a reminder you can watch this entire yvette online at our website, cspan.org. you can also see it tonight 11 thanks 30 eastern on c-span. ..

i think if sony would have come forward and come out and testify to the hearing we could have gotten a lot of answers that would have been very helpful. frustrated, concerned we will follow this and see why they say that consumers didn't have the right to be informed immediately, see if there is a

legitimate reason that they actively were still protecting consumers by their actions or if they are sort of creating greater jeopardy for the consumers. >> host: the fact of sony provided written answers, was that satisfactory? if you get asked to testify at a hearing by congress chances are you are going to come, correct? >> guest: well, you would hope and again i can understand sony's concern that they would be scrutinized very heavily and have some pointed tough questions that members would have asked. reading the answers, and there are still more questions that come out of the answers if they have provided to us that i think i need to continue to pursue. again recognizing you know, sony has a speculation about what happened and they are contending that they are victims here, but it is a two-tier victimization process. there is the sunnyside and then there are the hundreds of millions of consumers who are also potential victims here. so, the letter, the well worded

letter and quite detailed, but it still presents a lot more questions than it does answers. >> host: in fact, the chairman of the board of directors of sony usa wrote this to you. i hope you can appreciate the extraordinary nature of the events that the company was facing brought on by a criminal hacker whose activity was neither immediately nor easily accessible. i believe that after you review all the facts, you will agree that the company has been acting in good faith to release reliable information in accordance with its legal and ethical responsibilities to its valued customers. do you agree that the company has been acting in good faith? >> guest: again, if the consumer -- you remember the way in which sony notified their customers was by a blog post sort of a passive communications to the consumers rather than an active hey everybody let you know what happened here. something as simple as i use that password that i use for

everything and somebody just hacked into it and you know a lot of people might think oh gosh they have my records now. in my view, i feel safer because sony let me know this happen immediately. so the questions that all come out of this and the letters are a very long worded, you know, what did you know and when did you know it? but for me when sony says we we are protecting the consumers, can the consumer might want to know wait a minute, i too have the right to protect myself and all i'm asking and all i'm saying as a policymaker is should they no sooner? should they be required or should they be -- do their best to notify given the consumers idea of how they would protect themselves rather than sony being this provider of how they will protect their summers. >> host: mary bono mack is the chairman on commerce manufacturing and entry. also joining us, juliana gruenwald, tech and telecom rider writer for the "national journal." >> guest: high congresswoman.

what type of notification should they have made requiring users to seek information themselves quite what would what would youe them to have done? >> guest: well of course i would have liked to, to me it seems they could've let people know it little bit sooner. they contend and others who contend that there is a timeline that they need to allow law enforcement to come in and to to do their forensic analysis on what actually happened but you also have to ask yourself, does in fact by giving them a lengthy time period put more people in harm's way? so i don't know that i can identify specific times or specific manner, but i can speak to the voices of the consumer who are saying wait a minute i have a right to know to know as soon as possible as well. in this day and age, you said passive versus active notification. not too many people would spend the time perhaps if they are not blogging on or gaming, to go to a blog post, but if they get an

e-mail chances are they will get the e-mail and a much more timely manner and then they can make the decision again. i'm using this is an oversimplification, but if they simply say holy cow i use the same password for everything and therefore i can spend the rest of the day changing my password that is again an oversimplification but it is an example of why these questions are very important and the answers that we try tried to get out of them. i honestly don't know there is one set answer. >> guest: this data breach is just wanted many stirring of data breaches in recent years, including last month won by epsilon which is a major provider of e-mail services for numerous companies. some 40 states have passed data breach laws. this is not a new issue. why do you think congress has not acted yet? >> guest: first of all it is a growing issue and many think back to 2005 or a handful of years ago the data breaches were smaller and sometimes they involve hardware.

they would steal the whole laptop or steal the hardware. remember the case years ago about hard drives going missing from our nuclear laboratories. data breach is taking on a new role but these are somewhat silent crimes for many people. as a lawmaker, we don't hear about this until it is too late and nobody knows how awful it is to have your personal identification hijacked and used for dubious purposes until it has actually happened. so i think if sony case, these hundreds of millions of records, being out there and being potentially reached and harmed, think lowe or state hear from people and hear what a nuisance it is and then there would be a lot of actively engaged in the issue. >> guest: are consumers are adequately outreach? people are still getting hit over their personal data that they gave to these companies. do you think they be that consumers haven't gotten worked up enough about it? >> guest: that is a great question in a kind of goes to the whole internet experience.

