recess until monday, february 26th after this morning approving 95 billion dollars in aid to israel, ukraine and taiwan. as always, live coverage of the u.s. senate is here on c-span2. and we'll now return to the conversation and issues that are affecting u.s.-china

competition. >> on the growth of ecommerce websites like sheen and timu, reports related to those sites. how do we manage this moving ahead and what are the risks to american consumers by using these kind of chinese e-commerce websites? what are the risks to our national security? what's the kind of data you believe that some of these companies may be sharing with the chinese government and what is the liability? >> thank you for your question. there's a lot of really important topics that you've raised. i will try to address one by one. firstly, why it is a risk is that information and then data that is collected by all of us,

americans and everyone else broadly, is accessible to any government agencies or any entity in china and it has been used or it has been reported to have been used for spying already. secondly, beyond just spying, calling it just spying, it can be used and probably, i'm speculating is being used to train ai. and know more about us than we know about ourselves and with a can happen at one point is that they will know more about us than we know about themselves and then they will always win just like a chess game. thirdly is what kind of information we have seen and what information they can collect and we have seen them collecting, is everything that-- for example, online that you type into forms, that you see on a page, can be collected and we've seen it being collected so they know everything about

you or anyone-- all of us already maybe today or sometime in the near future they will know everything and how that can be used against us, just like in opening remark, i heard obviously about president eisenhower's remarks, the next war will not look like the previous war we might as well being already in the middle of a war and we're already in the middle of a war, but in their eyes we are their enemies and they are using that information against us. >> thank you. i have a follow-up. i can sense your frustration having worked on these issues for the last 20 years or so related to the fact that we have a lot of laws and mechanisms in place and either inability to enforce or the willingness to effectively enforce and i was reading over your recommendations about our

various laws related to the prohibition of certain chinese hardware or software and thinking about the globalized supply chain especially is the economy in china is transitioning. how difficult this would be to fully implement. i'm also thinking about american consumers who are purchasing items that are internationally direct ship mailed through deminimus, shipping, and how to address the problems. can you comment on that. >> even items in the inspected, we're not doing the kind of inspection we need to to make sure that they're not embedded with hardware, software, to interfacing threats. i think that one of the ways that makes some -- we can't pull the rug out from under us

overnight and this problem has been in the making for years and years and years and the chinese are lying in wait. they have the laws that mandate that every company in china do carryout orders of the ccp and do what's in the ccp's best interest and a lot of sticks that the chinese government has if the companies don't comply. so, you know, i want to touch on a worse case scenario to underscore the fact that these threats are real and they exist. china's written about, you know, what cities to bomb in the united states to wipe out how much of the population. they can easily turn off the chips in our cars so we can't get away, turn out the power grid, contaminate the water, and have a captive population so they can bomb us. this is not unrealistic to think about, but i also want to underscore that the government is not -- is stalling rather than dotting the i's and crossing the t's and the best example of that i promise i'll be quick is the fact that everybody's keen on yelling about tik tok, but we don't

even use the litigation proof legal authority that we have to put the bytedance on the entity list and at trophy the app over time. this is stalling and punting because the government doesn't want to be the one responsible for causing sort of economic harm and the only way to mitigate na is phase in restrictions, to blanket restrictions, the sectors we can't have the chinese components anywhere and space it over time so the economy adjusts. thank you commissioner. i have a lot of questions so in the interest of time i kindly ask our witnesses to keep their responses to yes, no, or unsentence where appropriate. according to pure research 43% of tik tok users receive their news from tik tok. than the total number of views combined usa today, fox news, guardian news, cnn, wall street

journal combined. when do you say we started treating tik tok as a news platform in this country? >> should we be treating it, was that the question? >> given the fact that a majority of americans now get their news from tik tok, instead of viewing tick-tock as a purely social media platform wouldn't you think it's time for us to treat tik tok as a news platform? >> one thing, the news outlets also figure out what to cover because what's trending on tik tok which is terrifying. i think the only treatment tik tok deserves is an ultimate ban. i don't want to treat it as anything except a prohibition, thank you. >> would it have been the right decision to allow the soviet union to own cnn and ff-- and haven't we had a foreign war on media in this country, and we know that they use media

propaganda to hurt it. what's the difference between social media and media? to allow our country's largest news to be controlled by the chinese communist party? >> we shouldn't allow it. we should have the outright prohibition and i want to underscore where it's fallen short. the approach that they take is unnecessary, it's a weaker approach and we need to go in with a stronger hand. these are real threats. >> and as an attorney, is perjury a felony punishable by time in prison? yes or no. >> yes. >> the ceo of tik tok said under oath that quote, american data has always been stored in virginia and singapore, end of quote. on may 2023 forbes investigation showed dater was

