organizations that specialize in cybersecurity take on oak ridge national laboratory which has a important role in the department of energy's fulfilling the department of energy's responsibility to secure our electric grid from cyber attacks whether by enemy nations or cyber terrorists. oak ridge national laboratory was itself successfully cyberattack just last month. or one that's been widely described in the media, a company whose secure id program used about 40 million entities at -- users of 30,000 companies including parts of the federal government. and that -- those parts include the social security administration, department of defense and the united states

senate. rsa had valuable information stolen from its computers that could compromise the systems and actually be used in future tax. so the bottom line, and these are just a few examples, and again, these are examples of the public record. if we don't do something soon, the internet is going to become a digital dodge city. cyberspace is just too important to modern life for us to sit back and allow that to happen. this is a place that really cries out for the law. it's time to say if i may continue the dodge city metaphor that there is a new sheriff in town and we are going to have some law and order a round here and we can do that of course with a compromising the fact alongside elevating liberty and

privacy. the recent release of the white house's proposed at first security legislation is a very important step in that direction. i think it represents a turning point in our efforts to pass the strong measures we need to protect consumers, businesses, critical infrastructure and our national security from cyberattack site terrorists, spies or crooks. i am pleased not just by the appearance of the had been a station cybersecurity legislation, but by its substance. the president's proposal is similar in many ways to legislation this committee reported out earlier in this session of congress. and where there are differences i think we can work together to find agreement. so in this regard we are very grateful to the witnesses for

appearing before us today this is the first public testimony that the administration has given on its cybersecurity proposal since it was released. one important area of agreement is the recognition that the the part of homeland security must be given the job of protecting of the .gov and domains. a crucial part of this job will be for the dhs to identify critical cyberinfrastructure. the systems or assets that controls things like power plants, electrical grids and pipelines that have commandeered by our enemies could lead to have a command of course death and destruction. the dhs needs that authority and also the ability to evaluate the risks to the systems once the

systems at risk of been identified their owners and operators under the proposal that we have made will be required to develop plans to safeguard their systems. those plans will be reviewed to ensure they are actually improved security. review dinallo proposal by the department of homeland security, in the white house proposal by the government accredited third-party evaluators. just last week, if i may as and our role of the oversight committee in the problem of homeland security to say that we sought in a sample of why this kind of planning is so necessary and why the department of homeland security has raised itself to a quality of performance that it deserves to have the job. a private researcher apparently discovered a major security flaw in a widely used industrial control system and planned to present the research at a

conference. when personnel at the department of homeland security discovered this and explained to the researcher how dangerous it would be to have this information, out in public before the security force had been patched, she voluntarily canceled his talk. it's very important because there's another security expert that said that this particular vulnerability, and i quote, this is different from simply stealing money out of someone's bank account. things could explode. besides securing critical infrastructure, our bill and the white house bill would direct the department of homeland security to work cooperatively and on a voluntary basis with the private sector and state and local governments to share cybersecurity risks and best practice information. the white house proposal also

clears the way for industry to share cybersecurity information without having to worry about running afoul of the various privacy statutes that in pete -- and peaden formation sharing now. the business and government communities would be free to use this advice as best suits their needs. there would be no one-size-fits-all mandate or dictates. both the white house bill and our committee will also continue robust privacy oversight to ensure that our broad cybersecurity efforts to not impact individual privacy or civil liberties and finally, both of our proposals would also reform and update the federal information security management act to require continuous monitoring and protection of our federal computer networks and to do away with the current paper based reporting system. no one key difference between our bill and the white house proposal is that our legislation

creates a white house office of cyberspace policy with a senate confirmed leader. we believe the stakes are so high when it comes to cybersecurity for the country that whoever holds that position should be confirmed by the senate and therefore accountable to congress. our committee bill would also clarified the president's authority to act in the event of a true cyber emergency. while at the same time ensuring the president can't take any action that would limit free speech or shut down the internet. in its original version in this section was in our opinion misconstrued and we tried in the language reported to reassure everybody about the limitations, the very limited circumstances under which the president could act in the limited range of his actions. the administration on the of the

hand and i will be interested in discussing this believes that additional statutory authority in this regard is on necessary because of the president has the authority that we give him and this proposal already an existing blah, blah. bottomline, the internet is a thrilling new frontier of our age with a plug in population of almost 2 billion now and that number is growing every day. the internet has created a revolution in commerce communications and entertainment, finance and government. really just about every aspect of our lives. but what we are saying is that it need not in fact it must not be a lawless frontier. i believe that with the proposals we have in front of us we can bring about the needed change this year to make the internet safer and more secure. the majority leader senator reid

has taken an active interest in this legislation. it remains a priority of his for the session and i said to him i believe it's the most important piece of legislation coming out of our homeland security committee in this session. he's working, i am pleased to say, with of the republican leader, senator mcconnell, as senator collins and i of course have worked together. there are five or six different committees in the senate that claim some part of the jurisdiction over the subject matter and i believe it is the intention of the bipartisan leadership of the senate to establish the process by which all those committees can as quickly as possible to negotiate the bills that have come out of the committees which can bring it to the senate floor as quickly as possible. we have had a very successful round of negotiations with the commerce committee which is the

other committee claiming a major jurisdiction here and we have resolved just about all the difference is, not everyone but just about everyone that we had between us. now before i yield to senator collins i want to take a moment to thank phill reitinger under secretary of the national protection programs to the director has done a great job in a relatively short period of time elevating the quality of the cybersecurity operation at the dhs and has been a leader in crafting the white house proposal including working very productively and cooperatively with our committee so we thank you for that and with the bill finalized as most in the room know philip has decided to move on to the next great chapter in his life i'm not going to have him and drove to declare a exactly what will be but whatever it is we wish you well

and thank you for your public service which has made a difference to our country. senator collins? >> thank you, mr. chairman. let me begin by saying the volume very pleased that the administration is now fully engaged on the imperative issue of drafting and passing cybersecurity legislation. experts tell me that the cyber arena is where the biggest gap exists between the fretful and vulnerability and our level of preparedness. virtually every week we learned of another massive cyber breach. the company that authenticates users seeking to access senate networks as the chairman indicated sony's online gaming network was breached. this morning we read in our

newspapers that the repressive government of syria attacked the social media sites of dissidents and protesters. the truth is the number and sophistication of cyber attacks continue to grow each and every day. small and medium-sized businesses and our country lost more than $11 million over the past year in online scams in which stollen banking have credentials were used for wire transfers to chinese companies. the annual cost of cybercrime has climbed to morgan $1 trillion. and according to the alarming testimony last year from the senate arms office on average

each month 1.8 billion cyberattack said target the computer systems of congress and the executive branch. unfortunately, the government overall approach to cybersecurity has been disjointed and uncoordinated today. the threat is simply too great to allow this to continue. the need for congress to pass comprehensive cybersecurity legislation is more urgent than ever. so i am pleased that the white house has now joined the efforts that this committee is undertaken over the past two years to develop a bill to help safeguard the american people from a cyber 9/11. i'm also encouraged that the administration's approach is similar in many respects to our

framework. both bills call for a strong public-private partnership to improve cybersecurity. our bill would bolster sharing within the private sector and across the government of the actionable threat intelligence that would help protect the private sector from advanced cyber threats. it would direct the department of homeland security to collaborate with the private-sector to develop and promote cybersecurity best practices. like our bill, the white house proposal recognizes that the department of homeland security should be the appropriate agency to lead the federal effort to secure federal civilian agencies. the .gov domain as well as the infrastructure in the private sector and the public sector against cyber threats.

i believe that server security at the dhs must be led by a strong and in power director who can close the coordination gaffe that now exist. this leader should report directly to the secretary of homeland security and also serves as the principal was adviser to the president on cybersecurity. to me, the best construct which is not included in the white house proposal is modeled on the national comforter was in senator come and would apply a multi agency approach the would be within the dhs to this issue, and i look forward to exploring that issue with our witnesses this morning. on a positive note, the administration's approach to the security securing the nation's most critical infrastructure is very similar to the risks faced

approach in our bill. our bill differs, however, in providing liability protection as an incentive for companies to maintain continuous compliance with risk-based performance requirements. we should also detail the extent of the president's authority to deal with cyber emergency. as the chairman pointed out, our bill has explicit provisions preventing the president from shutting down the internet. it also places limits on the length of any emergency actions, requires reporting to congress, ensures remedial actions are the least disruptive steps feasible, and includes privacy commissions, buy contract and i must say this baffles me, the administration appears to be

relying on out motives yet potentially sweeping authorities granted in the communications act of 1934. i want to emphasize that day to point out just how outmoded those authorities are. our bill explicitly calls for the development of a supply chain strategy to leverage the federal government body in power to drive improvements cybersecurity. this would have beneficial ripple effects in the larger commercial market. as a very large customer the federal government can contract with companies to innovate and improve the security of their i.t. services and products. these innovations could lead to more security baselines for services and products offered to the private sector and the

general public without mandating specific market outcomes. in addition, our bill would get dhs the authority to hire and retain highly qualified cybersecurity professionals. i look forward to discussing these issues with our witnesses today, but most of all, working together to finally secure the passage of comprehensive cyber securities legislation. >> thank you, senator collins. senator carper has been a co-sponsor with senator collins and me of the legislation introduced in particular interest over the longer haul but i would welcome an opening statement at this time. >> thank you mr. chairman. the clock was ticking down into this weekend and we were approaching the end of the world

i was thinking we work so hard to develop consensus on this committee with the commerce committee, the administration it will be a shame if it is ending. >> the good news that news strike the good news is we are all still here. the bad news is trying to get into bank accounts to seal to the coastal the secrets and other military secrets or all kinds of trade secrets, innovation secrets, so i guess if we have to choose between one not command the better this is the better and i am pleased we have some consensus and i want to thank both of you for helping him to hold of this hearing on defending against such attacks

and earlier this morning from [inaudible] and especially welcome him and thank him for sharing his son with us. it's been ten years since 9/11 and over that period of time our country has done a tremendous amount of time against the attacks that we saw that day. we start with our airports, the destruction of the 9/11 and on your leadership, the leadership of senator collins reorganized our government to better prevent a tax of natural and man-made disasters and to better secure our ports and the mass transit systems, chemical facilities and other key pieces of our infrastructure. the architect of lyle lovett is dead and while we still face many threats, i think we can say that our company is in a number of ways safer and much safer

than it was on september 10th. that doesn't mean we take anything easy. we are not going to do that but we face a new threat today i don't think was even on the radar screen ten years ago. more and more americans lived their lives and conduct business is online and this created the target for attackers and criminals looking to steal information or just to cause mischief. increased reliance on sophisticated technology to keep the lights on, keep the water clean, run factories and even to fight the war can't defend our country. with the ability to compromise and damage or destroy the technology will depend on everyday could cause serious damage potentially even on the skill of cyber 9/11. in the past conferences i introduced legislation with bob bennett, republican from utah. to address our side perform devotees by improving the way in which the agency's secure their

networks. over the course of the series of hearings, subcommittee on a chair learned that agencies rely on the outdated expensive paperwork system to secure the technology to protect the important their interest with. nobody can say for sure that system worked in their agencies were safe from cyberattack. our legislation aimed to hold agencies accountable for continuously monitoring their networks to ensure they are unsecured mouse possible tall times. last year i was pleased to join with you and senator collins and developing a comprehensive cybersecurity legislation that would have better secure agency networks while also begin the process of a working with the private sector to secure the critical systems that the own. we introduced by think is an improved version of the bill again this year. as my colleagues are aware it's proven difficult so far this year to find bipartisan consensus on many issues in the

senate. i've got a feeling of those that we might -- it might just be possible in this instance to look across the aisle as we did after 9/11 to address the security challenges that we face as a country. it's my hope however that we can act this time before the damage is done. and the legislation i mentioned a moment earlier, he and i worked together in the disclosure legislation trying to outline what the responsibilities were of the breach is when we had the breach when the data was disclosed that he was not a co-sponsor on what decision shall i should correct that for the record. it's great to be here with both of you and we look forward to hearing from our witnesses. >> thank you, senator carper. let me stress something you said a while back senator reid and senator mcconnell called in the chair of the six committees'

jurisdiction some aspect of cybersecurity and the ranking republican members. it's a sad fact of life around here that i can't remember the last time that happened. but also in this regard it shows how seriously the bipartisan leadership of the senate takes the cybersecurity challenge and though there are differences, that may at least in one case fall on partisan lines this is not a partisan debate. it's a national security debate and it's an economic growth and security debate and i am confident we are going to go at it with national interest first and partisan interest behind. welcome. this could be the last time before you come before us of the witnesses will be brutal in our cross-examination. but thanks for all you've done and we welcome your testimony now.

