motivators not just of what's happening in boko haram and other parts of the world, but in this instance they are clearly motivated by anti-christian attitudes and ante christian beliefs. i don't think that is debatable given their own statement. in your opinion in hindsight, i know hindsight is 20/20, was it a mistake not to designate this organization as a terrorist organization earlier? >> senator, as i explained, i think we had a healthy debate. we are respectful of the nigerian attitude. boko haram and the fear of designating the organization would bring it more publicity, in retrospect, we might have done it earlier. i think the important thing is we have done it and we've offered a reward for the leadership of boko haram's rockies. >> for future reference, do you think there is a lesson here when we make decisions about designating groups as terrorists, it shouldn't simply be -- either you're a terrorist

group or not and in the future we should not so heavily rely upon some government's input with regards to whether an organization that happens to be operating within their territory should be designated or no. >> i think there is definitely a lesson here. i think we will be quicker to act to make designations based on our own assessments earlier on based on this. >> my last question has to do with a broader theme regard to the risks of global jihadists and terrorists at-large. there was a narrative not long ago al qaeda was on the run. it was dissipating. in fact a new risk has emerged. want to rely on the testimony of director clapper before the senate committee of intelligence where i sit. decentralization of al qaeda movement led to new power centers and increase in threats by networks of like-minded

extremists to multiple groups to which it's clear aqm, there appears to be some links and ties or some elements with boko haram. my question is what do we know at this point about that? do we have any indications we can reveal in a setting of this magnitude this type that this is a group whose aspirations potentially involve attacks outside of nigerian territory against western interests, either elsewhere in africa or potentially in europe in the western world? what do we know about that at this stage? >> we definitely determined there are links between al qaeda and boko haram. they probably provided at least training, perhaps financial support. more importantly to the second part of your question, boko haram has become a regional threat. it's kidnapped a french family in cameroon. it's most recently kidnapped a

canadian priest, a canadian nun and two italian priest and kidnapped a french priest several months ago who was liberated. this is an organization that is becoming an international threat and needs to be dealt with through international cooperation. >> i have a 15-second follow-up, mr. chairman. is it fair to begin to hold -- is it fair to hold this group up as yet another example of what secretary clapper was talking about when he said the decentralization of al qaeda and emergence of these different groups and regions poses the new face of the al qaeda threat in the 21st century. this is one more example of those types of groups popping up in different parts of the world and pose a different challenge in nature from the al qaeda we confronted during the 9/11 pierce? >> senator, yes. >> thank you. >> thank you, senator rubio.

chairman mendez has returned. >> thank you very much. what is in a banking mark-up, but appreciate the opportunity. let me ask you, mr. secretary, it is my understanding that nigeria has not been cooperative with us in our efforts to designate boko haram as a terrorist group at the united nations. is that the case? >> until very recently, they were reluctant to designate them at the united nations. this week, their permanent representative did consult with the security council about designation. i expect that will happen imminently. >> we finally got them to see the light. it's a shame that it took the abduction of 300 girls to get them to understand they should have joined us at the united nations. you said consulted. does that mean they are going to support us in our designation of

the united nations? >> yes, senator. we have been informed they will work with us and other security council to designate boko haram with the united nations. >> that is good all around. even though the day i fear may cause challenges to getting each and every one of these girls back, that's our goal. that's why i sent a letter to president jonathan calling him on demonstrating leadership. what is your level of confidence that that the nigerian government after an indefensible delay now has the political will and military capacity to ensure a swift and effective response that utilizes international support to the fullest and is in line with human right standards? >> i'll answer the political will department and defer to our

colleague. we do believe that the political will now exists. president jonathan seized with the issue. i just learned this morning he is on his way to visit the school and meet with the families of the kidnapped girls. >> mr. senator, if i may, after the social media campaign was under way in earnest, we found in our engagements with the nigerian military an unprecedented level of access and frankness with them. our impression from the department of defense is that they are quite certainly for the first time in recent memory taking this threat very seriously and engaging with us very seriously. >> i see we are spending a significant amount of money engaging them in terms of creating a capacity. i also see what happened at the school and notice they had and lack of response. the question is what is their capacity?

i accept president jonathan has now seized because of international outrage and is willing to do something, if we were to share at some point intelligence, assuming we had it and came upon it and could have actionable intelligence, what is their capacity to execute such an effort? >> senator, we don't know what kind of situation we are facing. we can't isolate particular courses of military actions that might be appropriate for the rescue of the girls because we don't know where they are. there are two anxious as to your question. one is their capacity overall to handle the threat from boko haram to take defensive measures as you alluded to, at the school. there was also a recent prison break equivalent. that was virtually undefended by the nigerian military. again, as i spoke of earlier,

the nigerian military in the north has significant capacity challenges. our aim right now is to support them as much as possible to get them training in assistance where possible. >> here's my problem. we are going to support them as much as possible, but if we found actionable intelligence that identified where a large part where all the girls are, and we do not believe or we don't know if they have the capacity to act on it what good will that be? >> i can't speculate on that, senator. i don't want to give you speculative information. >> i need you to go back to the department and bring back a better answer than that. it is impossible to fathom we may have actionable intelligence and we may not have the wherewithal, either by the nigerians themselves or by other entities helping the nigerians to be able to conduct a rescue

mission. so all of this would be worthless unless we know the nigerians are capable of executing or in the absence of their ability to execute, then we have some other efforts of support to be able to effectuate an effective rescue. i would like you to go back to the department at whatever level is necessary to give the committee a better answer than that. otherwise some of us will question all of our efforts if they cannot be executed. >> sir, as we gather more information with the nigerians, we would be happy to come back and talk to you. >> i would like, yes, from the nigerians, but i want to know our own assessment. i want to have the department of defense's assessment as to what would be the capacity of the nigerian military and/or security to effectuate a rescue mission assuming that opportunity unveils itself. we are not going to wait until

finding out we have actionable intelligence and find out we don't have the capacity to do this. >> i would be happy to come back to with you that information, sir. >> we are trying to work out the logistics of a vote that is about to be called and second panel witness, senator cardin has questions of this panel. i'm going to invite senator cardin to question this panel. senator flake and i are going to go to the floor, cast our votes and come promptly back. senator cardin will transition to the introduction of our witness if we are not back within seven minutes. >> i don't expect to take seven minutes. i'll keep moving. >> we'll keep it as quickly as we can. >> i understand the challenges as the chair pointed out. the floor has a series of votes

starting at 11:15. i will do my best to keep things moving along. i was following the hearing from the broadcast, had some conflicts in my office. this is a matter of urgency globally, as i think has been expressed here. these nigerian girls were not in the wrong place at the wrong time. they were in the right place at the right time what happened there is beyond description. this is not a u.s. interest, this is a humanitarian global interest. united states has certain unique capabilities. the international community has capabilities. we are not yet clear as to the capacity of what the nigerian government can do. we do believe that the international focus on this issue has given greater strength to the nigerian government to

take the appropriate steps for the safe return of the girls. i was listening to the comments of my colleagues, and i know it's frustrating when we know how long these girls have been under captive. i guess my only observation, not so much as a question, this is not about what we read in the paper. this is about getting the girls back safely. this is not about u.s. or the u.s. being visible or invisible. it's about getting the girls home safely. we want to do everything we possibly can in that regard. there's also the issue generally in nigeria how they handle opposition, how they handle stability in their own country, which is of a concern to the united states. what i think most of us are concerned about is we don't want

