connected customer experience in global public policy at general motors. welcome. you are recognized. >> thank you very much, chairman mike, ranking member kelly. thank you for the opportunity to testify before the subcommittee's. in the roughly 100 years of success turns, the automobile has impacted american life in ways unique to any other machine. it's impacted how we live and work, how our cities have grown and how our country has grown at the machine itself remains basically what it was in the time of its inception. a gasoline combustion engine connected by a drivetrain to wheels on the road driven by a human being. but we are now entering the era where all of the basic tenants will change radically. carswell more and more have different modes of mobility

other than a gasoline engine. they will be connected to each other in ways that will make the driving experience safer and more enjoyable and they will more and more relieved the human being of the driving task. because we know that humans are fallible and will have crashes and cars, the automobile industry and the national highway transportation safety administration or nhtsa has spent the last half century designing and building automobiles to be safer when they crash with innovations like seatbelts and airbags. today we are designing and building automobiles to avoid collisions entirely with technologies like for him to backup cameras and blind spots warnings. increasingly these technologies allow the machine to assist the driving task itself when the human driver doesn't react

appropriately enough to approve a crash. soon, technologies like vehicle to vehicle communications will be deployed with the promise to impact over 80% of the crashes on today's roads. the savings in terms of lives saved, property damage prevented, medical costs and congestion will be enormous. at general motors, we are moving quickly to take advantage of these innovations. here are the first automobile manufacturer to build connectivity into our vehicles and we have over 6 million customers in the united states and over 1 million customers connected on the broadband platform. we've deployed many advanced safety technologies into the vehicles including announcing the deployment of the peoples of advanced rearview mirrors and we are the only automaker that has announced the commitment to

deploy vehicles with needed technologies that are cadillac model for next year. however, we must acknowledge that when change comes challenge. we must deploy these innovations in the safest manner possible. we must commit that we respect their privacy and will protect their information. our automobiles contain software that may have vulnerabilities that bad actors could exploit to threaten customer safety and privacy and we must do all we can to prevent automobile hacking. we must realize we are competing with other technologies for the use of scarce resources like spectrum and we must be able to use the resources in an efficient manner so long as it doesn't interfere in the critical missions of our systems. if we have the freedom to innovate in the parameters, the promise of the future cannot be imagined today.

thank you and i look forward to your questions. >> the vice president of connected services planning at leota. welcome and you are recognized. good afternoon and it's an exciting time for the industry more vehicles are being connected and outfitted with safety features in the safety services as well as the ability to interact on these smartphones. the truth is we are only at the beginning of the beginning. the connected will far surpass the connected with its features and capabilities. to address questions about the use of the vehicle date of the auto industry came together and developed privacy principles for vehicle technologies and services. these include meaningful protections including heightened protections of the use of certain people data like the location or how someone drives. for example they agreed not to share agree not to share data with third parties for their own use or to use the data for

marketing purposes without the affirmative consent of the vehicle owner. in the privacy principles the auto industry is at the forefront of protecting consumer data in the emerging internet of things. the code of conduct is precisely the type of effort in the private sector and it should serve as a model for other internet of things actors. cybersecurity is also the key focus and no criminal cyber attacks on the vehicle have occurred the auto industry is well aware of the cyber security risks that exist for other connected devices also exist for connected cars. we fully grasp the potential consequences of a successful real-world attack. in that light the auto industry is forming to exchange information on cyber security threats to vehicles were displeased to serving as the first board chair and we are committed to the success. we expect initial information sharing from the auto isac by the beginning by the end of this

year. some are making the case that automotive specific cyber security best practices and standards are needed. the question is whether the automotive best practices would look any different than existing best practices that guide the other contexts. that being said the auto industry recognizes an effort to adapt existing best practices to the peace corps may be appropriate and that's why the industry embarked on an effort to identify the best practices that are being and can be applied to vehicles and to address any potential gaps. for the very same reasons that the government has refrained from mandating cyber security standards in other sectors as a significant risk with a government mandating cyber security standards for vehicles. industry can move quickly to update out of date practices or adjust to new threats and in addition setting specific government standards may encourage some companies to simply comply not to do more to

protect consumers. finally, a sector specific approach will almost certainly have significant implications for the harmonious development of the internet of things at large. as the internet of cards he evolves we are on the cusp of a radical transformation in vehicle safety that will be made possible by vehicle to vehicle communications. dedicated short range communications or ds the src is a technology that will allow us to overcome the change, field of view and line of sight challenges posed by the technology. enabling them to identify collusion threats of a greater distance or around a corner area when the fcc allocated to spectrum spectrum in the 5.9 band for the dsr see it was a collaboration between the dot and the automobile industry on the development. the fcc is also currently exploring opening up the band to unlicensed devices. we support the prospect of sharing spectrum if it can be proven that no harmful

interference will impair the safety of life mission. promising proposal has been offered that has the potential to accomplish this goal. the proposal and the automotive industry have recently preceded validation testing and we remain confident it will be proven as a workable spectrum sharing solution. in closing, i would like to provide two final observations. first, the internet of the ecosystem is evolving. technology companies, telecommunication providers, insurance companies and others have introduced and continue to introduce products and technologies to directly communicate with vehicles area as the system continues to evolve, responsibility for protecting from potential cyber attacks and for preserving consumer privacy should also involve to include all relevant players in this space. a second there second there's a number of agencies seeking to oversee and regulate organ fluids cybersecurity privacy related to the internet of

things either broadly or within the narrow subset. the result of the working group efforts initiatives and proposals is exceedingly difficult to manage and prioritize. without consolidation of the efforts, clarification of the various agencies and coordination and opportunity provided will almost certainly suffer. thank you for the opportunity to testify before you. >> thank you. we won't recognize mr. o'connell, the vice president of the business development for tesla. welcome and you are recognized. >> members of the committee we appreciate the opportunity to come here today and for the opportunity to speak. tesla is known for being exceptionally safe independent testing and has awarded the model in the current offering in the highest possible safety rating of five stars. and every subcategory without exception approximately 1% of all justified by the federal government across the board.

safety is the watchword. automotive injury and fatality rates have fallen over the last several decades as a result of the crash safety improvements such as airbags, energy absorbing vehicles and tesla believes in order to maintain the pace of the fatality rates the eagles needed to increasingly use computerized visual systems to avoid crashes with particular opportunity afforded the fully connected vehicle space. the two examples of the connected car functionality leading to significant safety benefits compared to non- connected or the following. the following. first with the automatic energy emergency brake and excuse become a vehicle feature attempts to avoid accidents by applying brakes but it is believed imminent. it's one of the manufacturers that created to making this a feature in all vehicles and tesla has already delivered on this. the autopilot functionality with improvements that are constant as vehicles effectively blurred

from road conditions and to and share their learnings in the entire fleet or connectivity. several studies demonstrate that uptake rates of recalls in general are about 70% that is to say that given the fault into recall 70% are defective and will get repaired. put another way 30% would be left driving around in federal safety standards were the safety related defect. it offers a significant opportunity for us to do better. modern vehicles are heavily software controlled and software changes alone can often result in the safety issue. in late 2013 became aware of the potential hazard a week to be related to incorrect third-party installation and wiring. after the investigation of the software changes identified it was capable of detecting and solving for third-party phone because of the leading connected vehicle capabilities for software solution was automatically delivered to the entire fleet. in contrast to the industry

average recalled up to 70% of the automatic software update and achieved updates rates of nearly 100% within a short amount of time measured in days. the precautions and concerns as we go forward the first is to ensure that any software updates to the vehicle are authorized by the manufacturer. this can be achieved by using industry standard cryptography, technology referred to as assigning. the second is to strongly isolated networks from the mechanical systems and vehicle if the processor on the vehicle had networked the conductivity of the processor should not have direct connections to the yokels mechanical systems and the steering acceleration, rakes in selection. the third precaution is to use industry standard communications the data that is transferred to and from the vehicle with respect to regulation we appear

with rapid innovation for the automotive safety and tesla vehicle safety already significantly benefit from the investment in the vehicle connectivity. with innovation renovation of success and enhanced safety to only continue at the full potential of the connected vehicle realized. overzealous or the more predicted future regulations that doesn't allow for that creative solutions can actually deter and as a result any move in the direction must be considered carefully and only to the extent absolutely necessary. thank you for the opportunity and we will work with any questions. >> i would like to recognize mr. garfield. welcome and you are recognized. >> thank you chairman mica, breaking the hurd, members of the committee, on behalf of the 65 most dynamic innovative companies in the world be thank you for hosting this hearing. it is perfectly timed before