>> thank you very much. i think i'd like to begin where all three of the senators and thank you very much, chairman and ranking member collins and senator carper for your leadership on this issue. the bipartisan approach and the leadership this committee has shown on this issue has been inspiring to me and the people i work with and i would like to thank you as you thank me for your efforts to keep this on the front burner and to move forward. clearly where you stand depends where you sit and i sit inside the security. i would agree with all three of you that there is no more important issue that we need to address in the immediate future than that of cybersecurity. clearly the efforts are real and there are growing. the hackers are getting better and better and better from day to day, and we are depending more and more on the infrastructure they are attacking every day. this makes our risk profile more

significant. it is an issue of intellectual property. of intellectual property is being stolen. it is an issue of identity theft and personal the information being stolen, but it is much more than that. it is a national security issue. can we deploy our assets to defend our country? is the homeland security issue when you call 9/11 to people show up? and an issue of critical infrastructure protection, not just in the assets taken but is the power on? are the phone system's working? do we have the services we need to operate as a country? no other issue to my mind ties together the need for economic success, economic security, national security and homeland security like this issue. this is a place we must move forward a and we must focus on outcomes. how do we ensure that the government has the authority and

the process and the private sector is moving forward in the right way to joined the advance this issue. given the leadership that this committee has shown including the work the was done in the past congress, the administration worked long and hard to put together a legislative proposal which we transmitted to congress a couple of weeks ago. certainly, it is a broad issue but one that does not cover all of the subjects it had been under discussion on the hill and we recognize that. so it is the administration's input into the discussion and not a bill but we expect the congress to pass without discussion. we look forward strongly to the discussions that we will have with the members of this committee and the senate and the house generally to make sure that we'll move forward in a bipartisan way. and i can't emphasize this a number of the senators did the importance of approaching this in a bipartisan way going forward. cybersecurity cuts across these

issues. the administration approach over time has not been to say the work of the past administration was wrong therefore we are going to do a different direction. we have tried to take a comprehensive national cybersecurity initiative which began in the bush and ministration and continue to add genes its efforts and enhance them so that we could move forward as a nation so this proposal does a number of things, divided into three main categories protecting the american people, protecting government and protecting critical infrastructure. i'm going to talk about some of the proposals in the last two categories briefly, and then i'm happy to explore them in the question and the answer session. within the protecting of the critical infrastructure, one of the things the bill does as the senator indicated this gives the dhs much clearer authority and responsibility to work in a voluntary way with the private sector. the government doesn't have all the answers but it has some of the answers and it can help the private sectors of it gives the mission and authority to help

the private sector. it adds as the chairman indicated speeds information sharing so that we can get much better data, much more rapidly from the private sector so that we can have real situational awareness, the national, not for a picture of what the threats like. and as it was discussed in the opening statement of the senators, creates a framework very similar to that which the committee included in its bill that would bring in the private-sector efforts to bear, provide benefits to the private sector companies that identify a set of risks, cybersecurity risks to be identified by the dhs, as in the lieberman collins carper proposal that came up in the last conference with some differences, but a very, very similar approach. with regard to protecting the government, the bill does a number of things. it takes a number that senator carper has been in the lead of modernizing, taking the ongoing work that has been moving forward to move policy and

operational and oversight mechanisms from the office of management and budget to the department of homeland security so we could unite all of those things and then have the capability to observe in real time buy continuously monitoring the agency networks as has been called for, focus on outcomes and when problems arise, respond to them in real time, change maziku change oversight, change mechanisms, creating the center of gravity that the chairman referred to to much more aggressively protect federal networks under the federal information security management act. ..

i wanted to offer my thanks to this committee. i have been with the department a little over two years and it has been one of the best experiences of my life. it has been a real opportunity to serve my country and as i said at the start, i have found the work of this committee and the focus that you have wrought to the issue inspiring to me and inspiring to the entire team i have including a number of people who are sitting behind me, system secretary greg schaffer who will be the acting deputy undersecretary when i depart. thank you very much free leadership on this issue. i look forward to continuing to work with you in whatever new role comes to me. >> thank you very much.

we will go now to deputy assistant secretary of defense for cyberpolicy. thanks roving here. >> thank you chairman lieberman, senator collins and senator carper. is a distinct honor and privilege to be before you. we focus first initially on the threat, threat that continues to grow against their critical information system that comes from nation-states terrace criminal organizations and malicious hackers. dod is relied as you know on the nation's critical infrastructure whether we are talking about deployment or employment of forces. we are critically depart -- dependent on power generation, telecommunications and of course the defense industrial base to perform the missions that we have been assigned as well as expected to do overseas. just as our reliance on critical infrastructure has grown so to have our threats, the threats we are facing today. probably the most perplexing concern is the asymmetric threats, the threats they

continue to advance in sophistication and in persistence. so it is not just about intellectual property but the real possibility of a large-scale attack on any segment of america's critical infrastructure that would be disruptive to our way of life. i believe that fact has been recognized and encouraged. discussion on the matter fraught we are about to deal with today. and in fact, as the president has stated, the status quo was really no longer acceptable, not when there is so much at stake and we can and must do better. the most important aspect from dod's perspective as we look at the nation's critical infrastructure and what to do about it is really that it is not dependent upon any particular entity or party but really requires a whole of government and the whole of american approach necessitating many different federal agencies, state governments and the private sector to work together. this proposed legislation is an important step in that

direction. it breaks down the barriers to integration sheering so they can communicate effectively. it updates the racketeering influenced act to deter criminal activity. engages the private sector valuable stakeholders and really strengthens the ability of the department of homeland security to lead the executive branch in defending the nation against this threat. is mr. reitinger has explained it really advances is not only in fisma but in other provisions especially in growing the next generation workforce and hiring practices in exchange of personnel. importantly this legislation accomplishes all of this while respecting the values of freedom and ensuring the protection of privacy and civil liberties that we cherish so deeply in our country. the department of defense has an important role in chino and protecting the military networks and the national security systems while providing support and technical capabilities to help protect other critical

infrastructure. dod has and will continue to work hand-in-hand with the departments alongside of us here at this table as well as the other departments within the executive branch along with the private sector in countering cyberthreats and protecting our national critical infrastructure. we really look forward to the leadership that this committee has taken in working with congress to make sure the executive branch has the appropriate authorities were cybersecurity and improving the overall security and safety of our nation. thank you. >> thank you mr. butler. appreciate you being here. next we will do to a familiar face to the committee, ari schwartz with us today is the senior internet policy adviser at the national institute of standards and technology at the department of commerce. thank you for being here. >> thank you mr. chairman. good to be back. senator collins, senator carper mr. chairman it is a pleasure to be had thank you for inviting me to testify on behalf of the department of congress and the

national institute for standards and technology on the administration cybersecurity said -- proposal. to maximize the countries affected some protecting the security of critical infrastructure networks and systems that rely on the internet will also minimizing the rate of three burden on the entities that it covers and protecting the privacy and civil liberties of the public. i will be addressing five important pieces of the proposal. the first is creating a security plan as senator collins discussed in detail. second is promoting secure data centers. third is protecting federal systems. forth data breach reporting and fifth private protections. the accountability through disclosure. requiring security plans administration is promoting visa private sector expertise and innovation over top-down regulation. importantly the proposal only covers the core critical infrastructures are released to cybersecurity. dhs would define would have many sectors and open public

rulemaking process. the critical infrastructure entities will take the lead in developing framework for performance standards for mitigating identified cybersecurity risks and could ask us to work with them to create cybersecurity frameworks. there'll be strong incentive for industry to build effective as -- remarks india just to approve them. the entities will want the decided it knowingly approaches and improved in dhs will benefit from knowing it will not need to invest the resource intensive approach in developing a government mandated framework unless industry fails to act. infrastructure firms and their executives will have to sign off on the plans, subjects into performance valuation and disclose them and annual reports. rather than substituting the government's judgment for private firms the plan holds, the covered entities accountable to consumers in the market. this is encourages innovation and mitigation strategies as well as improving adherence to best practices by facilitating greater transparency, understanding and collaboration. the main goal is to create an

institutional culture in which cybersecurity is part of everyday practice without creating a slow-moving regulatory structure. in that same spirit gave administration seeks to promote cloud services that can provide more efficient services and better security to government agencies and a wide range of business is particularly small business. to do so the draft legislation proposes to prevent states from requiring companies to build data centers in that state. except where expressly authorized by federal law. the proposal also clarifies roles and responsibilities for setting federal information security standards are going partly the secretary of commerce will maintain responsibility for promulgating standards and guidelines which will continue to be developed. dhs will use the standards as a basis for the bonding directive and memoranda issued at the federal agencies. working partnership between commerce and dhs will be essential to ensure agencies received information security requirements developed with the appropriate technical operational and policy

expertise. on data breach reporting, the administration has learned a good deal from the states. selecting and augmenting the strategies and practices we felt most affected to protect the security and privacy. the legislation will build certainty of trust in the marketplace by making it easier for consumers to understand the breach notices they receive and why they are receiving them. and as a result they will better be able to take appropriate action. the secretary locke and others at the commerce department have heard from many companies in different industries including response to our notice of inquiry on the topic last year nationwide standard for data breach notification will make compliance easier for the wide range of companies that must follow 47 different legal standards today. and they would like to point out many of the new and augmented authorities in this package are governed by a new privacy framework for government that we believe would enhance privacy protection for information collected and shared with government for cybersecurity purposes. this framework would be created

by dhs in consultation with civil liberty experts in the attorney general. subject to regular reports by the justice privacy office and overseen by the independent privacy and civil liberties oversight board. government violations of this framework will be subject to criminal and financial come -- penalties. thain for holding this important hearing and thank you free leadership on this issue. i look forward to your questions. >> thanks mr. schwartz and to mr. reitinger i should formally welcome you to government service. you have appeared before us many times in your independent advocacy role. the final expert on the panel witness will be jason chipman senior counsel to the deputy attorney general of the department of justice. we look forward to your testimony now. >> thank you chairman lieberman, ranking member collins and senator carper. is a pleasure to begin i appreciate the opportunity to testify on behalf of the department of justice.