we believe that when we are asked for our information that there is reasonable protection in place, and it is getting to the point when you hit the enter key you are crossing your fingers at the same time and that is not a good enough policy. we want to believe that those people who are asking for information take great lengths to safeguard it. so i don't know again if consumers are constituents are going to be outraged and tell this happens to them. but these crimes can appear long down the road and what is worse about them is they can compile and they can -- people might think the credit card i used on sony might be compromised but other data that they might have might it in hacked campaigns a pretty full picture of who you are elsewhere. so the length of the crime that could be committed i think are unknown. >> host: representive bono mack are you considering or what kind of legislation are you considering when it comes to data breaches?

how do you approach that? >> guest: where there have been a number of efforts in congress. some of them successful getting out of the house. there has been a good bipartisan effort, cliff stearns from florida has been a leader in bobby rush has been a leader. we want to continue to build on the work that they have done. it is always better not to reinvent the wheel but sort of take advantage of other people's work and move the ball forward. again it is a matter finding the fine lines to protect the consumer but also enable and enhance e-commerce. there has been a very good corps that has been struck between roadsides in the energy and commerce committee so piggyback on that to make sure that we are doing our best to protect consumers yet not given the way of e-commerce. >> host: could you foresee federal requirements for e-commerce companies such as sony? >> guest: well, i think the question is federal requirements in lieu of all of this patchwork of state requirements and many i believe most would argue that will simplify things to have the one regime to one set of rules

played by rather a patchwork at least 40 some odd states who are currently doing it. so the federal role here would be probably no greater and some would say the state should still have the ability to do more of the federal government doesn't do enough. but that would the the approach. >> host: is your approach congresswoman a bipartisan approach? is their partisanship on this issue? >> guest: there is terrific bipartisanship on it and furthermore it would be my goal to get the republican house and the democratic senate, but that in itself at the look of the people on the committee who are engaged in it to work quite well together, i anticipate it would be a very good bipartisan product. >> guest: if i'm not mistaken, the rush bill introduced last year was -- required security standards and an adequate level of security and notification of a data breach. based on the hearing yesterday is there anything that you would

tweet or is there any concrete idea that came out of that that needs to be added to that bill at this point? >> guest: there were some great comments out of the hearing yesterday and they think viola cosby hearing was a good one. the questions that came up to me and not having been really on the frontline frontline of the negotiations before, but some of the questions people are asking now are nuisance that bill. geo- locating, geo- tracking for example. yesterday we had testimony, justin bruckman brought up the fact of geo- tracking of white and the good and why people might want to do that. again, but goes back to the question of how carefully kenya craft legislation and how can you not basically have too broad a brush stroke that creates a bunch of unintended consequences but a lot of great suggestions and a lot of things that make you have to's and think and consider that really the consequences of all of this

legislation will. >> guest: do you think you should move on on its own or should it be part of a broader privacy legislation providing baseline protections? i know there has been a bill introduced and there has been talk of baseline privacy on the house. >> guest: i would like to see them move separately. i think a lot of the issues are different yet they sound similar and quite truthfully they can be confiscated to talk about it you realize privacy and production are found to be one. the data breach in the data security and we are talking about what sony is a little bit different than the other privacy issues and they both again have far-reaching consequences if you don't consider them carefully. the reason i would like to see them separate, that doesn't mean they couldn't be joined together, but eventually and of course whatever you have to do to pass laws sometimes you have to do. at the issues are somewhat different and it is good to look at them in a different life.

>> host: congresswoman you brought up geotracking especially when it comes to apple. is there a big rather quality and private companies having that kind of information about people? >> guest: well, they're sure can be and that is a great question. to me it gets back to what is the consumer aware that is happening to them and do they have the right to opt in and opt out and again for the consumer to understand the implications for themselves. geotracking of course gives everybody kind of a yuck factor like you think of a guy trucking around in a trenchcoat and there is a little bit of a yuck factor and you can understand the harm, the physical harm when you think of geotracking. yet, some of the things we do and the conveniences we have today are because of geotracking. we love our gps. when my daughter got her first car i couldn't imagine she would have a gps device where i could push go home and she would find

her way home. a lot of those conveniences too so again to carefully consider the consumers empowered with the knowledge of exactly what is happening, how they are protected and if they feel it is something that they want in their lives are not. >> host: this is c-span's communicators program. our guest is representative mary bono mack. she is the chairwoman of the energy and commerce subcommittee on commerce manufacturing and trade. we are talking about the data security breach hearing that was held this week in her subcommittee. juliana gruenwald with "national journal" is our guest reporter. >> guest: getting back to the tracking issue do you overall in terms of internet tracking, as you go from place to place on the web, in order to target ads, do you think that is something that should be regulated? do you have any thoughts on do not track and should that be left to the private sector to innovate on? >> guest: that is a great