42 million americans get on the road to engage in the thanksgiving commute i would suspect that five to ten years from now, the cars on the commute will look different so i will focus my testimony on that issue which is transformation is occurring and information taking place in the space first and then second what we are doing to make sure that we ask of the rate of deployment but in a secure and safe way. it's often said that it's difficult to appreciate history when you're experiencing it and living in the middle of it but from my conversations with our companies we are living in an innovation renaissance. the conversion of the most ubiquitous broadband with improvements and computational processing as well as low-cost and almost unlimited storage is transforming mobile computing that includes the original technology which is the car we

see that the third of the is the adaptive cruise control automatic braking which i have in my car. we will see that with the other panelists with his vehicle to be be equal is equal to infrastructure communication or autonomous vehicles. our companies are working hard deploying technologies to make those types of vehicles available sooner rather than later. whether that is dedicated short range communications, advanced or wireless. as a member of the panelists noted in its early days yet it's impossible to tell which technologies will work most effectively. what we do know is there will be radical transformative improvements in safety access as well as how we view our cities. the other panelists spoke about some of the safety issues so i won't repeat that but think about all the people today who

are not able to drive because of a disability or they are tools or they are too young. through connected vehicles or autonomous vehicles those people will have access to transportation in a way that they don't today. similarly when we don't have to think about cars being parked all the time that way that we think about our landscape and cities will change dramatically. our companies are investing billions of dollars to bring that back to the market sooner rather than later and we are partnering with many of the companies on this panel in order to make that possible and as for working with the public sector to enable that. a big part of the work is ensuring commuters have confidence in the safety of the hugos and security will become even more prominent in the future. for us to have a long experience

working particularly on cybersecurity whether it's protecting from the network edge into the cloud and everything in between and increasingly the norm is security by design, which is building a robust resiliency and redundancy of the software and hardware levels of levels that it isn't a latch on to later on. what that means is you can actually build into a chipset the encryption protocols to protect on the unintended encroachment as well as the ability to adapt in that encryption that is circumvented. we found it quite productive to work in advancing the pork and they've taken a collaborative approach and working with the public and private sector working together in coming up with a framework of standards and best practices while allowing sufficient flexibility for innovation. there is still work left down that speaks to the role congress can play. a number of the members of the

panel pointed to the number of efforts and initiatives that are being undertaken in this space. congress can play an important role in that cacophony as it is identified. second, the -- there is the need and the ranking member made this point for the national information of thing strategy. there is so much work taking place in the space but not much of it is well coordinated a national strategy to serve the economic security and safety interests. finally, once we look at what is being done and developing the strategy there is an appropriate place for the regulation to deal with market caps and we would advocate the approach that has been taken into developing the regular for a framework that is best on the practices and allows for the flexibility is the appropriate approach. thank you.

>> thank you. and we will recognize kahliah barnes associate director and administrative counsel at the electronic privacy information center. welcome and you are recognized. >> thank you, chairman and every game mcgrady member kelly and ranking member duckworth. i kahliah barnes with the law counsel for the electronics press information center. i think as an independent nonprofit research organization focused on the emerging related human rights issues we thank you for holding the hearing today for taking the time to consider the important privacy implications of internet cars. new vehicle technologies offer a variety of services to american drivers and are quickly being implemented by car companies. but the new technologies typically based on internet connectivity also raise financial privacy and security concerns that the congress needs

to address. as cars become more technologically sophisticated they collect a lot of personal data including physical locations, destinations, text messages and phone records. most car companies and other companies including google failed to inform consumers of the data collection practices and few give consumers control over their data. auto companies also use personal driving information for various purposes for which can leave consumers in the dark about who has access to their information and why. the information is often maintained in years if not indefinitely. the very real possibility of remote car hacking poses a substantial risk to driver safety and security. connected cars can be remotely controlled from anywhere in the world over the internet where they can take control of the various features including breaks, steering and car locks. wireless hacking can also

provide access to the physical location using built-in gps navigation system which can facilitate crimes such as car theft. congress must enact meaningful safeguards to protect privacy and security in the internet cars. last year a group of 20 automakers including general motors and toyota find a volunteer pledge for the pricing and security. while the price is an important first step it is no substitute for federal baseline privacy data security regulations. the pledge fails to provide financial protections and it lacks any meaningful oversight and supports the status quo of the wholesale collection of sensitive driver data. to protect the privacy and security of american drivers, the congress will need to do more. first, congress should act on the pending legislation. despite the act for 2015 but established federal standards for connected cars.

it empowers the consultation with the ftc to develop cyber security and privacy regulations for drivers to. it's a good framework for the meaningful safeguards. there's also the house draft bill that would require car companies to develop modest privacy policies for the collection and use of driver information. at the house draft falls short of providing robust privacy protection. the draft would not require manufacturers to actually develop or implement pre- busy protecting measures instead the company is the only inform drivers about whether the company chooses to take various privacy protecting measures. the draft also immunize his car companies from the ftc scrutiny for simply developing and privacy policy. it would probably criminalize people hacking including for research purposes. the senate bill comes much closer to safeguarding the interest of american drivers in the house draft pick it in fact

we would impose an accident of the house draft which would be a step backwards for americans who are concerned about privacy and security. second, congress should establish fines for hacking the connected cars but only where there is malicious intent. this will connect the research vulnerabilities many of which we discussed today while punishing hacking that is intended to cause harm. third, congress should grant authority to issue privacy rules despite the act of 2015 with its emphasis on enforcement, enforceable rules in the civil fines for offenders provides a type of privacy and security safeguard the drivers need. as congress moves forward it is critical they have rulemaking authority over the industry. the rule should incorporate practices detailed in the consumer privacy bill of rights, which is a sensible

comprehensive framework for privacy protections that provides privacy protections and help fairness and accountability for the collection and use of driver information. every day without safety protections places countless drivers at risk of having their personal information or physical safety compromised. it's putting consumers back in the driver seat when it comes to privacy. congress must act swiftly to combat the current and future privacy threats posed by the internet of cars. thank you for the opportunity to testify this afternoon i would be pleased to answer your questions. >> i will think the witnesses had come into questions. first let me get to the national highway traffic safety administration. when i helped craft the map 20 legislation in section

31-forcing 402 electronic systems performance that sent specifically not later than two years after the date of enactment that was july and i would give you august of 2012 but the secretary shall complete an examination into the need for the safety standards that could regard to the passenger motor vehicles and that has a couple of criteria is. the completion of at the completion of the examination of the secretary shall submit a report to the committees coming and i see i screwed up i should have put the transportation in here, too. they don't have one but we have the transportation in the senate and energy and commerce in the house. have you completed the report? >> know it is still under review. what we have done is we put the

entire research program that we developed in consultation with the other government agencies and private industry etc.. >> i guess i just put these things in and forget them but did you august 2014. so we are a little bit behind. there is a draft entering a hurd activist isn't in either of the committees. can you submit the joint subcommittees in the draft? spike lee will take that back. >> you're not sure if you can? >> we want to see it and we will

have it here within ten days. that's the way we operate. we don't have any penalties now, do we come if someone hacks a vehicle? has been mac that is correct. specs of it is still pending. the favored side of the privacy in our testimony but we have seen they can be hacked for possible correct. >> so now the intent you could probably stop in engine, you could disable breaks were steering because all of us have electronic components. would that be a good assumption? i'm not technologically competent but -- >> you would be able to.

