subcommittee hearing ran two hours. [inaudible conversations]

engine jiving job creation and unprecedented access. in the short time the world wide web has transformed into a global interconnected information superhighway facilitating growth, freedom and economic prosperity. the multi-stakeholder governing model has been key to the internet's development across the world. this model has fostered the

creation of a dynamic economy that promotes investment and innovation. many of the services we enjoy today to the internet economy. underpinning this economy is internet data. as the internet grows and more people and things become connected, the volume, quality and variety of internet data increases. this is driving the development of the new businesses into services and enhancing online experience the sport can numbers. it's an essential commodity for businesses to compete and grow in a global digital market. the importance of the data hasn't gone unnoticed internationally. itit's extended the focus of the conventional internet governing agenda. traditionally it is on the formation of the policies and rules dedicated to the internet's technical development

across the jurisdictions. while this remains an important function and primary focus the increasing value of data have shifted attention to the collection, use, movement and overall treatment of internet data. the rise of the data localization and how it can be processed in a certain territory of jurisdiction along with local content requirements, the internet censorship policies and cybersecurity wall walls are a w examples of the trend. the targeting data is from the interest in fostering its own innovation or protecting its people from possible data misuse. but here is a new problem. the global nature of the internet means that the impact

and power goes beyond a jurisdictions borders. u.s. companies are compelled to change business models or alter operations to achieve compliance with in the market and they are experiencing disruptions in their own domestic obligations as well. the result is less job creation, both investment and innovation in the united states. consumers are feeling the effect effects of the international policies also. overly restrictive limitations of the data movement were inconsistencies across the jurisdictions ultimately deliver an internet experience to consumers but it's less personalized and more expensive to access. today we look forward to examining the impact of the global internet policies and u.s. businesses and consumers as

well as the continued development of the internet around the world. i would mention that i'm the chairman of the helsinki commission in a par and is a pae commission's mission, we promote economic cooperation overseas so i also look forward to discussing the appropriate role that congress should play in enhancing the international coordination on the future internet policies and empowering businesses to prosper in today's global internet marketplace. this is critically important to maintaining a u.s. leadership and data driven innovation and internet technologies for years to come. i welcome the witnesses here today and i will introduce them in a moment after we have heard an opening statement from senator chuc. senator. >> thank you for holding this hearing. we are here today to talk about the governing and internet that is truly international and serves billions of people who have different culture and economic values and ideas of how it should work, and that

presents a challenge. but we also have more specific challenges such as online terrorism, foreign propaganda, interfering in the elections in the state sanctions and misinformation that can lead to violence. as we consider that we have to ask how they can be addressed without compromising the basic human rights such as free speech or privacy. approaching any of these challenges will require your a long and technical conversations of it is unrealistic to think that we can solve all of these policy issues with the hearing or two. but what we can do is highlight and demonstrate support for the forums where these can happen any more competent manner. the transition from an tia is a good example of how the technical governance of the internet is best served by a process in which all stakeholders participate.

these include industries come tl society, academia users and governmengovernment of driven fr the g-7 and the wto of our people to come together to address important internet policy issues including security, economic development and trade with russia, china and iran news piece to push for a agenda is to censor speech and enable government surveillance and restrict free market. that's why the u.s. and our allies need to maintain the leadership to preserve and advance democratic principles. similarly a free and open internet is in our common interest. the internet started in the uniteunited states and it is intertwined in the fabric of our daily lives from basic activities like checking the weather to exercising our fundamental civic rights and values and that's why we have to show up and lead these forums and continue to be the indispensable nation. this is generally true for international policy issues but it's especially true for the governance of the global

internet. unfortunately, the leadership is being jeopardized by this administration. the secretary eliminated the cybersecurity coordinator role and denoted its responsibilities putting it under the bureau of economic affairs and earlier this year the national security adviser eliminated the white house cyber coordinator role. congress is working to reinstate the office of cyber coordinator at the state department and we hope to persuade the white house to reestablish the cyber coordinator role in the nfc. the government needs to play an active role in helping to set reasonable goals of th rules ofr internet governance this means protecting the existing international multi-stakeholder processes and in the global context or standing down will create a vacuum for the authoritarian regimes. i look forward to hearing from the witnesses about how we can better engage in the international community to address the challenges facing the interactivity.

>> the secretary of homeland securitsecretary of homelandsecd executive chairman of the chertoff group, washington, d.c.. the vice president of policy in scottsdale arizona, doctor rosalynn, visiting scholar at the american enterprise institute in washington, d.c., denise jones, vice presidential policy of the business roundtable in washington coming of mr. christopher painter, commissioner of global commission on the stability of cyberspace washington, d.c.. 25 minutes between the witnesses for opening statements. secretary chertoff, we will begin with you and go down the table. >> thank you mr. chairman and

ranking member schatz and mentors for holding this hearing which is very timely. i've submitted a written statement that i request be made a part of the record. and i should just point out that i served with chris painter on the commission on stability and cyberspace. so, we interact quite a bit on this issue. let me try to make a few brief points as both the chairman and ranking member indicated obviously the value proposition of the internet in many respects rests upon its global nature. in fact it connects networks all around the world and therefore when you have the prospect of fragmentation you run the risk of undermining the fundamental value of the internet because you would wind up with a number of different networks. this is important not only because we value freedom and the

ability to communicate with others around the world and have discourse about the matters of public importance but because this is critical to the economy, the reality is that it transformed the nature of our economic activity and allows us to promote exports and two distant or mediate between the buyers and sellers so we have the ability of people to sell directly, whether it is auctioning on ebay or signing up to look for drivers under uber or lyft or other programs. and this is part of what is fueling the global growth around the world and it's also true that much of the innovation and ingenuity behind the internet which is a part of the market value of any of our most prominent companies depend upon having a global market and that means a global internet. without the global internet for that market dries up. so we have a strong interest in

dealing with this issue. it also means no one country can control the outcome we have to work with our partners. now to recognize the russians and chinese have a different view and in many cases the russians and chinese come information they don't want the public to read is what they regard as cybersecurity and that is of course the optical preview as important. so i think i would make three points if we are to address. we need to continue to promote business bloodless takeover model of internet governance. that means making sure the civil society, business and consumers into the mix deciding wha how is going to operate a.

