toys. we're going to see the reverse which is hobbyists that are using raspberry pie, they're going to find their way into systems. some intentionally, some not that are connected to or even empowering critical systems. and if that happens, all the vulnerabilities that were inherent in this hobbyist device are going to be ported into critical systems for the country. iot is also a convergence of information and operational technology. it was often described as a conflict or a collision between the two. and you have very different approaches to security and particularly cybersecurity in those two disciplines. in the operational technology world, you're talking about life cycle of machinery that lasts in decades. you know, you're not swapping out power generation plants or water systems. we're talking decades. i.t. you're look at years. ot you're worried about guards and gates, i.t. is more virtual security. and in terms of reliability, you

know, the holy grail of i.t. used to be four ts which still allows you time to update your systems, take them down if you need to, but you can't take down a water pump to update or patch the latest, you can't take down the water pump that's feeding the washington area, so it makes it very hard to align the needs of i.t. and opt t., and that creates -- o.t. and that creates gaps that people looking to create nuisance can exploit. ..

in the near-term, medium-term, the first thing is that nist met your name in report, matt skolnick to come up with a definition in a good way, yes. any to come up with a dolby -- the definition for this government. the reports go to the president and recommendations have to be at the presidential level and actionable for the president. it's not going to be director private sector. it would what can the government do in certain areas. the first one was that nist should find for the u.s.

government what iot is. it's likely to be probably the last definition but least a definition. the government continues to determine how it is now using iot a know it is going to use in the near future. have to that look what interconnections and interdependencies they have come up with and start coming up with contingency plans for managing the inevitable threats, vulnerabilities that are going to be spread around through them. another short-term recommendation is a governmentwide task force for dealing with iot, identify gaps in practices and technologies. update awareness and training both internal to the government and in the public efforts that we have going on there. solidifies doesn't think about the connections that device has. it's probably not -- i have one in my pocket. i.c. to more of your. there is some security and connecting to my phone. is not as much as some would want but people need to think about be aware of the data being passed around.

and also encourage academia to develop iot specific programs. been in the near-term convene a public-private partnership to work on the iot deployment guidelines managed religious cyber risk and applications, the two structures that were mentioned in the report our first the process that nist used to develop its arbitrary framework and second is to csis, report to the 44th president on cybersecurity. a little advertisement but those who are called up as gaza sees that they thought it worked well. then develop updates for communication approach mutation. 911 calls come other national security telephone calls go through what do we do with national security data? we need to find a way to prioritize that's what doesn't get lost. and then finally they recommend the president ensure that federal r&d investment include sufficient focus on i.t.

security, and through that drive education and training we need. we talk about education and training and cyber constantly because it's important. the problem is a little greater in the iot because there aren't really programs or many programs dedicated at that aspect of it. so that is in the size. so with that habit to take questions on that matter or anything else in this area. >> thank you. i have a lot of questions, so maybe i will start. i'm going to start with one that comes from a story hilary was told me a while ago, which is that there are cars, if i got the story correctly come in japan where they have the ability to see around the corner. that's how i heard it and it wasn't true. so think of a blind corner and the car will know in advance what is on the other side of that blind corner. that's really cool. i would know how to do that with the sensor. it turns out is not an onboard sensor. it's not a sensor on the car.

it is centers built into the infrastructure on the other side that are communicating with the car and saying hey, slow down. so let me start with a question for all of you. hilary maybe want to go first. what are the essential infrastructure for going to need to invest in as we move it and people talk about smart cities and smarter planes? part of it has to do with spectrum and spectrum management, but what else do we want to think about? >> right. i'm happy to start your what you said is correct. at toyota we have a really interesting vantage point because our headquarters, global headquarters are in japan and so we've been able to experience what's been happening in japan versus what's been happening here in the united states. which is nothing basically in the united states, but the japanese government years ago decided that they were going to commit resources and support to

build out of intelligence infrastructure that could enable the sorts of things that jim is talking about. so in 2009, which was a while ago in the grand scheme of things, is when companies like toyota began to deploy these vehicle infrastructure systems where there is infrastructure detecting those sorts of things. allergy a couple other examples. challenge emerges when you know you're driving down highway and all of a sudden there is emerged and it's right on you and everyone is breaking. being able to communicate to your car you're coming up on emerge, there are cars, a little challenging so slow down or speed up or whatever. another example, you know how when you drive into a tunnel, ma right, cruising along and all of a sudden you turn a band and cars are stopped. brake lights everywhere and your slamming on the brakes. these technologies would tell you, there's stop traffic 100 feet ahead, like trust and. those are just a couple

examples. from a marketing standpoint and commercialization standpoint it makes a lot more sense to start with vehicle to infrastructure and vehicle-to-vehicle to mutation. is why. i'm an early adopter of this technology, let's say. i drive my car of all the law. it is enabled, they can talk to other cars, talk to infrastructure. i drive off the lot and there's maybe two cars i that my car can talk to. not very valuable. but if there's infrastructure out there, i get immediate benefit as an early adopter. i drive off and i'm getting a commission nobody else on the road is getting, like so, but we started with v2i in japan. we're going to start with v2v in the u.s. most likely because there is no infrastructure. as a result my guess is that technology will be a adoption pick up will be slightly slower in the united states because for the early adopters they're not getting much when you drive off the lot. all this is to say that the united states needs to get its house in order on intelligent

infrastructure peace. we're seeing some collaborative work taking place in michigan between the federal government and the state department of transportation and university of michigan, and we need to start replicating that in other parts of the country so that we can realize the benefits of this technology. >> so i would start with we need to think about the spirit of it and we need to think about from multiple angles, not just on the device itself but you need some type of system that is looking at that data and doing a commonsense check but if it tells me that there is stop traffic but i've of the essential johnny cars are moving, something doesn't add up. we also need to think about as we are designing these systems not just think about how they can be used are we expected them to be used. we need to think about anyway they could be used.

the example i would give somewhat analogous i was at a conference a couple years ago, and a gentle man was showing how he had spooked the ai as system for ships which is ships tell each other where they are and they're all equipped so it works. disc i bought about 3000 bucks worth of equipping, set it up in his apartment in manhattan and he didn't go fully live but if he had every ship in the region would've thought that there was a large ship sitting in the middle of manhattan. need example but if someone gets out in the open water it could create a lot of havoc with something like that. we need to understand once we build something like this we met certain intent as to how it is going to be used but in the end it's a box with centers and people can use it anyway they want. we need to have that attitude from the get-go both in terms of security and design. >> i have to remember the

button. automated sensor here for my microphone. [laughter] >> i need a voice controlled sensor. >> i think history tells us that a lot of these problems can be addressed with the government encouragement of open technology and then, of course, industry by into these things. enabling a lot of power companies and all stakeholders get together and jointly define roadmap and so forth. those kinds of efforts i think a very worthwhile. in the meantime there's a lot of infrastructure now sort of ubiquitous 4g networks, for example, houston is one of her customers. they have more than 400,000 power sensors taking 32 measures a day, billions of records the community power usage. they didn't have to build an infrastructure to deploy that. they had to deploy meters but not fundamental new connectivity and so forth. there's a lot of opportunity

with the infrastructure that exists, guidance and input to solve a lot of these problems. >> you stole my smart grid example. >> i set it up for you. >> smart infrastructure is one of these cases that we think holds a lot of promise but one of the ones that's been working on for quite some time, which initially the government cut interest in under the energy independence security act which passed nist to perform a convenient role with industry working with the department of energy to incentivize the use of a smart electric grid. i'm not sure what that means about the old electric grid, but it really was talking about same concept of sensors, machine to machine to mutation, dynamic allocation based on policy in order to allow for more efficient, more effective, more resilient electric grid for the nation. that's just one sample of instrument infrastructure.

but a lot of this needs to be looked at in context of the entire system in itself. nsf the last couple of weeks released what they called a smart cities challenge where they are looking at cities to participate with nsf to look at this entire kind of environmental look at instrumentation and sensors within a city. so that we don't run across if we are doing point infrastructure deployment spectrum management issues, for example, or data collision issues. not only that but as mark mentioned, what are the sensors that are currently deployed, that are potentially doing other things for other use cases that could be repurposed into new knowledge sets and new knowledge bases? so the looked around the corner sensors potentially could also be traffic congestion centers. bigotry when traffic is lightest. that goes back to the smart city decide to say when to bring in my big trucks to resupply?

