>> here's what's happening on c-span2 tonight. live right now on c-span the voters first vote happening in new hampshire. republican presidential candidates are each taking the stage to answer questions.

this week on "the communicators" were going to talk with the congressional co-chairs of the privacy caucus and the cybersecurity caucus in congress. first up representative diana to get democrat of colorado serves on the energy and commerce committee and she is the privacy caucus cochair. representative to get when it comes to technology where do you go your personal line between privacy and security? >> i think that most people who are putting information onto the internet whether it's their social security number or other information they think it's going to be secure most of the time. unfortunately as we have learned all too well last year now american and israeli secure from cybersecurity breaches.

>> is there a remedy of any type and what can we do to protect that information? >> of course both private companies and the government trying to keep up with these hackers but we have seen attack after attack. the most recent attack of course by the office of personnel management but also in private industry, target, home depot and so many other private corporations have had information stolen. but we realized is we can try very hard to keep ahead of the hackers that what we need to do is think about how we minimize the need for customers to put their private information onto web sites. with the opm situation for example did they really need to take social security numbers for people who were to supplying for jobs and don't you really want to limit that to information

that you really need? one thing is we need to really think about minimizing the amount of personal information people are putting onto these web sites to begin with and secondly then we need to customers themselves need to be educated to make sure that they understand what their rights are and that they ask the hard questions before giving their personal information. >> joining a conversation is dustin foltz of the national journal. >> guest: thank you for being with us congressmen. you were writing a letter to the government accountability office asking them to take a look at what the government and private sector are doing after data breach is how they are helping responding in helping customers. it seems as though the sense of the letters more needs to be done. are they really not responding

to data breaches they need to effectively? >> guest: the government and the private companies are saying that they are giving protection to customers. i think in opm's case it was 18 months but the problem as number one it may not be long enough in number two and they case of -- it may be counterproductive. what we are saying is what could opm and these private companies be doing to do a better job of protecting customers privacy's and monitoring the breaches. >> opm is saying because the hacks on their systems are so massive they are asking other federal agencies to share the cost of providing those services to the affected people. is that a fair approach that opm allow this to happen in a way that all these agencies might have to share the cost of putting that bill?

>> to me i'm not so concerned about who's paying the bill. i'm concerned that we give the protection to folks because there were massive amounts of data that were stolen and much of this data was highly confidential data. social security numbers and other kinds of ada that hackers could use to really get their private information about people. i'm not so concerned about who's paying for it to make sure that people get robust protection. >> guest: david veach legislation is something that's popular in congress and their support of both sides of making one notifying standard or companies to notify their customers after a breach. we still have not seen that legislation go very far. if that's something we could still see after this congress? >> i think given the events with

opm added to the breaches we saw last year with so many large corporations. i think the urgency is increasing and i think perhaps this fall in congress comes back from the august recess we may see more of the information to bring this legislation certainly to committee. we have had some hearings in my committee but to bring it up for a markup and ultimately for passage. many of these are pretty common sense and would seem to me they would be easy to pass. >> host: representative degette you represent a high-tech area and the denver colorado regions. what do you hearing from some of the company's? why did they feel the need to have all this information about users of their products such as access to other contacts access to their photos whenever they download an app for user service? >> guest: you know i think what happened is obviously from

a marketing standpoint a lot of private companies have wanted to get access to as much data as they could in the past but i think what people are now realizing is when there is a breach people who you really don't want that data will get it. those consumer groups and also companies are beginning to recognize that maybe they need to stand back a little bit and say what data do we need before we will give a credit card or before we will give access to our sites and so on. i think this is a recent phenomenon. in the past people thought well if there is a breach then we will give people credit monitoring and other types of services that now people are realizing that is not a remedy and they need to look at the front end.