>> so,. >> the committee has enacted and congress has enacted and i have to pay plane also on us we gave a lot of money -- connect to suggest the implication of that we suggest nothing is being done when in fact much is being done. >> we give certain directives i was going to get to the question of them working with you all and you did talk to the standards. but everybody has participated. >> leeann graced the framework and adopted that into the regulator. >> both of the federal regulators federal regulators or with the private sector group.

>> we had discussions with nhtsa. >> to be perfectly accurate we are involved in nhtsa with an ongoing basis. >> just wants to find out and again i commend you for coming together as an industry and i don't want to imply that nothing has been done at my job is to give certain directors to agencies. and i'm not here just to look good, i know i do but -- >> yesterday mr. chairman. >> my job is to hold their feet to the fire and when you put something in line the newer members will find them here you can put accurate things in a three or four times and they still don't comply but we won't go there today. again, we gave you a lot of money and we spent about

500 million of taxpayer funds testing dedicated short-range radio communications. what are they doing to address the potential issues with security credential management systems where are we on that? >> beard joint program office funds. who is that under? spinnaker program office that is now part of the secretary. >> it is under the dot. >> dot they have had half a million. what is the result of their? >> with the department is doing is putting sort of hardware behind the system. what has been done today has been a lot of hardware with a lot of smart people coming up with a design but now we feel we need to build this and operate

it to see what are the vulnerabilities. >> do you have any idea exactly where i'm told that some of what you've done we are really actually splits behind the sort of advances in technology and how much more money and how much more time with take? >> that's why they've committed to putting this technology out as a part of the proposal in 2016. >> so that's not until next year? >> that is the goal they asked us to accelerate which we have. >> we spent a lot of money and we don't see a lot of progress. and when would you have your final report that i requested here. when will you have that

record, sir. >> i want a firm date and then i wanted to be made part of the pacord. t of the record. >> i don't mean to be demanding. >> i understand your frustration. >> again, we try to act responsibly and we expect the agencies to do the same thing. right now, my final question, cars can be hacked with electronic systems. we don't have in place a standard or ability to stop that i guess that is a simple way to put it. is that right? sprick gm has invested a lot of time and effort to making this as difficult as possible to hack into cars.

as i indicated, we have embraced the framework. >> that is the individual effort. we applaud you for that but we don't really have a standard or the ability to prevent that development, do we? spinnaker we have the ability to implement things in the business which is what we are doing. i can't say whether they can be hacked or not. we are making them as difficult as we possibly can. >> but i am asking about the heavy standard? spinnaker i think we are trying to be proactive. >> but again the question -- i applaud each of you but they will tell us five star and my question was is there a standard

developed industry protection in place and the answer is for you. >> we have begun working as an industry to establish. >> but we don't have that in place. >> i'm not aware of an industry standard. the one thing that i would add is that there is a difference between a sort of hard access and that's something that we have seen in the former richest people that have access to be able to modify certain access, so hard access can -- >> it has happened on isolated cases. i am personally not aware of any wireless. >> there are no protections were standards. >> new standards standards that we are aware of. >> and again heard the responsibilities congress has set no penalties. we have the agencies fees to the fire. i will give you the last ones anything you want to comment. >> i would point out in the

testimony that key examples of computer science are finding ways to hack into vehicles. >> so there is a difference between the standards and being law. there are certainly standards being about to cybersecurity. and there's certainly the wall in place that would be on the act with a digital money computer act for folks hacking into cars or anything else. the question is are there laws mandating particular standards and i would argue that mandating the particular standard would be the absolutely wrong approach. >> we don't have that but we don't have industrywide standards or protections. on hacking and privacy and a bunch of things we've heard today that the industry group

just recently within the last week has developed a set of voluntary best practices. i just wanted to make sure you knew that was out there. >> things have been usually just after the hearing. so let's go -- >> thank you mr. chairman. i want to speak to the sector specific information sharing analysis centers which are not prophets member driven organizations formed by critical infrastructure owners and operated to share information between government and industry about cyber threats and lessons learned. this is in the automobile industry and other areas. can you talk about what sort of mechanisms or organizations have been instituted by nhtsa and also by the industry to work towards a secure internet connectivity was? spinnaker spent quite a bit of work done.

they were at the forefront to encourage the development of the isac and we are pleased it is actually up and running right now there are some additional steps we think are necessary. one is clarifying the role it will have on its interactions in the agency and also how the group will be expanded to other sectors including the suppliers. >> i would like to speak to the supply portion cited that this is something that has come up in my work on the armed services committee, cybersecurity is certainly something of great potential harm to the military and one of the things i found out for the military weapons platform something as critical as the new fighter jet that is is not complete security of the supplier network. can any of the three chairmen from the automobile manufacturers here talk about what you've done to secure safeguard or ensure that the supplier network is one that you

can trust. it is a problematic company that engages in the espionage both incorporate the speed to espionage and intelligent espionage as well. what are you doing to make sure -- i'm assuming you don't make your own checks what do you do to make sure the supply network is also secure? >> so as i was indicating we have invested a substantial amount of resources and time and into the whole whole cybersecurity issue in fact we created a global organization whose mission is to end cybersecurity of the products and services and that organization is headed to the cybersecurity officer through the reports to the senior management of the company including the ceo into the board

of the regular intervals about regular cybersecurity status regular cybersecurity status of the product and services. that includes the supply chain. and we have requirements that are suppliers us to meet. the audit them on those requirements into test their products and we have those products as a part of what we certainly increase in the security by design all the way through to production those products are tested by both internal and external experts. >> for the cyber vulnerabilities are you talking about -- >> for cyber vulnerabilities and other techniques that are common and standard. >> cyber security and safety is a paramount interest to us and

we also use industry-standard best security practices including security by design, risk assessments even in the telematics group, we have our cybersecurity team and had it in our activities from the deity put pen to paper on strategies. they participate in that so we are bringing them into that so that we can share information with them as well. a couple of thoughts many of the things we do are consistent with what my colleagues had with respect to looking at cybersecurity and the general robustness of the system a couple of things to differentiate one is our concern based on being an industry leader in the electric vehicle space we have a unique concern about the integrity of the

operations because as a new industry and trade where we are uniquely subject to these risks that said we take the systems level approach especially in the software development and also on the vehicle side. so we have a higher degree of vertical integration. many of the software systems are designed from the ground up as a whole system rather than relying on outside providers of software. with respect to the chip technologies, we are largely to my knowledge sourcing from domestic sources. but we are wholly focused on the vulnerabilities as any silicon valley company would be a great >> ien out of time mr. chairman. >> i appreciate your insightful list of questioning and i would recognize my colleague from the great state of texas for five. >> thank you very much mr. chairman. i appreciate the opportunity to be here.