question, juliana. i'm looking at it and looking at it very closely and again trying to separate out good practices from that in trying to protect consumer to make sure their on line experience is a good one and the data being collected on them is something they don't understand and can't participate in. for me, know the industry involved and there were quite a few different industries, they are all looking at this themselves to make sure that they are not overstepping their bounds or recognizing that if they do, congress is going to come in. right now it is asking the questions and then letting people understand and congress understanding too that there's a difference between the advertising and how it is delivered, the targeting that goes on and again the collection of data. it was interesting this morning to turn on the news and see the bureau reporting polling data from yahoo! search engine that released the demographics of who is searching for bin laden, and so the data that is collected it

is interesting and it changes, and with a targeted advertising, the questions are many and the issues are complicated and complex and yes we are definitely looking at it. >> guest: the federal trade commission has said they don't believe -- has worked. do you think, do you favor commerce passing baseline privacy protections and is that something your committee is going to work on? >> guest: again we are looking at it and deciding whether congress needs to act or not. >> host: do you hear from your constituents on the issue of on line by this he? >> guest: very seldom. you would be surprised. what i am enjoying a sort of the other side of that, how our constituency is really moving to the internet and they love the fact now that this is a shameless -- but they love the fact i'm on twitter and facebook and they love the fact that they can interact with us that way. we are hearing more and more from our constituents this way and by that nature those folks who are on the internet are more likely to sort of comment on

that. but the greater whole, i am not hearing a lot from my constituents at this point. >> guest: your panel has shared jurisdiction on privacy with greg walden, subcommittee, do you know if you would take a lead on that issue? >> guest: well, probably i would save me. i don't know if greg would say it. [laughter] i would tell you that greg and i are great friends and have been seated together on amer and -- energy and commerce committee for many years and we will widely recognized the boundaries of the subcommittees in the jurisdictions and work together to the greatest of our ability without any problem or any scenes in seems in between the two subcommittees. my subcommittee has jurisdiction over the federal trade commission. and greg for the fcc so the issues would break down along those lines. >> host: congresswoman, at

salon was also invited to yesterday's hearing. they didn't show. nor did they provide written answers. is that correct? >> guest: we do have a letter from athlon. >> host: free satisfied with what that's a lot had to say? >> guest: a lot of it is they are protecting themselves and understand that and a lot of the unknown factor about what is happening wyatt is happening, but i'm not satisfied because we don't really have the answers of how do we move forward and make sure this doesn't happen again and happen continuously and become basically an impediment or a barrier that prohibits people from getting on line whether the shopping on line or surfing the web or whatever their purposes are. i am not satisfied because i think the answers are important and this is not to point their the fingers at salon and sony who are victims as well but again we need the answers beyond that on crafting wise policy and holding their feet to the fire. going back to sony in their letter and their response to congress, the steps they have

outlined since the breach our commonsense. greater encryption, having a specialized person to oversee security. the four things they talked about putting into place, one would think they should have done a long time ago specially when you are guarding 100 million customers. you would think these basic items they would have done long ago. so they answers, the testimony are about moving us forward in a way that really makes people safer. >> host: one of the things i noted in the sony letter and i think in your testimony was that not everyone's credit card was active or they got ahold of everybody's credit card. is not sometimes the date of birth and some of the other personal information that is more dangerous than the credit card? >> guest: that is a very important question and even sony cannot say whether or not credit card numbers were taken. but all of those other questions, it is not too hard to

paint a picture of a person and their entirety by gathering data every bit of data about you paints a greater picture of you. the security questions that are asked now, it is worth asking the question. now you log on and you say what school did you go to and what was the name of your first pet? you are creating more of a database that is you, that is out there. so the questions are very good and very valid and there is a children's toy that you can get. don't asked me how that you ask a 20 questions. you think of something in your head, whatever it is, a bread box and the gizmo afcee 20 questions and it will identify that gizmo every time. i think about that when i think about our on line safety, on how many questions you need to have out there in cyberspace before you have created a real person and a real identity that you can open a mortgage with, a credit card with, whatever does it is you want to do, get a passport,

those questions. >> host: when it comes to your constituents have you had constituents to contact you and say my identity has been breached and i need your help? what is a process like for you as a congresswoman? >> guest: first of all i would have one of my caseworkers do their best in every congressional office and this is a good thing to bring it. every congressional office we have caseworkers who help with all of this as far as the interface with the federal government that i can tell you it is a nightmare for people and the amount of time and effort that is spent for people to clean up their identity or their credit history or whatever happened to them can be countless hours. to add that in take-out out of somebody's life, it is quite a hassle and sometimes they can take a long time time and a long time to clear up these things once they are negative. >> host: as we move closer and closer and further and further into cloud computing, how does that play a role in security? >> guest: well, that question