often it rules that appear to be technical have a great deal of substance. because the ability to control the domain registry system and to decide who controls it basically to traffic flow in many cases is the key to whether you censor the internet or have it be wide open. the second issue is we do have conflicting laws in different jurisdictions. the internet is borderless and the data is borderless but the law has borders and we do often wind up with conflicts. congress has passed the act that opened up the door to resolving the conflicts.

among the legal jurisdictions about who gets to access information and plot the substantive rules are. in particular because we comprise the first amendment and want to make sure other countries don't use their power over multinational global companies to drive the innovation of the censorship that is fundamentally undermining the values. finally i would say in full disclosure and was just written recently we need to talk about (-left-parenthesis where we are generating so much data globally that the idea of keeping your head and is a ship has sailed and now it becomes the issue of how we control the data and what we havandwe have to make sure tr data isn't being used in ways that we don't agree to war that wilor thatwill hurt us and somek forward to answering questions from the committee on any and

all of these. thank you very much. >> thank you. good morning chairman wicker, ranking member schatz and members my name is james and i'm the vice president of global policy and we appreciate the opportunity to testify before you today. go daddy is the largest platform dedicated to independent ventures and we provided the toolsprovide thetools, insight e necessary to enable small businesses to get the idea of panther running on the line and every idea starts with the domain. it's creating an online identi identity. >> our mission is to provide the experience that is uniform

around the world to. the privacy laws that regulate regulations that underpins the system. internationally we are seeing an increased number of countries about the laws and regulations that make it more difficult to serve the customers in those markets. it's for the providers that would requir require the vista d establish a local presence to gain access to that market. some nations aggressively regulate content and censor political or religious views. taken together all these regulations stand in the way of reaching new customers, competing in new markets and

developing innovative products. they are harmful to providers and consumers alike and are a barrier to free trade. there's also an increasing her of regulations such as the european union's new general regulation, and these have created a patchwork of laws with which the companies must comply to operate globally. compliance is a major undertaking. they touched every aspect of the industry but most notably disrupted the surface of the directory of contact information for the domain name registrants. it's a two-edged sword that serves an important tool for law enforcement and other stakeholders but it's also a gold mine of personal data. currently we are engaged with representatives of the agencies and our colleagues to trick to strike the right balance between providing access for the legitimate purposes while also protecting the private information of our customers.

also crucial to the health of the internet is the 20-year-old cooperative agreement between the verisign of the registry. as you are to where it makes up about ee presented the domain names into the cooperative agreement holds the price of the domain names for $7.85 per year. this is scheduled to expire and it's our understanding that they are currently in the talks to renew and amend this agreement that could potentially raise prices. they would benefit from the agreement being put out for competitive bid. the internet matured over the last 20 years and why we have no complaints about the performance of the contract there are now several companies that could capably operate the registry.

thank you again for the opportunity to testify today. we believe the united states must continue to push back on the policies imposed by other countries and help mitigate a patchwork of privacy laws and further we are hopeful they will increase transparency and extend the current pricing is associated with any renewal of the cooperative agreement and engage with other stakeholders to put that agreement out for competitive bid to thank you for your time and i look forward questions. >> thank you, chairman wicker and ranking member schatz. thank you also for your leadership of the helsinki commission on security cooperation and/or defense of human rights. it reminds me how americans from every part of the nation can play a role in internet policy for example mississippi is innovating in telemedicine and the provision agriculture as we enter the five g. era our economy will bother with

application for the cities, cars and so on. it's not just search engines and social networks. we want to implement the new platforms and services and this underscores the importance of today's hearing. our country has practiced international policies for at least 230 years. alexander hamilton's report on the subject of many factors from 1791 advocated for modernizing the american economy to pick dependence on slavery and to supersede manufacturing. the championing of individual freedom are policy legacy is to hold the balance of the rule of law with individual rights and these should underpin the approach to internet governance. the united states is one third of the global econom economy ife should shape the international environment with our values. but we won't have any credibility at our policy is just about american companies

making money. we must export a value system that empowers and reworked other nations to participate in a free-market economy to respect the rule of law and individual rights, to limit regulatory distortion and protect property and improve quality of life. this is how we ensure that the regime is the most fair, rational and humane. now a popular misconception of the global data protection is that a global data protection regulation orgy ppr protects privacy. it does not. it's about data regulation specifically 173 rules on the regulation. europe is a destination of two thirds of america's digital goods and services and u.s. companies are now suffering a cause of its cost and complex v.. i live in copenhagen, so i can experience this and i can no longer look at this as a newspaper such as the la times, "chicago tribune," daily news, orlando sentinel and "baltimore sun." additionally, 60 additional

newspapers in illinois, indiana, minnesota, missouri, montana and nebraska, nevada, washington and wisconsin are not available. this reduction in content has reduced visibility for advertisers and shut them out of the exchanges. the retailers william in sonoma and pottery barn or longer so into the companies from washington state shut down their online communities. the provider of online services no longer takes european customers. a mobile marketing platform company with six offices in the united states has closed its operations in even the website of the association of national advertisers is not available. now if we adopted such a measure in the united states it would violate the freedom of speech as the governmen government require so onerous that the reduced expression. indeed the legislation should be preempted federally for this very reason. and the parliament is using it as a pretext for the negotiated

agreement. these actions violate the international law and we need to challenge them in court. it's a global standard for they tried this before in the standard hoping we would get on their platform. we didn't copy thethey didn't ce leapfrogged and now we need the same strategy not to copy but to make a definite alternative for the data protection. and we can do that by meaningfully in powering the digital competence education and incentivizing privacy enhancing technologies. i want to apply senator klobuchar for her leadership on the proposed bill. in closing, we must walk the talk for the national predictable framework of god, we need to start at home. therefore, the right policy should be a consistent framework with the same rules for all players grounded in the standards of antitrust delivered by the federal trade commission. this also requires addressing

the regulatory prejudice that has deterred flexible pricing and innovation and business model platforms. for example the cooperative agreement between the signing of the department of commerce caps the price of the domain that allows arbitrage in the secondary market. we have to secure the information gleaned for the free flow of data today. without the extensive use of digital has been a rapid increase in the number of policies around the world but undermine the digital innovati innovation, trade by creating fragmentation with uncertainty

and costs and other unintended consequences. the complaint environment is increasingly cumbersome and simply impossible for the companies to startups to comply. the eu and china are the most active in rolling out additional regulation. but india, russia, south korea and other countries are ramping up efforts to develop and enforce a wide range of cyber security, privacy and data localization policies. china has the most aggressive in place mandating all important information and personal information to be stored in china. it's currently defined the law would require any entity that owns or operates a computer network and applies to a vast assortment different types of data. india, russia, nigeria, south korea all have an active law transferring the business and consumer data.