the safety of these girls confused with the outrageous terrorist acts and that there is any legitimacy to this whatsoever. i think that is a point that is not just u.s. interest but humanitarian global interest around the world. it's that balance that we're seeking. how can we be constructive and how can we be forceful in helping bring back these girls safely? i thank you all for your testimonies today. we know these are difficult, anxious moments, but we want to be as constructive as we possibly can. we want to be very clear about the outrageous conduct of the terrorists that go beyond the pale of anything any of us can imagine. and we recognize that this is a global matter that the nigerians must handle, but they should seek help from the international community and we are available

with the international community. thank you very much. i now invite up miss natanh aa.n >> hello? members of the senate, ladies and gentlemen, good morning. hello. >> we hear you fine. can you hear us? >> oh, good. good morning. chairman coons, ranking member flake, members of the committee, thank you for convening this important and timely meeting and for giving me the opportunity to speak today. i thank honorable mr. jackson

and honorable ms. friend for your testimonies. i thank you for your commitment and effort to help respond to the crisis in our country. my name is lantana abdullah. i work with violence prevention in nigeria. the testimony reflects my own views and informed by my experiences first as a mother with five children, a nigerian and peace builder. i will speak of the evidence that brought us today because of the crisis and practical recommendations. you will all recall that today marks the 30th day that is over 200 christian and muslim girls were abducted from their school in north nigeria. this means a whole generation

is, frankly, at risk. this is only one of many attacks which boko haram claimed responsibility. the group was created in 2002 with the sole proposal of imposing islamic law throughout nigeria. so far the attack s have claime more than 2,000 people to date and displaced tens of thousands of people, and more than 10 million people are currently at risk if you combine the population. in addition to one of the comments made about the goal of boko haram, about their anti-christianity stance, i want to say of course it is a reply to pit christians and muslims against each other, and of course seek sympathy amongst muslims. this abduction just serves as a

sad reminder of the long-standing challenges at play in nigeria that may also produce a negative impact throughout the greater region. currently, the lack of information on the current level of response from the government and forces is a great source of worry for many nigerians. nigerians are also very much frustrated by the history and current level of corruption in the government associated, of course, with bad governors and impunity. boko haram, corruption is the result of democracy. western import that has failed. this description is in the group efforts. another nigeria asked me has been historically disadvantaged. in comparison to the south, boko

haram took advantage of this to make heroes with the population by offering food, shelter and education. we must also acknowledge the nature of our borders, where violence has originated and allowed boko haram to traffic victims as well as escape persecution by seeking refuge abroad. we have all been deeply torched by the attention of the girls' kidnapping. i think there is still more to be done to end this crisis. there is an underground response. it will be a short-term gain ensuring lasting peace in the region requires the issue to be addressed from multiple angles and engagement of all stake holders to prevent future atrocities. despite the escalation of boko

haram violent actions, there are few reasons for hopeful. we have witnessed a decrease in attacks, especially coming from regions like central nigeria and particularly where i come from. during periods of insurgency, victims appeal to own communitys to regain retribution. we've seen more and more christians and muslims working together as seen by the "bring back our girls" movement. and driven of course by nigerians. in the past there has been international cooperation. the world economy for africa hosted in nigeria have created an opportunity for u.s. and foreign technical assistance. with this in mind, i would want to make four recommendations. there is a need for humanitarian assistance and support to

prevent further marginalization of the populations who are at ri risk. there is urgent need for support to victims of violence in northeast nigeria. other recommendations support regional approach like all weaknesses have said, there is a need to have regional collaboration between nigeria and its neighbors. particularly cameroon. securing the borders will limit illegal activities. we need also to support a robust community for improving human security. how do we ensure communities also engaged in this? we also need to prevent a monetary humanitarian abuse is by security forces. more importantly, we know that the level and presence of military in locations have also

increased the level of violations of human rights of citizens. we need to build this effort. nass much as we want to concentrate on the current crisis, particularly on the boko haram terrorist activities, we shouldn't also forget the issue s of the upcoming elections. i would like to close with a personal story. three years ago i was at a wedding. boko haram. soon as i arrived, i heard multiple explosions, serving as a painful reminder of the violence affecting the residents. you could not move freely even with the current celebrations was made because of the lack of security. it is warm to my heart to see how resilient my family were as well as friends and neighbors.

despite the terror, women still went to the market and children went to school. i strengthen my commitment as a peace builder to ensure all nigerians, christians and muslims can walk together and live free of fear. i tell you this story to remind you that my experience is not unique. millions of other people throughout north eastern nigeria are affected by this violence. i hope my testimony today represents them all. i also want to thank the senate for this opportunity to speak and showing interest and support to overcome these challenges. in particular, i also wish to appreciate and thank the american people for joining the global movement to bring back our girls and end terrorism. we must continue in this spirit until the war is won. thank you and i await your

questions. >> thank you very much for your testimony. lantana abdullah, we are grateful for you joining us today. you experienced so much as someone from the north and advocate for peace-building. how has boko haram impacted your life, the community around you in the north, and what message would you like to send to the perpetrators of these vicious attacks? >> i think i want to talk first as a muslim. i want to say the activities of boko haram mostly affected those in nigeria. we've been left to talk about defending our faith and educating us as boko haram do not present islam and do not represent interests of muslims in nigeria. of course, coming from where we

are, we are dealing with other conflicts in other locations like the north central region where we are dealing with ethnic and religious conflict. boko haram has also taken advantage of trying to perpetrate some of the terrorist activities in some of these locations. it is taking a lot of our efforts to make sure we localize the contacts and not allow boko haram to hijack the process and work we are doing in nigeria. >> thank you. as you know, many americans have taken to the internet to express their outrage to boko haram and their support for safely returning for bringing back the girls. today's hearing is an expression in part of american concern and solidarity and commitment to support the families and the girls. what message do you have for us, for the u.s. government and the

american people, as we consider what more we could do to support peace and security in nigeria? >> i think very importantly we want to acknowledge the american people and government for coming to our rescue at this moment. we know of the military in america and nigerian government. of course the support from the nigerian government for such support, but we still believe the time is now to act. we need to look at nonmilitary support from the american government, particularly when looking at economy-driven, peace-building strategies and approach to also consolidate. we need to do that, but more importantly, we need to acknowledge that the region is one of the most backwards region

in nigeria. there is a weak media presence, a weak society presence. we need to actually push to empower communities to speak their voice, not to allow some people or institutions to speak for them. that's where we are actually pushing to see how we can have community level driven radio stations. at this moment, there is actually no license, the government is not issuing such license, but we think the time has come to have community regions to walk with young girls and women. >> thank you for those comments. >> if you could tell us what others in addition to the radio conversation that your organization, the organization for which your work search common ground has taken, and as a peace-builder, what are the most important steps you have taken to encourage reconciliation and dialogue amongst the communities in the

north. what are the most positive steps you have seen so far? and what recommendations do you have for us about how we can best support peace-building efforts in the north. >> as you know, common ground is an organization that is very innovative. it needs peace-building efforts around the world that. innovation and uniqueness is what we have to do with conflicts in many parts of nigeria. currently, we are working basically more in the middle belt region trying to bring ethnic groups together to look at their common grounds values and to work on their differences. we are also of course supporting the federal government to work on the military problem and stability in the niger delta region. we would be supporting communities to seek dialogue over their differences, using their own local initiatives. also empowering more skills and