>> i want to talk about the white house framework for consumer privacy bill release early this year. it was introduced in privacy advocates had concerns with it. tech companies had concerns, not great fanfare. is the privacy bill something that could gain traction in congress and essentially what would that look like? >> i think people do want to look at a privacy bill but on the other hand there's a balancing that is to be made. technology has changed over the time i have been here and the ability of more sophisticated hackers to get information has changed. but it's a challenge as regulators to put a regulatory framework in place that would protect customers but also allow the free flow of data for

corporations and government. >> we saw movement earlier this year on a similar topic with government surveillance. congress passed the freedom act that limited what some of the spying programs were doing previous to hard to get the momentum and attention for these corporate and consumer privacy issues talking about companies like facebook and google lender private data they are and is a hard to get a focus and attention we didn't have this year's long scandal we have seen with government surveillance? >> what happens i think is you get some shocking data breach of millions of customers data either in the government or in private industry and bad people have a hard time figuring out what would a legislative fix look like he so it's hard to get the momentum up to come up with

a regulatory framework that would actually prevent those types of breaches from happening. >> host: congressman user from the investigations subcommittee on energy and commerce committee and one of the things you are looking at is the internet corporation for the assignment of numbers and names and numbers do you agree with the president's approach to make it more of an international body that governs the internet or do you agree with what congress did and hold back on that issue a little bit? >> received breaches by china and other countries so it's important to have a robust international regulatory body that can regulate internet numbers and so on.

but again this is an issue that is worth continuing oversight to see what if any changes we need to make to the rate of tort process we have now. >> guest: earlier this year as well the house passed two similar bills for information sharing. the senate is still figuring out what they want to do with increasing the sharing of cyberthreat data with the government in the or. there are still many privacy concerns with that as well. is that going to be conference out in the senate? >> guest: i never predict what the senate will do. they have it very different pace than the house has but i think the fact we were able to pass this legislation in the house showed that there is a need so i would really hope the senate would take this up later in the fall mickey go to conference. >> host: net neutrality has been an issue that you have looked at. now it's allowed the land house

of perceiving? >> guest: with the court ruling on net mutuality it is the law of the land and this is an issue we often joke and say everybody knows what net neutrality is that nobody can define it in the same way. the court's ruling helps give us a sense of what the law would be. a lot of the companies are completely opposed to the court ruling particularly with title ii and so there's going to be litigation. lawsuits have already been filed and they were filed the next day actually. i think it would really be wise for congress to sit down in a bipartisan fashion and try to give certainty to what the interpretation title ii is going to mean by coming up with a

bipartisan bill. i know there has been interest expressed in doing that but so far that hasn't gone very far down the road create. >> host: would you support a? >> guest: it depends on what it would look like he does that make net neutrality is important concept and i agree in general with what the court says but i do think there are some benefits to consumers as well as to the industry to have certainty in legislation to back up the court decisions. again it would depend on what it looked like but i told my colleague on the other side of the aisle i would be happy to discuss getting some kind of legislation together. >> guest: congresswoman you mentioned china with the opm. administration is not publicly blame them but officials have privately linked china to that hack. as a "washington post" story saying the administration decided not to publicly blame them at all and there's not

going to be a direct retaliation. is that an appropriate response to have a nation-state hack the verse confirmation of 22 million people and have no direct response at all? >> i can't unfortunately really comment about that because a lot of that is classified information. >> guest: are you concerned that countries might see the u.s. not responding as a way to open up and perhaps be more aggressive with their cyberattacks? >> guest: let me just say even though the government is saying they are not responding publicly i know that there are efforts to clearly identify and respond to those with who were participating in those cyber attacks. part of it i think is making

sure that we can do this in a way that will be effective for those who security was breached. >> host: were presented at diana degette cochair of the privacy caucus in congress and in member of the energy and commerce committee. thank you for being with us this morning. up next we will talk to the cochair of the congressional cybersecurity caucus. rhode island representative jim langevin is the cochair of the congressional cybersecurity caucus. representative sub or what is the purpose of this caucus? >> guest: like in a caucus a group of like minded persons concerned about an issue and we collaborate together but we also provide a forum to both groups on the hill to come in and do presentations to educate members and staff about a particular topic based on cybersecurity sorts of great for members and