you are announcing that mr. beuse is that correct? there is a huge amount of investment that automakers and by u.s. tech companies like google, uber are making an autonomous vehicle crash convention technologies that don't rely on the dsr see at all. what if any steps are they taking to support this type of innovation. one of the reasons the u.s. leads globally on the u.s. transportation systems. >> so, with respect to the automotive automated sql systems we couldn't agree more we think there is a future for both connected and automated. we are pushing hard on both. eusebius of examples by a secretary on the automatic braking for for example the just concluded that the technology into the new car system program which is one of the most vulnerable programs at the department in terms of consumer

information. the other thing is encourage industries to slowly make that a technology standard slowly by meeting trying to get to a place where they can offer that as a standard feature on all of the vehicle models without a regulation and that was the september announcement that just happened so you can see we are pushing on those automated technologies and likewise on the connected vehicle technology we beat me that it is a band-aid that is necessary to get the market to go. >> how will the tide is in with the proposal to mandate are you going to require the companies to put them on top of their own technologies and are we forcing a standard on folks that may not be ready for it? >> that is what the proposal was meant to find out. i think if you look at the approach is to departments to try to get the technology out of the research phase.

the bbb they are not in competition with each other and there is a rule for both. >> i want to visit a little bit about what you are doing. you all take a different approach to determining security issues and other concerns where you talk about what you do and why that is a good thing and how it is working. >> sure. our approach is consistent with software development for the silicon valley approach to harden the software course over time and it relies on a system of incentives whereby we encourage folks to test the system both professionally and and informal environment and we

reward them when they identified the four abilities. this is consistent with the sort of incentives and disincentives systems that i think generally works in the human environment. but we find it has worked very well in most software environments and it's working well for us as well and it allows us to rapidly identify problems and rectify them through connectivity as i mentioned before. it implements the solutions. >> mr. beuse the u.s. on an international basis to support a global standard for the band at 77 gigahertz while we are working locally as at a whole different frequency range around 50 gigahertz. is this an exhibit of talking to the other and wouldn't we be better with one international global standard clack >> i'm not exactly familiar with that particular issue.

i do know that on that particular radio technology side of things we have worked very hard to make sure we have the same standards on both sides of the atlantic said to speak so we can have one common set of hardware. >> would you like to address that? cynically support the idea of the spectrum sharing and there has been deployment in the japanese market near a device played eight gigahertz band. we also think it's important to protect this bandwidth within the united states. they provide life-saving services that we need to make sure that that hurd it is very reasonable to work at the 77 gigahertz like the rest of the world is talking about? spinet i'm not a technologist so i will have to pass. >> it speaks to the point that we were making curvature about all of the different experts in this area and why an agency that is focused on standards and standard development globally has to be a part of this

conversation. >> okay. i am out of time and i look forward to a second round of questions. >> thank you, congressman. now i would like to recognize the ring king member of the subcommittee and my friend from the great state of illinois for five minutes. >> they bring greater levels of comfort and convenience and safety safety but that same internet connectivity means that the peace computers only face the same cyber threats and vulnerabilities as other computers. mr. garfield given the volume of successful companies is in corporate and government networks in your estimation, how likely is it that that we will see that people see that instead of just researchers succeed in hacking especially in light of mr. barnes testimony? >> i think the likelihood is real and it is likely.

the information shared about the approach of the software industry in taking that approach where he's just continually tested and in integrating the security and privacy by design with redundancy can easily redundancy, resiliency and robustness so we are not compromised completely that is the proper approach. >> is there anything that keeps you up at night or concerns you the most? >> generally i sleep quite well. but honestly, i think part of my worry will be the dream deferred because our policy apparatus won't be as agile as the software development to keep up with them and so suggesting we act in the the activities teach a coordinated fashion to ensure that shared interest is achieved

is there anything about that he would do it on purpose but that you are adding that you think could be negatively compromised as you are getting more connected i guess? >> as we said, we certainly embrace all the tenets mr. garfield has spoken about and we incorporate security by design, defense in depth strategies throughout. so from the beginning th any service or hardware begins to be to go through the design cycle for the automobiles, that cybersecurity poster of that particular element is being evaluated as the risk of being accessed inappropriate measures

that are being taken to mitigate that risk and that was all the way through production and into the lifecycle of the vehicle to solve -- itself. >> for julio that the safety and trust of our customers a spare mount and as i mentioned on the site, we employ the same cyber security best practices that have been mentioned here today. we include our cyber security experts from the very beginning and they provide the fact we implement and i think as we go forward we will continue to expand and we also look forward to working to develop cyber security best practices we can all employ. >> you didn't ask me that but i sleep well at night, too. for one i know that we are in bullying some of the industries developing new applications into considering important issues.

the other part that gives me peace at night as we are working in the context as the representative referred to does open innovation where it is and wholly reliant on the capabilities of tesla but looks at the resources to improve the systems that are developing and two rapidly implement the systems. >> at the beginning of the testimony you talked about the statistics of people dying on the highway. your testimony reference is a tremendous economic societal benefit that could be the right from autonomous and connected vehicles. in your opinion what should congress be doing in the federal government more broadly to ensure the potential of the technology what more can we do?

>> there is certainly important work for congress into so many different agencies and the connected cars are a part of that. congress can play a greater great role in bringing clarity on a path forward and filling gaps where they exist. so the representative spoke about the fact that going through the house to make order for all the work that's going on. we think that would be quite valuable. >> think you and i yield back. >> i would like to recognize the gentleman from north carolina for five minutes. >> thank you mr. chairman. about five or six years in the '90s i worked in the automobile industry on the retail side and i can look back on those 20 years and see how much paperwork onto the other side was required of men and to how much is required now.

the last thing we want is more federal regulations on these men and women that are working hard to provide jobs held in the industry. so i do have a couple of questions to make sure we are headed in the right direction. what role if any in the internet of cars can be fueled by the federal government i would like to hear your thoughts on that. >> one of the things we doing is ensuring proactive steps to stem mentioned about security by design we think that is absolutely paramount terry is one of the things we have been doing all along as we saw this coming from very far away that in order to see the vision of the future was automated and connected vehicles we have to start focusing on that and so we have been pushing and prodding the best we can to get that happening. >> in your opinion do we really need an auto industry specific regulator and although

industry-specific best practices standards or is the national institute of standards and technology voluntarily separate from the security framework sufficient enough for the right approach, can you address that? >> it might be all of them. right now with the concentrate is the two-pronged approach working directly to work with the auto industry on the set of best practices that as a regulatory agency, we have to keep in mind that is our job and if there is the need to set up where we will do that. >> let me stay with this another minute or two as the federal trade commission have jurisdiction under section five to the privacy policies of the automakers to the extent they collect the customer personal information from the connected car devices? >> that is probably a question more directly directed at the ftc but what i can tell you is we have been working very closely with the ftc on privacy issues. >> does the department of transportation have particular expertise that would warrant

having them oversee the privacy policies related to the connected car devices? >> we do have privacy experts that's one of the things that will be addressing the rulemaking so we have expertise at the agency. >> is there a certain timeframe is this a conference or meeting that he will be addressing, is there a specific -- most of the technologies in development are independent and do not rely on the dsr see. what are they doing in the technology adoption not to hamper the innovation that we are seeing the xp are using the tools at their disposal including the consumer information where appropriate and it is an error when we see

life-saving technology we want to get it deployed as soon as possible. >> in your testimony you know to do the sensitivity connected by the vehicles and did a great job sharing data that what information might be collected and what entities would be collecting it other than the vehicle manufacturers. >> to some example of identifiable information would be location information which can reveal an individual's pattern or habits. there's also the collection of biometric and the collection of credit card information with certain telematics at least inside of the car. individuals can within their car speak into the system for a text message so that also text messages and looking at the privacy policies of the certain auto manufacturers it's almost an endless amount of outside

entities and often times they do not specify the various third-party entities to which they give information. we know in a certain context of the marketers that there is an increased market for insurance companies to gain additional acts and without sufficient legal requirements law enforcement can also gain access to this information. >> thank you that is very well articulated. maybe to get a quick answer from the manufacturing dies regarding the connected vehicles in what countries are receiving the most information? are you able to address that and go down the line in eight or nine seconds? >> it is a globally competitive part of the industry. i think right now the united states leads in terms of the advanced technologies but i think that this is rapidly changing and the policies need to be in place to assure that

this innovation continues in the united states. >> i agree we are moving very quickly in the united states to adopt these technologies and also in countries like japan and technologies for example have already been put in place. >> i think that the most advanced efforts are taking place in the u.s. right now and i would like to see us continue to be on the leading edge of this. >> you are recognized for five minutes. >> thank you mr. chairman and i want to thank the ranking members for this hearing. mr. o'connell you can go on and talk about the area as long as he wants to. representing the area of the country. first of all i requested a statement for the center of democracy and technology to be entered into the record. and and then maybe three of and

general motors. that whole issue of independent researchers. mr. o'connell talked to the advocacy for such comments and we talked about other technology companies doing that. can you tell me if 20 other and general motors has the same feeling they would allow for independent researchers to help them to make sure that their software is working properly and you see this in the context of the industry like folk swag and so maybe you could respond to whether you agree with the approach or whether you have a different one. ..