than i could have data to understand when that affects my commuter population and make decisions around distribution of resources, energy, goods and services, people within my city to the greatest effect and efficiency that are possible. this needs to be looked at in a large mechanism to avoid potential conflicts and also to leverage existing systems into these new knowledge based discoveries that we are kind of trying to derive. >> i mentioned to raise your hand if you know what ways is. pretty good. it's a mobile app that you run and use as a mapping software but the unique capabilities that it's uploading your speed and distance as the vehicle moves to the system and thereby creating crowdsourced the very accurate return data. there's another kind of bottom-up solution to these problems which is if you get enough people on a volunteer basis who are willing to

contribute into these systems, then i went to have real-time data about traffic jams all around my neighbor. maybe it's not too the granularity of there's hey, slow down read this quarter. but driving to d.c. all the time from the dulles area and i know for sure whether there's quarter mile ahead whether it's going to be the bottleneck between i 66 and the 267. it's right there. i feel very confident when i see all the little red lights and the slow crawling icons on my screen there something going on. i guess that's not a good example since it's always there. anyway. it may be that the creativity of people working in open markets and the fact consumers can benefit from lots of these technologies will enable a scenario that don't require a type of heavyweight approach. >> i want to tack on because there's one distinction but you are right and i want to know in terms of what i was talking with a vehicle infrastructure piece of this. that's less, the stopped traffic in the tunnel is last to know

that there's congestion. we can know that from a navigation system that can tell us, there's some congestion coming up. from a collision mitigation step what we need to know exactly where that car is stopped. in order for your vehicle. i want to make sure we're not going to be using waves for collision avoidance anytime so soon. >> i'm going to cheat and ask a second question and then we will go to the audience, but i think jeff said this and something i i've been thinking of for a while because they comes up in the larger issue of critical infrastructure potentially, and that is how do you manage what we recall the refresh cycle? so critical infrastructure the refresh cycle is about 20 years. so there still a few places that are using windows 98, and as a hacker you want to thank them for that. how do you refresh, average car is what 11 years?

12 years. if we are the perfect smartcard today it would not be fully deployed until really about 2027. how do we deal with the refresh cycle? do we just let the natural cycle take its path? how do we deal with patching and updates? this will be an incremental process that best. we want to try to accelerate it? >> so if you look at this granular leading pashtun granular leading where these are very light weight centers, very inexpensive, very low power, low bandwidth, low cpu goes one of the examples mentioned. if you look at from the center aspect, the refresh occurs above at the virtualization stack and that the api staggering in the backend analytics. and then the sensor itself is as much as possible just a hardware-based sensing device. the of the mechanism is rather

than refresh or redeploy is just ignore. is where if you have a decent identity management system to identify the center and the data coming from the sensor, instead of refreshing or pulling it, you just turn off the data or you don't allow that data into your analytic stack. and then if you need to, use it. >> technologists have learned i think over the last few years certainly when you're building new applications, new systems, that making updates frequent, easy, painless is a critical part of building a highly reliable robust system. the idea of agility in infrastructure is a key part of what's going on. use the mobile phone example. this was a problem with your pc when you install an app on your pc, ma tr tried moving it to another pc. it's almost we understand --

almost impossible. the system is every singl single that apples me to knows how to get rid of the. server-based containerization at hot topic for those who follow the idea industry you heard of things like doctor and other technologies that allow you to do containerization. ubiquitous refresh and deployment, for amazon.com is more than 100 saw where deployments every year, thousands and thousands of deployments to date in real-time your assistant or goes down. one user may have to hit refresh that happen to have a low balance for happens data services being rebooted, they get a functioning and. that's what modern software is developed. i think these techniques if we're smart and i think the industry building new things, the legacy infrastructure is a different question but if a building even a very lightweight sensor today, a very fair lightweight piece of hardware with mental piece of software i

want two pieces of software. i will have the main system, application and the updated. that you are completely independent. the updater i can signal to reload the device. the device does its normal function but those two will always be there so i can remotely upgrade all the devices. a unique design. going forward we have good solutions to these problems are legacy infrastructure of course is going to be an issue, but i think it's a very good point that we can't ignore different sensors that we know are not up-to-date are not fresh or that have been patched with some fact that as part of our analytics system, there are solutions even to that problem. >> i would say in terms of how we're going to roll things out quickly, if we have two refresh cycle, things that will come out quickly our what can, whether at or devices that can jump onto an existing platform like waze which is a convention centers that were deployed come in of intend to be used for that

purpose. the most successful things we will see are going to do that because otherwise it's going to take it too long to get out there. from a security standpoint the backend analytics that matt talked about will be essential. i think for the legacy but also for the future. you are going to need something, some type of system that is watching to see does this data makes sense? is this device acting in the way i expected to or should be communicating right now? it's going to have to talk to the older system and find a way to machine aren't and provide feedback. on the new devices we need to find a way, did the authentication in there to find out what's the old new yorker cartoon on the internet known as your dog. on the internet, how do not you can claim to be a center but you need to make sure the centers of action are what they claim to be. and then there are multiple of the ways you need to secure them but that's going to depend upon

the wi-fi toothbrush. i'm not making that up. there is such a thing. it was amazon deal today if anyone -- a few weeks ago. i thought about buying it. my wife wouldn't let me. probably not a lot of security there but other devices will have to be situational. >> so i do think we have a particular challenge into vehicles basis begin mentioned people tend to hang onto the cars or on average 12 years which is a very long time. so it will undoubtedly take a fair amount of time for us to realize the full potential this vehicle network. there are ways to accelerate that. there are conversations going on about aftermarket devices that can be plugged on to a vehicle to make it part of the network before, you know, while it's still on the road to one of things that's interesting i want to throw out, and its resulting in a not going to get into details but we are sort of embroiled in a spectrum battle

right now in this space, and one of the arguments that we have heard from the other side, the folks were interested in accessing the spectrum that's been set aside for the vehicle system is that it's going to take a long time for this network to come to be and there are ways that the spectrum could be used right now in a more communism tangible way. i find the argument always to be a little funny because if everything we did was about the potential today and not about the potential 10 years from now, we would be stagnant. anyway, it's a recognition that is going to take a long time in the vehicle space, no doubt about it but it doesn't mean it is not worth doing. >> for a while the working out for this project was on the internet. no one -- known as the refrigerator. no one seems don't like of that. >> can we get a microphone to

some of the questions? thank you. >> excellent panel. thanks again or these excellent programs. yesterday after breakfast and official basically capitulated when dealing with the security issues saying there is very little that we can do in our space if we don't have a revolutionary technological solution. that really juxtaposes security against application efficiency and what have you. it was mirrored in a comment by the second largest world supplier of generators who basically said that securities on the risk side of our nature and this was not going to do much unless it's on our income side. so could i get comments from both, from the panel with regard to those two perspectives? >> matt seems ready to roll. >> pardon me, i'm leaping out of my seat.

i think we are seeing a business shift occurring, mostly because of recent events where is becoming a stark realization that security is the business issue. and that businesses who function looking at business risks that they do, the customer risk, supply risk, financial risk, economic risk, also need to integrate cybersecurity risk into that business risk stack as they look across this whole issue of risk holistically rather than deal with cybersecurity risk in an isolated hype off to the side. that with cybersecurity risks for businesses with a look at in the context of the business and then the economics of the. we don't do security for securities at stake unless you're a security company and security is your business. you do security to support your business. and i believe that is becoming more and more realized for people are understand the security and business are not in conflict but rather that security supports business.

revolutionary technologies for security would be wonderful. but more often than not it's a sit down, thoughtful, risk management decision, and sound standardized application, you know, the hard work of the guys that used to be in the back server room that are now more out between with your customers that really provide you with some of the best bang for your buck on security. we can all sit around and wait for that silver bullet, or they can sit down and think about our assets can think about our are threats, conducts an integrated risk management and make some good sound risked decisions. that support our business. so that's kind of my soap box but i will get off now. >> and when i first started working on this issue back in

the hill in '09 timeframe the mantra we heard was, we've got to get sea level, pay attention, he don't care about cybersecurity. i think that is an old talking point now for the reasons that matt talked about. so i think that to some degree it still going to be on the expense side but there's a lot more attention at a high level of corporations that is enabling. we are not there yet but i think there's been a significant shift. i think you are seeing companies view it as in the same way come you know, you lock the door on your house so no one walks in anandsteals your goods. unique about the virtual door to, we're getting more to a world where those things are equated as opposed to cybersecurity and being something else. we will do if in a few extra dollars. i think we're getting there slowly. >> let me ask kind of them in question but i will ask anyhow. where do we need to regulate first? what's number one on the point

for regulation? isn't privacy? is it something else? where do we need to regulate first? stumped them on this one. >> i don't think it's privacy. and i don't know, some folks may be aware of this but just a couple of weeks ago in recognition of sort of where the automobile is headed and growing concerns about privacy, the auto industry got together over the last year, and two weeks ago we unveiled a self-regulatory code of conduct to try to calm some of the growing i would characterize it as hysteria around what may happen in the vehicle space and put some restriction, pretty meaningful restrictions i would argue on our use of vehicle data, things like we will not use it to market, and market to you. we will not share it with third parties about your consent, things like that in a producer