staff to collaborate. >> host: this is an issue have worked on for quite a while. how did she get interested in this? >> guest: i fell into this in the 2007 timeframe or so. i was chairing the subcommittee on the homeland security committee that had jurisdiction over cyber and we looked at cybervulnerabilities. one of the biggest things that came to my attention was a vulnerability the safety systems that -- like regulating turbines on the electric grid or sewage human facilities and idaho national adds a significant vulnerability that allows a hacker to take control and the safety systems and cause them to do things that would

cause harm to the quitman grade for example in idaho national lab's found a way to cause a turbine to basically spin out of control and blow itself up and they demonstrated that on the video that i am the committee saw when it was released to a news publication and it showed how this generator will itself up to it came to our attention very quick leap and to see how significant are these vulnerabilities and unfortunately found it was significant then and it's significant now and the challenge is growing. it's not a problem that is going to go away. >> host: i'm sure you have seen the news reports about the cars that have been hacked while on the road while driving. is the administration are private businesses doing enough to protect us from hacking

cybersecurity threats? >> guest: in my pena no, not enough and i would put it in this context. is problem is never going to go away. it's a challenge that we have had to deal with for the long-haul. the internet was never built with security in mind. unfortunately our enemies and adversaries hackers have used these vulnerabilities for their own purposes and we have a country that is more to pendant than any country in the world that have made this incredibly vulnerable. what we need to do is bring it down to something that is more manageable. unfortunately the congress which could be doing more and should he doing more and have been pushing it to do more hasn't been doing enough raid we have.

most important of which is information sharing legislation that passed the house a couple of times that we are waiting or the senate to get their act together quite frankly and pass their own information sharing bill. >> host: dustin fultz. guess that the senate has indicated majority whip said they would like to do before recess. the differences in the senate bill are different than the house passed companion bills earlier this year. will there be a conference to bring us together? >> the senate passed the bill on the conference committee and an identical bill that goes back to both houses and voted up or down in this case and it goes to the

president for signature. we haven't gotten that far yet. for your viewers so they will understand the reason why information sharing is so important is allows us to communicate threats back and forth. what the government know knows some of the private sector knows and allows us to patch systems work trip and attacks before they can be carried out. right now there are legal prohibitions with the government sharing threat information with the private sector and legal prohibitions. acting as agents of the government and that's not allowed. what we want to do was is allow those barriers to be removed so you can share information on threats very narrowly defined

talking about technical types of information. the various hacks that have taken place out there if we could broadly share that information when one hack occurs in one place hopefully it networks data we can likely share that on the ability and more broadly affect everyone. unfortunately we haven't had that legislation yet rated. >> host: are the privacy reliability concerns? >> guest: anytime you are dealing with network security we have to be mindful of her texting private and civil liberties. i believe very confident that the house bill out of the house intelligence committee and when passed the homeland security committee both of which have passed the floor with strong bipartisan support and strong

right to see protections in their. privacy was involved with the drafting and for the most part have signed off. i think it's as close as we can get to perfect and i'm proud to support it and confident that there are strong civil liberties protections in their as well. we will make sure that those civil liberties protections are in there. >> one of the criticisms from security researchers is the government increasing his share of data could backfire. when you have so much data in a wide repository that's allowing allowing -- can be a bad thing and information sharing wouldn't have prevented a hack. >> guest: i don't believe that and it's about the threats or the malware that would be used.

those are the things we want to prevent in the first place if not the malware itself and by sharing that information not the data but the threats that we want to share. >> guest: does the senate need to do more to assuage the privacy concerns? >> guest: once they vote on something, i can't comment on it but it seems like they are -- to passing something on the floor. they tried to do it in the defense authorization bill amendment that unfortunately democrats didn't support it. it would allow for any amendment to that they'll. they need to bring up the bill. let's amend that were necessary

to make it stronger and protect privacy and civil liberties concerns. let's get something to conference a week and get to the president. guess i would like to turn to the opm hat. reports are coming out that the government privately linked it to china but now it appears officials are saying they are not going to publicly blame china at all and not going to directly retaliate for these hacks on the opm service that let to the personal information data of 22 million people fingerprinting there will be a direct response. can a country hack so much data and not get linked? >> guest: the outrage that the attack happened in the first place and was so successful in no one is going to be held accountable or prosecuted for it the problem is of course the

challenge in all of this is attribution. it can be very difficult to prove in an ironclad way who is responsible and who carried it out so hypothetically it's the attack. the question was was an individual hacker or was it the government, was it a proxy for the government that looks like a lone individual but was acting at the behest of the government? those are very hard things to prove so when you are talking about retaliation this is the thing, you have to have a strong case. there are strong indicators or fingerprints and the specific code that we know. it would be hard to prove.