>> we welcome information from so-called hackers. we have regular relationships with them. we attend the same conferences that they do. we also do employ third-party security safety and we are patching any vulnerabilities that we might find. >> switching subjects to privacy. so the privacy examples are interesting to look at. my concerns in the california

legislature we had very spirited debates about providing for an opt-out for any third-party data. so in that context, i think with the language that you have in the prifs -- private agreements and the concerns that have been expressed here today, can you provide a comprehensive list of all the data tracked in your vehicles and can you provide it to the committee borrowing on the chairman's earlier comments about within a couple of weeks? >> sure. it's the most valuable thing that we have in the country. we respect the value of our customers and we want to protect the information. i will say that before we

discloses any information. >> mr. lobenstein. >> we also follow a similar process. for instances where data services are used, we ask for consent of the consumers because they provide life-saving services like crash notification. >> i appreciate that. mr. oh -- oconnell. >> when we do share, there's flow of data, we aggregate it where you can identify the vehicle. so that's our philosophy, but the intent of -- as i'll remind,

the intent is to increase safety of the vehicle and utility of the vehicles to our customers and drivers. >> i appreciate that. mr. garfield, if you can talk about the standards in your view and related to other tech privacy protection, the norms are driven by the standard which is at the heart of fdc regulation which over time has become more expensive not just to deal with those that are normative. thank you, mr. garfield. mr. chairman, i yield back. >> i would like to recognize myself for three minutes.

mr. beuse can ewe tell us drdc is. >> dedicated radio communications. >> how is it going to be used? >> send safety devices. >> this is being developed? >> federal agencies. suppliers, manufacturers. >> here is my concern about that dod, nva spent over half a billion dollars trying to get to electronic health records to work together and after four years they said, this is really hard, we are going to have to go separate areas, and now we are talking about an industry that's there's so much investment. why are we thinking about the federal government getting involved when a standard hasn't been developed out of the private sector. the private sector is going to

be better equipped to develop this kind of technology and the thing is going to work a little bit better. i don't know, mr. garfield do you have opinions on this? >> we do. >> i would like to hear them. >> my view and i shared in my testimony that there are complementary technologies that we can't tell which is going to prove most effective and so we think having the ability for all of those including dsrc to advance but without a thumb on the scale including the thumb or the scale on the department of transportation. >> why do we think that the department of transportation should be doing this and why this is going to be helpful in the concept of interconnected cars, and i also appreciate you talking about the safety concerns relate today interconnected cars. >> maybe just to clarify, i think there's a misconception about what we are doing at the pros posal letter. we are trying to ensure security

that's needed to improve communication between vehicles. at some point data comes in that there's an alternative technology that can meet the safety potential -- >> do we not think that's already there? >> certainly in response -- >> i think gm. >> none of the comments came in. there was not one person that said this technology should not be mandated. it's not the right technology. we are writing the rule-making with an open mind and it's just a proposal. we will get comments and evaluate where we are. the whole notion of going this step is really to take it out of the research where it's been so long and really shine a light on it. >> absolutely because i had dear friends in a car accident. the car that hit them,

eyewitnesses said that there was no breaking involved. the technology advance emergency breaking, i think is i want to see this as quickly as possible. are there any barriers that are preventing this technology? >> no. communications between the parties here at the table and with the -- with government -- government bodies so that confidences is obtained all around. we use to convenient power of our separate -- separate agencies and share information. that's what's going to solve this problem. >> yeah, because if we can protect more citizens from crashes, you know, this is going to be a great thing for all of us.

mr. lobenstein. my question to you as you having the hat of chair, have you been given any information, intelligence, briefed on anything of known attackers targeting specifically vehicles, types of vehicles, russian organized crime creating, you know, focus on getting access into a vehicle. have you seen that kind of information? >> i'm not involved. i don't have that information. i can get that information. >> ms. barnes, chinese state sponsors that are looking at getting access to vehicle information? >> at this moment, no, sorry. >> okay. because, again, one of my concerns is that, you know, i did this for a living. we did this on trains, we did this on subways and looking at

how you can take advantage and this is why it's important. if you're not getting the kind of information sharing. because the federal government should be sharing as much as information as it can. and if you're not getting that, let me know. and my last point is the office of personnel management had difficulty protecting the records of 23 million people, and -- and they -- they had the odacity to not even say my dad to the people that did receive the letters that they were compromised, by the way, i was one of them. at least when some of the issues have arised within the auto industry that i got a letter pretty quickly talking about how you fix it and how you do it and it was a responsiveness that i

wish the federal government had. i'm always concerned when we put too much faith in federal agencies to protect our information and cooperation seems to be used, i appreciate that. this is what we need to work together. we need to make sure that innovation and entrepreneurship is allowed to grow. >> actually, if i can make a quick statement, data breach, it's long overdue and can be helpful here as well. i would like to recognize my colleague from virginia, mr. connolly for five minutes. >> can you tell me the difference between common and

normal vehicle? >> vehicle-to-vehicle infrastructure. it's triewly not -- truly not connected to another car. >> or to a driver? >> or to a driver, correct. >> assisted by -- >> communication either with infrastructure. >> but also might be driverless? >> yes. >> national capital region measured by score card, now it has the nation's worst congestion as measured by these metrics. 82 hours stuck in traffic every year on average, 35 gallons of gas wasting every year and at least $1,800 in lost time every

year. how could these technologies assist a region like this with arguably the worst congestion measured by the metrics? >> yes, thank you. first of all, let me backtrack a little bit to chairman hurtz questions. on behalf of the industry and gm, private industries invested a substantial amount of money, equal to or greater than the amount of money the government has invested in the technology and we very much view this as complementary to the on board senors that are being used with the safety systems. it has the advantage today of being the only technology we know of that meets requirements to actually be able to have

vehicles talk to each other in time to prevent a collision or crash from happening and works in bad weather with obstructive vision or without obstructive vision. those are the advantages that we see to drc. if you take together all of the technologies, any time that we can prevent a crash from happening, we get the benefits of all the congestion that happens when you have a crash. >> i can see that, but that's not really my question. i think we've covered safety and i completely see that. for some people their reaction when you talk about driverless cars, i'm not in control, what if something happens. i think 90% of fatalities are human error.

>> yeah. >> it'll get better and better. >> how can it work in help to go alleviate a better management congestion in areas like ours? that was what i was getting at. >> if you take the whole system, certainly as we bring the infrastructure into play and traffic signals become more aware of what cars are flowing in what direction, they could pine themselves to optimize the traffic flow. better control by human operator will be able to follow each other a little bit more closely and in a safe more than and therefore make more efficient use of roadways that we already have instead of having to continually add new lanes to the whyway system. those are the kinds of things that we are talking about. but i have to observe, this is

the nation's cap call. we are not that good of car lane. you mentioned japan, japan is light year's ahead of us for managing traffic control, but why don't you to comment? >> now the vehicles understand and communicate back their flow and we know real-time when there's traffic and where there's traffic. expanding the communication which is improving safety, individuals, as well as business, delivering goods and services and has the capability to improve a mission as well.