knowledge particularly on conflict transmission to deal with those issues constructively. >> thank you, lantana. i'm going to yield to senator flake so he also has an opportunity to ask questions before we must return for our next vote. thank you so much for your testimony today. senator flake? >> thank you. i'm sorry if i'm asking questions already answered. with regard to the government's response to what's going on in the north, have there been any initiatives by the government that have been effective in diminishing the attractiveness of boko haram for recruiting or for their activities? is the government winning this battle or not at this point? >> over 200 young girls can actually be abducted right in

the presence of the nigerian government and remain missing for 30 days, it means we have lost in some way. it's obvious there is still lack of capacity to actually deal with the problem. it also seems at the advent of the boko haram in 2002, the government were not actually prepared to actually deal with the issue. of course, they have for us most nigerians, there have been many allies, many arguments about the position of government on using just being military offensive to deal with the boko haram is to suggest instead of trying to address some of the root causes brought about boko haram in the first instance. we had some announcements by the government to try to provide sustainable and you know, address some of the life and

concerns of the region, to address widespread poverty and the low educational level and political marginalization of the region. of course, we've also not seen anything happening in regard to the money meant for that. >> one other question. i think we were struck here at the international community was struck with how slow the nigerian government reacted to these kidnappings. does that suggest they simply aren't ready and willing to address the issues, whether the root causes or more immediate concerns? and are they only acting because the international community is putting pressure on them now? >> i think they are slow responding to the crisis and

have knowledge of nigerians that have been coming out to actually push and talk about the current crisis. of course there have been many push by the international community to come in and support. the government were very skeptical. they are very slow in accepting these offers. i think nigerians have actually pushed for that. we've seen it happening now and we hope apart from just wanting the girls released and work beyond the abduction to address the root causes. >> thank you. i turn it back to the chairman. >> thank you for your participation. we really appreciate you doing this. >> thank you so much. >> ms. abdullah, if you have closing comments you would like to make us to, we have to go back to the senate floor in just a moment for another vote. i know it was a little

disjointed between senator cardin, senator flake and myself. if there are any closing comments you have for us, suggestions how we can most be helpful supporting reconciliation and development in the north that will address some of the root causes of the boko haram insurgency or that can address some of the root causes of violence and of difficulties between communities, i would welcome that. if you have any other suggestions for how we can best support the nigerian school girls kidnapped and their families, we welcome that as well. thank you so much for your testimony. we look forward to a closing comment from you. >> thank you so much for the opportunity to actually talk today. of course, like i said, we need a lot of support. there is weak presence of civil society on ground to actually support the current crisis in the region. we want the u.s. senate to push

how we can have more actions in the region starting out with the humanitarian issues immediately, but also looking out to plan long-term interventions. what can we do to promote civilian protection and also promote human rights by armed forces and under community-driven efforts. >> thank you so much. thank you for your focus on peace-building, respecting human rights and reconciliation. we are grateful for the effort you made to testify before us today. i will leave the record open for an additional week until the close of business thursday may 22nd for any members of this committee not able to attend but have questions for our first or second panel, we greatly appreciate the testimony offered today by all four of our witnesses and the very hard work many are doing here in the capitol of the united states to

provide support for the girls and families and the people of nigeria. thank y thank you, and with that this hearing is adjourned.

[inaudible conversations] good morning. for almost one year the a permanent subcommittee on investigations has been investigating hidden hazards to a consumer data and privacy and security that results from online advertising. our subcommittee operates in a bipartisan way and practices of our rules provide that the ranking minority member may initiate a inquiry and the tradition is for both sides of the aisle to work on investigations together and the staff work very closely together. thismmm5 investigation was initiated and led by senator mccain so i would like to call on him to give his

opening statement first after which i will add a few additional remarks of first-ever like to commend senator mccain for his leadership a of the staff for their hard work to address the vaccine and the issues that are the subject of today's hearing. >> i appreciate you and your staffhu cooperation to conduct the imports and bipartisan investigation. that is the hallmark of our relationship together for many years. i believe consumer privacy and safety with the online advertising industry is a serious issue the warrants examination. to the emergence of the internet and e-commerce more commonplace activities are taking place of the internet that leads to major advances and consumer choice and economic growth. these have presented novel questions concerning whether consumer security and privacy can be maintained in the new technology based

world. we will examine these issues specifically with online advertising where the data is collected and cybercriminals exploit vulnerabilities to use now where. -- well aware but it is important to keep in mind the simple idea that everyone will agree consumers should not have to know more than cybercriminals about technology and the internet tuesday's safe. these companies like google a un the offer to have a responsibility to help protect consumers from the harmful effects of that advertisements they deliver. deciding who should bear responsibility gmbh technical and difficult question that cannot continue to be the case as

the consumer is its of mainstream websites but still has the computer affected with the advertisement at the same time online advertising is an instrumental part how consumer companies reach consumers. in 23 online advertising revenue reached a record high $42.8 billion surpassing the first time revenue from broadcast television advertising that is almost $3 billion less. with the boom of all the prices it will become more decorative than the years to come. this will outline the consumer space and cybercriminals have defeated the security efforts and what improvements could be made to ensure consumers are protected of mine and the internet remains a safe engine for economic growth?

make no mistake the hazards are something even the tech savvy consumer cannot avoid. not just avoiding shady web sites are clicking on advertisements that look suspicious but in february as security form discovered that you tear it -- malware was given to users' computers just going to you to the to watch a video was enough to affect with the virus. that was designed to break into online bank accounts. a similar attack in 2013 on the offer to also did not require a user to click to have the computer compromise. the consumer bank account that was compromised by the you to back has little

recourse under the law. they managed to track down the criminal they could take legal action but cybercriminals are normally a part of sophisticated enterprises overseas tracking down is exceedingly difficult even for professional security specialists but the consumer has essentially no chance whatsoever to recover funds from cybercriminals. how can it be they can sneak malware into advertisements under the most technologically advanced companies in the world? they have clever tricks to avoid the security procedures in the industry. one of them is getting to have a tester visit a web site to see if the virus down votes to the test computer. just as they can target

their advertisements only to run a specific location cybercriminals can target by location to avoid scanning. the cybercriminal knows those responsible are clustered around certain cities you target the malicious advertisement to run in other areas of the scanners will not see it. they have used even simpler techniques the law enforcement found calenders marked extensively with u.s. federal holidays and three day weekends. there were not planning for the july picnics but to initiate now where attacks at times when they would be at their lowest just this past holiday season two days after christmas than four days before he beat new year's eve young who was

hacked and they began to deliver malware advertisements to computers to seize control of the computer using it to generate a bit quaint -- of that coin. independent security firms estimate around 27,000 computers were infected of this one malware advertisement there has also been countless attacks of consumers online month vulnerability is the advertisements themselves and not under direct control of online advertising companies like yahoo! and google. >> they decide not to control them then sells because of videophiles would be more expensive instead of wind advertising companies put to liver that directly to the consumer while it is

cheaper but can lead to greater hazards. with those advertisements to switch out legitimate adds. the tech companies frequently do not know when such as which occurs intel after the ad is served because they do not controlled the advertisement is a quality-control process that is purely reactive instead of before finding problems afterwards the industry grows more complicated the single online advertisements for individual consumer routinely goes from five or six companies before ultimately reaching the consumer's computer. that makes it easier for the various companies to claim responsibility when things go awry.