we have to be better on the information side. the opm hackers could very well have been prevented. at least we could have done more. opium was asleep at the switch and i was outraged when it happened because federal employees data compromise but also you get to these forms that were hacked and security clearance information of individuals and their contacts family members and pass associates all of those put national security at risk. the director of opm at the time because opm had been warned for years investigations material deficient. they should have been doing more. granted one of the problems is nobody's in charge with policy and budgetary authority.

it's not like the director or any director was coming to the table and saying we need help and we need more resources. that never happened. >> host: assisted dhs issue or cover out why? who is in charge when it comes to the government? who can you turn to when you want information? >> the answer is you have to coordinate her michael daniel in the white house. he's the special assistant to the president and cyber and i give michael high marks. i've had the opportunity to speak with him several times and i have a lot of respect for him. he is the coordinator and he doesn't have policy vegetarian authority to reach across government and step it up into one cyber the department of

homeland security is the agency that is ostensibly charged with carrying out cybersecurity for the agency for the dot.gov domain but even secretary of common security does not have budgetary authority to reach across government and compel departments and agencies to do more. i have introduced legislation to fix that problem to create a director's position in the white house that would have this budgetary authority. stepping up their game and doing more. and it passed once the national defense authorization act that came out of the armed services committee. it's up to the republican leadership who has not taken it up hoping we can do more.

>> host: is there any continuity among government agencies and how they protect information on line? is there any continuity in the congress? >> guest: the answer is some but not enough. the department of homeland security they do have protocols in place that they are trying to deploy governmentwide. einsein iii for example is the tool that is substantively the tool that will do a better job of protecting the dot.gov domain but right now it's such a small percentage of the dot.gov domain that is deployed on some of that and we have to negotiate that with the internet service providers and the agency and we are slowly working on that and as time goes on we will have more agencies detected by einsein iii. there is more than needs to be

done and it has happened more aggressively and again it's the departmental agency isn't taken seriously enough rape cybersecurity isn't necessarily going to be their primary mission so they are busy doing whether its treasury or commerce restate doing their primary mission and at the top people that are going to get cybersecurity that we need to take this more seriously probably not. perhaps the resignation of -- that the department agency will wake up and take us more seriously but again until they can compel them to do more summit like mine. >> guest: and importance of cyber space is part of the problem blaming china are responding? is part of the issue that the u.s. is invested in cyberspace and we have lost the moral high ground with her on espionage

surveillance? we had dozens of visuals come out and -- how effective the opm makers were. is it hard for us to respond when we are doing somewhat the same thing? >> guest: i would say this. we have present capabilities and cyberspace so in a range of government entities around the world, but i can tell you the type of hacking right now nations like china quite frankly represent an unprecedented new method of operations especially talking about the type of information that they are stealing and corporations that they are hacking and taking data. if their largest wholesale transfer of wealth income in history in what's going on with the cyber attacks and i can tell you we don't hack into the

different companies and corporations around the world and steal their data. the united states does not do that. the question is who would you give it to first of all? china is doing it. it's outrageous and it's got to stop. this is one of the reasons why we need international rules of the road about what's allowed and what's not allowed and china, russia our way out of bounds on these things and we do have these international rules of the road. and it would also impose consequences on nations that do it. guess i want to turn quickly -- cohost guy apologized that we are out of time. dustin fultz we'll have to have you back as a question and jim langevin is head of a homeland security committees and cochair of congressional cybersecurity caucus. thanks for being with us. >> guest: thank you. thank you for having me here.

live right now on c-span the voters first form happening in new hampshire. >> americans in new hampshire are buried about global terrorists and worried about isis but the war tomorrow may already be here today. we have 500 satellites up there in space the control atms, gps. if someone took out one of those