because some of those concerned. i think self-regulatory approach is probably more appropriate. the problem i was mentioning earlier for the vehicle space is cars are so heavily raided by the department of transportation. we can't do anything without getting them to bless it. it's going to be the case with these new vehicles, and so we've got a couple of rule-making spatter pending or not even get started at nist want around autonomous self-driving cars. i don't think it was much of a clue where to begin. these hard issues and hard questions but the time is now to start that process but and also there's a pending rulemaking that has just started on mandating this vehicle-to-vehicle communication capability in all future vehicles. and that is rather slow going as well. and i think a lot of folks are interested in those being done

more quickly if at all possible. >> jeff, do what is a think about where the report came out on this? >> the report did not come out at all in favor or discuss really regulations about the iot. talk in terms of voluntary effort within the government, and then the public-private effort to come up with deployment guidelines. i think the biggest reason, and it's written in the report, is we are so early in the iot that we can't yet defined. and if we come up with too strict a structure around we're going to limit the innovation of it and potentially the security of it. that's why this idea of getting the public-private together and trying to drive the awareness of it. in general i think we need to look at existing regulators rather than new ones and make sure they did what they're doing in the cyber realm, whether it's

nhtsa or fda, be smart about and make sure we are not limiting deployment of security and new technologies rather advancing if you get to look to what's going on currently before we're going to look to the outside. >> thank you. nick farmer, private citizen. there seems to be more emphasis that maybe next year the federal government will start to invest more in infrastructure. do you think it's possible that they could be convinced to devote a good bit of that infrastructure spending on i.t. related things, which in my judgment would be much more efficient oath from a capital deployment and energy deployment, and environmental impact than building more roads, more airports, more harbors, more railroads, just use the ones that have more efficiently

which iot allows you to do? could you comment on that? >> so, i mean, i'm going to take down a stack, that's where i operate in the technology space. it might not even be an either or but rather if we're going to invest in new infrastructure, the new infrastructure should look at how they can use iot for smart sustainable infrastructure that then can't allow for a longer lifecycle in infrastructure, allow for more economic use of the infrastructure, and to allow for easier and more economic maintenance of infrastructure. so rather than pouring concrete offering of the bridge, let's instrument at the same time so that the new highway is always set up for the infrastructure for vehicle communication, it's already put in.

bandwidth consideration are reluctant, those types of things. so of things. pseudo-mesozoic to send out the bridge inspector every year but rather the bridge will tell you send an expected type of thing. so i think we will have a spectrum of deploying iot into existing infrastructure to understand that and then deploying iot into new and structure in order to understand and maintain it as we move forward. >> an easy way to accelerate that would be for congress to think about building it into any legislation or funding for infrastructure. if you're trying to think how you would start the process and make this a requirement for infrastructure spending. don't know if that's going to happen your wouldn't take any bets. we had a question in the middle. go ahead. >> i know that the technology of the world is --

[inaudible] that they're using international standards, you know, i see more innovation overseas than i see here. what see as far as the leverage internationally as far as international standards to help you advance innovation? >> the only thing, i don't have a direct answer but i was one of the finest that i did discussed in the report is the iot is a global phenomenon. we cannot have you as specific whether standards, regulations et cetera that are going to make any devices with india is not function with the rest of the world. we need to think about this as a global. that's one of the findings in an the conference structure, current governance structure and adequate it is there to balkanized.

>> and obvious in a toyota being a global company we always have an interest anything that we're doing. we don't want to have to modify a car for sale in the u.s. epidemic are the we would sail has been so into them. international standards are paramount. >> so the us and as stands for standard. we fully believe the use of open consensus-based industry lab international standards are essential and ex ord helpful for both innovation and global competitiveness and open markets, so i would concur with that. >> did you want to touch on this at all? it might be data localization is the standard. >> it sounds like a course of yes, it's a great thing. i would say though that the internet, the internet standards have been a really good example of how quicken is running code, they approach is often through proof of concept implementation

as opposed to more of a top down committee driven structure. i think we've seen that over the years that is the case. that's morphing into the open-source world in which people not only have brought down the document of standards that they will provide implementation, and many people and business models that allow them to give those away so you often can see very quickly developing a very useful new technologies that come about through the agreement to essentially canno do not i writn protocols and data specs but code that people can reuse. i'm very optimistic about, very international. we have reached is all around the globe and identical everywhere, and we use the same, you know, standards for everything from things like multi-factor authentication standards. we use these things and their global in nature, that's a big part of the success of these fast developing markets.

>> something you said excited people. >> my name is eileen from consumer reports, and this question may be put out a little bit out of the scope of them thinking, i'm wondering, particularly and some of your companies, jeff, in your report, if these sensors include mics our webcam for something simple or if it's not mics and webcams but data for the national star stuff we see going on. most of the commercial targets have been telecom companies or soft social networks, google, facebook. have you folks as you start helping this how you been talking or on the right to reside talking but when you will start getting subpoenas or government hacking? i want to ask about consumer choice and control but let's keep it to government right now. now the internet of things is going to have all this data that

governmengovernmen t may want, not just telecom and google and facebook. >> yeah. so this is something that the industry, the auto industry, we were working on those self-regulatory privacy principles i was talking about earlier. one of the things we grappled with and i can tell you where we came out on it as industry is with all committed not to share information with law enforcement in the absence of a warrant. so we tried to be as aggressive as we felt we could be needed to be for our consumers on that front, but it is come in the vehicle space is particularly, we are finding a growing interest from law enforcement and location information type space. wanting to know if somebody is. >> from a technology perspective i will agree with you. microphones, webcams, speakers, cameras, gps sensors are all sensors that are taking the

physical world and generating data from it, and then potentially from that sensor putting it back into a backend cloud. by the way i just described your phone, if you think about it, which is a sensor platform. so kind of what you highlighted is at a larg larger level, justt are the security requirements that we should think about in order, to not just ensure the integrity and the authenticity of the data that's being generated but to work on the confidentiality of the data as will and what of those requirements and technologies and standards that are needed to ensure that confidentiality. and encryption that can be used in these small lightweight devices, low-power, low bandwidth cpu all the way through the security protocols and taking vacations back to the security of the backend cloud and the analytics as well. >> we have plenty of questions.

>> go ahead, please. >> as you start looking a machine commission system for it on humans in the loop and we start addressing the fact that with such wonderful threats of cyber, all the other things that go on, can we look at standards or mechanisms of processes that allow us to continue to operate? i envision a stage where my toyota won't go into, because it doesn't know, all right? so what i don't want to do is have the same circumstance that and when i go to the grocery store and the power goes out and i can't buy anything because no one knows how to use a calculator anymore. how do you keep from over on the mating iot to the point where it becomes our enemy? >> so i can address this in a vehicle space because this is something i think the outer industry is struggling with, where at least toyota has landed on this issue is for the

foreseeable future we are going to adopt an airplane model. by that i mean we all get on airplanes and we probably all are over, maybe not, those things are generally taking off and landing by themselves. you still have two pilots in the cockpit just in case, right? so for us for the foreseeable future we are envisioning that kind of a model in the vehicle, that there will always be an operator in the operator seat or the driver's seat who can take over manual operation of the vehicle should the car into a situation that it doesn't know how to handle or whether any sort of those environments. we get dinged a lot about that from and innovation standpoint it it does not sound very innovative education in the backseat or send the car off to try to get off at daycare when you finish your morning cup of coffee. and i get that but from a reality standpoint this is uncharted territory, right?

we want to make sure we get it right and is going to be some growing pains. there will be growing pains. this is not perfection overnight. to address those growing pains we are going to go with the airplane pilot mode for a while. >> just kind of talked about, this is kind of a merger between i.t. and ot system. something that oh, gee systems do much better is oh, gee systems look at users as part of the system design whereas i.t. we are very good at trying to isolate or get read of users. so when we look at these type of iot systems that are having these genetic, physical feedback loops so it's not just generating data from the physical environment that is going to use that in a policy to make a decision that's been going to be sent back to some kind of actuator to change the physical environment, the concept now is what is the failure settings of these

devices? how do they fail? how do they fail-safe? what is the resiliency model? i think mark was talking about the old secure the concept of the perimeter. we could spend a whole session on whether not it is even valid to begin with, but instead how did these things operate under compromise or operate in degraded mode safely and with a manner that does not have a negative kinetic effect? >> met it the resilient point i was going to me, and that is in the report. speaking as jeff greene, i would say that we need to start asking can we need to have our developers asking the right question. the first question i think too often right now is can we connect it. the question is should we connect it. if yes, do we need to look at doesn't need security? if yes, what level of security? and then how do we put it in? i think we need to start with the should we connect. that's a little bit of the wild, wild west right now.