there on create. doesn't at that sound like perjury to you. >> 100%. >> adios tapes by buzz feed 14 statements from nine different tik tok employees that chinese had user dating data. help me understand why it's not perjury. >> it is perjury, tik tok knows that the u.s. government doesn't have the backbone to prosecute it so feels emboldened to continue with the misinformation. >> in one tape discussing access to u.s. user data referred to a beijing engineer as a master admin who has quote, access to everything. to me it feels like perjury, smells like perjury, does this panel agree? >> absolutely. >> yes. >> china has banned every

american content platform in china and yet we give them unfettered access to our market, our data goes in, their propaganda, and our data goes out and their propaganda goes in and doesn't sound like a good deal for the american consumer. does this sound a ban of chinese social media apps in this country? >> absolutely. >> yes. >> with all due respect, this is outside of my area of expertise, i don't care to comment. >> does this panel agree that our reliance on chinese supply chains makes our country vulnerable to the chinese embedding back doors into our electronic products and does the panel believe that the congress should consider concrete steps to incentivize u.s. companies to shore their supply chains outside of china. >> we know it's the tip of the iceberg and yes, the congress needs to move and executive branch needs to move. >> 100% i agree. >> i agree, the executive

branch should look to reshore technology. >> do you believe that terrorists should be part of the consideration for the solutions for the policy makes. >> tariffs are part of the solution, but allows the importation at a higher cost. the threats are grave, every single tool in our tool chest should be taken out and used. >> tariffs is outside of my area of experience. >> also outside of my of area of expertise. >> thank you, commissioner price. >> good morning and thank you all. your testimonies were very, very helpful. my colleagues have asked some of my questions so i'm going to go back to a few of them, but before i do that, i need the remedial explanation, remedial

course about the pixels in tik tok and how those-- how it gathers information from people who don't have those apps on -- on their computers, on their phones. >> thank you for asking. what is a pixel? it's a term to a piece of code that is loaded by the page when you open your browser and you go to your doctor's appointment page to book an appointment or buying something online or logging into your bank account and companies use pixels to advertise and to understand if money is actually working properly for them. if advertising contains our effective or not effective and many other purposes for pixels. what they specifically do, they're loaded into the page and they have ability and they do observe what users do. are you scrolling down to the page, are you clicking on any

particular buttons, are you typing in your pass words or e-mail address, are you entering your e-mail, credit card information and so on. so they do see all of that information. often they collect and send a copy of that information to themselves. so therefore, they will know or they know which websites you visited. if you use the same e-mail address logging into two different websites they now know which websites you visit $and just a simple example, hopefully that's clear. >> it's, i think the confuser part how if you don't access it how it comes to you anyway. >> let me clarify that part. so pixels are running on websites and they send information back to tik tok or any other data brokers. now, if you never use tik tok app, they still track you on every one of those websites you visited that they have a pixel and they know that you visited each of the websites and you

never have to use tik tok itself because they now know your e-mail address, first, last name, your address, your i.d. address and everything else around you, as a digital entity, and adigital persona. >> and those websites that have those pickles hanging-- pixels hanging out for lack of a better word. those websites are they aware? do they get compensation through ads or does it just happen by itself. >> sometimes they are aware, sometimes, in most cases they're actually not aware that those pixels are loaded by intent and forgotten like pieces of technology on and active and sometimes loaded by accident or incidents or without website owner's information and knowledge. >> thank you, to everyone, i think that as we continue to

have conversations about concerns over all of this technology and correcting all of this data, i think it's clear to most americans why this matters on the security realm, but how would you address this so that they were concerned about what it means for their personal information? what is the impact of others having-- or the chinese communist party having this kind of information on them? like what, where they shop and what kinds of things they buy or what music they listen to or what have you? >> so our adversaries have talked about information or their information campaign. it stems all the way from, you know, what children are exposed to, the kind of news we get. most fundamentally what i see is sewing a lot of discord into the united states. if we're fighting within each other and the laundry list of what we're fighting about keeps