>> mr. oconnell. >> there's a great youtube video all given the green light to start moving at the same time and with 20 lapse are con guested. human systems are not that great, as you know. infrastructure is also hard. we are feeling driver's system technology, we refer as autopilot, relieves the driver at certain times. presumes that the driver is there and the hands are on the wheel, in certain speed environments most speed environments such as congestion a vehicle can means of modulates tempting to think that this sort of technology could be implemented rapidly across the fleet. too bad the technology doesn't exist but i think you're going to see it implemented more over

time. >> i think what's hopeful is how rapidly we already are adjusting to technologies that assist us. on our own we are getting on this and finding out what's a better route because of congestion. i can either look at reports at what is causing the congestion and i can make a decision whether i want to go or not. i had to explain to my young staff what a map was. we would become hooked on this already. i'm confident as we advance technology, i think we are going to adjust. thank you so much for being here and thank you, mr. chairman. >> thank you mr. connolly. gentleman from utah, mr. chaffetz. >> this is subpoena -- somewhere

where we are going to create economy. one of the raging discussions in topics particularly in light of the horrific terrorist attacks in europe and what we experienced in the homeland is a further discussion about encryption. i think one of the questions before our nation is how much privacy, security, how much privacy are we going to give up in the name of security. it's a difficult question. when you see friends and loved ones and people on television being killed, it's a very difficult thing, but on the other hand, i also want my wife, my kids, myself, my friends, my navy neighbors as safe and protected from people who want to cause them harm and tap into

information. so maybe if i could start with mr. garfield here. if you could address the whole encryption issue, how does it really work? you really can't create a key just for the good guys, just for law enforcement incident right? it's either encrypted and secure or it's not and -- give me your perspective on that particular on what the country is dealing with right now? >> thanks for the question, mr. chairman. i would start by staying that the people that i work with are patriots and so sicken by what they saw in paris and so everyone in the room, the context of why we are having the conversation speaks to the issue, when we are talking about security and safety, encryption is an important tool for enabling that. the conversation is not either or, it's how do we advance security with encryption as a tool while also making sure that national security is protected, and i think there are ways to do

that. i think creating back doors or making keys available to just some people is that solution, ultimately if you create vulnerabilities, they'll be widely exploited. >> can't you just give it to the guy at the genius bar or your wife and call it a day? explain to the person who is not as familiar with it how it works and it will work? >> we are talking about 90% of traffic accidents are called by human error, and so you're entrusting one person who pain vulnerable to being compromised with the security for everyone. that's the problem with empowering the guy at the genius bar. you're creating a vulnerability that could be widely exploited.

>> anybody else want to address, on the panel here? >> probably not. >> do you want to have it be encrypted? >> at some risk to myself, maybe i will do that. i think it's an issue of philosophy, right. as mr. garfield said, none of us that the unique knowledge or capability. i think open systems are ultimately the best systems to innovate and protect. it's a dynamic process but it's one where, i guess, you vest hope the inherent goodness of men or inherent badness of men. i think it's the minority that are malignant and in a truly open system where innovation is encouraged and rewarded, where there's sufficient penalties for malignant behavior, you're going to see benefit over a course of

time. >> thank you. and i think as members on this panel and the nation grapple with this, i think that the 99% of our population that does deal with things in a safe and secure way, they're good, honest, decent people, i think the bigger obligation is to protect them as best we can, and certainly there can be car routes for law enforcement needs if you have suspicion, you have a terrorist-type of activity, of course, there are things whether it be go location or other types of things that they should be able to tap into, but if you're a suspicionless american, if you're somebody who is living a good decent, honest life, i think you have an expectation of privacy in this nation and that will certainly come into play not only with cars but the internet of things and everything that's going to be connected, i think, this is going to be one of our big

questions we are all going to have to grapple with. >> if i can add one more thing. how we approach the issues have been to be grounded in something. i think what they need to be grounded is our are -- are our values. part is that we are consistent with laws, right. there are certainly legal frameworks for gaining access to that information and we will work with law enforcement to ensure that our national security is protected, while at the same time there's a fundamental belief that -- that peoples' rights will be protected as well. that's partly why we are viewed in the way that we are are around the world. >> and if i may just briefly add onto that, if i could have a moment, another way in which to ensure both the privacy insecurities -- we are hearing about building privacy into the cars but more privacy protected

will be privacy enhancing techniques so that when there is a report of a malicious attack, those who need information regarding the hacker only getting the absolute necessity -- necessary information about the hack, removing the person information. it's not important where she was going or speaking out inside the car, but instead that the system has been compromised. >> thank you, as i yield back, i hope members are able to look at the gio location, that you would need a warrant or suspicion, but a warrant to actually track somebody's geo location, that's the content of their life. i appreciate the time, i yield back. >> thank you, mr. chairman. other members have questions? >> thank you very much, i would like to take a little bit on

where chairman chaffetz left off. ms. barnes, i'm not sure that you would agree with that. there's a lot of information that's tracked. i haven't turned off geo location on my phone, so this is my veteran's day map. on a map it shows everywhere i was. i can slide over and it tells me i got in the houston airport. i had breakfast, went home and took a shower, i went to texas, i went to bruster street and went to applebees to meet veterans.

this is turned by default in almost every person's phone. i would imagine the cars collect the same information. unless i'm aggressive about turning it off or telling them i don't want it shared with marketing partners, i'm going to have something pop up say, you're near a whataburger. why don't you stop for a burger and fries. there's a lot of information that's out there. do you want to comment on that. maybe we need a better opt out on this? >> opt out routinely fills consumers, the idea that there's information that the auto manufacturers as well as third-party services who are contracting with them can gobble all up of the information and the consumer is simply unaware and when we are looking at the privacy pledge, also the

consumer doesn't have any type of choice, but choice is simply not enough for the consumer, that's why we need some type of standard where a consumer will have guarantied privatey correction -- protection. and when you look in the car-spy act, there's a provision that would allow an individual to turn off data collection should she choose but still retain the functionality. >> so how easy is it -- okay, we can talk about hackers, lets talk about the government. how is it right now under current law is it for the government to contact google or contact tesla, toyota, gm and say i want to information for x, y, z person and do they need a warrant, a letter, what do they need? >> it would depend on what type of personal of data it is, some

of the information may be protected under other statutory provisions. but in the absence of full-on protection for all the information that is collected not only by auto manufacturers but as well as third-party services, that's why there needs to be -- yes, sir, those are some of the provisions to prevent marketers to get it as well. >> any of the auto manufacturers have any idea how many of these they get a year, request from information from the government be it a subpoena? >> i'm not aware of requests that we get. we have a long-standing policy, any time we get request we require court order. >> we have the same policy. we will not give away any of our customers private information

unless there's due process of law. >> all right, thank you very much. let me ask, i have another minute or so here. we talk about encryption and all of the technology that's in the cars and computers. we created a system where we are now making it difficult for us to repair our own cars, to modify our own cars. we basically kill it had industry of being able to go out and buy another radio for our car because it's integrated in the gps system and auto control systems. there was recently a case with a john deere tractor, the copy right act made it illegal for them to fix it without going to a john deere dealer, i'm afraid we are going to see this in the car and we see the death to do

modification to your car, whether it's enhance performance -- >> the example you gave is a great example of regulatory processes working and so every three years the copy right office has to evaluate the dmca to make sure research is able to be advanced and recently the copy right office said that as a part of doing good-faith research, you do so on a car, right, and get beyond encryption systems. so it's a great example of an agile system working properly. >> licensing the software to operate something and if you try to modify it or transfer it or do something else.