i was at a conference, i.t. conferencconferenc e last spring, and had a show for and some of the stuff, cardboard boxes and duct tape and it was very cool but some of it was, it felt like early 90s internet, webpages, which is really neat but i don't think we're asking all the right questions right now. >> iwatches chime in as a good engineering discipline should always require that you think about how things operate in degraded mode. i lose that connection to my home server, what do i do now? so certainly that's got to be a key part of the design principles for these systems. disconnected operations, all of these have to be key to designing the reliable and robust systems. >> i think the handoff from the machine to human operate will be one of the biggest challenges for all of the devices. and also the fail-safe when the machine fails. when the operator fails, we can

always count on, what do you do? those will be the and chartered problems for this. -- unchartered. >> thank you. holland with the wardman innovation d.c. summer. you were addressing a bit some of the hardware and software reliability issues, also user education. example, cars. i have a new car, not a toyota but a good car -- [laughter] with a company that says innovation that excites but i with it that also puzzled sometimes because they're so made complexities. i finally figured out how to use voice recognition, and it was not coming up with the right stuff. you also have a problem with drivers, distracted drivers, distracted walkers. so how do we educate drivers on what has become much more

complex vehicles? how to educate the mechanics who are fixing them? and how do we keep drivers engaged so that if the machine runs into a situation where it can't prevent the accident, we still have a safe car to drive and hopefully avoid or minimize an accident? >> so yes to all of that. i mean, i can tell you i don't think there is not a cabinet after them and toyota included, does not spending a lot of money trying to get those answers correct. there are challenges with how you're sharing this information can how the vehicles are communicating information to drivers and you don't want to do the in a way that's distracting. there are issues about handoff between the machine and the vehicle when the car encounter something that it needs the driver to step in and help with. these are not easy answer to come up with. i can tell you ultimately with the driver distraction thing, a lot of this technology will

probably help counter distraction, right? for example, so i've got a new lexus with all the bells and whistles, all the advanced collision systems on its, and i've noticed how much that car saves my rear and. i try not to be a distracted driver but i have kids and kids are like really distracting when you're in the backseat. that car has a sydney multiple times win98 with kids in the backseat and to take my eye off the road for a second, and in the car beeps at me and starts breaking because i'm about to rear end somebody. we think of this in some ways as a way to help address driver distraction or overcome driver distraction. that's one element. >> you want to tell people your license plate number so we can -- [laughter] spent i'm okay because i have the pre-collision systems i won't crash into you. >> we lived up to those. this one reminds me, we don't

want to be a little too car centric but in the early 90s to late '80s there was an issue called busy cockpit for military aircraft, which had too many screens and too many little numbers. how do simple by the cockpit that the driver could use diminishes the aircraft. >> my daughter lives in new york and she says every poppe avenue in manhattan is one the use of the video camera of your phone to show you the sidewalk just ahead of you. so as you walk down the street with your -- [laughter] i couldn't believe bush's complete series that exists and is widely used. >> good afternoon. doug smith. a question for the panel, the entire panel but in terms of the slow adoption of the technology, that's going to be a concern. we are currently developing a

program that will be working with nist in part of the global cities challenge. but the slow adoption of technology come to talk about refresh rate of vehicles, that's getting to be a longer period. you talk about the policy issues relative to citizens and their concern about privacy. that can also fold over to cities in the communities to the concern about the cloud and the security of the cloud. what's the answer, or is there an easy answer, to the question of how do cities become smarter cities? it's a long, complex project. >> i think that's one of the challenges of the smart cities challenge is try to look at is what are the barriers that currently exist. what are the economics, deployment issues somewhat of a longer lifecycle issues that need to be addressed in order to fully realize a lot of this potential but you were mentioning what is a needed skill sets in jobs and education

bites the need to be set up for this? i'm looking for a cryptographer, psychologist data scientist. there's not a lot of them out of there, but these are the type of future skill sets that we need. what does the future iot repairman look-alike? so these are all, so there's potential for a large infrastructure shift to occur. at a much larger level than just deploying a set of sensors and then looking at the data. >> i've got to say something think you brought up security of the cloud. like any system you can misuse the cloud platform, ma but i will argue in many of my customers will come in here and to you that they have a much more larger scale utility that form than they could ever build for themselves. when they're doing their own set of 100 servers are 1000 servers sitting in a data center somewhere. we are operating on a scale so

we see in that weather patterns the we reach out and say there something you need to know about which they could recognize for themselves. when we hire a security expert, the amount of servers that their skills impact is way larger factor of scale than when you are that same security expert. the use of these very large scale systems, and this isn't so much a commercial blog as an industry plug. i'm plugging the idea of utility computing as new way of doing computing. we believe that safety experts in the demand for within the application or organization or agency can focus on a much smaller set of the problem and they cannot completely automated tools because everything in the infrastructure is an aei. this is a programmable. there's no more people racking and stacking and not that we can with some consonance crossconnects a jack between the developer workstation and the server just to get something -- that can't happen in heidi steele automated system.

so in general i think we're going to get more secure systems when used large-scale computing platforms. you can miss use them so the still response but on the users cannot configure them improperly but the actual base infrastructure itself, this is a big wind and the analytics to get from all that data. again we're seeing patterns and doing analysts of our large-scale patterns that are not visible to individual users of the platform and that gets down to say the entire community. so i think loud as to the security issue that' is often perceived the impact it's going to be a win. >> we're getting close to do to make will start with the questions in the back and move up front. raise your hand these but we up to there. one in front and then we are through. >> josh with the center for data innovation. hilary, i think to describe history of the recent concern about people worried about their data being shared or collected and misused or abused.

everything from the cartoon would you drive over to the street corner, how do you address the concerns from a regulatory perspective our public image perspective of all the data being collected and shared and reused to end up returning value to the consumer citizen, but with a lot of these devices they won't have human interface, they don't have a touchscreen like a smartphone and can't really collect consent or deliver notification about the data being shared. how do you work around that? >> that's a good question for all of the panelists. >> i don't know if i have a unique answer on that. it's interesting, one of the things i've been grappling with and i think it's a distinction, i do know if it's useful but i think it's a distinction. to me this element of choice and consent, and that sort of thing, it may have more relevance in

those things of which you have no choice, right? or those things we have a choice versus those things where you do not have a choice, right? even then dozen other that sort of is it anonymous data? isn't aggregated data or is it identifiable data? for us we were grappling with as an auto industry, we focus on data that is identifiable, for the most part, not for the most part, entirely. it was not part of the calculus. and then there are pieces of vehicle data collection that are going to be optional to you, like if you want to be a probe on the waze system. i don't know if it's useful distinction that is one of the ones i've been sort of focusing in on as i've been thinking about these issues.

>> taking back a little bit, a lot of it starts with the education that -- taking back, people need to start understanding the amount of data they are generating. when i bought a tidbit i did we think about all the different places that did would be. i don't really care who has the economic steps i take. but when it actually can we get a report, symantec quantified itself cannot last year that looked at all of the data and all the different places at different vulnerability that we go through. if i'm talking to step count, not such a big you but when you start getting into other health characteristics that could be intercepted, who knows how they're going to be used. until think of people being aware of it and raising concerns with it, it's going to be hard to get traction to come up with solutions because there's not going to be that outside force driving it. people really need to understand even what they're giving off with their phone. who here has read an entire you know when they clicked except on

an app? i'm not banging them so we need to think about that. we need to get people focused on a special our data collection that is going out there. >> my questions about the connections between the devices, and so it's twofold. the first is inspection was bought a. does the fcc have the capacity to manage the prioritization and the dissolution of the spectrum? are they thinking about this issue? then the other thing is to what degree will the internet governance debates play into the global nature of iot? >> i'll take a stab at the first question at least. shared spectrum is taken to fill for a long time. some futures have argued the

application accessible because you got the right technology and that he can sure all the spectrum. i think that's technically true although it would be the issues of enforcement and improper use and so forth. that are these fair amount of capacity set aside for shared use and the technology knows how to hop around when it detects interference and find unused portions, and ginny package-based systems also have a certain inherent resilience. i don't think it's necessary going to be a big bottleneck in terms of solving some of these problems, but then other panelists may have other perspectives on that. >> i mean, the issue of prioritization is being looked at. there's a couple programs around the federal partnership for interoperable communications as well as the first met program looking at when we instrument these up, how do we understand and provide appropriate allocations. for example, first responders but everyone is at the scene of the fire streaming that video back up to youtube whereas

the fire department would really like to stream it back to the inbound truck. so how do we ensure that there's proper allocation to places where potentially it could provide the most good come or should it just be a separate set for them altogether. so this is still in a research/develop phase of discussion and deployment right now. >> we have talked a lot about capability. but i'm wondering who's leaving on the issues of data ownership to the lifecycle of the data and liability? who are the star lawyers are helping you along the way to build that income just like you need to build security in. >> so i'm not a lawyer. i'm an engineer but this dovetails with the question earlier, and from an engine perspective we are very interested in, can we provide

specific tangible privacy requirements that then can be used with enough level of specificity so that privacy capabilities around redress, confidentiality, transparency, ownership, effective understanding of privacy risk can all be actually built and designed into the system with the concept of privacy by design as we start to deploy these things out. so that whoever is making those decisions can actually have the capability built-in and designed with the systems as they go forward. we are looking at it more as capability, providing what references that we can to allow for the system still least have the capabilities to enforce, or implement whatever the privacy policy happened to be.