approximately 120 countries for data privacy laws and are considering legislation in this area. some companies have decided to discontinue offering products and services because of the gdr compliance which are so high they can no longer justify being in the market. they have the steep fines of 20 million or 24% of annual revenue, whichever is higher. the fragmentation of the policy regulations in the united states is also on the rise. the sector specific federal and state privacy regulations,

california recently passed a privacy bill that applies broadly across many sectors. the proposals are pending in state legislatures that if passed would further increase the complexity across the u.s.. it's an expanding number of cyber security requirements and with more than 40 different policiepolicies including overlg mandatory risk assessment and testing and incident reporting to the multiple authorities in each countries. don't get me wrong, cybersecurity is a serious matter. but uncoordinated policies of the company it must reconcile competing regulations that divert resources away from security towards compliance. a fragmented additional policy landscape will likely be the most significant impact.

in emerging technologies like artificial intelligence and also hindered by regulatory uncertainties for example the data minimization and other decision-making is. they create barriers for the commercial development of these important technologies. in light of the trends i would like to add my outlinin have mys for congressional focus. work on the establishing alliances particularly with like-minded countries to counter the technology restrictions as it accesses the market. they must lead in the development of international norm and standards for cybersecurity across the border data flows as well as the technologies with watching because the rules for those technologies do not yet exist.

the u.s. must work to a line and harmonize policies to avoid the global fragmentation. we cannot afford to be missing from the international forums and policy issues. finally and perhaps most immediately, congress should act to protect the transatlantic data flowtrans-atlanticdata floy shield by making the person a permanent position in the state department. it should also act swiftly to confirm the nominees for the oversight board which plays a critical role in fulfilling the requirements under the privacy shield. thank you for your leadership in holding this hearing and encouraging the dialogue. i look forward to questions.

including most recently serving as the first coordinator for cyber issues and department of state. the policboth the policy and tel challenges that focus on the challenges and recommendations to address them. first it's important to note that the policies w we face the distinct often interrelated for economic human rights and security elements. for the human rights implicationimplications of hisil therefore that the response to ththe challenge is not the websd silo to bringing together the agencies and stakeholders to advance an integrated policies.

issues are now being debated in virtually every country and every international and regional organizations. accordingly advancing the vision of cyberspace including u.s. commercial interest requires the international engagement in strategic leadership. among the policy challenge chaly face of threats by the regime's to replace the system of multistate corporate intranet governance. mandatory data localization requirements are not scalable or economically practical. the bigotry policies and regimes

have an aspect of cyberspace including online privacy, cybersecurity, market access and emerging technology to conflict with the values and interests creating the regime's fragmenting the intranet. the. the recommendation to address the challenges of. i applaud the efforts of my former colleagues of the state commerce and other agencies but i believe those efforts have been hampered and the office of the state department and the recent abolition of the coordinator position in the white house. i commend the house and efforts to restore the former office the cyber diplomacy act.

coupled with at least a temporary demotion of the prior office complicating the interagency coordination and often sends a signal to both friends and adversaries. to have this strong capabilities with a amount of money in that capacity building only helps the u.s. by helping other countries gain the ability to work with us but also helps to win the support of developing countries for our vision of the internet and cyberspace. it's also important for the stakeholders to continue to engage in these efforts and

enhance their participation. though many companies and civil society groups make invaluable contributions in a variety of international forums-whether it is at stake we must find ways to help increase the participation. it's important that it's the high-level crosscutting innovative strategy that leverages all relevant government agencies outside of the stakeholders are those we face internationally and hop ino do that and prioritized the engagement. engagement. engagement. and make a number of other recommendations in the testimony including strengthening the institutions and the internet governance forum showing leadership on privacy and other policies, addressing the data localization through him another cloud act and supporting cybersecurity, cybercrime stability efforts but also your dependent on the international engagement plan. i look forward to your questio questions. >> thank you all for this very fine testimony it sounds like we have some challenges. in that regard, secretary

chertoff committee issued a notice of and very soliciting public comment on its international policy priority is. in the testimony, you mentioned how so much of the value is in its global nature so how do we balance the business needs for the free flow of data with the point you make about the need to protect the freedom of action which requires that we take greater ownership and control of our data even when it is accessible to others? >> i think you were referring to something in my book on page four of your testimony.

i think he's doing well. >> hundreds of people are watching right now. >> i do think that people do need to take ownership of their data and have more control of their data particularly so much as being generated now that if we don't have some mechanism. the european message seems to be overly bureaucratic. to me it is to recognize most of the world that shares western values we should acknowledge that and work in a cooperative way to develop a system of rules that undermines that objective

but doesn't get so particularistic and so heavy-handed that it actually creates barriers to the free flow of information. this does require constant engagement by the u.s. government and by the civil societies of counterparts in other parts of the world. >> you testified a misconception about the eu general data protection regulation is that it protects privacy it does not. talk about that and if we are going to try to negotiate with the eu on tariffs and preferences, shouldn't the gdp want to be part of our

negotiation? >> absolutely. it only appears about three times in the entirety and it's specifically their version of data protection and i think that it is so our for example, you can go to many countries in europe where people have for numbers publicly available. people swim in public places have different conceptions of privacy. but i would like to underscore is that it's a geopolitical, not a humanitarian move. it's coming after ten years of economic malaise in the european union. it is dissatisfaction fro, lessn 40% of europeans vote in the elections of this is the reaction to that. they want prosperity and want to move forward. the public opinion was not

onboaronboard with that heavy-hd approach that the eu took. >> and i believe you said it is not evidence based. >> the idea of this process would include a process of data and outcome. in the 173 provisions, you've had some in over a decade of the kind of rules that have been in place after the decade but he concedes only 20% of europeans even shop outside of their own country and 20% of the businesses or online south of rules have not worked to increase trust in their own online system and that was the whole idea is that they would have a digital single market data we do in the united states into these ruleand these rules m to achieve these goals. >> it's not good for the europeans or americans either. >> to share one last thing now the european soccer league adopted a policy that they will not trade the soccer players and