this committee knows well that the united states confronts a serious and complex cybersecurity threat. the critical infrastructure of our nation is vulnerable. the cyberintrusions that could damage vital national resources and put lives at risk. indeed introduce introducer stolen confidential information, intellectual property and substantial amounts of money. at the department of justice we see cybercrime on the rise. the criminal syndicates operating around the globe with increasing sophistication to steal from innocent americans. even more alarming these intrusions might be creating future access points for which criminal actors and other adversaries can compromise critical systems during a crisis or for other nefarious purposes. president obama has stated publicly that cyberthreats represent one of the great challenges to the economic and national security of the country. indeed given the scope of the problem as you have heard and as

you know the president has made this a significant priority for the administration. over the past few years, all of the agencies before you have made great rockers in confronting these. the justice department and our criminal national security investigators and prosecutors and attorneys have been working hard establishing new units like the national cyberinvestigative joint task force, to pull together the resources of many different agencies to investigate and address cybersecurity threats. with that said and despite good work in this area that robin is far from us all. is cleared and legislation can help tremendously to improve cybersecurity in a number of critical respects. from the justice department perspective, i would like to take a moment to highlight two parts of the administration's cyberlegislative package aimed at confronting identity theft, and at improving the tools that we used to fight computer crimes.

first, the administration's proposal includes a new national data breach reporting requirement. data breaches frequently involve the compromised of sensitive personal information that subject to individual consumers and citizens to identity theft or to other crimes. right now, as mr. schwartz mentioned, there were 47 different state laws that apply in different situations and require reporting through different mechanisms. the administration's data breach proposal replaces those 47 state laws with a single national standard applicable to companies and institutions that made a minimal threshold set forth in the draft bill. if enacted into law this proposal would ensure that companies notify consumers of sensitive, personal information if stolen or compromised and it would require that they give them information about what they can do in response to the theft

or the compromised of their information. the proposal would empower the federal trade commission to enforce the reporting requirements and it would establish new requirements for what must be reported to law enforcement agencies when there is a significant intrusion so that institutions like the fbi and the u.s. secret service can quickly work to try to identify the culprits and protect others from being victimized. we believe a national standard would also make compliance easier for industry which currently has the burden of operating under a patchwork of different rules. second, the administrations proposal includes a handful of changes to the criminal laws aimed at ensuring the computer crimes and cyberintrusions can be investigated and punished to the same extent as other similar criminal to these. of particular note the administration's proposal would clearly make it unlawful to damage or shut down a computer

system that manages our control's critical infrastructure. and it would establish minimum requirements for such activities. we believe this narrow focus proposal will provide strong deterrence to this class of serious and sometimes potentially life-threatening crimes. moreover, because cybercrime has become a big business for organized crime groups, the administration proposal would make it clear that the racketeering influenced and corrupt organizations act or rico applies to computer crimes. also, the proposal would harmonize the sentences and penalties for violations of computer fraud and abuse act. for example, acts of wire fraud in the united states carry a maximum penalty of 20 years in prison. the violations, similar violations of computer -- frequently carry a maximum of five years in prison.

that is a discrepancy we should think -- think should be corrected. mr. chairman and members of the committee, this is an important topic. the country is at risk. there's a lot of work to be done to protect the critical infrastructure of our country, just a computer crimes from victimizing and threatening americans. i look forward to answering your questions. thank you very much. >> thanks misters chipman. the testimony before you makes clear how comprehensive the president's proposal is. that of course is the committee's proposal and i think both are necessarily comprehensive. administrative reorganization to better deal with the security threat but also involving questions on how do we protect the civil liberties, privacy and then what is the, what is the role of the law here? certain kinds of behavior in cyberspace that ought to be

officially designated as illegal, testing existing a legal framework. so your testimony has been very helpful. we will do a first round of seven minutes each. mr. butler let me begin with you because in the discussion of cybersecurity, both inside and congress and outside, at various times people have said look the expertise in this area of our government is in the department of defense and national security agency. may be dhs, the department of homeland security, is not the right place to be given enhanced authority but i take it from your testimony and a practice that was going on within the administration that there is a decision to invade which is supported by the department of defense that when it comes to the.gov, that is the nondefense.gov and.com networks, that it is the department of homeland security that should have primary responsibility.

is that right? >> that is correct mr. chairman. if you have watched the department of defense, department of homeland security dialogue over the last couple of years really, it really has grown in the areas of collaboration. probably one of the hallmark events was last year's signing of the memorandum of agreement between secretary napolitano and secretary gates which laid out a foundation for new ways of collaborating as we move forward in operational planning as well as an capability development. so the sharing of technical expertise say from the national security agency being an element of that formation of a joint coordination element at fort meade led by a dhs senior as part of that, the sharing of personnel between the two departments in different ways that allows a better understanding of not only capabilities but how to best

satisfy information requirements while at the same time ensuring strong, strong oversight of privacy and civil liberties by having dhs very much engaged with the department of defense in looking at those issues. over the last year especially, think we have seen new ways of doing business together. certainly from secretary gates' perspective in the departments perspective the recognition that dhs is the leader with regards to cyberprotection for our nation and that working towards a unifying vision for how we will protect and help enable the protection of not just the.gov and.calm but working to learn from what we have experienced on the dot hillside as well. >> so thank you. you actually answered my second question before i asked it, which was what are we doing to make sure that the department of homeland security in some sense leverages on the expertise that

dod and nsa have rather than re-creating them, within the department of homeland security? mr. reitinger what you start? >> a key element of that was an agreement between the two secretaries that we would one, share personnel and two to actually develop a set of activities under the joint coordination element to really help us understand how we could better leverage what is in the department of defense today. take a good example is the work being done to help with the national cyberincident response plan and then going beyond that, looking at other efforts where we can share both in capability expertise as well as in technology. what we are doing with intrusion detection and intrusion prevention systems as we move forward in time so the efforts and where we are going moving

forward in time. >> mr. reitinger from a dhs perspective how would you evaluated relationship between your department and dod? obviously part of what you wanted to do was build up your own expertise within dhs but also as i said to leverage on what party exists in dod and nsa. >> thank you chairman. that is exactly correct. we each bring unique things to the table. certainly dod has unparalleled technical expertise and cybersecurity expertise built up over the course of the years. in the department of homeland security would have built up our own expertise particularly ramping for control systems, how to work broadly across a interagency and deal with the multiple barriers that one faces in that space request a result, i think over the course of the last year as bob indicated -- is mr. butler indicated -- we are very good friends. as mr. butler indicated we built up a much longer partnership, not only having the moa which

along with that joint coordination element that works to make sure that we can say fully operational synced with dod on a very tight basis, we have -- we will be developing people that will be deployed in and nsa technology and acquisitions directorate so as it develops technology we'll be deploying people in the thread operation center at nsa so we have flow -- full knowledge of what they are saying from a fair perspective and similarly both cybercommand and the national security agency will deploy elements to the national cybersecurity can indication san integration center to support our operations under the national cyberresponse plan so from cybercommand there will be a cybersupport element, team of people at our offices and a cryptologic support group from nsa to similarly support what we do but separate and apart from him away we continue to work

together. we literally meet regularly with cod at the deputy level to make sure we can stay fully synced at a leadership level and mr. butler and i personally dissipate in a weekly secure video teleconference with individuals from nsa and other people from dod and dhs so that we don't allow any -- to occur in terms of what our operational activity is so we can move together most effectively. >> that is great to hear. that is exactly the opposite of the stovepiping we always worried about and obviously it is critically necessary. speech is one additional almond. building beyond the national security agency, we have found ways of that are collaborated with the defense cry verse -- cybercrime center so as it was mentioned cybercrime a big issue. working with dhs and how we can leverage for an six expertise to help not only with the defense industrial base but helping other parts of the critical infrastructure and we are trying to protect.

>> just building a little bit on your previous existence as an advocate for privacy, is it correct to assume to build on the record here, that if the community administration came in with a proposal that put responsibility for the.com and.gov, particularly.--.com cyberspace into the department of defense or the nsa the real concerns and the privacy community? >> i think if you were to take the corporate infrastructure and put that primarily in defense there would be major concerns for the privacy of the civil liberties groups. >> okay, thank you. mr. reitinger let me ask this question. this committee in its broad homeland security responsibility often interacts with the private sector and when they come to the impression of how we protect infrastructure we have become accustomed to saying that 85% of the infrastructure of the united

states is owned and operated by the private sector. what would you say that percentage is for cyberspace? if you can hazard a guess and i'm not going to hold the the two anything. >> server i've heard everything from 75 to 95. i will freely admit to you i have never seen a rigorous analysis, so i think it varies from country to country. certainly, in the united states it is the vast majority. even when you talk about government critical infrastructure in many cases it is state and local government critical in the structure that is often more important on a real-time basis than the federal critical to structure so we absolutely need to work closely with our critical infrastructure partners, our state and local tribal partners and our federal governmental partners to secure critical infrastructure. >> okay so bottom line, it is clear from what you have said that it is a consensus that most

of cyberspace is owned or operated by the private sector and that makes the parts of this legislation that create and authorize new ways for the department of homeland security to interact with the private cyberspace infrastructure particularly with regard to.com networks, critically important. my time is up on this round but i will come back. senator collins. >> thank you mr. chairman. mr. reitinger, but a year ago, you testified before our committee that section 706 of the 1934 communications act already provided emergency authority to the president. that prompted me to actually go read section 706 of the 1934

communications act, and i'm not going to read all of it out loud today, but let me just read parts of it because i think that it will emphasize two points. one, that the president's authority under this law is enormously broad, and second, that the language shows that it was written for another era. the section says that when the president finds that there is war or a threat of war or a state of public peril or a disaster or any other national emergency, that the president may cause the closing of any station for radio communication. the president may remove all of

the equipment and apparatus from the station. he may authorize the use and the control of the station by any department of government. in other words, under this section of the law, the president is allowed to have the government actually take over any radio station in the united states, or close it down completely, or remove the equipment from it. nowadays, if that were proposed, it would create a tremendous uproar and free speech concerns. this authority is far broader than the authority in our bill since this authority does allow a government takeover of transmission equipment, and it

is clearly outdated since it is tied to traditional communications facilities, and it doesn't reach interconnected critical infrastructure entities that are not covered by the communications act. we spend a lot of time and indeed most recently revised our bill to carefully constrain and define exactly what authority the president would have. we made it very clear that the president could not shut down the internet, that government could not takeover of the internet. there were a lot of theories in the internet world that perhaps we wanted that. we didn't but we made it explicit in our new bill. we carefully constrained the president's authority with reporting to congress with time

limits, with privacy limitations by saying it has to be the least intrusive means possible. so, i am very curious why the administration, in your approach, does not up date the 1934 communications act which clearly speaks to a different era and carefully defined exactly what the president's authority would be. and mr. chipman just to put you on notice since you are from the justice department, i'm going to ask you that question as well. ..