>> i would also do a poll as to how many are lawyers? are you a lawyer? that's better than our usual rate. >> i have never practiced a day in my life though. do i get a little credit for that? >> yes. ..

we saw information technology, everywhere but in the productivity statistics and the good news about that was, he was wrong. and the, people buy things for a while. you don't see a benefit, because they have to figure out how to use them. they have to innovate. and then you got a burst of economic growth that drove the u.s. economy for about a decade. so what i'm hopeful if we get this internet of things stuff right it may not be as distinguishable as the i.t. revolution but we could see a similar burst in economic growth and this was an appreciable increase to income. so with that, that's a goal here for us. thinking of all the issues we talked about, security, privacy standards, international cooperation, but i think we are on the path to maybe do this. i found this to be a really excellent panel. i don't know about you, but i really appreciate them.

please give them a hand. [applause] >> q&a is 10 years old. to mark a decade we're featuring one interview the holiday season. we have interview with lonni bunch, director of african-american museum of history and culture, currently under kruk on the national mall and expected to open in 2016.

that interview today at 7:00 p.m. eastern on c-span. after that a look at the death penalty and look at the criminal justice system with authors, bryan stevenson and a conversation about racial bias. here's a preview. >> was in a courtroom in the midwest not too long ago we started representing children prosecuted as adults, and when i talk about the presumption of guilt that poor people and people of color are born with, that is one of our great challenges in america. we have black and brown children this country born with a presumption of guilt and dangerousness and follows them wherever they bo. we're suffering in new york. we have stop and frisk. we're suffering in ferguson. and suffering in the states with the stand your ground laws. it has opportunity to victimize people covered with this presumption. i was in court sitting there to get ready for a hearing, first time i had been in this courtroom. i had my suit on.

i think this it was this suit. that's right. and i was sitting there waiting for the hearing to start and the judge walked out and prosecutor walked out behind the judge and when the judge saw me sitting at the defense table, he said, hey, hey, you get out of here. i don't want any defendants in my courtroom without lawyers. you go out in the hallway to wait until your defense lawyer gets here. i'm sorry, your honor, my name is bryan stevenson, i'm actually the lawyer representing the client today. the judge says, you're the lawyer? i said, yes, sir. he started laughing. and prosecutor started laughing and made myself laugh because i didn't want to disadvantage my client before he came in. my client who was a young white kid who was represents at hearing. >> great reversal. >> we did hearing, afterward i was thinking how exhausting it is to deal, these are judges, the people who are supposed to be fair. the people who are not supposed

to act on presumptions and bias. it is exhausting for a lot of defense attorneys, courtrooms are not friendly places. they're not convenient places. they're not comfortable places. all of that rage gets directed at you. of course for our clients it is even more hostile. we have a criminal justice system that treats you better if you're rich and guilty and rather than poor and innocent. when you stand with poor people you feel inequality. >> big time. big time. >> just some of an event held earlier this fall on the death penalty and the american criminal justice system. you can watch the entire event tonight at 8:00 eastern on c-span. here on c-span2, booktv with authors that have written books about economics. steve forbes and elizabeth ames discuss money, how the destruction of the dollar threatens the global economy and what we can do about it. finally michael lewis on his book, "flash boys," a wall street revolt.

booktv prime time starting at 8:00 eastern on c-span2. >> c-span2 providing live coverage of the u.s. senate floor proceedings and key public policy events. every weekend, booktv, now for 15 years the only television network devoted to non-fiction books and authors. c-span2 created by the cable tv industry and brought to you as a public service by your local cable, and satellite provider. watch us in hd, like us on facebook and follow us on twitter. >> the senate finance committee held a hearing on retirement savings and u.s. tax code with testimony from tax and retirement policy experts on the gap between how much americans are saving for retirement and how much they'll need. this is almost two hours.

>> the finance committee will come to order. when you take a look at at the state of retirement savings in america, it's clear that something is out of whack. the american taxpayer delivers $140 billion each year to subsidize retirement accounts but still millions of americans nearing retirement have little or nothing saved. the fact is the incentives for savings in the american tax code just are not getting to those who need them most. a pair of new studies spells out the issue. the federal reserve found last month that an employee with middle of the pack savings has about $59,000 set aside for

retirement. yet according to the government accountability office, some 9,000 taxpayers have ira accounts worth more than $5 million. it would take several lifetimes of work for the typical middle class american to save that much money. so how did those massive ira accounts come to be? in many cases they seeped to be sweetheart stock deals that most investors would never have access to. executives buy stocks at a special, rock-bottom price, sometimes fractions of a penny per share and use an ira as a tax shelter. the stocks start out dirt cheap but just like that, they turn to gold and the ira shoots up in value. now wise investors have every right to use all of the tools

available to them and no one should begrudge them their success but the ira was never intended to be a tax shelter for millionaires. they were designed to help the typical american save for retirement. the finance committee continues to work on modernizing the tax code it needs to take a good and bipartisan look at fixing this issue, with limited resources it is crucial to use taxpayer dollars as wisely as possible. the same study from the federal reserve included another aharming piece of information. nearly a third of workers according to the fed have no pension and nothing set aside for retirement. it is a fact of today's economy that millions of americans are walking on an economic tightrope and are unable to save. report after report has shown that america's middle class at

best struggling to stay afloat. five years after the great recession it remains tough for many people to find and keep a steady job. the cost of a college education continues to rise. millions of americans have had their wealth tied up in their homes before the housing collapse and they are not yet close to a full recovery. and many working families continue to see their take-home pay drop. at the same time, workers, especially, younger ones, are changing jobs more frequently than ever before and they find it difficult to save without portable savings accounts. women face special challenges to savings. that has to be addressed as part of tax reform. that is also true of part-time workers. this sort of "leave it to beaver" ideal of a worker spending 40 years with one firm and retiring with a generous pension and a gold watch is sorely outdated.

retirement policies need to keep up with the times and the finance committee is inabouting today to examine those savings issues. one proposal worth looking at is being pursued by my home state of oregon. less than half of oregon businesses offer retirement plans to their employees and many oregonians have trouble saving anything at all. so the state set up a retirement savings task force to look at solutions. just yesterday they recommended the state set up an auto-ira program for any oregon worker who is not covered by an employer retirement plan. a percentage of employee's paychecks would go into the savings accounts and the contributions would rise with time. it would not be mandatory. employees could opt out at anytime but it certainly has the potential to be a first step towards retirement security for many oregonians.

in my view the tax code should give all americans, all americans, the chance to get ahead and making it easier to save is one of the best ways to come pressure that. that is why it is important for the committee on a bipartisan basis to look how to improve the savings incentives and insure that they help middle-class americans prepare for preevironment and not just -- retirement and not just set up tax shelters for millionaires. senator hatch, i look forward to working with you as always on a bipartisan basis as always and welcome your statement. >> thank you very much, mr. chairman. i think this is an important hearing and an important topic and we have an outstanding panel of witnesses. i think we'll have a very interesting discussion. retirement policies always been an especially important topic it this committee. it also always has been bipartisan. most of the major pieces of retirement legislation that congress passed in recent decades have been named for senators from the committee, one

from each party. talking of course about legislation like benson-roth, roth-abreau, grassley-graham. grassley-baucus, hatch-pryor, which in the other body became to be known for portman, cardin, the two legislators i are colleagues on this committee. i think bipartisanship can and will continue. during the recent highway bill markup we worked on employer pension reform. that was done in the in bipartisanship. i have a pension bill just last week received high marks from the urban institute and i hope you will work with me. if fact it received the highest marks. it is my sincere hope that the tradition of bipartisanship in retirement policy will continue the next retirement bill comes out of this committee will become law known as wide-den hatch. we always had incentives in the tax code to encourage save in

retirement. as late chairman roth said there are no bad savings. congress revisitedded incentives on occasion with a eye toward improving incentives and increasing savings. for example, in 2001 the congress increased the limits for contributions to 401(k) plans so that today a worker may contribute $17,500 to a 401(k) and $5,000 towards an ire a. congress also add ad quote, catch-up, unquote contribution, feature to the code. to allow workers to several thousands of dollars more beginning in their 50s and, and age when many workers finally get serious about saving. and workers including spouses, women who might have left the work fors force a time have the opportunity to save again. as recorded in the blue book published at time by the joint committee on taxation congress believed it was important to