they cannot disclose the information on their injuries so if you want to buy a particular player to your team you're not allowed to know the injuries they have so this is also hurtling back on them and the government tussle. the european governments are also liable and there is abuse. >> will probably take another round if we can. thank you. you were at the state department cyber coordinator for six years that you described the importance of the position kind of at the policy in any way in the abstract. i wonder if you can give me some specific examples of what you did that made a difference in terms of the governance of the internet. >> sure. among other things, and i think central is shoving the leadershileadership in theleadeg alliances with other like-minded countries so that we can push back on a lot of things,

particularly attempts by russia, china and others to take over the internet and in prose the multilateral control over that and the venues like the un and other places getting the coalition of countries in having that interaction with them is the key to doing that and we were not sitting on the back bench and i think that was very important. also incorporating issues around governance, human rights issues in every dialogue we'vand everyd with every country because the school of government dialogues with other countries and that raises these issues so they were not stove piped in one area or another. he also helped launch a group of about 30 countries to promote freedom online and also workingg in all of these different international venues and we created and advanced a framework for cyber stability that included the international law and norms of behavior and building measures which address some of the instability issues because the internet as a platform that needs to be

secured to really undermine all of the commerce of the art thing happens there. >> and a number of other things. >> so we should reestablish the position in that statute. what else should we be giving? >> to step up this whole engagement across the board and work with companies that involves like-minded countries that have the same basic view engaging in that level and another is concrete alternatives we don't like some of the things going on but if the u.s. isn't providing alternatives, but in some of the collections try to export their laws if we don't have a key or alternative they are going to adopt those standards.

having things like there was in the obama administration there was legislation to try to bring that forward. if we had an alternative that balanced the leadership of the pinellas dot i. think that folks and those are some of the key things we can do but those are the important ones. >> i think a lot of us struggle with the desire to look at what happened in 2016 in terms of election interference on the social media platforms and to want our national security agencies and platforms themselves and even voters to be more engaged so that we are not as vulnerable in the future. what we don't talk about as often as is we have to be careful and precise to push back

against constitutionally protected speech. that's the difficulty because the tools established will be an example not just for our allies and like-minded individuals around the world with some of our adversaries and authoritarian regimes and i wonder if in a minute or so remaining you can talk about how we strike that balance and i'm not sure you can answer that in a minute so where we work on striking that balance is the fundamental question. >> briefly i would say we have to be protective of the amendment and therefore be extremely cautious about the proposals to regulate content. where there is more room for taking affirmative action is in the area of the disclosure of

identity for example enough is legislation pending about requiring foreign entities that buy ads or otherwise pay for space on social media platforms i think that is consistent with what we do off-line. likewise there is no protection for impersonating americans were automated trolling or other ways of manipulating search engines and those are ones we can focus on what social media companies. ii would be interested to know how you define privacy individual era and how we manage

the. i'm going to give you the research that the european agency for network security actually developed and it interests the level of education as the consumer consumer that tr and the level of the technology is thtechnologies the business practices and institutions. it only focuses on two of the four things. as a nation and individuals we have to do more to help people be digitally competent and awa aware. we have the ability to communicate so i want to recommend the book you have to

take responsibility for the network achievements so to defy the privacy in the era the first thing would be buyer beware. there is a gap right now we need to close in terms of the digital literacy or the ten things i need to know before i go online to protect myself so that is the gap that is missing today and what the research shows that is important and we don't need to make legislation to do that. each and every person can take a step up to take responsibility for what we do online. >> the expectation is each individual is responsible and the internet is a space where you take your chance. >> the part of the factors mentioned were missing two out of the four right now so we have

lots of regulations and lots of rules on businesses, lots of institutions. we are missing education and incentives for privacy enhancing technologies. i am trying to promote as individuals we take responsibility for what you. >> mr. secretary, do you believe that a lack of any kind of a data privacy could lead to the united statetheunited states toe isolated? >> california passed a law that deals with data and we could wind up with multistate laws conflicting with each other and surely it would be helpful to smooth it out here but to come back to the point i recognize a country like russia or china is going to be different in their

attitude to those controlling data and information and so therefore there may be a limited scope of agreement. but i do think with the western countries although their particular approach tends to be different than ours and much more regulatory and micromanaging, i think the basic value system is compatible and that is where i think the ability of reaching the agreement is with the overall objective is what opened the door to than working on some of the differences that created their years with the businesses as well as some confusion about what the rules are. so to me it is about ultimately how do we protect people's rights to make sure the data isn't being used in a way that is contrary to their interest or invades an area that w in the ae think they ought to be in control of? >> many of us also served on the armed services committee and we

worry about the security of the information that the agency's share. a lot of times they don't have this activity as the department would have. how can we ensure that the information is more secure in your role as the head of the secretary of the dhs you were very involved in that. what do we need to look for? >> the challenge is unity of effort among the different agencies that don't regard to securities and exhibit a is the office of person mao management which probably everybody in this room was a little bit of a victim. i do think the administration has made the right decision in designating government security. the dhs is playing a lead role

and i think it's important to make sure the department has the authority necessary to make sure that all the agencies would have to be basic cybersecurity including the diagnosis and monitoring response plans and other kinds of elements of defense. so that said authorities making sure that it's launched in one accountable agency and funded i think would be a big step. >> thank you. >> i'm glad senator fisher brought up the situation and the defense authorization bill because i see a lot of similarities here. in fact, we will be voting on that in the past conference that passed the house and we will probably have it on thursday.

i've been watching into this does change with the administration's that in all fairness to contact the priority on the national defense that a lot of us believe it should have. as a result we had some areas. the point i'm getting at trying to determine where russia and china are now relative to us in the committee because i can tell you right now there's a lot of areas in defense, one being in the artillery by rapidfire and range. they are ahead of us in our nuclear activities are and this is the big thing coming into the system because it is insistent

that the properties that five times the speed of sound sleep very significant. i would like to start off and ask i keep hearing and though you are expert, yes we are still in our area is a little bit ahead but they are catching up. is that an accurate characterization? >> i probably shouldn't speak to their capabilities but i can say from our perspective as a private sector company, we see that the largest and the most frequent attacks on our systems are originating from russia and china and it is primarily through the industry solutions and coordination both vertically and horizontally through the technology industry.