one instance is the attack on major league baseball web site june 2012. in that case the ad appeared to be for luxury watches it was a banner on the top of the page it was shown to 300,000 before being taken down. in the aftermath it was still unclear which entity was responsible. one security analyst noted at that time the lack of transparency with of wind advertising made a signing up responsibility virtually impossible. one way to get an idea how complicated the on the road can we is to take a look at what happens when the consumer is it's a website where advertisements are served by third-party companies. when a user visits so website it instantaneously contacts the online advertising company.

it then contacts other internet companies who help to collect and analyze data for the purposes of targeting in each company in turn can identify the users to analyze the online activities and ultimately hundreds of third parties can be contacted resulted of a consumer visiting just a single web site. using special software called disconnect the subcommittee could detect how many sites were contacted when the user visits a particular web site they are represented in a charge. with the first example -- we go to video. we can see what happens with the ordinary business that does not depend heavily on revenues. in this case a company web

site that gives online banking services for existing customers and not to generate people but it does not need to rival a large amount of traffic from advertisements. you can see it is very difficult to see but the us use third parties were contacted by contrast when a consumer visits a web site it depends much more heavily on revenue of base and as a visit the web site and a number of third parties that are higher. for example, -- do we? this video shows what happens when a consumer visits tmz.com.

a celebrity gossip web site. and just to make that point even been more clear these are side by side. finally, another problem with the current online advertising is a meaningful standards for security the primary regulators from the ftc and the digital advertising space and san network advertising initiative have not been acted to generate effective guidance or standards for online advertising security. on the government side the ftc brought a number of

enforcement actions against companies involved with online advertising for deceptive practices pursuant to authority under section five. they all have misrepresentation made by a company rather than the failure to it here to any standards. i will just summarize by saying with consumer privacy there are some guidelines generated on internet users and how that data can be used. these approaches do not track efforts and they have all the them partially effective. with the consumer data em privacy may be necessary but senator kerry and i introduced of bill of rights and updates will be necessary to provide a framework how to think about these issues calling for

that includes basic rights and expectations consumers could have with the dissemination of the personal private information online and specifically the prohibited practices of the of role of the ftc in a safe harbor for those that choose to take effective steps to further consumer security and privacy. that legislation has a role forced regulators to engage with the ftc to come up with best practices and solutions. consumers deserve to be equipped to understand the risks to make informed decisions as online activities. today one thing is clear as things stand the consumer is the one party involved was online advertising simultaneously the least capable to take effective security precautions have forced to bear when security

fails. such a model is not tenable. to play that indispensable role to make a profitable on the internet. but it should not come at the expense of the consumer. thank you to the chairman for working with me on this and i thank you and the of witnesses. . .

those weak links can be exploited. although consumers have done nothing ever -- other than those of the mainstream website, the subcommittee's report and senator mccain's opening statement also highlight the hundreds of third parties that may have access to a consumer browser and affirmation with every web page of the visit. according to a recent white house report more than 500 million photos are uploaded by consumers to the internet each day along with more than 200 hours of video agreement. however, the volume of information that people create about themselves pales in comparison to the amount of digital information continually created about the. according to some estimates

nearly has had a bite or 1 trillion gigabytes are transferred on the internet annually. that is a billion trillion bytes of data. against that backdrop today's hearing will explore what we should be doing to protect people against the emerging threats to the security and privacy as consumers. the report finds that the industry's self-regulatory efforts are not doing enough to protect consumer privacy. furthermore, we need to give the federal trade commission the tools that it needs to protect consumers who are using the internet. finally, as consumers use the internet profiles are being created based on what they've read, and what movies they watched on music to listen to. consumers did more effective choices as to what the information generated by their activities on the internet is shared and sold to others.

i want to thank all of today's witnesses for their cooperation with the investigation. now our first panel of witnesses . alex stammers, the chief information security officer of young who ain't in sunnyvale, california. george salem, the senior project manager of global eight in mountain view, california, and critics bees will with the executive director, founder and president of on-line trust alliance in washington d.c. we appreciate all of you being with us this morning and look forward to your testimony pursuant to our rules. required to be sworn. i would ask for you to please stand and raise your right hand.

>> to swear the testimony will be the truth and of all truth and nothing but the truth. >> using a timing system. >> the red light comes on from the you will see let's change from green to yellow giving you an opportunity to conclude your remarks. your word and testimony will be put in the record in its entirety. we appreciate you're limiting your testimony to no more than ten minutes. after we have heard of the question, all the testimony real turned the questions. mr. samos. again, our thanks. >> good morning. that morning. >> chairman, ranking member, distinguished members of the subcommittee, thank you for convening this hearing and inviting me to testify today.

i respectfully request my full written testimony be submitted for the record. my name is alex summers, the abu vice-president of information security. i have spent my career building and improving secured trust for the systems, and i'm very proud to be working on security. a global technology company that provides personalized products and services including search, advertising, content, communications and more than 45 languages in 60 countries. as a pioneer of the world wide web we enjoy some of the longest lasting customer relationships. it is because we never take these relationships for granted that 800 users each month just as to provide internet services across mobile and web.

there are few key areas i would like to emphasize. our users matter to us. building and maintaining user trust for secure products is a critical focus. by the fall all our products need to be secure for all users around the globe. second, achieving security online is not an end state but a constantly evolving jealous of we tackle head on. now where is an important issue that is a top priority. law preventing the distribution through one it's important to address the entire ecosystem and to fight it at each phase of its life cycle. young who fights for users security on many fronts partner with other companies to detect and prevent the spread of mahler and pioneer this a-frame standard to assure user privacy. we have led the industry in combating spam. we continuously improve our product security without of water research community. the largest media publisher to unable encryption for users across the world.

i would like to thank the subcommittee for your focus on our and the threat it poses to consumers. internet advertising security is a top priority. we have built a highly sophisticated at quality pipeline to weed out advertising that does not need our content, privacy, our security standards. this january we became aware of mao were distributed on our side and immediately took action to remove its, investigate how it bypassed or controls and fix the vulnerabilities we found. the impact is users or on microsoft windows. a browser plug in with the history of security issues and was mostly targeted at european ip addresses. as i mentioned earlier, the ecosystem is expensive and complex. a large part of the problem is vulnerabilities of allowing a tagger to take control of user devices through a popular web browser plug ins like java.

it also spurred by tracking users into installing software the believed to be harmless but is in fact malicious. we successfully blocked the vast majority with which bad actors attacker now work and we always try to defeat those who would compromise customer security. this means we regularly improve systems including continuously diversifying a set of technologies and testing systems to better amulet different user base your. every ad is suspected, when created and regularly afterwards . these as often tout all software or try to trick users and the downloading and installing ... software. preventing deceptive advertising once required intervention.