increase the amount of employee elective deferrals allowed under such plans. and other plans that allowed deferrals to better enable plan participants to save for their retirement. well it worked. since 2000, retirement assets in defined contribution plans have grown from $3 trillion to nearly $6 trillion despite the market downturn in 2008. assets in iras have grown from $2.6 trillion, to $2.56 trillion. in fact increased contribution limits worked so well in 2006, congress made those provisions permanent and the vote to make them permanent was well ming, 93-5. the retirement policies we pursued have always been about helping americans to help themselves save more of their hard-earned money, not less. in the last 25 years, democrats and republicans worked together to respond to a mutually shared goal, expanding savings among workers. republicans agreed to proposals

targeted to lower income workers like the savers credit. democrats agreed that small business owners and managers needed some tax benefit skin in the game to take on burdens of adopting and maintaining retirement plans much in these areas, members from both parties resisted partisan impulses and as a result we've been able to craft good policy. lately however i've become concerned that there is a political strategy by some in congress to turn pension policy into just another partisan background. they would return retirement policy into another front on class warfare that consumed so much energy on other committees in congress. i'm wore remembered that some want to disregard the bipartisan goodwill of the last 25 years. that would be unfortunate. i especially hope it does not happen in our hearing today. mr. chairman, what i hope to hear today from the witnesses are facts that can inform our policy considerations. we need to know how much incomes

americans are projected to need in retirement, how much they are projected to have and if there's a short fall what policies they recommend we enact to help americans close the gap. what i hope to not hear today are poll-tested slogans, like upside down tax incentives, bang for the buck, unquote, quote, pension stripping, unquote or quote, the system is rigged, unquote without substantiating data. we need to hear facts and serious policy proposals, not political slogans. ii want to thank you all again, mr. chairman for holding this hearing. i would like to extend a welcome to my fellow utahan scott betts. he has gone great work helping are grateful you would travel from utah to help us make this a useful hearing. thank you, scott, for being here. thank you, mr. chairman. >> thank you, senator hatch. and i think you're very right to stress the number one, the

bipartisan tradition in this committee of focusing on these kind of savings incentives, particularly to create opportunity for folks to get into the middle class. i look forward to pursuing that with you. and in pursuit of an approach that is really fact driven, that is why we asked the general, the government accountability office to help us get an assessment of the most recent developments in savings and at that point, i think one way or another, whatever the bills are called, you and i are going to be able to lead the committee in a bipartisan way and i look forward to pursuing that. now we've got six witnesses. we have one who is tell very talented scholar, missile len schultz who is battleing amtrak delays. we hope she will be with us. john bogle, as usual figured out a way to navigate through. that we're glad he is here.

he is founder and formerly ceo of vanguard. our next witness will be dr. brian reid, chief economist at the investment company institute. our third witness will be mr. scott betts, senior vice president of national benefits services. our fourth witness will be dr. brigitte madrian, professor of public policy and corporate management at the john f. kennedy school of government at harvard. she was, i believe the first academic to do research on automatic enrollment in 401(k) plans and i know a number of our colleagues are interested in discussing that. our fifth witness is dr. andrew biggs, a resident scholar at the american enterprise institute. he also lives in oregon and i told senator stabenow that i was wearing my duck tie today and i didn't wear it for two weeks out of respect to senator stabenow and the state of michigan after the duck triumph over michigan

state but mr. biggs, i couldn't hold off any longer. >> there will be another day. >> there will be another day. >> i am glad the fight is between two democrats this time. >> we'll await miss schultz. mr. bogle, welcome and we look forward to your presentation. senator brown as very tight schedule this morning. when all of you are done, senator brown will begin the questioning from our side and we'll turn to mr. hatch. >> good morning, chairman wyden, ranking member hatch, other members of the committee. i'm honored by your invitation to be with you. my experience in the financial services field began 63 years ago a long time. in 1974 i founded the vanguard group, a new company on the mutual fund scene and we now manage $3 trillion worth of other people's money and become the largest mutual fund firm in the world. the principle reason for that success, that success is a fair

description, is in 2008 this single firm has accounted for almost one-half of the mutual funds industry's entire cash flow is simple. we were founded with a single focus, to serve mutual fund investors. our management company and this is important, the vanguard group, is owned not by its managers, nor by the public, nor by u.s. or foreign insurance companies or financial conglomerate. today unfortunately the industry's most prevalent corporate structure. we're owned by our mutual fund which in turn are owned by our 20 million mutual fund shareholders. we are uniquely a mutual fund complex. we operate the funds on at cost basis and substantial profits we might otherwise make which came to $19 billion in 2013 alone, were in effect rebated to our shareholders in the form of lower costs.

i'm also founder of the world's first index mutual fund, vanguard 500 index portfolio. as you all know the index fund simply mimics the portfolio for a particular index of prices of stocks. largely because it pays no investment advisory fee, because it doesn't require any advice, it carry as rock bottom expense ratio as low as 0.02% or 0.05%. that is what we call, 2 to five basis points, compared to other fund groups charging maybe 200 basis points. index account, has accounted for index fund have accounted for more than 350% of u.s. equity mutual fund net cash flows since 2007, taking in $750 billion while other funds were losing, managed fund losing $550 billion. the picture is pretty clear and

now constitute 33% of u.s. equity foot mutual fund assets. at vanguard, a trillion dollars, more of that. building retirement nest's or retirement plans for corporations large and small. among the employees of state and local governments as well. among all the defined contribution and retirement thrift plans we're now the largest provider of mutual fund assets. so we have a huge stake, in business stake in insuring that our nation's retirement plans are structurally efficient and fiscally sound. fund shareholders also have a huge stake in minimizing the management costs of their investments the outside of vanguard those costs are grossly excessive. unfortunately our retirement system today is neither structurally efficient, nor fiscally sound. for different reasons, each one of the three legs as we call them of our retirement system stool, social security, pension plans and savings plans is

headed for a train wreck. other witnesses seem to assume that social security and pension fund are soundly-financed. unequivocally they are not. leg one is social security, fixed with relatively few small changes from its imper speck tech shuns today. moderate the growth of benefits and increase contributions. leg two, defined benefit plans, most, now most deeply underwater, by $4 trillion or more will require much more realistic assumptions of future investment returns that the 8% they're using that is not in the cards as well as a, higher employer contributions and b, lower employee benefits. tough medicine. leg three, defined contributions plans the largest and fastest growing component of our retirement system cry out for structural efficiency and cost reductions. retirement funds investors accumulate are slashed when d.c.

plans incur vastly excessive costs. simply if they invest in low-cost mutual funds rather than high cost actively managed fund an investor return show in exhibit 2, page 5, of my submission, on investors long term wealth could be epcreased by 65%. in that example from $561,000, to $927,000, a $366,000 advantage just by taking the cost of the system down to where it ought to be. we need larger contributions from employees in defined contribution plans. we need to reduce the withdrawals, ability to withdraw savings almost on demand. we need to have some requirement that the employers maintain their contributions. we need to expand access to the plans and employee participation. and we need to limit the participation of high-cost

purveyors in dc plans in ire as. we need a federal standard of fiduciary duty for our institutional money managers now, including fund managers. so far virtually ignored by policymakers, regulators and legislators. i'll explain these more fully in my prepared testimony. forgive me for going a little bit over my time. thank you for hearing me out. >> very helpful. thank you, i know we will have questions. dr. reid, next. >> thank you 6 thank you, chairman wyden and ranking member hatch for the opportunity to testify. i'm brian reid, chief economist of the investment company institute, the world's leading association of regulated fund. ici u.s. members manage assets of more than $17 trillion and serve more than 90 million shareholders. to the point of today's hearing mutual fund manage half of the defined contribution plan in individual retirement account assets. ici devoted years of research and considerable resources to

making and communicating an accurate assessment of america's retirement system. today such an assessment must recognize three key facts. first america's retirement system is working to build retirement security for the majority of americans. second, the tax incentives for retirement saving based in deferral of taxes, not in tax exclusion or tax deduction, are key to the successes and strengths of that system. and third, while there are opportunities to improve our retirement system, changes should build upon our current structure and not put today's retirement system at risk. those statements may contradict much of what you often hear so let me explain. not only does social security cover nearly all working americans but 80% of near-retiree households in 2013 had accrued pension benefits. a wide range of government, academic and industry research demonstrates that the american retirement system has become stronger in the past half

century. the poverty rate among the elderly has fallen since 1966 from nearly 30% to 9%. the lowest among all age groups. the and since 1975, amount of assets earmarked for retirement per household in the united states has increased seven fold after adjusting for inflation. the share of retirees receiving private sector pension income has increased by more than 60%. and the median private sector pension income that retirees receive after adjusting for inflation has increased by 40%. these statistics speak to the impact of congress's bipartisan efforts that transform social security into a strong foundation for america's retirement system and created a framework of laws and tax incentives on which voluntary private employer plans and iras have grown and thrived. as important as the tax incent testifies are in encouraging employers to offer plans and

employees to participate in them, the nature and role of these incentives is often misunderstood. the tax incentives take the form ever tax deferrals because contributions and earnings through traditional retirement plans are taxed when a retiree withdraws the income. this is fundamentally different from a tax deduction or exclusion where the initial tax deduction is never recovered. in economic terms it is aft tax rate of return that is the incentive to save. tax deferral effectively taxes investment income at zero tax rate for retirement savers in all income groups. thus rather than creating a so-called, upside down incentive for saving, tax deferral equalizes the incentive to save across all retirement savers in all income groups and encourages support for employer sponsored pension plans among a wide range of workers. the american people overwhelmingly support today's defined contribution retirement plans including tax incentives.