>> you mentioned in your statement when you were speaking a moment ago that there is now 120 countries that have a data processing law so there are a lot that have those and we should have adequate protection everyone agrees with that. the question i would ask you is we all agree that's right. how do we send these relationships with partners that should be doing the job with us, but is the most effective thing we can do to develop and attract partners would also agree that we are more effective if we do it as a group lacks th these cod >> the point was made by one of the other panelists that i willl go ahead and build on that. the proliferation of different privacy regulations eating confusion and friction and it is

a growing issue is another one of the witnesses noticed they are gaining momentum or equivalent frame works and momentum outside of europe. and i think the answer is that we continue to show that u.s. leadership by helping to push back on the differences and the inconsistencies between the various frameworks and focuses on those areas of commonality to rally around the core principles of what we believe to be the protection of data in the free flow of information and the conduct of commerce across borders. >> that's good. secretary, you admitted in a statement that specifically talks about the role of the united nations and russia and china that want to enhance a think we all understand and agree with that, but how effectively can we try to accomplish that?

>> i think it is generally consistent in saying we don't believe the un is the right form for dealing with these issues as particularly with the security council that would essentially politicize the process of dealing even with the technical aspects of the internet which is why of course the russians and chinese want to do that. i think we need to continue to look at this multi-stakeholder model where we go to engage in the private sector business community and consumers coming up with proposals for how to reconcile the various interests that are a part of the internet and to follow up on the prior question, a lot of dealing with these issues are showing up. by being present and dealing

with your counterparts in other countries, my experiences you offer a greater degree that might be evident at first but in order to have the impact you've got to play. >> thank you, senator. >> thank you all of you for being here today. i would like to say this at the onset of. it's a new cyber hub for the critical infrastructure that goes a little bit into what we are saying or a lot of it to what they are saying today that be that nexus point of the nationsbank companies and other industries to help protect them from major cyber attacks so i want to say thank you to the secretary. i know she probably asks for your advice as she is moving forward, so it is a very good thing.

on the -- all of you have talked about the cheeky pr and regulations that have come from the eu. some of you have addressed it in a problematic way. it's causing you to divert assets to figure out how to do this. i think he's interestingly that a popular misconception is that it creates privacy. the last statement says data protection as a technica is a te whereas data privacy is a legal issue. so do you think as we look at governance we need to look at both of these issues together if you can talk about that a little bit? >> privacy we might see as a natural right, something we are born with. firsfirst and the european

conceptioin the european concepd rights. so what the government gives the government can't take away. the difference in the first is the natural rights are things that are inherent and we don't ask versus the european approach to making the requests of others to do those things so our understanding is fundamentally different. the other aspect is among the 173 provisions, it is a hodgepodge of a laundry list of stakeholders that want to have certain regulations to be able to go after american companies and achieve outcomes they couldn't achieve in the courts but through antitrust, and it reverse engineers a number to a class action culture so we can have standing in groups to bring lawsuits but they couldn't

before. to date the europeans didn't want this sort of class action lawsuit culture for better or worse and that has changed now. so we have now the abuse of complaints. you can get a million code points in a day that is automatically generated. so, there are 62 data protection authorities in the eu and they don't have training on how to do this. the enforcement will be disjointed and focused. >> if we are looking at this in terms of the future, we need to look as they tried to implement .. ..

>> he assured me they do have that right but i am still not convinced it is out there somewhere and cannot be retrievable in some form or fashion. >> there are positive aspects and i do agree you should be able to control your data and have access to and the privacy things we should be looking at. what this does is create attention because you can delete your data anywhere for those have the right to do so the trick is to make sure you do this the right way and i do agree with you like facebook

and data you should have access to your data. >> but just in the general to figure out how to go forward internationally having gotten russia or china which is vastly different. thank you very much. >> was that a statute enacted by the european parliament? or was that by a regulatory agency? it went into effect in. >> the member of parliament said it formalize the laws and european that would be

parliamentary live in a that? >> parliament. that is their congress in the eu. >> as i understand it it is the parliament in council from the members stays in the commission with the bureaucracy that looks that certification for cybersecurity products right now so perhaps this is a cumbersome process but the chance to intervene and have input to make sure that has happened. >> inactive the parliament to amend or change gdp are? thank you for allowing me to reject the mag i appreciate the discussion going into

effect in the united states will show some leadership we should have some comprehensive policy it's hard to show leadership to the rest of the world and the largest tech companies are right now for their mistreatment data they are beginning to love the fine and begetting out to ask questions if they are to be a gore perhaps in need of being wielded so without antitrust discussion mark sucker berg says perhaps some privacy regulation may be necessary that is a lack of will with discussion about what these regulations summarize the talk

about your company affected at the table or part of the discussion or was their lack of patient and why we are in the petition today with those concerns that you raised? >> i was not involved in any of the session and my impression is they do have a significant presence and then to lobby and interact. but that effect is diminished if u.s. government is not engaged for a reason -- obvious reasons. >> he were engaged as part of the multi- stakeholder to understand what to do and how

that impacted our industry back we have less notice than we would have liked about one year or 18 months is all that we receive the map i have been very pleased by the response of congress. there has been a good faith effort to address the issue. so the marriage is to focus on is information so the advantage of that for the pairs that we know there was a threat under the gdp our world i had it my ability as a major company so there are concerns about being burdened and there

is a real value to that approach we have taken back that represent some of the largest american company. and our member companies engage with gdpr without presence on the ground in europe. however with the european union to take that opinion with a grain of salt. ultimately these are american companies headquartered in the united states. here willing to hear our time not sure how interested they are in addressing them. but they are very much willing to come to the table to have a conversation about privacy and how to engage with the european union and the in asia.

we look forward to working with members on that. >> we emphasize that word interoperability. however we also have engagement by those association to push back just like in other areas and that could be stepped up and i will give that example with a view in europe it doesn't care about privacy with that enforcement of privacy but we need to fill the void. with that certification machine that i talked about earlier i was talking in europe about parliamentarian.

there are changes in the draft law. and what the global stakeholders wanted. with a risk-based approach to make thank you for all your thoughts. we appreciate it. >> thank you to the witnesses. i had the opportunity to visit some nation in southeast asia. the same week they were considering legislation and what that would mean for vietnam. when you talk to businesses today talk about the need of the democratic values and ideas? >> absolutely.