>> we can't have it all ways, right? we can't say that we want connected cars moving down the highway and be secure and same while at the same time we want everybody to be able to get into that and stop that while it is moving. >> we want open software where we can see what's in control and have control over the vehicle. >> to be clear, i do advocate for an open system of improving software. so that's an important differentiator, there are models out there that people don't want to own their car anymore. [laughter] >> this may be -- it may no longer be a problem which opens possibility of others. >> i appreciate y'all's comment

on that and yield back. >> thank you, any other questions at this time? just, i guess, in closing, i'm sitting here thinking, my wife is a pretty smart lady and she does all of the computer work at the house in paying bills and everything and on a sunday afternoon she's on a computer and she gets a call from microsoft service center and they ask for some information and she reluctantly gave it to them. the next thing you know her computer is locked and extortion attempt and i got on the phone and found out they're pakistany.

they basically told me, you're screwed. [laughter] >> it was extortion. i could see extortion that you can't start your car, someone as hacking. this has happened with our little home computer. it's interesting, though, we bought some new software and i was at a location, not our principal residence, after we bought that they keep another lock behind protection behind that and can actually can release the system but they get you to think we have incredible capability. then i was in a general motors car.

a teenager device. consaga high school, i think i spoke to yesterday, i told the teenagers what was coming. [laughter] >> but the things that you can do are unbelievable and i told the class too, your biggest to paris and terrorist threats but those kids get in the car and that is the biggest cause of death for our teenagers. i've gotten death down to 43,000. huge percentage are kids. it's pretty outstanding how you control that. i guess the question more than a comment is the private sectors come up with some incredible

innovations, you're setting standards in trying to protect the owner and the consumer, you've got a good association coming together trying to bring folks together. i'm anxious to see, i guess, a report, mr. garfield, that was just turned over. we usually overlegislate and then the government usual overregulates in trying to get it right. we want to also protect rights which ms. barnes has said, i hammered on dot because i -- it's not three years ago, i said let's see where we are going with this and tried to set a schedule which hasn't been adhered to. a bit of frustration in that. they need to work with you, it sounds like for the most part, they are.

we don't want them to come up with standards or requirements or technology, mandates that are obsolete or by the time we enacted, sometimes they're in overreach. that's a challenge we face. maybe in closing, any quick guidance on how to proceed, mr. lightsey, i worked with nits, i tried to get a biometrics standards and i think we may be there. it's 12 years later. haul them in and tried to get them and they're very difficult to nail down and with changing

technology, you've got sort of -- trying to change the wheels on a vehicle that's moving down the highway at 75 miles an hour. tell me how you would like to see this unfold, the three guys who are representing the companies that actually produce vehicles, go ahead. >> thank you, mr. chairman. with all due respect, our industry can't afford to wait for government, we are not doing that, we are investing resources in energy and product of services to make our products safer and to make them more enjoyable by our customers who are -- >> now, once again i have to nail you down. what's the proper role of government, regulation, law, where do we go? >> well, as i was saying, mr. chairman, i think our industry has shown time again

that we can and do work well together for our customers and i think that the industry needs the freedom to innovate and to do -- to do that work. >> who in government would you put -- should we leave it with dot or where -- how should it be structured, responsibility from the federal level? >> from the frefl level we work well with nitsa. we have a great relationship and we have proven that. in this space the federal trade commission is active and we began to work with them as well and we will work with whatever agency that congress decides that needs to be involved in this. >> if i could interject -- >> well, after i hear from

lobenstein and oconnell. we haven't talked about ftc. let me hear your take, mr. logan. >> thank you, mr. chairman. we appreciate the work that's taking place on dsrc. that's been a 15-yearlong road to get to where we are today. we have a good technology that's ready to go. once we get the spectrum issue closed, i think we can move forward with that. safety of life, mission that dsc promises us. in terms of cybersecurity, you know, we've looked at the framework and we think that it's a good agency for us to partner with. as an industry to create the same types of best practices and self-guiding principles that we've already done in terms of

private security. >> it's another level? >> yes, sir. >> okay. >> mr. chairman, a couple of issues with principle and a direct answer to your question. it's all about incentives. at tesla no one could be more interested in our survival, specially a small company that we are. i think that whatever we do and whatever agency it resides, innovation, number one, and sharing, putting the proper incentives in place to innovate and share. i think an instructive case of how this was proceeded was advanced emergency braking ratherren -- rather than resisting impulse and deployment of the technology, and did so, as far as i know without any regulatory norms. the hazard with standards, in the long process you look to lowest common denomonator.

as to the agencies, i don't have any particular point of view, i'm afraid to say. >> the only thing that i would add is one of the issues, certainly help bringing order to that by making sure there's greater coordination among agencies. it's not to suggest cut out in the department of commerce be brought in and it's really congress can play a critical role making sure fcc, nitsa, department of commerce are coordinating and working with each other to achieve things that we all have in mind. >> well, again, you did a very good jobs, ms. barnes, giving us your agenda recommendations and

thank you for participating. i look forward hearing back, seeing some of your plans and what i would like to do is we will leave the record open without objection for ten days. there are quite a few that we didn't get to to submit to the witnesses. they'll be made part of the record. so with without objection, that's so ordered. and, again, i'm looking forward to having a report and the other items that we requested today to be made part of the record. there being -- i again, thank you each of you, very interesting, probably look back in ten years and made such incredible progress but we want to do the right thing at this important junctionture and that's bringing out these issues

and your progress and where we need to go is important. so there being no further business, before the subcommittee and the dual subcommittees here, we will adjourn this hearing. thank you. >> as 2015 wraps up, c-span presents congress year and review, a look back at all the news-making issues, debates and hearings that took center stage on capitol hill this year. join us thursday at 8:00 p.m. eastern as we revisit mitch mcconnel taking position, pope francis address to congress. resignation of house speaker john boehner and the election of paul ryan, debate of nuclear deal with iran and reaction of congress on mass shootings, gun control, terrorism and the rise of isis, congress year and

review on c-span thursday at 8:00 p.m. eastern. >> and mens of the house and senate are in the middle of a holiday recess, congressman said he enjoyed stopping by quincey high school to answer questions on isil, veterans and more. he spoke at the rotary about how we make a community a better place to live, work and raise a family. the house will be back for legislative work on january 5th, a week from tomorrow, among the items on the agenda that week a budget reconciliation bill that would defund planned parenthood. the senate turns on january 11th from a bill of senator rand paul. the house is live on c-span and the senate live here on c-span2.