although no system is perfect, we now use sophisticated machine learning and image recognition of rhythms to cuts deceptive advertisements with what says trainer systems so that we can detect and respond immediately. we are also the driving force. the mechanism allows that to properly display on the web page without exposing the users private information to the advertiser and that would. thanks to growing adoptions a framing has its user privacy and security not only in a thriving market place a round internet. we also actively the good of the companies to create a higher level of trust, transparency, and safety. we are members of the interactive advertising iran and integrity task force and improbably joined. we also participate in groups ticket to preventing the spread of now were and disrupting the economic life cycle of son of criminals including the global

forum for security teams, the underground economy form, the operation security trust for and the council veto form. well preventing the placement of malicious advertising is essential, it is only one part of a larger battle. we fight the modernization phase by improving waste to validate the of the intensity of the note and reducing financial incentives. spam is one of the most effective ways militias actors make money. guy who is leading the fight. for example, one way to act is through the mails moving. the original internet mail standards did not require that ascender use an accurate from line. stammers exploit this. these animals are much more likely to by pass filters. a technique generally known as fishing. here is dahlia who is helping

the internet industry tackle these issues. the original author of domain keys, mechanism that lets recipients cryptographic we verify the origin of the mlb rita of really contributed and now the standard protect billions of the mills. building upon the success of our who led coalition of internet companies, plans on institutions and anti spanish groups in creating the the main base messages authenticating market standard. it provides a way to tell the rest of the internet what security mechanisms to expect on me know. data begin the first major nl provider to in essence as the rest of the internet to drop messages that inaccurately claimed to be from your home users. says john to make this change another major male provider has also enabled the. we hope that every major gang member water will follow our

lead and implement this common-sense protection. we have reduced spam purported to come from young to accounts by over 90 percent. effused broadly it would target stammer financial incentives with crippling effectiveness. young also incentivizes sharing to ensure broad a trustworthy in user data is secure. young operates one of the most progressive down the systems on the internet which encourages security researchers to report possible flaws. we engage the researcher and discuss the findings. if the board turns out to be real we fix it and reward the reporter with up to petite thousand dollars. in a major security bugs are often auction of we believe it is critical that we and other companies create an ecosystem where boat burgeoning and established security experts are rewarded for it -- reporting and not exploiting. i do invests heavily. in january meeting corrective

browsing the default. as of march domestic international traffic moving between young data centers has been fully encrypted. on going goal is to enable a secure encrypted experience for all our users. in conclusion, want to restate the security online is not and never will be in and state. it is a constantly evolving global challenge that our industry is tackling and on. terence the stem from the and pipeline or elsewhere are not unique to anyone online company. while criminals those real threats we are strongly dedicated this thing head. with partner with companies to proven to. we pioneered this safer and standard. we have led the industry in combating spam and fishing and continuously improve product security with helpful water research and finally, we of the largest media publisher to enable and corruption.

yet who will continue to innovate and how we protect our users, continue to fight several terminals the target us and our users and will continue to view user trust and security as a top priority. thank you for the opportunity to testify. >> chairman, ranking member, senators of the subcommittee, thank you for the opportunity to testify. my norm is george salem. and the engineering team that prides the delivery of now with the advertising. insuring the users safety and security is one of the main priorities. we have a team of to keep users safe. one of the biggest threat is malicious software known as now or that can control computers with software programs. now were allows malicious hackers to make money as the victims in various ways. it may even lead to identity theft which is now a top the

list of consumer complaints for 14 years in a row. advertising is a tremendous role in the evolution of the weber in products, tools, information to consumers often free of charge and has allowed the economy to flourish. the last quarter internet an ad revenue surged $21 billion, and adds supported internet ecosystems, total of 5 million americans. even though a tiny portion of ads count as now where it undermines users faith which is bad for everyone including cool under users. our incentive is to keep or on one performance it for everyone. this is why we're providing the strongest protections against harmful, malicious content. the efforts for fighting now where is two-pronged, prevent and disable the read the first piece is prevention. one of the best ways to protect users from our is preventing them from accessing infected site altogether.

this is why we have developed a tool called save browsing with checks a list of known bad sides. malicious sides are then clearly identified as dangers. the first major search engine to provide such a warning for search results back in 2006. today over a billion people use it browsing. also the default for users on google crone, muzzle fire fox and the apples of our browsers which helped to protect tens of millions of users. when a user attempts to navigate to one of the sites they get a clear warning of verizon and nikolai to be real looking at ways to for the disseminates their present technology including the providing public interface for anyone to plug in and review. we also provide alerts to web masters you may not be aware wallace's so far a second piece of our effort is disabling advance. we have prohibited now where an abacus direct suspension policy for advertisements that spread now where disabling any we find.

our internet systems have a very big proven track record. in 2013 we disabled more than 350 million ads. only a tiny portion of advertising, but our systems are constantly evolving to keep up with those bad actors. while we may be proactive, we are relatively quiet. now where advertisers are always seeking new ways, and we want to stay at a. we are not the only ones involved in these efforts. these efforts are a team in denver. collaborate closely with others. ten years ago we issued a set of software principles, broad, evolving set of guidelines around software installation, disclosure to users, and advertiser behavior. a nonprofit that offers resources for website owners, security experts, and ordinary users leone and support web

sites to a show best practices and invest resources in checks for malicious content. we are in constant communication with other industry players notifying each other about new tracks and trends. just this month we co-founded trusted adds to my group that offers guidance to consumers on how to avoid all one scams. consumer education, a great first place to visit a website like global on-line safety center to learn more. of course users should always use up today anti virus software and make sure their operating system and browsers are up-to-date and be careful about down loans. they suspected computer may be infected issues representative will parks. we can always use more help in generating awareness. now where is a complex problem of we are tackling head-on with

tools, consumer education, and community partnership. we can make the web a safer place. thank you for your time and inspiration. >> thank you very much. >> good morning, german, ranking north mccain, members of the committee. good morning and thank you for the average in the to testify before you today. i and the executive director and president of the online trust clients. of bottle once the three nonprofit with a mission to enhance, and trust, and power users with the control of data and privacy will promoting innovation in my town. i'm testifying here today to provide context of the escalating privacy and security threats to consumers which result from militias and fraudulent advertising and is now returns. as outlined in exit with a now wear ties in incidents increase over 200 percent over this last year to 209,000 incidents which generated over 12 and a half

billion militias have impressions. the impact on consumers is significant. as referenced to my guy who experienced instant 300 million impressions of which 9% or 27,000 unsuspecting users with compromised. for them the infection rate was 100 percent. as noted, this is not an isolated case. cyber calls have successfully inserted militias have the range of sites. the threats are significant. as referenced come of a majority and increasing number are brought by down loans which have increased 190 percent this past year. dry by code is one that when a user simply visit the site with no interaction or clicking required is infected. this threat is not in. first identified over seven years ago, and of little

progress has been made to attack the strike. the impact ranges from a tax on current information to turning a device into a bond or a suburb, and take over the vice and use it to execute a distributed denial of service attack against a bank and a government agency, or other organization. encryption of a user's hard drive demanding payment to be unlocked. users' personal data, pau, health records can be stored and stolen in seconds. in the absence of secure online advertising the integrity of the entire and that is a risk. not on like pollution and industrial age, and the absence of regulatory oversight and meaningful self regulation these trends continue to grow. for reference to the development of coal mining in the use of steam powered generator from coal is without a doubt the most central bond and narrative on

the 19th century. jobs were created and profits soared, but the environs and felt the full industrialization and impact in the form of air and water pollution. today we are at similar crossroads which are undermining the integrity interested in a. how does this occur? thinking. in the absence of any reputation of threat reporting among the industry once detected and shut down by one and worked as cyber criminal simply waterfalls are goes over to another on suspect in of want to repeat the export of war and no easy the different tactics of how amortizing is inserted. it is important to note in this diagram, consumers are clearly bearing the brunt of it.