there are various forms to push that agenda more aggressively. for both with our negotiations nafta should be part of that to undermine those data flows that should be included there are also other forms to be actively engaged with the forum on privacy and also i think taking another look and we need to make sure that the american government is fully engaged in what do they intend to do with those policies? >> i'm not sure what they have in mind but that could go to

another person on the panel what is china and vietnam? >> various reasons countries have done it is a realistic concern we have to do more of these bilateral agreements that an russian is a good example if you have all the data there it is much easier to senior citizens are doing to have that intelligence have access. that is the goal. with the human rights agenda. >> so what rule should u.s. businesses play because technology companies will be involved with localization or

data set? what responsibility do they have to balance the need for economic opportunity and market access with the fact the government may use that to target? >> that is a challenge for companies like do you furnish intrusive technologies that they will suppress their own citizens. some companies take the view as long as you talk about china's desire to have agents in china that is a matter for the chinese that they are agnostic others look at that to enable that is inconsistent with the culture. so i do think that carefully to the extent to which we enable that behavior on the internet that is with our

values. >> talk about cyber. >> has a cyberdimension but with the former president of estonia talked about really having a community of like-minded nation to defend our cyberassets against attack not necessarily rising to the level of war from article five with the attempts to manipulate the political process or engage in systematic espionage. >> so the legislation that required that strategy we had conversations about it. given the need for the cybernato kind of approach with the idea of the need to have more agreements of like-minded nation with those issues, are we on the right

strategy? the new strategy? where are we? >> i feel we are not prioritized to show the leadership from the top. and there was a lot of working data from the ground up it wasn't really a diplomatic issue or. now 26 other countries are china and russia it is important to revise that strategy that we have. it not only help to direct those efforts but across the government. so there have been a number of things through the executive order with cybersecurity issues. we haven't seen a comprehensive strategy but obviously that was a good document but it was 2011. we need to make sure we

fine-tune that in the state department we had a regional bureau to do engagement strategies with all these issues to fine-tune those efforts. >> do we need a cyberambassador? the marketing do the big supporter i think it is a good approach i hope it passes this chamber as well and that will help him be important not just the ambassador position but the structure that gives it priority in my car the panelist all in agreement of the cybernato does anybody take issue with that? the neck i think it depends how it is worded. it just depends on the details but certainly the idea to have like-minded countries,

together with common defense is in a shared concept. >> that would be interesting but we have not taken a position on that yet. >> at surprises me but don't have such a thing. why don't we? that is the closest thing? >> nato actually does work with the center of excellence. but the issue becomes part of what stage you reach that level of article five and if that somehow has to be adjusted into the context of cyberactivity. when i was secretary we did work with them when they were attacked by the russians as a service attack i don't think it is a big stretch more of a question to formalize what has been happening for a while. >> nato has done a lot of things in cyberwas one now

that was back seminary years ago and now it has played a key role to focus on the country's assets but what they can do in terms of responding to threats and also the on nato if we look at adversaries like russia that isn't all neato but we need to be able to do that. >> important testimony. thank you senator gardner. in my thinking mr. chair and ranking member for this hearing and all of the panelists for being here today. i want to start with a question to you secretary. on the topic of cybersecurity i want to address russia's ongoing attack. last week the wall street journal published a story that

stated military intelligence consistently sought to pack utilities in critical infrastructure russia state-sponsored has access to utility control systems one official stated the russian hackers got to the point where they could have become a which but the utility conjures up fears of a russia cyberattack leaving communities without electricity for days or weeks or months. you help to stand at the national protection at the department of homeland security which is charged with defending cyberattacks to strengthen the security of critical infrastructure. given your history with this mission can you discuss how dhs can better prevent -- defend against these utilities

and what sort of tools are needed to stop these attacks? i know there was a discussion about this new have that was a good first step. >> the holidays good first step we were talking about co- locating those principal actors of critical infrastructure so we could work in real time to identify threats. we are not there yet but it is a good step forward i would continue to press that as well as getting clarity to some of the critical infrastructure about what they need to do. one of my recommendation that applies to give liability protection for those technologies to extend that to cybersecurity to that economic incentive to invest in technologies to lower their risk of cyber.

one area we like to be focused on the second is we need to have a clear doctrine of how we respond to various intrusion by enemy or adversary nations. we know what we did in 1963 with the cuban missile crisis when they were positioned in cuba so what happened now with critical infrastructure do we treat that as reconnaissance as positioning a potential weapon? we need to have clarity in a discussion of our strategic response to the level of the threat there is a provision for a project so larry and cyberthat is equivalent after the invention of the atomic bomb. having a doctrine and a strategy instead of rules of

engagement go along way to create an element of deterrence. right now this is very ambiguous and challenging environment. >> that is a critically important part don't even have that a territory statement that russia feared in the election this pre-positioning that we take action on we need to take that into that now. >> that is very helpful and the issue of the public-private interaction in partnership important is something that i agree with and that's why today senator portman and i are introducing a bill that would establish the cyberincident response team act to authorize dhs to cyberfind to allow select private sector experts so we

are trying to this foreword and i hate that insight i also take to heart about the point of having a doctrine in treating cyberattacks as the threat that they are on our country. i will yield my time back thank you. >> we didn't have a doctorate in 1963 until it happens. did we? >> to make to position missiles close to the united states was sufficiently a warlike act he could engage in the cleaned it up a little bit but i think it relied upon principal that were well accepted in much more complicated than cyberbecause first of all sometimes it just

means espionage sometimes it be something to result in loss of life and then you have a middle position so this is a much more ambiguous set of my thinking very much you have been very patient you recognize five and half minutes left mac. [laughter] >> i appreciate the panel being here today as a member of the formulation committee i'm concerned about how powerful tech that the countries commit access to the internet to banding and controlling online while simultaneously using the same platforms like facebook to

sponsor and promote this information. we are now all too aware of russia's pervasive use of social media and the breakfast vote in the u.k. the u.s. has a critical role as all of you have been talking about ensure that we are deterring this state-sponsored information campaign while promoting the open and global internet. russia and i get the first question but others can comment, russia malicious cyberactivity is a national security threat no doubt impacting the 2016 election sponsoring the destructive malware. what are the most important actions of government should be taking to deter russia from this type of activity? just focus on one or two or

three. >> with the rent somewhere that can potentially affect industrial control systems with an impact on human life. that deserves a kind of response to the attacks that have a threat to human life. to have the ability to respond i don't regard that as an act of war but there are things we can do for the internet research agency. but with those set of values you don't want to censor

content because the hero has to be true and want to go down the road of censorship it doesn't really stop. >> we see a lot of malicious activity and that is one of the damaging cyberactors china russia but that hits us in a variety of ways the election interfering that yet we haven't really done nothing to affect russia so we obviously don't want to be overly muscular tory that we should do something that will actually affect putin with his decision-making in the future have been effort to call out things a number of countries got to gather to build alliances to come together as a russia was responsible.