>> senator joins us again on the washington journal. he's a republican from oklahoma, joins us today for about the next 45 minutes to talk about this. ♪ ♪ >> that preview from your youtube page. what is this report and what was that that you highlighted? >> i highlighted many of examples that we provided in the book itself, the federal government is doing things that

are not the federal government's responsibility to do. it seems that this city is not serious about and what i'm trying to push out, here is a set ofhe examples, while we are talking about how much money is being spent of areas that i don't think most americans think it'sou priority and make sure we fund that. we spend $300,000 on trying to fund a dating study for senior adults to fine out senior adult that is are previously married, how they handle dating later in life. that's not really a national priority that most people would look at right now. >> $300,000 directed to that effort. you also support solutions to the federal fumbles. how do you fix that? >> that's an easy one. we don't do research like that. we fund research as a critical national priority and stay focused on those areas. those things that you want to do you wait until you get the

critical things that have to be done. first thing is first, we have to get back to a balanced budget. here are ways that we can get back to a balanced budget rather than complain about this. we try to identify a solution. we talk about wasteful spending, duplication, areas where the federal government is out of its lane and we talk about regulatory overreach. the federal government is overregulating. >> host: talk about wasteful spending. if you want to join us, democrats 202-748-8000. republicans 202-748-8001. federal funding for silent shakespeare plays. explain this. >> guest: folks in washington, d.c. enjoy going to a silent

shakespeare event, the problem is people from oklahoma, people helping funding event is not a national priority. if the folks want to have a silent shakespeare festival, they're welcome to do that. itng seems to be known for words not for silence. that's not a problem. the issue is why is the federal government funding that. >> host: how did that get through? >> guest: they'll get a grant, media funding, there's nothing wrong with the arts or individual projects around the country. the problem right now with a 19 trillion-dollar debt can we afford to the that. i tried to emphasize in this town. everybody lost track of debt at this point. there are so many other critical issues that we face as a country, but right now we have a

ten-year plan to get us back to balance. that was passed by the house and senate last year. if we did the ten-year plan, ten years now we will be in balance. the next year after that, what if we have a 50-billion dollar surplus, year '11, surplus. 50 billion-dollar surplus every year for 460 years to pay off our debt. 460 years at a 50 billion-dollar surplus every single year. this town has lost track of how bad the debt problem really is. so we spend all of our emphasis, not on trying to get us to balance or to even live within our means, it's what do we want to do and let's just do it. every state within the united stateste with the exception of e has to balance. every state says how much money

do we have coming in and how much do we spend and all live within the means. every business does that, the federal government chooses on funding on how much we want to spend on and rather how much do we actually want to spend. >> host: republican of oklahoma, member of the homeland security and government affairs committee shares the subcommittee there that dealskl with regulatory issues, author of federal fumbles. if you want to see more about that we are covering the conference at noon here happening at c-span. we will be talking about some of the examples on that report. you can just call in and join the i conversation like barbara did from massachusetts, live for democrats, barbara, good morning. >> caller: hi, good morning. i see -- hi, left and right and conservative but i know that

deep down all of us are concerned about this enormous problem. so here is my solution, i want to go from a bipolar to a triangle, to contact the political science departments in all the universities across the country, public and private and go to these departments and divide up the whole list of federal agencies, efforts that we are spending federal money on and get with all of our unbelievable computer networks, get them to each individually research one or two agencies or groups or what have you and then come back and report on washington your honor about what they found so that we could depoliticize and what could be potentially new information. maybe the conservatives all the universities are liberal and all that stuff. in any event there would be senate participation.

i don't know. i just think we need some kind of a neutral report. your general point is absolutely well taken. we have gone overboard and that number illustration you just gave was fantastic, we need a lot more of that sort of thing. it's a combination of denial and heads undered blankets just cant faceus it and ignorance. >> guest: one of the things we have to get first a bill that we put out that's been passed through committee already, the know.er's right to i would like to send to universities and let's work this through. right now it's difficult to get to those numbers. there's no list in the federal government of every program done by the federal government. the metrics of how they're evaluated and how much they're spent on the program and how many full-time employees dedicated the program. no such list exists. we are trying to push a way to

get all of that data into place so the think tanks, outside universities can look at the data and begin to break it down. we can't do that and no outside group can do that and it's difficult to get to. on top of that, there are areas in the book that we identify that are bipartisan solutions. what i would like to do and the reason we put this book out there, i would like to actually have a resource that individuals can look at and say, okay, here is a hundred idea. why can't every single office do this, what our same staff did. every office can go through and look at areas that we found and let's find the common ground. this shouldn't have to be a partisan thing. >> host: did you total how many costs of federal fumbles? >> guest: finance side of it. not including regulatory side. a $100 billion. >> host: talk about the regulatory side.

>> guest: very often things that are not really the federal government's responsibility. they are reaching out in new areas. state and municipalities are regulating it. it adds an additional regulatory burden and slows down the process, literally slowing down the economy. so what we've asked is here is a list of permits and we asked the question of why is the federal government involved in this process and new regulation that isti are popping up that add new regulatory burden. sheila in pennsylvania. line with democrats. good morning. >> caller: i would like to know how we are going to balance the budget.t i only know of two presidents in my life that had a balanced budget. >> guest: i would agree with that. how do we get us back to a

balance.e $430 billion in overspending this year. now, that is down five years ago. 1.4 trillion bars in overspending that one year. so while it has worked down, the 430, $460 billion is still one of the largest single deficits in the history of the country. this is a very significant issue. we have to have republicans and democrats alike agree that this is an important. now, we are going to bring different solutions to bear but at least agree on the principle on this. this is a conversation that i had with the president on this. i know this is going to sound partisan. the time of bill clinton. they worked together and tried to resolve that. for president obama and i, let's set this out there as a goal. we are going to disagree on how to get there but let's have the goal, we are going to balance the budget. his response to me was, no, that was a good goal in the 90's, we need to overspend every year

to stimulate the economy. what i have seen is we are slowing thew. economy down by increasing debt. the debt has doubled in the last years. it will continue to accelerate in the days ahead. we have to take this seriously. >> host: another major political difference is where to look for cuts to defense versus nondefense. >> guest: there are cuts in both areas. >> host: reports highlights $43 million for gas stations in afghanistan. >> guest: natural gas station that was in afghanistan to provide natural gas for the vehiclesov in the area. there are no natural gas vehicles in the area. $43 million on the facility. we created a power plant, diesel power plant, creates one-third of 1% of the electricity in that area in afghanistan. it was about $360 million to

actually build. they don't the people on site to be able to run it. we spento a 300 million-dollar that was put into afghanistan to give them power, but the problem is they can't actually run it and it's actually doing nothing. >> host: david is on our line for republicans. thanks for getting to us on the washington journal. >> caller: good morning. i would like to ask the senator his feelings regarding the $5 trillion that belonged to social security and other federal agencies retirement funds. just curious if the law were changed to allow social security and those funds to invest in other entities, if that would have an effect on the debt and to what extent? >> guest: long-term social security has to betiat resolved. thanks for the question on that. the $5 trillion has been set aside for social security, has been tapped to already in disability.

that's part of the frustration that we have in the agreement. they took money from retirement social security to disability social security to stabilize the disability program. that doesn't solve the problem. we have one of the things listed in the book, there's a way to be able to stabilize disability social security simply by stating if you have disability social security, by definition you cannot work and you shouldn't be able to get unemployment insurance and assistance authority. those by definition you have to work, so literally a person can get assistance authority, unemployment insurance and social security disability all in the same month. i would say that's incorrect. what's interesting on this is president obama recommended the same area that you should not get unemployment insurance and disability insurance at the same time. it's an area of common ground. we should be able to resolve that.

.. ti'm calling in reference toy are you not talking about what your party is doing at the present time with the benghazi committee? there is a waste of money right there. now, you will have another parenthoodor planned . host: i thought you were done. guest: let me answer the question. congressomething that to the does. we studied things. congress studies things, sits as far as benghazi, i will tell you the study is extremely important because the lessons were not learned from kenya, during that bombing in 1984. if you took the accountability

report from 1984 after the kenya bombing simply to the original benghazi report from accountability review board it would look almost identical. we did not learn the lessons from the bombing in kenya and there are important lessons to learn and a some focus that this is just hillary clinton, but when the report is finished you will see a lot of other information there in the days ahead tooled the state department accountable that if we have americans overseas, how do we defend them and i have individual families in oklahoma, that have called me and said might son or daughter sirs with the state department around the world in different facilities, how do we know they are being in the most secure facility that we can put them in as americans and those are important questions to resolve as well. >> host: the call or brings up a planned parenthood and here's a front page story from the "washington post" shooting at the planned parenthood facility in colorado,