together to create the perfect dumpster choir of mass censorship by marginalized people. >> science fiction author cory doctorow will be our guest on in-depth fiction edition live sunday at noon eastern discussing his latest book walk away. his other books include down and out in the magic kingdom, little brother was 14 other novels. interact with corey iphone, twitter or facebook. our special serious in-depth fiction edition author cory doctorow on tv onc-span2. a senate hearing looked at how the internet is regulated by governments around the world . homeland security secretary michael chertoff testified how privacy can be a model for us regulators.

>> good morning. today, the subcommittee needs to examine international internet policy. and their impact on us businesses domestically and abroad. i'm glad to convene this hearing my good friendand colleague . internet as we know it has become one of the most important inventions in history. we use it for just about everything. thanks to infrastructure investments and ingenuity, the internet is now an economic engine driving job creation and unprecedented access to information and opportunities . in the short time the world wide web has transformed into a global interconnected

information superhighway facilitating growth, freedom and economic prosperity. the multi-stakeholder governing model has been key to the internet development across the world. this model has fostered the creation of a dynamic internet economy that promotes investments and innovation. we all many of the cutting-edge products and services to the internet economy. underpinning this economy is internet data. as the internet grows and more people and things become connected, the volume, quality and variety of internet data increases. this is driving the development of new businesses and services and is enhancing online experiences for consumers. internet data is an essential commodity for businesses to compete and grow in the global digital market. the importance of internet data has not gone unnoticed internationally. it has expanded the focus of

the conventional internet governing agenda. traditionally internet governance has centered on the formation of policies and rules dedicated to the internet's ttechnical development across jurisdictions. this remains an important function but its primary focus, the increasing value of data has shifted attention to the collection, use, movement and overall treatment of internet data. the rise of data localization rules, involving how data can be processed in a certain territory of jurisdictions along with local contacts and content requirements, internet censorship policies and cyber security laws are a few examples of this growing trend. policies targeting data and networks often stem from a country's interest iin fostering its own innovation

or protecting its people from possible data on this use. but here's a new problem. the global nature of the internet means that the impact and power of these laws goes beyond a jurisdictions borders. us companies are compelled to change business models are alter operations to achieve compliance to foreign markets . and they are experiencing disruption around domestic operations as well. the result is less job creation, less investment and less innovation in the united states. consumers are feeling the ec effects of internet policies also. overly restrictive limitations on data groups or inconsistencies across jurisdictions ultimately deliver an internet experience to consumers that

is less personalized and more expensive to access. today, we look forward to examining the impact of global internet policies on us businesses and consumers as well as the continued development of theinternet around the world . i would mention that i am chairman of the helsinki commission and as for of the commissions mission, we promote economic cooperation overseas and so i also look forward to discussing the appropriate role that congress should play in enhancing international coordination on the future internet policies and empowering us businesses to prosper in today's global internet marketplace. it's critically important to maintain us leadership in data-driven innovation and internet technologies for years to come area i welcome the witnesses here today and will introduce an in a moment after we've heard an opening statement from senator

shots's thank you mister chairman and thank you for holding this hearing. we are here to talk about governing and internet has gone international. it serves billions of people that hold different cultural and economic values and ideas of how it should work and that presents a challenge. rowe also have more specific challenges such as online tourism, foreign propaganda, interfering in elections, the ancient surveillance and misinformation that can lead to violence and as we consider then we have to ask how they can be addressed without compromising basic human rights such as free speech or privacy. approaching any one of these challenges require a long and d technical conversation and so unrealistic to think that we can solve all these 80 policy issues with a hearing or two but what we can do here is highlight and demonstrate support or the forums where these discussions can happen

in a more comprehensive manner. we transition and it's a good example of how technical governance of the internet is best served by a process in which all stakeholders participate.these include industry, civil society, users and government. government driven forums like oec and wto allow people to discuss policy issues including security, economic development and trade but russia, china and iran use these forums to push for agendas that censor speech and enable government surveillance and respect the markets. that's why the us and our allies need to maintain our leadership to present advanced democratic principle. similarly a free and open internet is in our common interest got the internet started in the united states and is intertwined with the fabric of our daily lives and activities like checking the weather, exercising our