you actually have to do something that is a doctrine question. and then to have that task force with interfering we didn't see this coming. but the cyberattack is something that is considered in that declaratory policy we can do sanctions are all the tools that we have including law enforcement but if we don't have consistent messaging from the top so if we send a message maybe it's okay that undercuts everything we are doing. >> any other panelist want to weigh in? >> thinking for bringing up this concern and i agree with the panel that i want to emphasize about the threats to our security economic threat

and if i have any advice for congress we haven't paid attention to the rise of the chinese platforms two years ago the chinese market exceeded with revenue and downloads. i know people who already use the chinese versions of amazon and they don't want to open a market to united states that indigenous technology that they want to take on the market. so the threat of china for the economic perspective is just as great as the cybersecurity threat from russia. >> can i reclaim my 30 seconds? [laughter] >> one other thing we need to focus on is to indicate the next few years to become global leaders of artificial intelligence if you google that the data and it isn't a

surprise we have seen incredibly large data set last years like the opm or yahoo or the other credit companies that mindful that data set will while me nothing critical can be with a very significant growth of artificial intelligence capability which then gives what we talked about in three or five years to make yes you mentioned mr. chertoff on misinformation and the answer is true we should be mindful because the frustrating thing is there is an old saying the last is true we should be mindful because the frustrating thing is there is an old saying the last half way around the world before the truth puts on so to be open mike that we are also taking a hit at the front end. but we have faith that will

prevail in the end. thank you very - senator are you ready? >> it is a privilege to be at such an important hearing today and in your written testimony paid that future viability of the internet as a platform for commerce and social good on that security with the long-term stability and cyberspace. i share your belief and importance of cybersecurity and cyberthreats of the internet of threat of which it is simultaneously where our devices and appliances and she

connect with one another. the eu considers the cybersecurity act to create a single cybersecurity certification standard for communication technology devices to produce similar legislation in congress. my bill would establish an advisory committee of experts from academia and the public to create benchmarks for devices such as baby monitors cameras cell phones and laptops. manufacturers can then voluntarily certify their products industry leading cybersecurity benchmarks and plaintiffs to the public. a supportive establishing voluntary like this? getting u.s. has a history for

the critical infrastructure in this framework and in the area this is like the underwriters laboratory. it does make sense particularly if you look at a couple of things so it is not one-size-fits-all also it needs to be risk-based you don't subscribe to a particular technology but what the stakeholders have had with the cybersecurity act one thing i would be cautious of and then to show u.s. leadership and a number of

other countries in this great consortium with those regulation and artificial intelligence. but without voluntarily regime. >> to you agree it could work in the united states? >> i agree with that. to take that safety act concept. then to apply that over here it creates the economic incentive to get that certification with the tax liability and damages. so that kind of approach would be worthwhile. >> i want to reiterate

interoperability is a key issue. one concern there is a voluntary regime dictate how those products are designed or developed or maintained other countries feel that give them their own national approach with tremendous fragmentation. i'm happy to hear that the approach you are thinking is inclusive of industry to develop but that fragmentation concerns. >> secretary tillerson chose to downgrade the physician last year. even with the intensification cyberattacks on our country and malicious activity coming from korea, russia, china and all the places. what is your recommendation to

what our government should be doing to downgrade this role? the marketing threats on increasing the actors that are attacking we have to make this a national priority we cannot afford to demote this issue only dealt with by the cyberpeople it has to be ingrained in national priority from every administration in downgrading this sends the wrong message to friends and adversaries. >> i agree the trump administration made a big mistake we will put laws on the books i'm afraid it will come after we have a catastrophic event and then everybody will say who knew this could happen? we know it can that is why we testify today to put those preventative laws on the books in my thinking mr. chairman

max thanks for having such an important hearing appreciated testimony of witnesses you have said illuminating things as it relates to our challenges as a nation on the commercial side of working together and tightening where we are and mr. chertoff you talking about the attack with the grid and the large-scale efforts like ukraine could be very devastating to united states. thank you for articulating we need to be doing much more than we are currently doing. that's why last week my colleague and i sent a letter to the president saying please step up on the assessment side and resource i because this is a pretty big issue. given your testimony i agree. i think provocation comes with a foreign entity sticking his

nose in that with this hacking of a powerpoint or a pipeline or something of that nature that we see in other parts of the world. this debate has gotten a little off course with what we do and with what other people do i want to be clear since you are articulating the international focus shouldn't be clear and should be such an effort that any attack on the election system itself should be something to unite the entire world that it is a cybercrime should be prosecuted? >> very much so. one with the attempted attack and also the influence operation but absolutely.

look at critical structure and positioning but if it is an attack to undermine the democratic foundation that is a huge deal and we need to take that seriously. and that commission we recently have the dorm for government. we shouldn't attack the system or the device or the mechanisms that is the key thing. absolutely that's where the things to have discussion we know that dutch and german it is a big deal to make as everyone else in agreement with that? i welcome congress takes this up but it is important say

other countries have tried to include our election for decades this isn't the first time that it happened it's great congress is responding now but it's something going on for a long time. just to pick up the point it will pick up legislation to look at particular areas for cybersecurity naymac what he believes international we should be that charge internationally to say anybody who tries to implement the election process is a cybercrime we should unite the world against that. >> i like to express that the cyberconcern is maybe then 25 years we are slow to integrate into the military so it should be fully part from the ground up so there has been resistance to establish the

defense department they have been reluctant to bring in fiber to the great electricity that's why working with senator graham because the trip must keep focusing on the. >> i completely agree we should be with like-minded colleagues overseas to say that interfering with the actual infrastructure election is completely off-limits and unacceptable. if operation gets challenging because while we should resist them we have to be careful how we articulate because if you go to moscow able say let's get that red indian national endowment of democracies tonight i agree that bringing this up because i do not want to lose action. we should be leading the charge no government should be involved in interfering with the actual election operation

we should be leading the charge but some people are running around town to say this other stuff and we do it. we should not let this go. >> i agree with you we should not blur the line. >> thank you senator cantwell. >> good morning welcome to reach of. this past january a memo the national security council to call for nationalizing national security council to call for nationalizing god being networking since the administration has been less than clear in rejecting that idea. i in many members of the senate consider that to be for one -- profoundly that idea that is why he will introduce legislation that week ever