>> the american people would expect us to be able to respond and respond appropriately. to that end, we would, if something significant happen, use the authorities to bring to bear in the right way, not to restrict internet freedom, but to preserve it throughout the country using the authorities we currently have and the processes we have developed such as the national cyber instant response plan depailing the roles and speedometers of how to -- responsibilities of how to move forward and respond to an event. as you pointed out, this is a critical issue, an area where, i think, different people have different views about how the government should be empowered

and what the authorities ought to be, and this is a key area i hope there's further discussions between the administration and the congress to figure out the right set of mechanisms, if any, that are necessary to move forward in this space. >> you represent the justice department. why didn't the justice department recommend amendments to the 1934 community cations act which is clearly outmoded and also carefully constrained limitation carefully defined on what the president could and could not do if there were a cyber emergency? >> thank you. senator, i think i'd echo mr. reitinger's comments in that this is an important issue and

one that merits discussion and the congressments to engage in that discussion with you and your colleagues. in my experience, the issue of what emergency powers are needed tends to be very context driven, and so the answer to that question, i think, becomes fairly nuanced depending on what type of emergency the government is facing. i think no doubt, he is right that the american people expect the government to be able to respond, and i think that the work dhs has done within the upper agency to create -- inner agency to create a response plan a quite key, but beyond that, in terms of the specifics of this particular act, i think it merits discussion, but it's not in the administration's proposal right now. >> but that perplexes me. this is an area where we should be thinking ahead about exactly

what authorities we want the president to have rather than leaving it ambiguous, rather than relying on a 1934 law that allows the president to take over control of radio stations. this just doesn't make sense to me, and i hope you'll work further with us to carefully define what the authorities are and to update the law. let me just make one other quick comment since my time has expired. i can't help by be struck by the ironnies there's four different departments represented here today, and that's a very good thing because it shows the administration is working across departments, but it's ironic because unlike our bill, the administration chose not to

include in its bill an entity similar to the national counterterrorism center which would bring together within dhs representatives of all your agencies as well as the director of national intelligence and other agencies so we would institutionalize the kind of coordination and cooperation that you've described is occurring informally. it is ironic that the administration has four departments represented here, but yet has rejected the construct that we have in our bill of institutionalizing that interagency cooperation. thank you, mr. chair. >> thank you, senator collins. for the record, i share her sense of iron yi about this, truly. also, for the record, i do think

we'd be better off, although the country would be better off, if we did create new law regarding the authority of the president to act in emergencies. senator collins and i know this can be a very controversial area because people with quite easily misunderstand. there's an admirably ferocious interest among has been at that particular at that particular -- habitants in cyberspace. god bless them, i agree, but in the case of a catastrophic emergency, we want to be clear the president has authority to act and clearly there's limits to what we want the president to do, and that does require new statutes, so i pick you up, phil, on your suggestion that this is an area where we should in the best biblical since

reason together. >> thank you. as you prepare to depart, any time words of advise? what do you feel good about accomplished during your watch, and what are areas we have serious work still to do? >> well, thank you, sir. it's rare to have the opportunity to say something like that. i have a couple things. i feel most happy about two things. one, the fact as was just remarked by the chairman of the ranking member, there's four departments and agencies here speaking from the same voice. the fact we have a cross-government approach and indeed an approach with the private sector as well saying this is how we see moving forward with the nation. one can agree or disagree with the approach, but we are collaborating effectively under the leadership of howard smith at the white house and across what i think is a positive thing. the other thing i'm hame about is the team we built at dhs.

the fact that going back into the prior administration, at one point three years ago, dhs had about 30 people, 30-40 people working in cybersecurity. we're up to about 260 now, and we'll be growing towards 400 by the end of fy12. we have built a significant team with significant capabilities that brings a lot to the table, some significant expertise and can leverage other sources of expertise in government including dod, the department of commerce, and the department of justice. the people piece that we have built both across government and with the private sector and within dhs is the thing i'm the most proud you have because i believe that organizations and entities succeed or fail based on the people, and so that's what is most important to me, sir. >> maybe in the category of incomplete, what are major to-do's out there for who succeeds you and the rest of us? >> sir, there are e numerable

to-do's. it's an old saw, but a true one to say cybersecurity is a journey and not a destination. as we get better and better, so do the bad guys. i say that as a former prosecutor. they continue to share fftion, to develop -- information, to develop new techniques, and this is not a game we're going to win, but do better at and min more often, but it's not going to be done. the major to-do, you know, that ties all the things together, ised need to keep focus on this issue, to make sure it stays on the front burner and congress and the private sector work together to pass cybersecurity legislation as rapidly as possible. before and after that legislation is passed, to make sure we're doing the right things both in implementation of measures, in development of strategy and hiring of people, broadly across the public and private sectors that ensure that

cybersecurity retains the level of importance that we have given it very broadly across the homeland security enterprise and the national security enterprise. one. things -- one of the things i point out a little over a year ago the department of defense and homeland security released strategies on the same day, and in the defense review, cybersecurity received a new and increased level of importance for the department of defense. similarly, in the first ever homeland security review, cybersecurity rose to one of the top five mages areas of the enterprise. that includes the private sector. we have the right focus and importance. it has to say that. >> the meeting will help us with that. every time there's one of these disclosures, we hear a lot about it, and that's probably not a bad thing. just to follow-up on the question i asked you, how are

things improved in recent months under the reforms put in place under current law and maybe other ideas how this proposal further improves things. >> certainly, sir. so we have been staffing up as your question indicates over the past year plus. a lot of the things that are described in the fimsa, we have been taking significant steps to implement administrative processes. in two meme renne dumbs -- memorandums, i'm working on this. i'll forget them mid-summer. >> the next time i see you i'll ask you the numbers. >> they have been wanting to

move more and more towards monitoring and transfer speedometers -- responsibilities to dhs. we've worked with the justice department in particular to expand and roll out cyberscope, an online continuing monitoring tool that will be used to work more directly with the agencies. for example, holding deeper dives on agency security is what we call the cyberstat process with the collaboration work of omb. we have been working to roll out that greater focus, and again, in full partnership with the department of commerce who has the lead on the development of standards for the federal information security management act to work together to deploy a focus on continuing monitoring, on realtime metrics, and we'll continue the process that will accelerate if an appropriate act

is passed. >> all right. thanks. i have a question for the entire panel. you spoke proudly of the department's ability to put together a good team and attract more well-qualified people, but the question i have for the panel in order to effectively improve cybersecurity both in government and the private sector, we're going to need to attract a significant number of additional qualified people with the same skills as though seeking to do us harm. what kind of job do you think we've done today in finding those people not just in the department, but outside the department, and not just in the government, but outside government, or do we need more tools to retape them? >> thank you, senator carper. >> what do you call him? >> phil. >> okay. i'll speak from a dod

perspective as well as being in the business for awhile both in the private and public sector of the house. it's not only about today, but tomorrow, next-gen work force. secretary gates made it a big priority. as we work through a variety of cyberinitiatives, high school level, state competitions, national defense cyber competition. i mentioned the defense cyber crime center and the forensics competition, we are building not only competitions but mentoring and coaching programs. those programs really become, i think, the heart and soul of what we need to recruit from both a national security base and a homeland security base. whether those individuals go into the private or public sector, they are developing both -- we're seeing an aptitude and attitudes about cybersecurity. i was recently speaking for the secretary of defense at the

cyberpatriot competition held a month ago, the national competition, and we are now not just pulling from military institutions in high schools and colleges, but really now creating a base that is allowing us to go across the country into the inner cities to inspire kids to the next level. we're working through, you know, with, i think limited funding, different ways to incentivize that and continue those programs, but to me, those are the important elements that we need to continue. >> thank you. i'm out of time. mr. schwartz quickly. i've -- >> i've been in the government for nine months and i'm impressed with the folks we have in that. part is the great environment, but also the hiring authority that was mentioned. we do have direct hiring authority and the flexible hire that we can compete with others that need the cybersecurity gains, and i understand where this committee has come down in

terms of dhs having similar authorities and it's in the administration's proposal as well. >> all right. thank you. mr. chip mapp? >> thank you. i add that i know that this is an important aspect of the administration's focus on cybersecurity. indeed the comprehensive initiatives mentioned included cyber education as an important topic, and i know that work continued. at doj, it's an important topic getting a lot of attention, especially at the fbi. the fbi in recent years created a 5-7 year training program for agents to make sure that they are e quipped to confront the sorts of cyberthreats we've been talking about. >> all right. thank you. thank you, mr. chairman. >> thank you, senator carper. phil, let me come back to the

topic i raised at the end of the first round of questions and pose it in this general sense and ask you to answer in that way which is sense we agree that most of cyberspace is in the hands of the private sector, appropriately, rightly, and we also understand that attacks on privately owned cyberspace can have very serious effects on our economy and our national security. obviously, we know that some of these are going on right now, so the question is what's the approach in the white house proposal for making sure to the best of our ability that the private sector is taking steps to defend itself, particularly the most critical parts of it, and in that sense, to defend our country because an attack on

privately owned infrastructure in cyberspace, electric grid, transportation system's finance, could have in many ways a devastating effect as an conventional military attack. give us of overview of white house and the private sector. >> thank you, mr. chairman. the approach is, i think as i said before, is in the bill the committee developedded last year. there's a couple concerns herement one is that -- here. one is that cyberspace is not an area that is admittable to extensive top-down regulation. the technology moves too quickly. there's differences between entities. one needs to find one way to get the expertise of the private sector and continue to rely on

innovation to set necessary or to address the problem, and then also to ensure that you have the right mechanisms to ensure that homeland and national security requirements are met, and it's that last base on occasion we have not seen as much progress as we all believe that we should have. we need to find the right way to set requirements in a way that actually will ward private sector companies that are doing the right thing and give a benefit and make sure that without undoly restricting innovation in any way that we do make sure that the power stays on, that the most critical of critical infrastructure can continue to operate. the approach that the administration took is similar to the one that the committee developed. in essence, the department of homeland security in collaboration with the partners

that you see at this take and the private sector would develop a set of criteria for determining, again, what is the most critical of critical infrastructure. the point is it would be absolutely the most important pieces. >> we start with priorities? >> yes, sir. >> right. >> prioritize what is referred to as critical infrastructure. to those entities, dhs identify again in collaboration with the government agency and the private sector, yiefer a set of risks that need to be mitigated. this would not be a thou shalt use that technology, but here's the risk and you need to identify it. urnt the administration's approach they do not say here's a set of choices you got, you have to do one of them. up stead, industry, the private sector is responsible for putting forward frameworks.

frameworks of measures that focus not just on particular steps you need to do, but on actual effectiveness on measures that indicate how effective the -- sorry, on measurements that would indicate how effective the measurements were, and then industry would develop a plan, so any covered entity needs to develop a plan that aligned with that framework, and evaluated under that framework to address the risks dhs identified, and then industry is responsible for having itself evaluated by a set of effectively certified evaluators, not dhs doing the direct evaluation, but there would be entities chosen to do evaluation, industry receives the evaluations, and they publish -- the main leverage we use is transparency. they are publishing the high-level result of the description of the plan and the

high-level description of the evaluation results, and then we use that transparency to drive market activity that would enhance security and cover critical infrastructure, and as a start of care is developed, more broadly throughout critical infrastructure, and as an additional incentive, there could be procurement advantages or disadvantages based on how one did in the process. >> explain that more, that's the next point, your description is excellent. you're right, the white house and committee bills have a generally similar proposal, but we give dhs the authority to evaluate the plans opposed to third party, but is there a reward and punishment here? in other words, do industries follow their plans get rewarded and ones that don't get in some sense punished? >> yes, sir. there's a number of different levels. i might ask ari to supplement.