came up yesterday in the hearing and the ftc contended cloud depending on where the server was located didn't change things, but cloud computing is, it is again a great thing. is a very useful tool and we should kick around what it means to be based in a cloud. what is interesting now is how many of these services offer like a sword of all of your data and all of your files. there are even programs where you can have them keep ahold of all of your passwords in one convenient place and you are expecting them protect you and protect your data. i think that is the question again, do consumers expect based on how much legal weight or authority is behind an agreement when you sign on with any of these guys. i don't know if it is cloud-based or not, but the questions are pretty much the same. >> guest: what should companies do to make consumers will hole when a data breach

happens? should they be offering credit monitoring, you know, help but there was an i.d. theft as the result of information being stolen? what do they need to do? what is their responsibility besides just letting you know what happened. >> guest: great question. i have alluded to the company who had the breach occur should do everything they possibly can to make sure the consumer doesn't have anything they could have happened to them and i know sony has offered credit reports and credit checks and trying to be helpful in that regard. hopefully they will actually have some caseworkers of their own who if they should happen to become a problem where they can help take some of the burden off of people in man-hours. the people who are working 40 and six year were workweeks and spending 10 hours a week trying to create, cleanup the mess, perhaps sony and others could offer help in that regard. the way my caseworkers do. >> host: congresswoman have you learned anything from the secret service yesterday?

>> guest: i did but it is a secret. [laughter] of course and what is interesting and the chairman of the committee and the different jurisdictional aspects is when is it at the eye and when is it the secret service and the level of involvement and direct the guys too that this is one area of cybersecurity cybersecurity that is important but really can go on to a matter of national security and to recognize all of the layers and the entities that are involved. so trying to get those answers from secret service i think were the most helpful not that i clearly understood what he was saying about all of when he would talk to one or the other. but you can tell there are a lot of very serious, very capable and very good people who are focused on this issue and secret service clearly made that known. >> host: on the flipside, the criminal side or the penalty strong enough right now as they exist for hackers and if they are from out of this country,

what do we do? >> guest: well i don't know that i have that answer, and this is a worldwide issue and the hackers are often time as we know from out of our country. i think it is something that we should explore to deter people from just being hackers. it is interesting because sometimes these folks are just doing it for the malicious side of it because they can, because they are brilliant. i think when you are out there in the world saying that if we created such a great system that no that he could hack into it you are inviting other brilliant minds to say let's test that in secret is cebit is right so there has to be deterrence from people doing it and they have to be tough and severe because it is happening more and more. >> host: would you think of sony's argument that this happened because they were challenging illegal copyright laws? >> guest: sony has intimated that might be quiet, that anonymous -- and i don't know

and they can speculate that but they haven't proven it yet. i think sony's effort there is to play the victim and into say hey we are the victims of some other bad guy and i think it is important to remember that but there's somebody out there who has decided to target sony and who has decided to do that so we have two sides to this. the hacker hacking sony and sony protecting the recklessness which with they might might've helped the data. sony contending that it was this group that is going after them because they had a lawsuit based upon property protection, i think the point is to put out there in the consciousness that they are the victim too. they still have to prove that point. >> guest: do you anticipate more hearings or do you think sony are at salon are these companies will show up? >> guest: we can tell them. we could if we wanted but at

this point sony and athlon have not indicated they would not cooperate further, so if i believe if we asked sony back or at salon i believe they would come. it is my intention to stay on top of the issue and to stay engaged in to really be focused on it to the point of calling sony and up salon back to be neither one has said absolutely not no way, no how. >> the u.s. does not have a single agency in charge of data protection like europe. is a time? >> i don't know and again i would defer some of that to the judiciary committee or even homeland security, because the issues are buried and they are different and i think just by that nature i would think we would have compartmentalized it a little bit more but i haven't delved into it enough to know. again, recognize when you look at some of the cyberattacks elsewhere around the world they were not as aced upon

necessarily what the sony breach was based upon but sometimes they are actually security related so just by that nature i would think you'd keep a separate. >> host: we have time for one more question, juliana gruenwald. >> guest: another issue you have been active on is internet governance and you have expressed concern about the united nations wanting to take over some functions of managing the internet and i believe you have a resolution introduced earlier this year on that resolution. can you talk about how you got interested in that issue and what your concerns are? >> guest: i think we as americans right now must take great satisfaction in watching around the world as people start expressing their voices and pleading for democracy and so often now we are hearing that it is coming because of their efforts on twitter and facebook whatever social network you may use. i think it is in our best interest that we continue to support the internet from a

ground-up base platform where the people are the voices. i have a fear of the united nations being a regulatory body that has the right to say anything about the internet, and what are resolution was doing was expressing the united nation should not be involved in regulating the internet. to me the thought is just very frightening. >> host: >> host: representative mary bono mack is in her eighth term in congress. she represents the palm springs area california and she is the chairman of the energy and commerce subcommittee on commerce manufacturing and trade. thank you for being on "the communicators." juliana gruenwald has been our guest reporter.