call 25 quality brands and web sites having their image tarnished. the impact of these threats are increasing significantly. caramels are becoming experts and targeting and time in taking advantage of the powerful tools and data available three internet advertisers becoming what is known as stated durbin marketers with precision to regional rebel sections of society as well as high net worth target audiences. faugh in the absence of any meaningful policy matt -- the expert of choice. anonymous and remain undetected. recognizing the prints in 2007 double click which was later acquired by good will established a mailing list. in 2010 and ota established what is now the advertising content

integrity group focusing on security and proper mention best practices. this group of divers stakeholders leverage a proven model of threat mitigation and has since published several white papers. these efforts are small but first step to combating now our ties. last june and nonprofit funding by global launched an effort. aggressively defending practices to policymakers and regulatory bodies. in the wake of this group's demise with some interesting and was formed last week. according to the site it and how

to report the. it is important to note that unfortunately no amount of consumer education can help when a user visit the troops and website that is infected with now where. consumers cannot discern good verses malicious or how it of mines is compromised. focusing on education after factors like the auto industry showing accident victims to the, after an accident, previously known manufacturing defect instead of building security features in the cars and some profit on. other industry efforts of focused on fraudulent activities that attempt to generate revenue by manipulating and impressions. focuses on the modernization and operational issues facing the industry. these efforts are important but please do not be confused. not related to now wear ties and our any impact that is harmful to consumers. what is needed? of ga proposes a realistic

framework addressing five important issues, areas. prevention, detection, notification, data sharing and remediation. such a framework must be the foundation of unenforceable code of conduct of possible legislation. in parallel operational technical solutions must be explored. i can't envision a day were was is only allowed eds for networks to vouch for the authenticity of the ads they serve and would only render such ads that have been signed and verify. it is recognized as such a model would require systemic changes, it would increase accountability and protect the long-term fatality of online advertising and most important to consumers. in summary, has all wired economy and society we are increasingly dependent on trustworthy, secure, and a zillion on-line services. as observed in our nation's critical infrastructure, we need to recognize that fraudulent businesses, of criminals by

state-sponsored actors will continue to exporters systems. for some now wear ties and remains a black swan of that rarely seen but known to exist. for others it remains as the elephant and the room that no one wants to a knowledge of the port of. today companies have no obligation or incentive to disclose the rule leaving consumers vulnerable and unprotected for potential in months or years during which a untold amounts of damage can occur. failure to address these threats suggests the need for legislation not on like they did a brief laws requiring mandatory notification, data sharing command remediation to those consumers have been harmed. aslan from the target breached, it is the responsibility of companies and executives to implement safeguards and to heed the warnings of the community. i suggest the same standards should apply for the ad industry. we must work together to disclose such boehner abilities even at the expense of short-term profits.

it is important to recognize there is no absolute defense against a determined son of criminal. in parallel ota propose incentives to companies your demonstrated that they have adopted of best practices and comply with codes of conduct. they should be afforded protection from regulatory oversight as well as rules lawsuits. perceive antitrust issues and privacy issues which can be addressed as a reason why not sharing data must be resolved to aiding a real time fraud detection and forensics that is required. trusting the foundation of every communication we received more so we visit, and transaction we make and and we respond to. now is the time for collaboration moving from protective silos of information to a multi stakeholders solutions combatants are prime. thank you, and i look forward to your questions. >> thank you very much. >> thank you, mr. chairman. i think the witnesses. if you put that track back about

the increased advertising, with the witnesses agree the problem is getting worse rather than better? >> are would not. >> but your microphone a little closer please. thank you. >> i don't agree that the problem is getting better -- >> getting worse where jobs are. thank you. i don't believe that it's getting worse. >> you don't believe that chart in? >> i have not seen that charge. i saw that from a report. our indication -- lectures and a chart is inaccurate. >> that's not the information that i have. >> i see. maybe you can provide the committee with information that you have to read. >> our, our data has been pretty much steady on the kinds of attempts the we have seen coming inbound. >> would you agree that these --

probably the worst attacks come from overseas, specifically russia? >> we see a tax from all around. it is usually very difficult to have accurate -- to accurately -- >> you have no accurate data as to where it goes from. that's good. >> we have accurate data as far as -- >> will then when it comes from? >> we see these, and the world. we see a lot from eastern europe >> well, thank you for that. how about you? >> we also see a lot of the now where it's of the will come from servers that are also in russia and also -- >> this is really an international issue as well as a domestic issue, would argue. suppose that some individual is the victim of our, mr. samos, does the who have been in response ability for that? >> we absolutely take

responsibility for users safety, which is where we do the work we do. >> someone loses their bank account and you reimburse them? >> senator, i have always believed the person is responsible for committing the crime is the criminal. >> even though it is using you as a vehicle to commit that crime? >> senator, we work hard to fight these criminals -- >> is that person to five aren't liable for reimbursement for a loss of that individual who use that -- your services were the vehicle for that. >> senator, we believe that the criminals are liable for their actions. >> i see. and you being a vehicle for it have no liability, sort of like the automobile that had a problem with it, the maker of the automobile is not responsible because they are just the person who sold it. is that right? >> no, senator. i don't think that is the correct analogy. >> i see.

>> to work vigorously to protect our users. every single user is important to us. if a criminal commits a crime we do everything we can to investigate, figure out how they were able to do that and the feet in the next time. >> and you have no liability. >> that is a legal question. i'm not a lawyer. >> i'm asking at common sense. i'm not asking for -- >> i think we have responsibilities to our users of the texture and serious. >> thank you. you have a the five recommendations that you make. you say stakeholders to fail to adopt reasonable best practices and controls should bear the liability and publishers should reject their hands. adopting reasonable best practices and controls?

>> one of the challenges is a reluctance to share information among each other and a very isolated -- again, recognizing that there is no perfect answer, and the absence of taking reasonable steps to protect the infrastructure, they should be responsible. >> how many americans do you think now that this problem exists? >> this information has been kept very quiet. has been suppressed during the years. the executives of some of the trade organizations have denied it even exists. >> we just saw an example of that disputing the leyna -- now were ties in fact. oryx we are fortunate. there are many players. just this past week we have about a dozen companies asking us for legislation where in the

ecosystem. and recognize that the businesses being marginalized and anyhow. our data, from multiple sources they don't want to the public because of the pressure from investors. in return normalizer. hours to just that it is under reported. we do not know and a lack of willingness to share data is impeding the problem today. >> to you both have same best practices standard between your two organizations? >> senator, i believe we use about the same type of technology and tests which the same standards or practices? >> i believe so. >> you would not know? >> and work very closely with our partners to trade notes and share of the same technologies.