habits the federal government to nationalize the commercial telecommunications network without authorization from congress. so in your judgment what does that mean if the federal government would nationalize the 5g networks? that would be a disaster i saw that release today and thank you for your leadership. it helps me sleep well at night. if there is one point knowing telecommunication policies we have evidenced over and over is that government should not be running telecommunication it is a waste of money and colossal waste of energy and not where we should put our resources we have private companies willing to put up $300 to have all kinds of competitive 5g networks that is not where we should put our money. >> in your judgment the frontier act is the right direction for this committee

and congress to go? >> absolutely connected anyone on the panel disagree or think the federal government nationalizing is a good idea? the next secretary chertoff what are your thoughts on the implications if the government would nationalize? >> in general than nationalization of function like that stifles innovation but the government in the position which overreaches it's profitable. >> there has been considerable attention devoted in congress national discussion to the role of tech companies and social vpn companies engaging in political censorship.

what you think the role should be of the tech companies censoring the speech of others? i cannot speak from the entire industry that from the perspective of go daddy don't want to be the arbitrator of free speech that is not the appropriate role. we are supporters of open internet to support free expression and welcomes all views. that said we do have a terms of service for using our platform for communication with very specific cases to cause us to suspend or terminate service illegal activities threatened by an pharmaceutical sales and those that are called out in the terms of service. any complaints we receive are subject to a case-by-case review and we decided according to our terms of service but as private sector company we do not want that

role in making you do not find this agreement when it comes to shutting down can monitor prices that violates criminal law that raises questions when it's not criminal conduct it is simply content that may be offensive or wrong but is not illegal. the question becomes who is the gatekeeper? who decides what speech is permissible and what speech is not. have there been to your company's history because disagreement with content have shut down access to a website? typically as part of that review the content would have to contain illegal material or rise to the level of a direct call for violence for us to take action.

>> you obviously operate within the text. should social media companies in your judgment neutral forms and respect first amendment principles and allow the cure for bad speech to be more speech rather than censorship? the mac in my file think it is shared by go daddy and other companies that we want the internet to be as open and welcoming as possible for free expression and babble of the platform not our goal to be a judge should only be on those narrow cases. >> thank you very much be met thanks to all of you we have a

judiciary hearing going on so i'm sneaking down here as many of you know i have worked because of my role with judiciary in this comedienne for very hard on the issue and they see what happened to us in the last election as a cyberattack there are plenty of issues raised here by mccauley regarding the power grid that i want to focus on i will start with you mr. chertoff. the security elections active bill to basically streamline information sharing between federal and state agencies that was an outrage that 21 states were hacked into and did not find out for one year and then they cannot protect themselves because they don't know if it is going on in another state. my first question is do you think our states are adequately prepared? we have the 380 million out from the last budget. what else should we protect

our voting equipment there is a greater understanding they have to be engaged. when i would that asked in a couple weeks ago to some degree they are engaging that this shift will take a while to turn around you have aging infrastructure in many places. in some areas not even understanding how they connect to the internet. >> 14 states have no paper ballots or partial. >> that will require a change in equipment and protocol. the short answer is we are moving in the right direction we are pressing the accelerator but i don't know if this will be fixed by 2018 i would be very doubtful. but certainly we will have

elections in 2020 and by then he should have the problem fix. we have to step it up mac what is the microsoft initiative doing? >> it is relatively new but to work with a lot of to understand the threat from that public forum and asked that they identify candidate databases were hacked. by raising awareness and sharing information about technical solutions and working and infrastructure protection looking to support all these efforts. >> also with those political ads was also disrupting democracy with issue ads we want to introduce the honest ads active you. it's important to have unified

standards? >> absolutely it is crazy to require television and newspaper ads but not over platforms. it isn't just about elections i think we are seeing numeral continue to see russian efforts to motivate people to have civil disorder to get the groups on the right and left to come to the same place and try to get by in. >> that is included in the bill kennedy adds is not the standard for radio or newspaper we see with avery doing with energy issues they actually had a financial interest. i think they have been overlooked because of the obvious focus on the 2016 election in the last question the last three years we have seen personal information disclosed.

we are proud of our social media internet companies in the u.s. that are incredibly innovative. but yet either and mr. zuckerberg we need to put some rules in the road not exactly what europe did we continue our own but can you comment on that consumer rights act that senator kennedy and i introduced? do you want to applaud you for your leadership and if anybody thinks congress is not up to task you have proven them wrong you were very quick to turn this around and i am grateful for that. but in this hearing and exact steps to take. in terms of the conversation it would be wrong to say europe did this and let's get our version i think this committee is doing the necessary steps taking input

from the stakeholders in my particular feedback are those two components is important with consumer education as well as the incentive for technology and privacy that is why faith harbor would allow a company to innovate and use technology and would not be punished because we know the first time you make a version work. so there is a safe arbor but i think your bill had a provision for that but i think ultimately we will win this science and technology and i thank you very much the rest of the questions i will do on the record. i'm sure i will also have cyberattack questions.

>> i have a letter dated today from senior vice president and asking him his consent to place in the record. without objection that will be done. we are told another distinguished member of the committee may be on his way. senator shots i think this is been hearing, perhaps you could filibuster for another moment or two. of course there are dozens of questions we could ask.

are you speaking for aei on your own behalf? >> my submitted testimony shows i do not represent a division of aei that speaking purely from my own capacity and also a visiting researcher from denmark we have a center that worked on privacy and security research. not speaking for them but it is informed by our research. >> but you are speaking behalf today. >> yes sir. i mentioned an article a few days ago with regard to the high billion dollar fine against google for antitrust violations while the android operating system is

masquerading as consumerism. it strikes me aei has a point there. >> it doesn't make any official decision we have over $200 with different views. we have major debates within our organization sometimes more anger against each other we take very disparate positions because we believe in the competition of ideas. >> would anyone else like to comment. >> yes. i think that from our perspective it just shows what we are up against with the ease willingness to impose fine on u.s. tech firms like in this particular instance which is a mobile operating system it is one of the reasons we are proceeding very

cautiously in compliance effort with those regulation. >> i think all is not well between the government and the eu the record will remain open for two weeks senators will be asked to submit any questions for the record the witnesses are requested to submit their written answers as possible. thank you and hearing is adjourned the five. [inaudible conversations]

[inaudible conversations]