in essence, your evaluation results will be published. there's a direct -- a direct ability of the market, your key partners and customers to take that into account. second, the activity, the process of developing these frameworks and plans starts to create a standard of care that entities need to step to overtime, perhaps for insurance purposes or other purposes. last, dhs is directed to work with the federal acquisition counsel so that the results of these evaluations can appropriately be taken into account in federal procurements to provide an additional incentive to private sector players. it is very much intended to be a light-touch approach, but one overtime that moves the private sector and critical infrastructure in the right way, will reward the companies that are doing a very good job, and will get us to a more securer

state in the future. with your permission, sir, i want ari to supplement that. >> the tax onlyist. >> yeah, getting to the right levels and up sentives is -- incentives is the key to answering the questions as we see it in the plan. there's a number of incentives identified in your bill, and that we've put forward here, and most of them are similar. the question is getting at the right particular balance between them. what we're referring to breaks down into four areas that are somewhat related. one is the effects of public disclosure for performance. >> kind of public incentive or shame? >> second is reputation risk. >> right, right. >> it's they know markets may act on it. it's really if they do it deadly wrong, you have brand impact porally when --

potentially where markets exist in that case. >> okay. >> third is procurement, questions about procurement. >> in other words, you can make more money, you'll have preference in selling or offering services to the government? >> correct. the fourth is litigation risk sha shareholders or others come forward. we don't think we claim to have everything in perfect alignment or balance in terms of these levers. no one can know exactly what will happen in terms of getting this right, but we can work together with you to try and come up with what we think is the best solution. we are open, completely open to having this discussion about what are the best up sentives in tsh -- incentives in moving forward. >> good, our bill, as you know, has a provision for limited liability protection. as another incentive, consistent with the administration approach

to the private sector to take preventative defensive action so in one case, if they did, they would be protected, for instance, from punitive damages and liability. in the extreme case of a president taking action and a catastrophic case where they are under our proposal, taking action to protect really the national interest that there would be claims against probably claims, significant ones against elements of the community, cyberspace community and the question there we raise is whether they ought to be protected from liability overall because they acted pursuant of an order by the president of the united states. do either of you want to comment on the general subject of offering some liability to the private sector as an additional incentive beyond what the white

house proposes to the private sector to cooperate? >> i think i would say two things, mr. chairman. one, as mr. schwartz indicated, the balance -- there's different ways to tweak it, and we'd be happy to discuss that with you. second, there is some liability protections, not under this particular provision dealing with the overall incentives regime for the private sector, but to the extent that the private sector acts, you know, shares information with government or is assisting government with protecting .gov, there's a good faith immunity written into that section of the statute. >> do you want to add anything? >> it's similar to being open to the levers and we are open to having this discussion with you

to further find a right balance fitting into that discussion. >> good. this could unfortunately end up as a real obstacle, failure to do something about liability to the message of the bill, and i think it's good to work together to find a commonground. thank you. senator collins. >> thank you. let me first endorse the chairman's comments on liability and encourage you to take another look at our bill. i want to follow-up on the issue of how you handle critical infrastructure. in the statement, it says that the white house proposal emphasizes transparency to help market forces ensure that critical infrastructure, operators are responsible for cybersecurity, and it goes on to say there's new requirements for reporting to the securities and

exchange commission, that there would be publication of a summary of the evaluation results, and i must say these provisions surprised me, and the reason that they surprised me is the list of critical infrastructure is now classified. now, granted i'm sure that many americans, many of those who would do us harm could obviously figure out what a lot of the critical infrastructure sites and capabilities are, but the fact is the list is classified, so are you planning to change the classification and make the list public? that's my first question, yes. >> so, thank you, ranking member, collins. this would be a different list, and one that is of somewhat

lower sensitivity. the list you're referring to is actually references or includes classified or tiered systems and assets. >> uh-huh. >> this would actually be a list of entities opposed to specific assets. instead of, for example, this generation facility, it would be this company that owns a number of different generation facilities. i think that is of a lower level ofcepsivity, and, in fact, much more broadly nope to the public. second, if one is going to bring public transparency disclosure levers to bear, one needs to have that information open. in this case, we drew the conclusion that the list of entities of critical infrastructure entities, needs to be public in order to move forward in this way. >> but you also go on to say there would be a summary of the security plant and the

evaluation of that plant would be publicly accessible. my concern is we don't want to give those who would do us harm a road map to how to attack our critical infrastructure, and if, in fact, you publicize even at a broader level what the critical infrastructure is and then require publication of a summary of the security plan and this part is the most troubling to me, the publication of the e valuation of that plant. aren't you providing very valuable information to not only cybercriminals, but perhaps terrorist groups or nation states that are constantly trying to probe our systems? i'm really surprised that you want that to be public.

>> yes, ma'am, i understand. if you'll note the section, it specifically requires that only high-level description of the plan and high-level description of the results will be published and requires in the regulations to be developed by the secretary that information not be reported to such a detail that it would impair the security of that entity. in point of fact, critical infrastructure entities are tested and probed all the time. that is simply the nature, and i don't below that on the level of reporting we would intend to require in going forward that we will increase the level of risk of those entities. in fact, if the publication of the results causes such entities to say, well, we need to do a much better job, then the regime has the effect we intend and they rapidly move to enhance their own security.

>> but that is a name in shame approach essentially, that you're hoping that there will be public criticism or press scrutiny that will essentially embarrass the entities into doing a better job. to me, they are not doing a good job, and then dhs goes in and applies sanctions or requires a better security plan. i don't think the answer is to make the weakness public and the fact is that even if in your scenario it encourages that entity to do a better job, it's also telling very sophisticateed computer hackers that this is an entity they should focus on, and that has some security lapses. i really hope you'll take

another look at that. i understand what you're trying to do, but i think that you're also giving information to the enemy. >> a couple comments, ma'am, and i understand your level of concern which is appropriate. i say briefly it's not just the, you know, that the entity receives shame, but the market takes that intoing the -- into account that if you are a less secure entity and then business partners and government want to do work with the more secure entity because there's a higher level of assurance. it's not a name in shame, but to drive market effects. the second thing is we would intend any publication of results be at such a high level that it would not increase the level of security or the level of threat that an entity would face, but instead would really

make the public aware of the overall level of security. >> but if it's sufficient to cause a business to no longer do business with that entity, it's sufficient to wave a red flag at those who would do us harm. that's my point. i don't think you can have it both ways. if the vulnerability that is revealed or the poor evaluation that is published is sufficient to cause other commercial entities to refrain from doing business with this section of the critical infrastructure, then surely it's going to be sufficient to prompt a computer hacker or terrorist group or russia or china to redouble its efforts. i just think we need to think about that issue. let me just quickly switch to

another issue since my time is expiring rapidly. mr. schwartz because of your background on privacy, and you've always been such a help to our committee as we wrestled with those issues, i want to talk to you about the idea of the national law for data breach reporting. my first reaction is that that's a good idea, that there should be more uniformity. i think it would be easier for consumers as well as for businesses to not have to figure out what an individual law in one of those 47 states that has them means in their particular case. are you talking about just a uniform nationwide reporting of breaches, or are you also talking about having uniform

remedies for what a company has to do when there's a breach? i ask this not looking for any particular answer, but just to better understand what your proposing. >> the focus is really on the reporting in making sure that consumers get the same information that the law enforcement and others that are working on these issues and make sure they are working on getting the right information about the cases so we can go after the bad guys when there's an incident and we know a breach happened tied to something more than simply a lost laptop or something like that. we need to try to figure out how to best get to that kind of level where consumers get the same information. it's actionable, and we think what we came up with moves us forward in that regard. we had a lot of experimentation in the states and learned a lot from that, and it's been a useful avenue and the laws have

been successful, and it's time to move forward and make sure we can capitalize on it at this point. >> thank you. >> thank you, senator collins. senator carper. >> just want to follow-up on the last question senator collins was pursuing. jump in on this. former senator of utah worked on a disclosure closure legislation and at least the last congress,ed last two congresses, and this was an area where in the banking committee, this was another area with jurisdiction, and do either of you know in the administration's proposal what legislation you drew from in order to prepare and present the administration's proposal in this regard? >> i'm not sure if we drew from that particular proposal. i think a number of different bills and ideas in this area were looked at. i suspect that was one.

>> you can never move legislation forward because in the banking committee there's jurisdiction justice -- jew dish jurisdiction bounds couldn't move things forward. how can you help us thread the needle here? >> again, coming back to the partnership between the different agencies involved here. we had all of our equities lined up and tried to work together to try and develop this in a way that worked for all the different kinds of jurisdictions that you have to have issues with there where we could have this kind of conversation to move past some of those concerns. >> uh-huh, okay. i want to go back to another point that senator collins is making in audiocassetting about the name -- talking about the name in shame and how do we harness market forces. we can have regulations in the books, prosecutors out there in

trying to put the bad guys in jail, capture them, but to the extent to harness mart forces to address the collages is a good thing. anybody want to talk more about that for us please? anybody at all. >> so the insenttives, again, it's back to getting the incentives right. we think absolutely the way you framed it market forces are extremely important especially because we can't expect the government to go into all the areas we consider to be that we're going to consider to be critical infrastructure in this space and have exact knowledge of how to operate in each of those areas from the beginning. what we can do is to work with in a public-private partnership, especially on the internet where we have so many public-private partnerships to come up with solutions that work for the market, and we feel as though the security plans process moves us much further down that line and helps us build innovation in the mitigation strategies in a

way that government approach -- government coming in cannot do. >> all right. thanks. mr. chipman, the administration's testimony mentioned our critical cyberinfrastructure is attacked repeatedly. we know that. personal and business information is stole p online all the time. how are we able to actually catch and successfully prosecute the individuals or the groups who commit these crimes? how will the administration's proposal help further with these efforts? >> thank you. these -- you're quite right. the amount of cybercrime, the number of intrusions is growing, and they are challenging cases, cases to bring for sure. there's a level of anonymity on the internet at times making these hard cases to bring. many times there's actors outside of the united states,

and it's hard to find out where they are or who they are to bring cases. though we've had a fair amount of success in recent years, in the last -- in 2009, i believe, there were up over 150 cases brought. we've had a number of recent successes bringing down large organized crime rings engaged in various types of namely banking fraud and other computer intrusions to steal money and credit card numbers and things like that. i think the proposal of the cyber package helps laws and add tools to the tool box. for example, making clear that computer crimes are a rico predicate. i think that will help and add to the tools we can bring to

bear in these cases. >> all right. as we conclude, i'm going to leave, i don't know if you're going to stay on for another round or not, but i ask as we conclude here, or my participation concludes take a half minute or a minute a piece to reflect on what's been said here, what you heard others say, the questions asked and answers given, concluding thoughts for us. starting with you, mr. chipman. >> sure. i guess, thank you very much. i think i'm struck here by how collaborative as others have mentioned this process has been within the executive branch in terms of trying to get the balance right. >> sort of reflects this committee, doesn't it? >> pardon? >> reflects this committee. >> that's what i was going to say. this starts what i hope is the beginning of a very

collaborative process with you and others, and i think i can fairly speak for the administration in that regard. >> closing thought -- your father is here? >> that's right. >> if we could line up the men in the room, could we pick him out? >> he looks like me. he's in town for a conference and it worked out. >> we welcome your dad and thank him and your mom for instilling values in you to lead you to this place. >> briefly, the one thing about the appointment you raised before in moving down the right area. our work to -- over the past year in from the internet policy task force to that secretary locke help put together at the commerce department, we got comments from the private sec sector on this, and there's incentives to move forward, at

least those who paid attention to the space. they want to move forward in the right way, and we can put together the right practices to instill the right framework in the areas and should use that to our advantage while we have it. >> my sense is it's collaboration and not being come place sent where we are and continue to build on the collaboration. people mentioned partnerships. it's inner agency. it's with the congress. it's certainly with industry and focusing on not just the easier, but the hard areas to work through, and as the administration announced last week, the international aspect to take into account moving forward in time. >> okay. thank you. >> i think it's important to recognize that we don't have all the answers in government. i don't think the private sector has all the answers, and i don't think answers exist on the hill.