>> i have to add that we do community. we actually do discussed different issues that come of all the different trends. liability protection to work more closer together. we work closely begin. i don't see -- have the same best practice standards. we are different organizations, corporations. >> facing the same problem. >> yes. and we communicate about the threats. >> and let you communicate. and asking if you adopt this in best practices standards. >> senator, i believe we already do adopt the same practices. we have never supplementation's which is an important part of security. >> senator, it here it convened several stickle the workshops. chapman house rules to facilitate the data sharing. unfortunately the response is

being addressed internal. we ask who will, yum, the other companies to come to the table. the answer has been it is not a problem that we see we need to address. i will go a step further. chairman and president of i a be in september of trojan polk we stood up and said it's not a problem. only exists the security vendors wanted to be a problem. >> gallegus we get back -- to you agree it's a problem? >> absolutely agree, but we need to keep in context. we need to put it next to the overall now where problem which is much larger. there are three parts to that. there is -- of this create now where. there is distribution of which advertising is a part we are responsible for but honestly a tiny sliver.

then there is the financial side. from our perspective we focus a lot on preventing ourselves from being part of the distribution problem and then by the entire life cycle. in the and there will be no perfect protection. what we need to do is decrease the financial incentives for criminals to attempt to do this in the first place. >> how do you do that? >> in the software side, the companies that make them suffer tourniquet harder for now were to be created. we build our analysis systems to make it harder and harder. >> i look forward to your data. clearly that indicates you got a lot of work to do. even though it may be a tiny sliver, and not sure that is of any comfort to someone unless the bank account wiped out. maybe see you, but not to them. >> to rescind the user. >> well, obviously you are downgrade the importance of this

issue when you say it's only a tiny sliver if there is some 200 some thousand. >> that's correct. 209,000 identified unique incidents that occurred. i would say that's a pretty big sliver. at thank you, mr. chairman. >> thank you. let me ask you, we have testimony here on behalf of the on line trust alliance the says that ideally you will have solutions for publishers were only allowed fans, now works in vouch for the awesome to the -- authenticity. signed and verify, trust -- recognize the such a model would require systematic changes that increase accountability or protect the long-term vitality

and most importantly the consumers. would you support those kinds of system changes? >> as to the authenticity is she , i can only speak to how young does this. >> would you support is being recommended. >> we definitely support the could start with your side. we have moved a great deal of the ad networks in the world to support encryption. >> is there any reason why we can't require that as the spurs before they are put on and the verify that the jurors from -- come from trusted sources. >> that does not exist. >> this is? >> it does not. i think we're talking about a combination of operational best practices and technical.

it is a very complex ecosystem multiple intermediaries. this is the desired state. we can't vouch for who the advertisers. that's the first part. that's in the preventive side. that's operational. >> cannot be done? >> i believe it can. >> is it? >> we have agreements. pass information through, and if we find that in a problematic we get rid of them. >> to the verify? >> senator, i'm not sure exactly what each had and what does. >> our ad networks are verified, but they basically are advertisers they have direct relationships with. >> the people you do have relationships will verify the credibility of their advertising >> they have a vetting process. on not exactly sure.

i will say that many have come from companies or crumb of the basically pretend to be legitimate companies. even if he said that we will get them, some problems, they actually may produce as with companies that appear to be real the vetting process appears to be perfect. these criminals of, and in specific companies and look real . >> what can be done now practically that is not yet been done. >> to help address the specific, the full day workshops. in october we post will we call our risk evaluation which i have here and is referenced in my testimony that provides a checklist on the on boarding or verifying his reputation. this was an example of an operational step.

>> taken by melinda. >> again, we make them available. >> to know whether they have been taken? >> i do not know. >> we are part of a lot of groups working on this problem. >> let me show you a different part of the testimony. companies that have to disclose their role our knowledge of the security of it did in consumers vulnerable and unprotected for potential in months or years during which time months of damage can occur and then the suggestion is that there be legislation adopted similar to your state dated reached laws that require mandatory of the commission, data sharing and remediation to those who have been on to be the support of

mandatory ratification requirement? >> this is a more complicated issue and breach of vacation. in the situation you're talking about, it's often not a direct relationship. it would be no information to know how about a fire. also in a situation where now works as is currently before it has an impact -- >> a beginner's bonds. >> so i agree, it's more a notification to regulatory authorities of an incident occurring in an obviously dependent upon that -- >> regulatory authority. any reason why you should not be required to notify regulatory authority? >> this is every day we stop. it comes down to the details of what you talk about. were talking about 213 incidents the day when every -- has cool

pointed out, were talking about finding 10,000 sites a day. >> bridges or attempted breaches ? >> i believe he was talking about size that are set up that host now or. >> how many today? >> please use the right terminology. >> eight confirmed now were to rising incident where a network or so it was observed and documented. what was what we are referring to. >> in the absence of that that is why there is not true data. makes it hard big american find added the actual perpetrators. >> putting aside the argument

for it, any reason you can't do that? >> i have to get back to you on that, senator. >> i personally would be careful about making a commitment like that. make sure it is in public. this is to make things public is basically talking about -- >> a regulator. >> again, that would be a public document. putting aside the problem, and reason why you can notify the regulated? >> no. >> would you give it back to as after yesterday that recommendation?

indicate that now provide information to partners of certain personal information so that era who can communicate with consumers about offers from yahoo and the marketing partners. then you say the companies in you deal with, however, those partners do not have any independent right to share this information. is the sharing of that information for and? >> privacy and security are intertwined. if you want to get into this kind of details -- >> to you know of and? with a do not. >> is a great emphasis on education. here's the problem. the business partners -- and you

provide a list on their website of these third-party partners. there are over 130 companies that do advertising will allow. you know in your privacy policy that these companies may be poisoned cookies or web bugs on our computers as the brewers. i don't know, how can consumers possibly educate themselves about each of these third parties. there's a hundred and 50 of them with names like date is it, downtrend, diligent, companies totally unknown to people lost sight of the strong. do you think it's feasible -- about ask you, and this will be my last question, for consumers to evaluate the policy, security policies will privacy policies of each of 150 entities? is that a practical suggestion? >> that's an excellent question. not expecting consumers to go and make these. that is why we provide privacy

option than work with folks like the d.a. to provide decisionmaking authority for consumers across multiple partners. i believe that's where we have to go, to have the choice up in one place. >> but you are suggesting that they educate themselves about each of those partners your's. >> i am not suggesting that. i am not familiar with the language referring to. >> thank you, senator. >> thank you. i would kind of like to start out just "a couple of phrases to certainly my feeling on this. as the chairman said, this has enormous complexity. i think the ranking members of that online internet advertising has placed an indispensable. pretty powerful statements in terms of what we're trying to do the internet has been a marvel reading all kinds of economic activity and certain improve people's lives.

many to understand how enormously complex the situation is, and the analogy that i would use in terms of crime because we're talking about criminal activity into will be held liable, the analogy i would use would be nuts to you have a criminal. even though you have safeguards in a taxicab that crumbled thieves those safeguards, takes over the cannon kills somebody. as the cab company called itself liable? at think that's partly a more accurate knowledge. so i think the purpose of this hearing is, what can government attention to to help? i think i know whom he often and too long, i know how you guys obtain revenue. and not too sure about the mta. there are a couple of things that surprised me. let me first ask you, who are you? ready it on the? >> thank you for the opportunity to provide clarity.

the ota, all my trust alliance of founded in 2003-4 as a working group to address and bring forward the entire spam standards that young referenced in the original testimony through a collaborative effort. recognizing -- >> unfunded that effort? >> that effort was the companies like semantic, microsoft, paypall, wants of companies that came together. cisco. >> to you defunding the way? >> our funding, we are a 501c3, not a trade organization. we work across the ecosystem with the beverage those sponsors and contributors and receive grants from vhs and others. our mission is very clear. we support advertising, but our most important part is improving consumer trust and the vitality of the internet. >> here is what some bells and whistles going off in my head.

the chairman said that you talked about the fact that not been and will have little incentive to do what? is that an accurate statement? >> i think in the context of the question of back and clarify, it is incentive data sharing, really an industry issue that we have been trying to get people to work on the get a. >> do you deny the fact that go and young who have an enormous free-market incentives to make sure that this criminal acts it is not occur in the network? >> dominant market players, there's a responsibility and how lack of data sharing in alloy is marginalized in the ecosystem -- >> but answer the question. don't they have enormous financial incentives to try and police this and prevent mount advertising and now we're?