in a fall 2013 survey, 86% disagreed with the idea of eliminating the tax advantages of defined contribution plans and 83% opposed any reduction in employee contribution limits. now despite the strength and successes of our system it can be improved but changes to the current sim should build upon the existing system, not put it at risk. ism ci supports members to measures to promote retirement savings, put social security on sound financial footing as universal, employed-based aggressive plan for all americans, foster innovation and growth in voluntary retirement savings system, help smaller employers offering simpler plan features and easier access to multiple employer plans and provide flexible approaches to retirement income. . .

for generations to come. thank you and i look forward to your question is. >> next witness. >> thank you chairman and members of the finance committee for the opportunity to talk with you about the private employer response to a cosponsor of the system. i'm senior vice president of the national benefit services. we are a fee for service

third-party administrator specializing in the design and administration of all types of employer-sponsored retirement plans. we have more than 225 employees in west jordan utah and 7500 retirement benefit plans in 46 states. our goal is to give every working american the ability to save for a comfortable retirement. i've been working with employers for almost 20 years and can tell you firsthand that qualified retirement plans like four o. one kays plans are proving successful for millions of american workers. what i see every day is born out of import statistics. middle-class families representing the overwhelming majority of participants 80% of participants in the plans make less than $100,000 per year and 43% of participants make less than $50,000 per year. in an analysis by the nonpartisan research institute found over 70% of workers

earning between 30,000 to $50,000 participated in the employer-sponsored plans when the plan was available with less than 5% of those middle income earners without access to employer-sponsored plans contributed to an ira raid in other words the workers and a in the group of 15 times more likely to save for the family's retirement at work them on their own. increasing retirement financial security is the gold increasing the availability of workplace plans is the way to get there. that's why it's so important no harm is done to the current tax incentives that motivate employers to sponsor and contribute along with the employees themselves to the retirement plans. the tax incentive is unique. the tax deed for old, not a permanent right off. contributions made this year are not taxed this year. it will be taxed when the individual starts taking withdrawals from the savings. also the tax incentives like in

elite exclusions come with nondiscrimination rules and limits to ensure contributions do not discriminate in favor of more highly compensated employees. the result is a tax incentive that is more progressive than possessive. and the testimony we've see the families earning under $50,000 in the 9% of income taxes that received 27% of the benefit of the tax deferral in the four o. one k. plan. the good news is over steam only an currently benefit and currently benefit from the tax incentives through participation in the retirement plans. the bureau reports that 78% of the full-time workers have access to retirement benefits at work and 81% of those workers participated in these arrangements. in spite of the positive numbers, there are still millions who do not have plans available in the workplace. more can and should be done to

help employers especially small business owners set up and operate the plans in a cost-effective manner so their employees can save for their retirement. there are some changes that can and should be made to streamline the plan operations, eliminate the pitfalls and penalties for those that already have a plan. senator hatch, the safe retirement act has the right focus and strikes the right balance. for instance the starter plan proposal would allow business owners that may be reluctant to commit the contributions a way to offer a chance to save in the workplace plan. another change proposed by the senders that would allow them to adopt a qualified retirement plan after the end of the year when the final result of the business for the prior year is available. this change would literally open the window for more plans to be adopted and more dollars contributed. senator hatch's bill would also permit them to band together in the multiple plan arrangement

while providing critical safeguards for adopting employers through creating a new designated service provider. finally the bill also addresses the inefficiencies and traps for the employer that increased cost and can discourage from employer in the employing the plan. in conclusion the retirement system works well for americans to have access to to that but we need to do more. the key to the continued success is enacting reforms that will further incentivize them to provide a savings vehicle. senator hatch coming doorbell is a big step in the right direction to remove the complexities from the system and expand the availability of the workplace plans so business owners will be up to provide a better retirement plan for american workers. thank you and i would be happy to answer any further questions. >> thank you for being here. >> other members of the committee thank you for the opportunity to speak today and share my thoughts on how we can strengthen america's retirement

savings system. the joint committee on taxation places a magnitude of the tax expenditure on 2014 on the $27 billion annually. in addition, public policy encourages employers to sponsor a retirement savings plan to provide their own financial inducement for employers to say namely the provision of an employer match. a large body of academic literature has examined the responsiveness of the savings to the financial incentives. a rather consistent finding from the literature is that the behavioral sponsor the changes and incentives is not particularly large. in the recent paper i surveyed the academic literature on the impact of one kind of financial

incentive matching on the savings plan participation contributions. the study appears in the most critical methods in the striking results in a variety of different contexts using a variety of different data sources. a matching conjuration of 25% increases the savings plan participation by roughly five percentage point. this is a modest effect at best. participating in a savings plan the financial incentives can impact how much individuals save. but this effect doesn't come from the magnitude of the financial incentives so much as the fact that add some point it expires. for example in many of the plans the employer provides a match but only up to a certain fraction of the pay. the credits gives eligible low and to save for their retirement but only for the first $2,000 contributed to the workplace savings plan. when the financial incentives to

save our limited to saving below a certain threshold, this threshold becomes a focal point of the individuals to decide how much to save. for example the data from back for one plan choose the contribution rates that are either a couple in size, 5%, 10%, 15% or a matched threshold. this finding suggests that threshold may be a much more important parameter in a matching schemes in the rate. the relatively small impact of the financial incentives on the savings plan participations suggested the failure to save is not primarily the result of inadequate financial incentives. rather there are other barriers to saving not addressed by the policy solutions. the literature on the economics of the savings outcomes points to them. afflictions impede successful savings. procrastination, lack of financial literacy and the complexity of determining how much you save and how best to invest for their retirement, and

attention into the temptation to spend. countering the frictions leads to increases in savings plan participation and the accumulation of surpassed the effect of the financial incentives. in the behavioral economics what we know it from a behavioral economic standpoint the tax code is particularly ill-suited to generating financial incentives to save. first the tax code is complicated. it's a difficult for the average taxpayer to even assess the financial incentives he or she faces in the tax code. for example in the project that i'm working on, my co-authors and i have found that most individuals do not accurately understand the tax implications of saving in the regular four o. one k. or ira. for the low or moderate taxpayers assessing the incentives of the credit without the help of a tax professional would likely be a daunting task.

indeed i attempted to do so in preparing the remarks and quickly gave up. second, individuals are more responsive to the media today the immediate and delayed financial incentives that many of the financial incentives to save dot operate in the tax code are delayed. the benefits of the tax-deferred compounding are delayed as are the benefits of the tax deductions that are not processed in the payroll deduction where the greatest tax withholdings. what could perhaps be a very effective financial incentive to encourage individuals that are in the workplace savings plan a small but immediate financial reward is actually not allowed under the current law. if the financial incentives are not a saving panacea, what is. by far the most effective method to the planned participation of automatic enrollment. the impact of automatic enrollment enrollment on the participation rates can be sizable and the greatest in the lowest savings rate initially younger and lower income workers

its increase the fraction of the americans who are saving for retirement and this means continuing to increase the number of employers to savings plans that use automatic enrollment in increasing the number that offers savings plans and provide simple savings alternatives for individuals that are self-employed or who are never likely to sponsor the savings plan. they support the measures and include the auto proposals and legislation to facilitate the creation of multiple employer plans with committed fiduciary liability. paradoxically, we have a savings system that in the absence of automatic enrollment takes savings complicated while at the same time making it very easy for individuals to tap into before retirement. another policy response is needed to encourage the retirement of accumulation to reduce the leakage from the

retirement savings system. in conclusion the lessons from the behavioral economics research are clear if you want individuals to say make it easy and if you want them to save more, make it easy. if you want employers to help their workers say make it easy and if you want individuals to spend less, make it hard. >> i got the drift and it was all about easy. [laughter] >> i just want to make sure everybody understands one point with auto enrollment because you have been a leading scholar. you still gives the individual the last word, and the individual can choose not to auto n. roll or to opt out. >> mr. chairman, printing member hatch and members of the committee think you for the opportunity to testify with regard to savings and security in america. the word crisis is often overused. generally it is harmless than the public policy the perception of the crisis sometimes causes people to look before they leap

or leap before they lock. this is the case today when it comes to the retirement security. one study claims in the 50% of america is at risk if sufficient retirement income and another is that 85% of americans are falling short of the total retirement savings gap they reach $14 trillion. yet another study claims that they only have evidence from the ira plan. and in response summer proposing expensive expansion of the social security benefit and others are arguing that the 401k should be scrapped. they are overblown and the policies proposed or nonsolution is to them on crisis. this kind of analysis is necessarily complex i might simplify with two sets of facts. first, the majority of today's retirees are doing well. 75% of the current retirees told pollsters they have enough money to live comfortably. the data on poverty and other measures of the retirement

security should most retirees today are able to match the pre- retirement standard of living. second, the best research out there from the model developed by the social security administration also policy is the input from the best retirement experts in the government protect that future generations and retirees will have about the same level of retirement security as today's retirees. specifically, they projected that the generation ask x. the same replacement rate as individuals and the depression who supposedly enjoyed the security. the employee benefit research institute also projects the retirement for future generations will roughly hold it steady with today's retirees. put those two facts together and you come to the conclusion that we don't have a crisis today it doesn't appear that we will have one in the future.