this takes us working together. it's not a question of the government coming in saying the private sector is not doing its job or them saying the same thing. we node to find -- we need to find the right way to bring the capabilities of government with the capabilities of the private sector, and we very much look forward to continuing to work with the members of this committee and congress regimely to get the -- generally to get the balance right as cyberlegislation moves forward. >> thank you, and as you prepare to weigh anchor and head out to uncharted waters, saying that from the days in the navy, we thank you for your service and wish you god speed. >> thank you. >> thank you, senator carper. thank you to the witnesses. i know your father is here, and i want to say in his presence, senator collins and i remarked over the years you built up by your testimony credibility with the committee. you are straight ahead, presented your arguments well,

and never contentious. occasionally we have a contentious witness from an advocacy group here. it's a pleasure to share that in the presence of your father. i thank all of you for the testimony. i want to come back and say that senator reid i believe working with senator mcconnell is talking about setting up different groups to negotiate with the administration on different parts of the bill to expedite it forward. senator collins, i'm under the impression one of the things holding up the immediate in additionuation of those negotiations is something that's of another favorite of yours and mine and talking about irony. these folks are going to be testifying before five more committees of congress, am i right? or something like that in the next week or so, week and a half, and therefore their staffs are preoccupied with that and not able to initiate the negotiations. there's been a long standing

interest purr sunt to the 9/11 commission to reduce the number of committees that people have to testify before, but that's one. we've been good at reforming the executive branch of government, less successful at reforming the legislative branch. anyway, i thank you very much, and we're really going to push full steam ahead here to continue the nautical metaphors of senator carper, and hope to get this to the floor as soon as we possibly can, hopefully with a good consensus approach, but thank you for everything you've done to work. we were impatient, but when you produce the administration proposal, it wasn't an outline. it was legislation. it was comprehensive, and of course we like it because it's very much what we proposed in our committee bill, so we look forward to taking it from here together to enactment. we're going to keep the record

of the hearing open for 15 days for any additional questions or answers. i thank senator collins, senator carper, and all of you. with that, the hearing is adjourned. [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] >> up next on c-span2, a hearing examines taxes digital goods and services. today, the senate voted to move ahead with extending provisions of the patriot act. we'll have some of that debate later.

>> legislation establishing new rules for taxation of digital goods and services is making its way through the house judiciary committee. the bill would tell states when they can tax digital goods and services sold over the internet. the subcommittee on commercial law heard testimony on the bill for 45 minutes. >> good afternoon, the subcommittee will come to order in purr sunt to this notice, it's a hearing on hr60, the

dangerral goods and services fairness act of 2011. before we begin, i want to pass along chairman's regret he could be here today and smith intended to be here and express strong support for the bill, but his fight to texas delayed him, so with that, i will recognize myself for an opening statement. digital goods and services are increasingly important in our modern america economy. the digital platform makes this convenient for consumers, but it also improves the efficiency of society as a whole. data no longer needs to be printed out and mailed to another location for processing, but delivered through cloud computing or e-mail, and more students have access to a college education by logging into remote classrooms hosted on web-based applications.

advances in dimmingal technology also resulted in advances in the mobile telecommunication industry rather than carrying a wad of value cards in your wallet, you download to your smart phone one to store your cards and scan upon the touch of a button. a study revealed they want breaking news on smart phones more than any other platform including the interpret and it was. governments can set their own tax policy, but they may not do so in a manner that burdens interstate commerce. transactions with digital goods are unique. imagine you're at dulles airport in vairs virginia. you download a song from california and made in nevada. without a clear national rule, all states may attempt to tax

the transaction. there's already confusion among states concerning where the sale of digital goods takes place. every state has a reason to claim that the sale took place in its borders and therefore subject that transaction to its own sales tack. as a result, some transactions risk being taxed several times over. confusing tax policy not only gets passed to consumers in higher prices, but also slows down innovation. a federal framework for taxation of digital goods relieves the burden on interstate commerce that a patchwork of state laws impose. i'm pleased to be a co-sponsor of the act and look forward to hearing testimony from the witnesses today concerning the important legislation, and i will recognize the ranking member from tennessee, mr. cohen. >> thank you, mr. ross. pleased to be here especially as this particular subject matter is one i worked on the in the

past and look forward to working with chairman smith. since becoming a member of congress, i favor easing state and local tax burdens and consumer access to the digital economy. i supported making permanent prohibition on local state and internet access taxes and backed a moratorium on local taxation of wireless communication services. hr1860 is a piece of with these other measures and similar. this legislation creates a single national framework to cover the taxation of commerce and with the confusion of consumers and business. importantly, the agent prohillaryhillary clintons jurisdiction of posing multiple taxes on sales and services making sure the services are not taxed differently than other forms of goods and services. this is helpful for the consumers particularly low-income consumers to have access to digital goods and

services. under the framework established under hr-1860, state and local jurisdictions impose taxes of retail sales, goods, and services and limit it to the seller. this ensures goods are not taxed in multiple stages of the transaction particularly on instruments that facilitate the sale itself. the act also determines appropriate taxing jurisdiction by eliminating taxes authority to gushes dictions encompassing the customers' tax address. ensures they are not taxed by multiple states, and multiple states like to do that, but that's not good policy or fair to the consumer. as i said in previous hearings that the subcommittee held on state taxation issues, not unmindful to have authority, but there's a certain regard we have to pay in congress to intervene in state and local tax powers because state and local powers

needs to provide goods mp goods and services, but intervene when it's just and do it sparingly, and this is one of the times where we should do that. this brought the national policy overrides the traditional deference the congress gives state and local governments regarding taxation policies. we intervene under the circumstances, and there's no better example of when that is the case with respect to the multiple discriminatory tax treatment of digital goods and services of the fast moving borderless marketless place in national boundaries where it's pressed millions of times a day. this bill addresses the clear need for uniform framework on who can tax digital goods and services. i applaud the chairman, the distinguished chairman lamar smith and the leadership on this issue and going back to the previous congress. i thank the subcommittee chairman, mr. ross, and mr. koa pell for their sponsorships.

i believe you're co-chair? >> today i am. >> the doors of the church are open. i yield back my time. >> thank you, mr. cohen. other members' opens staples are made part of the recordment i want to invite the pam to be seated, and i will introduce you after which we'll allow you five minutes to summarize your testimony before we go into questions. with us today is mr. rob ackenson, the founder of technology and innovation in washington, d.c., author of the coming book and has a background in technology policy. before coming to itif, he was vice president of the aggressive poll sieve institute and director of policy institute's technology and new economy project. while at ppi, he wrote numerous research papers on innovation

policy including e-commerce and economics. our next witness is mr. russ who serves as tax policy adviser. . . and represented the tax agencies of the 50 states, new

york city and the district of columbia. his career includes a for 35 years in state tax work and in the private-sector. in addition he taught state tax law as a professor in the school's law, he will do bachelor science and administration and jd from arkansas. pleased to welcome each of you and each of the written statements will be entered into the record in its entirety. i ask the witness summarized each of your testimony in five minutes or less to help you stay within the time line there's a light on your table. when the light switches from green to yellow will have one minute to conclude your testimony and when it turns red or five minutes has expired. after the witnesses testify each member will have five minutes to question the witnesses concerning their testimony. i now recognize the first witness for five minutes. >> thank you, ranking member i appreciate the opportunity to come before you take talk about

the importance of creating a fair tax system for digital goods and services. while states may look to discriminatory duplicative attacks on digital content to create short-term gains and revenues, these policies were discovered investment in the digital economy and increase the cost of doing business online. they would lower national productivity and ultimately hurt businesses and consumers. that's why we believe congress is wise to consider legislation such as the digital goods and services tax fairness act. when we look at the trends in digital goods we see they are growing dramatically. in 2010 there were almost 1.2 billion downloads of digital music tracks in the u.s. totaling 1.5 billion in revenue. e-book sales have reached a billion dollars in expected to be 3 billion by the year 2015. these are important innovations that are driving important benefits to the u.s. economy. one is energy intensity. getting a digital good on-line like a book or cd consumes about

eight times less energy than getting a similar good going into the store and buying it. not only that but consumers can save considerable amounts of money by consuming digital goods. just look at the price of a typical hardback book which is $26. you can buy that same book as the digital book on an ipad or kendal fer normally around just half of that $13. so this is an important set of developments that are going to benefit u.s. consumers, and yet we shouldn't let the narrow interest of states override the national interest. in the state who wants to tax digital goods on a discriminatory basis or a multiple basis, they get all the financial benefit of that, in other words to get more tax revenues, but the overall u.s. economy suffers the cost, and the reason for that is because economists, for defects. the vigil goods economy is not simply like a widget the economy if there are fewer goods

consumed because of high taxes and it's pretty clear the evidence shows higher taxes would lead to less consumption of these. this does two things in essence, it lowers the demand for digital products, digital devices let's say ipad or kendal or devices of broadband people were going to use to consume those but the other figure would do it would raise the price of digital goods. and the reason for that is because marginal cost of digital goods are quite low use been a lot of money as a company building the digital good creating it and then selling the next copy is quite low. as if you're getting fewer sales, that means you're getting less revenue over all and which to the amateur is your cost and therefore you have to raise prices on other consumers because of that. so therefore, it's important that congress act on this and in the past we have seen states that have discriminatory taxes on digital the activities. for example, there are many states now have discriminatory taxes on internet access.

i'm not sales taxes on goods, internet access and i testified before the committee i think perhaps to years ago on discriminatory wireless taxes and we see many states have very high taxes on wireless access. much higher than the sales tax. so states can do this. they've shown they've done this in the past and there's a particular reason why states might do this. today the jewel is normally are consumed from outside of the state. i don't know by the we've there is a clock. i don't see the red light green light. there isn't one that there is there? then i will let you know. [laughter] >> i guess i can talk as long as i want. >> one minute and a 15 seconds. >> we have seen one of the reasons states have the incentive to do this is normally a consumer will consume a digital good from anywhere in the country or anywhere in the world and states might want to have high your taxes so that

they in sent consumers to buy from local bricks and mortar companies. right now states have a long a tradition of imposing a protectionist law on the commerce. right now in all 50 states it is illegal to buy a car from the automobile producer. so while we can go on line and by a computer from dell or h-p, we can't go on line and by a car from general motors of the we can do that and other countries of europe and brazil you can buy a car from general motors but you can't in this country because car dealers have gone to state legislators and they've been able to pass a protectionist bloc. selecting we've seen clear evidence states are willing to do these things that will defeat to harm the overall economy and therefore that's why we support this legislation that would not prohibit states from paying taxes on but making sure that taxes are not discriminatory and not duplicative. so thank you very much. >> you are recognized for five minutes for an opening. >> thank you for the opportunity

to address the subcommittee concerning the digital goods and services fairness act of 2011. i'm testifying on behalf of the federation of tax administrators, the members of the department of revenue in each of the 50 states, new york city and the district of columbia. the fda strongly opposes many of the provisions of h.r. 1860. this legislation would create a large revenue for state and local government. as structured also create a major competitive advantage for large out-of-state businesses excelled goods and services online. they will often have an opportunity to restructure their way out, an opportunity most small businesses will not have. the legislation will cause extensive litigation in federal courts the will go on for years. small businesses with amine street shop or digital start-ups are unlikely to have the resources to go to federal court over a state tax matter. fta recognizes the congress has an interest in making sure that there are no real impediments

the bursting of commerce. current state tax law in this area does not create any. digital goods and services are not even included in most state tax systems. the digital goods and services tax by most states are a familiar books, videos and music. this bill prohibits or pre-empts perfectly legitimate space tax authority. intermediary provisions mean online travel companies will be agents rather than sellers. they will not collect any hotel taxes. many other intermediaries often the only logical collectors of attack will not have to do so and there will be no recourse to the seller. resail provisions would prevent application of my states, business and occupation tax when the digital goods and services are licensed. even though no discriminatory or multiple taxes are imposed on these transactions. the provisions mean banking services provided on line by the remote sellers could skate

taxation. the same kind of services provided by small banks would be subject to tax. discriminatory or multiple taxes are vaguely defined. we would be fighting for years over what those terms include. we have been told in other testimony of the mobile telecommunications act is a good model for state and business cooperation. we agree it's a good model because there was a strong partnership between businesses and the states and developing it. there has been no such partnership here. we do have models for such partnerships under digital goods and services within the streamlines and tax agreement to the states to adopt definitions and sourcing rules and bundling roles as the member states would be required to use when taxing these products and services. because we agree to the changes the business wanted my state to adopt the new position statute as we know it acting the new taxing positions isn't easy.