growing because they're infusing sort of inflammatory sentiment into our eco system, the more we let that happen, the more we're at each other's throats and this is by design so we don't form a united front against the common adversary. >> i completely agree with that statement and what information even collected on pixels can provide and has been providing is information of what do teenagers or anyone else are reading, which pages they follow, and which pages they visit that creates a lot of powerful insights and data about creating discords or other conflicts in our societies. >> i don't really have much to add. i think that's everything that they've said i would agree with. >> thank you all. >> commissioner schriver. >> thank you, and thank you to all of our witnesses for your excellent statements and your

contributions today. i have a quick question for each witness. nice to see you again and thanks for your service. i want to follow up on a line of questioning of professor friedberg about the will, and made an information nobody cares about compliance cost when it's in the realm of environmental protection or security. isn't it -- is this the only area of compliance we're overly burdened by the thought of the cost we're not taking action. it goes well beyond environmental, there's ada compliance, all kinds, does this strike you as pseudo generous? >> there's expert control sanctions and all, always sort of complaints, but it's just that the f.d.a. is another example. there are areas where there's regulations and like for human safety and it is astounding to me how industry accepts it.

they complain slightly about it, but they accept this is a necessity that gets where to x. y and z. juxtapose that in terms of national security and it's astounding and i think the industry does that because the narrative works. so they keep doing it. they know it doesn't work with the f.d.a. they know it doesn't work with customs very much, it doesn't-- on the national security front so we're em boldening industry with this narrative and we don't have the capability to understand that there's nothing wrong with compliance costs if there's an end-game and here it's national security. >> thank you, thank you. and i'm going to paraphrase one of your recommendations. you said something to the effect that any entity that will store personal data should bear the responsibility of security and protection of that data. given what we've already discussed about the

relationship between the party government and chinese entities in china, is there any conceivable scenario that a chinese entity could meet your standard of we guarantee protection of this data? >> thank you for the question. the second kind of follow-up question will be what are the clash of rules, that chinese law requires companies to disclose that information. >> that's exactly the point. >> and which one will prevail and hypothetical scenarios, the ceo of company x in chinese office and people from pla come in and knock on the door, what will that ceo do or that engineer do? and i think the answer is pretty clear here. >> that's the point i wanted to draw out. you're making a recommendation which in essence says really the chinese are not going to be able to meet for-- >> exactly. >> thank you. mr. corgan, again, paraphrasing one of your recommendations, you said when it comes to

procurement bans and other regulations focus on particularly critical sectors while not impinging or harming nonsensitive business areas, again, paraphrasing, that conceptually makes sense. a bit of goldilocks and the right entities and protect the others, but can you give us a sense what that would look like, in your mind the critical sectors? >> sure, they've identified critical infrastructures, i think that would be a good place to start. i think that the determinations i'm an outsider, looking in, i think that a lot of the regulatory have better understanding specifically what the risks are in different situations and i think that these, the determinations should be based on like the real risks that are being faced and the evidence that's out there for them. i think that just to kind of going back to some of the compliance costs and not

presenting undue financial burdens as much in the private sector, but i know with state and local governments these are vastly, vastly restrained. and they do think about security, but they have a limited budget with which they can approach those issues and when they are figuring out how to allocate those resources, from the folks that i've talked to, a lot of those are pouring those into defending against like very pressing immediate threats like ransomware. while they are a wear in some cases, not in all cases, but in cases that foreign technology present risks, to them the risks are fairly abstract and i think that's why you see them allocating the resources the way they do. if i can add one other point, i think a low like procurement bans should be viewed as one policy lever that can be viewed to address some of these risks. we've seen chinese actors access government networks

unauthorized through u.s. made technologies as well and i think that advocating for basic cyber hygiene, two factor pass words and --. >> thus, i'd just say if the risks are viewed as abstract we need to do more of this type of hearing and thanks to our co-chairs for doing so. >> thank you, commissioner schriver. commissioner? >> thank you for your testimony, for your long-term work. it's deeply appreciated. you know, look, we all know how complex this is and you know, we have been pushing for years in various ways as each of you have been pushing for years to enhance security and risks and et cetera. and we're still having this hearing today and you know, there's a lot of action that

needs to occur and this is sort of like trying to nail jello to the wall in some ways. you know, in thinking about what we're-- the collection issues and pixelated surveillance and i'm reminded of pixelated viruses which hasn't been discussed for a while and we could go into that today. i think we're the old line of you know, capitalists will sell the rope to hang themselves. and in looking at these issues for this hearing, it seems that we are also creating the problem ourselves and by that, i mean, i looked at data brokers. so, here we have, again, you talked about tik tok and the ability through pixels to collect information, you know, without knowledge. we h