some americans are are under prepared. around 25% support into some studies hard into some studies with religiously modest saving shortfalls. but they are targeted. one finds that the less educated women are roughly twice as likely to fall short in attire meant as pretty much any other demographic group. while we do not need to reinvent the wheel, we do need to do something. i'm in favor of auto enrollment pension plans but the less educated workers are less likely to be offered pensions on the job. senator marco rubio has a proposal to allow workers that aren't offered a pension by their employer is a chance in a savings plan. similarly others have proposed a so-called super simple tension designed to reduce the compliance cost. the state-based plans for the workers that wouldn't offer the plans on the job. senator hatch your own legislation has the petitions to

encourage the entrance to the low-wage workers that might not otherwise be offered one. this may not be enough. many women without a high school education are likely to have only sporadic attachments in the labor force. at the same time the social security treat single women far less well than it does married women so they aren't getting that much help from that end of things either. that's one reason we have proposed a forming social security to include the flat universal benefits at the poverty level to the retirees regardless of income or labor force participation. on top of that individuals would save an supplemental in supplemental retirement accounts provide either through the employee or were not available through the government. this approach is qualitatively similar to that in the uk, australia, canada and new zealand. in the u.s. context it could affordably reduce the elderly poverty rate from today's level

roughly 9% to approximately 0% while increasing their retirement savings among the middle and the high income workers who truly should be saving more. the lesson of all this is there is no simple problem and no simple solution. but it is better than the retirement crisis. thank you very much. the political scientist decided to try to find out what person represented america best. who was the sort of proto- typical american and he settled on a white woman in dayton ohio. to a machinist that had a retired pension plan and a defined benefit pension plan. in those days the family income is about 60,000 inches is right

in the middle. half of america was poor and half of america was wealthier than she. today, that's machinist's wife probably wouldn't have a union plan or defined pension benefits. she would probably have less, she and her husband would have less equity in their home. depending on the estimates. if we look at the fed numbers up to 50,000. ohio is it different than other states. the person in the middle will get no more than 13 or $1,400 a month. so we know that for the enormous

percentage of the workers again she's right in the middle and for the enormous percentage of the american workers in the security in doubt. in your testimony, you make a number of important points about adequacy. one important point is the high-cost funds into too many choices can rob the unsophisticated investors, those in the broad middle with a slightly lower can rob them of the ability to adequately save. he said make it easy. my question to u.s. should the congress make it mandatory to auto n. roll and escalate into a low-cost index funds, should congress make it mandatory to auto n. roll and escalate? >> auto enrolled, i for one would be the champion from the index but for heaven sake look at heavens sake look at it this way, senator. all of the investors in america, all of the retirement plan

investors are in the stock market together in the index fund so they can go to the index fund and own the total share of the stock market for two to five basis points. and if they want to fight among themselves to see who is best and get the managers to outguess the others they will get the market return in the basis points. so, it is mathematically correct. i should probably get into this here but the last probably politically undoable. it should be made a more important qualification for the entry into the system. >> although escalate? >> it was good. >> peoples income goes up slightly higher percentage of their fund. >> these things are correct and the principles. the fact of the matter is every family is different. should you want to escalate for a man with six children all going to college and a wife who is maybe ill when you go from

the generalities to the particulars, it is a tough -- that's why you give get the option to opt out. >> thank you. >> you said you shouldn't have to be in the middle class to get access to the savings vehicles. they should be designed to help workers get into the middle class. what are the policy changes we need to make to ensure that this happens to raise the minimum wage and to save the credit and expand to the ira and all of the above. what policy changes do we need to give people a lift to be of some assistance to get into the middle class and get access to the savings vehicles? >> in my mind of the biggest problem in the current system is many workers don't have access to save for retirement through the payroll deduction because

the employee or isn't offering a savings plan or they are not eligible for the savings plan that their employer is offering. so, i think initiatives to encourage the small and employers to offer a savings plan the small employer is a lot like the individual investor. joe brown joe's pizza doesn't have a dedicated human resources professional and it's no better at picking a savings plan for his employees than his and his employees are at picking from buying mutual funds with the best way to save for their retirement is. so it's easier to opt into and other employers would help close the access gap. so, allowing the communities to have the chamber of commerce sponsored them all to pull

employer pension plans where joe doesn't have to worry about the fiduciary liability of picking the right or wrong investment options and the employees that are in the same workforce locality to have a similar benefit plan they can talk about it and learn about it. things like that that would go a long way towards closing the access gap providing incentives for companies to open their savings plan to all employees. so some companies part-time workers are excluded. these are simple measures that can go a long way. another point that i brought up in my testimony is the current law right now doesn't allow for companies to give a small financial incentive to sign up for the savings plan in the first place so if you didn't have the automatic enrollment or encourage them to opt in rather than out you couldn't say sign

up before the end of the month and we will enter you into the drawing for an ipad. things banks have used in the past to get people to sign up for a savings account, phone companies to get employees to sign up for the cell phone plan. of those are not allowed under the current law even though the literature on the behavior suggest that small immediate financial rewards are very effective types of investments. >> senator hatch. >> in the retirement plan for the workers can you explain further than the one, what are the motivations when they make a decision about the plan and number two, what sort of things convince them to say no to setting up a new plan?

>> working with employers for many years, it's been the incentive to the government government is allowed in the plans to incentivize to set them up. they've motivated the employers. many employers because it's the right thing but also many job seeking and employers have the plan but that incentive is the key piece if that were changed or removed any employers would end up those plans. also, the incentive is what allows the new employers to stop and to get the benefits of going off into these plans. so i think the power that is there and that is demonstrated on the number of americans are

savings. >> thank you. the end result of the proposals i've read about what effectively camp employee referrals and all of those rely on the premise of the contribution for the workers to increase their savings rate. the proposals also assume that the greatest tax incentives for the companies would have no effect on the willingness of the business to keep its plan in operation or even to start a new plan. if we roll back the law to increase the incentives to save them to into bad things would happen. first is mrs. .-full-stop contributing to the pension plans because they are too complex and expensive to put up with without the adequate incentives and second, employees .-full-stop saving so much.

i don't think academics generally understand these points. what is your world experience making these decisions and then after you finish maybe you would care to comment. >> it is very powerful in middle class america making peace to search -- making these decisions. i agree with a lot of the auto enrollment. that is added to the number of americans participating but it's that incentive that motivates people to enter the plans. >> i think there are two points i would like to make. first is about the sort of tax incentives and what is the incentive to save. and here this is the key question. we make a contribution and we do not pay income taxes on the

money that we put in or the earnings they build up but when we take money out of the traditional retirement plans we pay the income tax when it comes out. therefore it is a deferral, not a deduction or exclusion and with the difficult us as effectively as zero tax rate on the investment income in the plan and that is the incentive it removes the taxes and allows the return for the investor to come to the point of the market return as opposed. why is that important? some of the proposals to cap the upfront deduction would actually turn on its head at the tax incentive and so one example is to cap a deduction of 28% and give you a credit. anybody in the income level it's of say 35% would have to pay the tax going into the plan and then

they would pay the full tax rate coming out of the plan. what this effectively what to do is this incentivize someone who is putting in that upper income level and actually make it almost preferential to put into the taxable account. they would have to hold the money in the plan for 13 years to sort of catch up at the beginning. so i think the proposals to cast the deductions and make a credit and put a tax penalty would be very detrimental because the higher income participants would be hired. the second point is the contribution limits are important and one reason the controversial levels are currently important is because people's ability and willingness to save for their retirement changes over the lifetime so we find individuals as they move into the 50s and 60s are more likely to participate and contribute.