starting in 2007 the washington department of revenue staff in intensive year and a half study legislatively mandated with a committee of legislators, business and government stakeholders and subject matter experts. initial legislation has run in 2009 followed by the anticipated legislation in the next year. we continue to work with stakeholders by making refinements to the implementing rules and tax advisory. as we have done that, we have held no one liable for back taxes and bonds will areas where guidance is not yet available. ironically h.r. 1861 do or put at risk much of that cooperative work. definitions from sourcing rules, unbundling rules in this bill are different in keyways from what 21 members have agreed to. another key difference in the business is participating in streamlined long ago agreed the software should be treated as personal property regardless of

the manner of delivery. this bill treated as a digital good if delivered by electronic means. neither the software change or the provision on my state's business tax addresses multiple or discriminatory taxation of digital products and services. but they certainly do impinge on state sovereignty. finally, i want to address the undocumented fears of being raised. we have not yet been provided actual evidence of significant discriminatory goods and services. tax administrators at least the one's i've come to know across the country approach the taxation of digital goods and services with great caution. they know there is much to understand and they have absorbed the lessons of the internet tax freedom. mr. chairman, that concludes my testimony. thank you again for the opportunity to appear before the subcommittee. >> thank you. >> you're recognized for five minutes for an opening. >> chairman, ricky member cohen, thank you for the invitation to

appear here today in support of h.r. 1860, the digital goods and services tax fairness act of 2011. i am the director of public affairs for the tax services firm that represents tax payers. our firm is headquartered in dallas throughout the united states and canada and in europe. i applaud you, mr. chairman smith and representative cohen for your leadership on this issue. this bill would establish a national framework for state and local taxes imposed on digital commerce. precluding multiple and discriminatory taxation. some might question whether this is a solution in search of a problem. indeed, in a prior position i might have suggested that but today digital commerce is a rapidly growing segment of our economy. this legislation will provide certainty and those that the

digital goods and services. the thousands of providers required to collect taxes on the commerce and the state and local jurisdictions seeking to tax the goods and services. player to my appointment was the director, that will brought me the before the committee many times when it was considering various legislative proposals impacting state and local taxes. while i'm here today to testify in support of h.r. 1860, my approach to the consideration of these issues and possible solutions is the same today as it was then. congress should respect state sovereignty and the need for state and local governments to administer their own fiscal issues. congress should proceed cautiously and giving forward with any legislative measure impacting state and local tax authority. as you consider this kind of

legislation, please be thoughtful first has to the nation's interest in the national and vibrant market and cautious, deliberate and mindful of the respective roles of government and our federal system. while this was and is my opinion as to how these kind of issues should be considered, i've come to believe that this measure strikes the right balance and demonstrates when congressional action is needed. the complexities that surface in today's internet based economy with digital transactions taking place oliver global broadband networks transcendent state boundaries cries out for a reasonable solution. congressional action is needed to grant its jurisdictions to tax the goods when it is appropriate. this measure will provide consumers, silvers and state governments and tax administrators with the certainty and the stability that they are seeking.

a little over a year ago then governor douglas vermont testified on behalf of the national governors' association at a hearing of the subcommittee entitled state taxation, the impact of congressional legislation on state and local government revenues. at that hearing, he outlined four principles to consider. when it was appropriate for congress to enact legislation of this sort. the testimony suggested that any federal legislation in this area should first do no harm, preserve flexibility, the and find the when wim. the legislation should not disproportionately or unreasonably reduce existing state revenue. suggesting the preservation of the flexibility meant that states should not be unduly hindered in their own pursuit of reforms by federal legislation

that restricts their authority to act. by being clear he meant that the legislation should avoid ambiguity or the need for expensive and time-consuming litigation. finally the governor suggests that congress should find the when when. he notable will fall legislation should be to find a balance that improves the standing of all stakeholders. i believe the provisions of h.r. 1860 are consistent with each and every one of these principles. and as such, it is worthy of your enactment. the other main provisions of this legislation as to preclude expansion of utility type of taxes. given the wide range delete corrine just providers and services, these anatexis can indeed be inequitable and our digital economy. in summary, the economy of the 21st centuries different than the economy of the 21st century.

states cannot address all these issues on their own and federal legislation is needed. thank you for your invitation to speak here today and i would be pleased to answer any questions you may have. >> i will now begin the questioning by recognizing myself for five minutes. >> this bill has a diverse group of supporters including the high-tech sector and a very is african-american and hispanic groups. why do you think there has been such a broad base of support for this bill? >> think for reasons one as a common sense built it doesn't preclude states from taxing, you can tax it at a higher rate or to be the average person would say that's common sense and that's going to be good. >> its consumer friendly. >> consumer friendly. it's not unfair to consumers. it treats them the way they ought to be treated in the existing rahm and secondly, i think people are very aware that

this is going to be a very fast area of our economy and increasingly people are going to be consuming more and more digital goods online, and as that happens people want to know they are going to be treated fairly by tax authorities. there would be my guess why it seems such broad support. >> some news reports to this bill would affect state taxes on all online purchases including purchases of tangible goods made online. in your opinion is that an accurate statement of what this bill would do? >> no, my view of the bill is it would be a small subset of goods sold longline which are the visual goods, not in law or physical that are consumed that are purchased online but shift on the non-telecommunications means. so to me i read the bill as a narrow slice of that over all digital economy just for goods that are delivered in the services. >> they say the power to tax is the power to destroy and in this

particular case age or 60 gives a balance between the olver exercise of the taxing power and yet not bridging the sovereignty of the states' rights. would you agree? >> i do agree with that, although i have to say i have a slightly different view of the state's authority and sovereignty having worked for governor i am quite aware of state issues and i respect the challenges they face but the digital economy is fundamentally different than the old physical analog economy where much of what people purchase is within their state and makes sense for them to be at the state level. but we are talking about a digital economy we are talking about something that is inherently nationalist of international and that changes the way we have to think about. >> thank you. >> system against the tax collector for that transaction to have to figure out and then apply the checks to the churn section of the national framework won't digital goods

providers the expos on necessarily to litigation over where the celtics place and how much the tax can be posed by the certain state? >> right now there are very few states opposing taxes on the goods so i don't think it's much of a challenge of this point and the states are being extremely cautious. i think developing a framework in fact is an excellent idea i just don't think the frame work in this bill works yet. i think we would certainly like an opportunity to work with the business community of some of the issues we find in the bill like the definitions which are unclear in some cases or nonexistent and others. those are the kind of things could lead to litigation and are difficult to get resolutions to those issues so the states to provide authority this guidance to the taxpayers and i worry about the small taxpayers that want to know now what do i need to do on this? so, i feel we need a framework by just don't think this bill was very get.

>> you're the former mexican a stricter of the federation of tax administrators as you mentioned a group representative and is opposed to this bill. responding to the testimony can you explain how this bill would bring clarity and a simplification to each state's policy for taxing digital goods? >> chairman ross, the state's are in a quandary and as businesses are, consumers, most of these laws were written right after the depression and the had been updated on an ad hoc basis since then. the economy is simply more robust, more vibrant, more changing than it has been in the tax policy tends to lack in that area. so i believe that you are trying to do the right thing quote by

setting up a free market which all the parties have a clear understanding of the rules. >> with 12 seconds left will conclude my questioning and then recognize the distinguished member from tennessee and a ranking member cohen mr. five minutes. >> pure from washington state, is the correct? and you say that you are looking out for the small taxpayers, is the right? >> it's very hard to do. >> you're steve let - one of the few states that doesn't have a state income tax is that correct? >> that's correct. >> doesn't that make it one of the most progressive states taxation that hurts the small taxpayer? >> there is certainly regrets in the taxation of low-income families. i think our business taxes are not quite as regressive as our taxes that affect individuals. >> i'm thinking of the small low-income families. i guess that's different from

small taxpayers because it's not obvious but -- >> the business and the occupation tax has a very low rate. it's brought so the research generally low. i don't think it poses a large burden on most taxpayers. we do have an exemption for them and the threshold so they only pay once they are about -- >> what about when you have the income tax it hurts them, doesn't it? what washington state trying to do to make that tax system work and concern about the low-income people in favor of this bill? >> we have quite a few limitations on what we can do to change r-texas come right now that's been enacted by initiative so you won't be seeing any changes without a two-thirds vote of the legislature. >> say you can't have the income tax without two-thirds? as a result of that does that mean you have to look for other

forms of taxation to supply the services washington state needs to supply? >> we can't get sinnott of the two-thirds vote so we are doing the budgeting by cuts. >> see you need to have more access to taxes like this that can make up for the fact to don't have a flexible tax system that is hit by these initiative process these and you don't have the opportunity for a more progressive income tax cities but to resort to these taxes to take care of the needs of your people. >> we are using the taxes we already have it apply in some of them to digital goods and services to some digital goods and services and the economy and the state we are careful in how we do this we do not want to harm that sector of our economy. >> the tennessee issue that came through the legislature for?

>> i'm not quite sure how to answer that to estimate yes or no would be the appropriate answer. >> well i haven't read what can through your legislature. >> i haven't read what actually passed so i can't give a yes or no. >> mr. kemp predicted the end of the world was going to happen saturday. mr. kemp predicted the world was going to end on saturday to the best of my knowledge it did not. >> he suggested with clear when we pass this bill. tell us why he is wrong, to too. [laughter] >> thank you so much. [laughter] spirit i would never compare my friend with mr. campeau. [laughter] i think in the debate about the

taxes depending on which side you're on your is it helpful ally, and i think that what you were called on to do in the exercise of your responsibilities and the national congress is to try to sort that out and determine what is best for the united states. and don't get me wrong, i appeared before you when i represented the fta and argued quite so loosely for the rise of the states to determine their own fiscal destiny. i still do believe that, but i also believe that in the exercise of your responsibility to protect the vibrant market some rules that enhance understanding of our almost always. >> please provide some examples of the state's taxing and digital goods and services. he said there's no discriminatory taxes that i think you can maybe - the exodus of the discriminatory taxes that are imposed.