>> as they suggested, it's a small percent of the overall and industry. and the operational friction and a change, a major change in how they operate today. >> is still not answering the question. you really don't think they have an enormous financial incentive to trample is the stuff? >> i think they do, whether they are to fund. >> good. here's the point. what can government do better than what these private companies can do to prevent this ? >> we talked about the defense department has been unable to get on it ready in 15 to 20 years. my point, is there will the government can play that -- hear me out, that does not actually do more harm than good. as i have been investigating this, step, information sharing.

the only where were going to get information sharing, will provide liability. is the premise the first thing the gunman as the document provides liability so you will actually share information. >> thank you, senator. we are in support of information sharing. >> to you think that's the first step? >> i think that's an important step. >> you're talking about enforcement, going after criminals and enforcing and penalizing the criminals. >> yes, penalizing the criminals and making it hard for them to make money. a lot of these guys were selling products. even if we can't arrest them, we

can make it difficult for them to profit. >> on target is actions. >> i think this is new. >> what can government it? >> mentioned basically looking at allowing information. to be quite clear my team is the one that disney and time our ties in and grab it weakens the some the industry about the threats. we actually do talked very openly. some of the of the price of, you have scams. these are consumers. the guise of giving a credit-card number.

we are very happy. >> what about of the nation sharing with the government. you may not have a partnership with some sort of federal pre-emption on data breached. we have that data breach standard, so you don't have to deal with 50 more, potentially hundreds of thousands of jurisdictions. is that something pretty important that the government can do to be constructed as opposed to hampering your activity? >> is, it would. >> my concern is the in at some piece of legislation with the best of intentions and actually makes it more difficult, texture of the ball of actually solving the problem as opposed to complying with regulations that, i'm sorry, written by people that are not even close to as agile and flexible and knowledgeable as what your companies are. >> currently today we are able

to, you know, do or scanning, look for bees that ads, says that protect consumers, talked of the folks in the industry currently. right now we do not feel like we have problems or that there is anything in cameron's. >> okay. part of my concern about some of the answers you are providing as you obviously don't want to align your consumers. and i don't want to put words in your mouth, but i'm more concerned. this is a big problem. i want you to answer the question i asked about the enormous incentives to have. you mentioned your top priority is users matter. i think that just makes common sense.

>> user privacy and security is number one. internet business, and users of one click away from going to our competition. we have to prove to them that we take this seriously. when they click on any and that it's a safe and and then when we deal with the third-party advertisers that they are even partners as well. >> we have a huge incentive to maintain user trust. sites that young who adds ron on or yum sides, to maintain those 800 million people around the world map to maintain trust and live up to our responsibility. >> beckham from a manufacturing background. we have gone through certification. when i first got into it, this was a pretty good deal. providing not only my company the tools to their process under control but to communicate them

we and our process under control across all whole host of different parts of the standard. from my standpoint that kind of vacation process would make sense. for this particular to trouble me talk about standards, security standards, and advertising. is that something that you would support, some kind of third parties of vacation process that would give consumers the comfort that standards are in place. >> senator, i think we would support self regulation to set guidelines. from the actual technical standards this is something that we change and innovation on every single day. we need to give careful to not get too prescriptive. someone who set up in business and to some of the actors in the

room. you need to have this cooperative, flexible, fast-moving. >> what we talking about in terms of the level of flexibility? >> probably. the criminals will be one step at a bus. will we need to do one ongoing basis. >> they need to will wall. be as nimble as possible to make sure we're one step ahead. >> an industry came together. there examples of consumer technologies that could be employed. they could help increase the trustworthiness in advertising. >> thank you, send german. >> thank you. to you know what percentage of

all of now where incidents occur through advertising? i think this is your chart. >> this is a chart. >> what percentage of now where incidents are attributable the advertising in 2013? >> i don't have that specific data. >> how can you not? when you have to know the context? >> this is specific to documented cases where militias that were documented and observe we're not looking at search and/or fraudulent. the area that's going through. the critical infrastructure that's impacting as the day. consumers do not have the ability to protect themselves. >> if i have now or on my computer does not matter where it came from. trying to get the whole problem. .. pass the

>> and you know in the commerce committee some people in this room have heard me say this before. part of the problem is consumers were not rot along early in this process to understand the importance of being educated and

understanding that what they are getting for free is coming at a price of advertising. i don't think you would argue mr. spiezle we would have a much different internet if it were not for him fact the back bone, the foundational but one of the internet as we know it and explosion of economic and dignity and jobs is all around marketing. >> it's all about advertising which is great. we fully agree that advertising supports the services that society gets that. is speak and simmers here how unfair it is that their data is that they are seeing ads for outdoor furniture when they have been shopping for outdoor furniture when they get creeped out about that they are not making the connection that's why their internet content is free. you all get that, right? and that's all on you. you have not informed them appropriately about the bargain they are striking and perhaps what may be most helpful in this

regard is to figure out what the costs would be if we were to remove, if we were to clamp down on the government to kind of advertising in the prevalence of advertising on the internet and the ability to behavioral marketing on the internet by knowing what people are interested in as opposed to just like we know somebody who watches oprah may be might want to run and added for slim fast on oprah. that's what happens in advertising. you try to target europe audience based on what they are looking at. does anybody know what it costs for people to have an e-mail or to have the search capability they have if it were not for advertising? has anyone ever tried to qualify that so consumers would understand the bargain they are getting? >> senator i just have to say senator mccain in his opening statement talked about the ecosystem being worth around $43 billion. that would be the overall cost.

>> okay what is the one thing the government is supposed to do in this space? i think it's catch criminals, right? mr. spiezle why are we catching more of these criminals? how much time as your organization spending on the failure of government both nationally domestically federal state local and internationally the abject failure we have had in going after and i know it's really hard because were talking about ip addresses that disappear in less than that. >> thank you for the question. it is clearly a problem and epidemic of portions. one of the biggest problems we have is data-sharing not to government but also remove the barriers and the organizations in this room for example anti-trash airings moving each other. that's the first part. we can't peel back the onion

work with the fbi and secret service. this is a very difficult problem to go back to it and get it. >> so you are saying that the government's failure because google and yahoo! and their colleagues are not sharing information with law enforcement? >> i'm saying in general. it's not a governmental failure. it's a general failure with industry data-sharing but it's a difficult problem. i want to underscore they are also being victimized. there were structures being victimized as well so i certainly recognize the issue that's hurting their businesses but we have to put in place the measures to protect and prevent it and also to detect and when we detect it we can notify them but in the absence of data we can't notify the other parties to bring down the ads as quickly as possible or to look at the methodology to prevent it from reoccurring. >> let's try to drill down on that a little bit. mr. subbot and mr. salem are you all trying to work in a cooperative and moment by moment

fashion with law enforcement? >> yes senator we have a dedicated crime team that we are in process of beefing up that when we see an incident where we believe we have enough information we were for the information to law enforcement. we have had some success in disruption of several cybercriminal networks. you don't need to arrest him to make it economically feasible for them to be committing these crimes. >> i would like more information on that and i would certainly appreciate anything organization to bring to that also. i would like to understand why we are not having more robust success in the law enforcement space since your companies are being victimized and consumers have been victimized by criminals. >> i can give you a few anecdotes that might help. google constantly is being asked for information by law enforcement