>> certainly in some areas it's not exactly the deutsch delete traditional doves but we see that in the wireless arena their states such as new york state and california and others that have high taxes on wireless services including data services for your iphone or blackberry for example that are much higher than any of the kind of sales tax so that would be a very good example of that. >> thank you. my time is expired and therefore i yield back the remainder of my time. >> the chair recognizes the gentleman from georgia mr. johnson for five minutes. >> thank you, mr. chairman. i woke up on sunday morning and i felt i was in heaven but you now all have burst my bubble. [laughter] so back to reality, right? mr. atkinson, you believe that

unless congress creates a national framework to ensure consistency and fairness in the tax code there's a risk the digital goods and services purchased and down loaded and one state would be taxed at higher rates and related physical goods, is that correct? and do you agree that that is a legitimate problem? >> i would say i think it is certainly a rest. i thought you asked me, i'm sorry. >> no, mr. brooch maker do you see that as a legitimate issue? >> i think there is some risk if we leave it unattended too long, but we need to work for framework that takes into account the need for definitions and allowing things to be taxed

somewhere, and so i think it's possible to construct the free market needs to be done in a timely fashion and i think it can be. i just think this framework isn't there yet. i think we need a framework for this area of taxation. >> so you're concerned about definitions launched in this proposed legislation. what definitions do you have problems with? >> there's quite a few. one is a term that isn't even used in the bill but it is a foundation for how it works which is you should have to have a tangible equivalent before you fax something in the digital world, and i have concerns about that it's the basis of the bill in some respect, and you end up in a situation where with all the kind of deutsch will products there are it's very hard to describe in the equivalent people will disagree about what is the tangible

equivalent and what's not, think about all of the ways music is now provided for digital services. when is a tangible equivalent and when is it not. so without some work on the precise definition on that, then we are going to have difficulties. there are quite a few definitions that are not in the bill at all and then again, there are -- i can actually supplied the committee shortly whether the writing we think are either deficient or are nonexistent. >> and so you are willing to work with folks like mr. atkinson to actually perfect the legislation or can it be perfected? must restart of mcginn? new to legislation? >> stellas that's a tough question to answer in the sense that i'm not sure how quickly this particular frame work can

be brought into line with something that the states could support. i hope it could be it's important that the simple principles include complicity and fairness, conformity with the streamlines agreement, neutrality regarding industry and the means of delivery. some consideration to revenue impact and on the business side consideration given to the impact of pyramiding on them. i think it is important in digital goods and it takes time to sort through those. i don't want to say that i think it can be done in a couple of weeks but i think it can be done in the course of a reasonable amount of time. >> mr. atkinson, do you agree that it would make sense to sit down and work through some of the problems that some of the opponents might have? wouldn't it be reasonable to do?

>> when i hear an issue like the tangible equivalent, that seems reasonable to me but i'm not a tax and administrator. >> i'm not either but it seems like a reasonable observation. does it seem that way to you as well? >> could be. i also know that -- >> they might have a history of opposing any federal intervention on taxes and i'm not clear what this is from. >> if they're appears to be mayor using foot there are some rules to go forward with this legislation quickly as opposed to just simply having a bipartisan if you will reasonable discourse to try to perfect do you think that would be the best thing to do? >> would be useful to pass the bill in this congress because these are issues that are going to get worse, even as

mr. brewbaker said, i think he said, quote, there are some risks if we leave it and intended to long. >> any time that somebody tells me okay you've got to by this time share today or else you won't be able to buy it to mauro the price will go up or it's going to be gone, you must act quickly, do it now, in paulson buying is great, then i get the opposite reaction. it causes me to just want to hold up and think that there is some ulterior purpose for moving forward like perhaps there's a privileged category in the legislation for certain types of goods and services or there's some kind of fun checking to

protect to make an unfair profit of something. >> thank you. the gentleman's time is expired and that has been the last of our questions. i like to think the witnesses for being here today. without objection all members will have five legislative days to submit additional questions for the witness. >> excuse me for interrupting respectfully, but i find that we have a pattern here with these hearings on legislation in this committee particularly. we have run the debate to one round of questions and stick to the five minute rule. >> the matters that come before us i want to make that known for the record and wouldn't be

opposed to a second round or even the third round of questions on this particular issue. the ranking member what his thoughts were as another round of discussions about this. this bill is coming up for marketplace understanding about two weeks or so. >> we've got about an hour and 40 minutes before the votes are called a and to get his thoughts on it and -- >> i have a conflict starting at 5:00 so that would put a little damper on that. >> i do have a teleconference on peace in the middle east and i am afraid if i'm not their god

knows what will happen. [laughter] >> i'm not voted on this. >> i would give those much time as i can. >> please also of note -- >> please note however if there are additional questions by the members that please, have a written question for the witnesses which will ask the witness is to respond to as quickly as possible so their answers can be made part of the record. without objection all members have five legislative days to submit additional material for the record. i think the witnesses, and this hearing is adjourned. >> [inaudible conversations]

speakers include a senate majority leader harry reid, house speaker john boehner and

israeli prime minister benjamin netanyahu [audio difficulty] without further ado will turn it over. >> thanks very much for coming. as many of you know, we have had quite a situation develop over the last few days. there was an incident may 19th in which southern forces attack the convoy carrying northern soldiers to the town, and it was attacked some people were

wounded, and it produced made an extremely disproportionate response. they basically invaded abyei town, the administration and most of the people in abyei town have fled south. the government for virtually occupies abyei. this is a very serious violation of the comprehensive agreement, and certainly jeopardize as the process of negotiation that has been under way to resolve the remaining issues before the south becomes independent on july 9th. >> they've been a very heavily engaged over the last few days

and nights in talking to the parties and regional leaders and the united nations and the african unions and others with several major points. first of all, we feel that the attack on the u.n. convoy was deplorable and wrong, but we feel the response of the government was disproportionate india responsible. we think the forces should be withdrawn. the civilian and administration which the president dissolves should be recreated and we urged the vice president who was the head of the southern sudan administration and to calm the situation down and restore 11 of cooperation they talked about

after the january 9th referendum. and they so far have not been in direct touch and we feel that is an extremely important thing for them to do. >> what happens if the u.n. security council was visiting at this very time the was scheduled to go to abyei but of course could not under the circumstances. they were in khartoum yesterday and they issued a statement which i hope you've been able to see basically saying some of the same points that the white house said saturday night condemning the attack on a u.n. convoy but condemning in particular this overreaction and occupation of abyei and urging that the troops be withdrawn, that the two leaders meet immediately and that they would go back to the negotiations under the cpa.

the a huge chief mediator former president has seen the prime minister and the vice president today and we are trying to bring this crisis under control. it's the most serious one since the attack on abyei minn 2008, and we feel that both sides must restore calm and cooperation between them. ironically, this all took place just as fairly productive discussions were going on between the two parties on the economic issues between them. they had been going on in ethiopia at this very time and it's just it indicates that there is so much to be done and so much negotiation that it's been planned and it's under way that this crisis really calls

into question how those negotiations can be finished on time and in the race. so let me start there and i would be happy to answer door questions. >> can you confirm or deny reports that the debate could there be populating the areas? >> we know that people from the ms. area have been seen in abyei town. whether they are coming in the wake of this invasion or selling it's much too hard to get a fix on that, but since the takeover just happened over the weekend, it seems a little preliminary to make a judgment like that. >> they said they thought the best situation may affect the process normalization in khartoum and the united states. could you elaborate on that and

the united states specifically might have to do on that. >> i'm glad you raised that because in our road map towards normalization, it includes specifically the resolution of the abyei problem which has to be negotiated solution, and it involves full implementation of a comprehensive peace agreement. so this action complicates both of those conditions, and what it means is that our ability to move towards normalization is going to become complicated as well. we had started the process, as you know, of looking at how to take them off the list of state sponsors of terrorism. we've been working with the world bank and others on the debt situation. we've been looking at the prospect that naming a fully ambassador after july 9th in

khartoum, all of these are important steps of normalization. they can't be fulfilled if we don't have a successful cpa. >> [inaudible] >> well, the point is that these are all steps towards normalization. if we don't half a successful completion of the peace agreement or abyei being negotiated rather than occupied it would be hard to move forward on that because it's part of the road map. so you can't compete that road map if you can't complete these conditions. >> what about the status of the referendum. when and how can that happen, and with the evacuation in so many residents of abyei, how can that be actually accomplished any time soon?

>> well, the referendum haven't been complacent as the two sides could not agree on who will be the eligible voters, whether it will be primarily or whether they would have the right to vote and because of the difference in many meetings to try to resolve that, attention turned to an administrative solution whether the two principals, president bushehr and kebir could come to the negotiated solution on abyei. the president of the former south africa who leads the a you negotiations but several observations, administrative options to the two presidents some months ago. they were not able to agree on many of them and turned back to the international community and said can you come up with another idea? and in fact we have been working on trying to develop a new proposal for them.

and this obviously makes them more difficult to do. but the attention turned from the referendum to see if there was an administrative solution. specter is the u.s. have an indication about movements or more soldiers the would back up the more widespread suggestion that the two sides are on the verge of going back to war do you think that is a realistic threat given where we are now? >> i think the danger of the contract is serious. there is some fighting going on now towards the southern border where southern forces are still inside abyei and are being -- are fighting armed forces. so the danger is great. i don't think that means they will go to general warfare between the two, but any kind of

warfare and especially over an area, an issue as the motion and difficulty with the abyei is a very dangerous prospect. >> to talk about the u.s. context the parties. do you yourself plan to head out there? >> the secretary of state, the national security council, myself, johnny carson, the assistant secretary for africa, we've all been in contact with parties and with the leaders constantly over the last several days and as you know the ambassador susan rice is there with the u.n. security council, and of course we have them both in khartoum and cuba and everybody's been involved in all of this. i am scheduled to go to the region this week. i haven't worked out the exact

date, but i will be going out this week. >> to sudan, yeah. >> do you know who secretary clinton has spoken to? >> she spoke to the vice president and dennis mcdonald spoke to the foreign minister. the secretary spoke to the vice president and i spoke to the vice president, senator kerry has issued statements which you may see so there's been a lot of calls. thank you very much for joining us. >> thank you all.

descent devoted to move ahead with legislation to expand provisions of the 2001 anti-terrorism law known as the patriot act. the food was 74-8. here's a portion of monday's debate which includes remarks from montana senator tester who voted against senate cloture. we begin with senator dianne feinstein who chairs the senate intelligence committee. debate on the patriot act continues from the several delete cassette gavels backingey >> as the chairman of the senatt intelligence committee, i wantnt to point out that as of friday, there are three provisions ofare the foreign intelligence surveillance act which are going to expire. those three provisions are something called the roving

wiretaps, will loan loss provision and the business recordhe authority. now because of player me front that this doesn't include the national security letters. just these three provisions, roving wiretaps, wolf and the ad business record authority.eade i very much appreciate that the majority leader and the republican leader have comeislation t together in agreement to bring this legislation to the senaten, ioor, and because of its importance particularly at this point in time i hope we will bee able to conclude this business and see that these provisions are extended for four years of before friday. many of us strongly believe whes it comes toho national security and there should be no partisan divide, only strong bipartisan l

support. a substanti until this measure should receive a substantial vote thisy afternoon and the senate willk pass it quickly this week before the keogh authorities expire. but before talking about the t substance of the legislation, ts let me describe the context in three wedeeks ago on may 1st, te a