fundamental civic rights and that's why we have to show up and leave these forums and continue to be the indispensable nation. this is generally true for international policies but especially true for the governance of the global internet. unfortunately our leadership is beingjeopardized by this administration . last year secretary tillerson eliminated the security role putting it under the bureau of economic affairs. national security adviser john bolton eliminated the white house cyber coordinator role. congress is working to reinstate the office of cyber coordinator at the state department. to persuade the white house to reestablish this role in the nsc. us government needs toplay an active role in helping to set reasonable rules of the road for internet governance . this means protecting the existing international mobile e

stakeholder processes and global contexts are standing down will create a vacuum for regimes. i look forward to hearing from witnesses about how we can engage with the international community to address the many challenges facing the internet today. we are delighted to have the honorable michael chertoff, director of homeland security and ofcofounder and executive chairman of the chertoff group, washington dc. mr. bladel, vice president of policy at godaddy. doctor rosalind layton, american enterprise institute in washington dc, miss zheng, vice president for policy at the business roundtable in washington and r.mister christopher peter, global commission on the stability of cyberspace washington dc. let's take five minutes easily divided between our

witnesses for opening statements and secretary chertoff, we will begin with you. welcome's thank you mister chairman and ranking member and members of the committee for holding this hearing which is very timely. i submitted a written statement which i submitted as part of the record. and i should just point out that i served with chris paynter on the global commission on cyberspace so we interact on this issue . let me try to make a few brief points. as both the chairman and ranking member indicated, obviously the value proposition of the internet in many respects rests on its global nature. in fact, it connects networks all around the world and therefore when you have such fragmentation or

localization, you run the risk of undermining the ofundamental value of the internet because you would want with a number of different networks. this is not only because we value freedom and the ability to communicate with others around the world to have discourse about matters of public importance but because this is critical to our economy. the reality is the internet has transformed the nature of our economic activity. and allows us to promote exports, allows us to use the phrase is intermediate between buyers and sellers so awe now have the ability to sell directly whether it's auctioning on ebay or signing up to look drivers under ridesharing programs in many respects, this is part of what is fueling global growth around the world. it's also through that much of the innovation and ingenuity by the internet

which is part of the market value of many of our most prominent companies on adding a global market that means a global internet.without a global internet, market freezes so we had a strong interest in dealing with this issue. it also means that no one country can control the outcome. we have to work with our partners. house recognizes the russians and chinese had a different by stakeholder model of internet governance and that means making sure we get not just government but also civil society, business and consumers into the mix in

deciding how the internet is going to be operated. the russians and chinese often look to what the governance in bodies like the un which would politicize and give them in many cases control over the outcomes for their own purposes. and i would emphasize that often rules that appear to be merely call actually have a great deal of real substance because your ability for example to hold a domain name registry system to decide who control the traffic flow in many cases is the key what whether you censor the internet wide open. the second issue is we do have conflicting laws in different jurisdictions. the internet is borderless and that is borderless but the loss at borders. we often you wind up with conflicts. congress has passed the cloud

which has opened the door to resolving some of the conflicts about wrongful access by the authorities to data that may be held in another country and that's a good step forward and we need to continue to work on resolving these disputes among legal jurisdictions about who gets to access information and what the substantive rules are. in particular because we prize the first amendment. we want to make sure that other countries don't use their power over multinational global internet companies to drive the vision of censorship that would fundamentally undermine our constitutional values and finally, i would say in full disclosure, there's a book i've just written recently, that we need to talk about what privacies like in the era when we are generating so much data globally and the idea of keeping it all is a ship that has sale. now becomes an issue of how we control and what rights do

we as citizens intend and consumers have to make sure that our data is not being used in ways we don't agree to that will hurt us. these are unique topics and i will forward answering questions from the committee on any andall these . >> thank you mister secretary. >> good morning. ranking member and subcommittee members, my name is james mr. bladel and we appreciate the opportunity to testify today. godaddy is the world's largest platform dedicated to independent venture and we provide insights and people necessary to enable small businesses and aspiring entrepreneurs or anyone with an idea to get that idea off and running online and every idea with a domain name. domain name whether it's.com, board or new extension is essential to creating an online identity. godaddy manages 70 million

domain names or 18 million customers worldwide and whether the customer is a florist in mississippi or a baker in london or a web designer in mumbai, our mission is to provide customer experienceuniform around the world . the focus of the series on the impact of international policies and regulations on end-user experiences and global competition and today i would like to discuss the following three issues. first, the adoption of laws and by companies designed to exclude american companies. second, privacy laws and regulations and third, the cooperative agreement that underpins the globalinternet domain system . internationally we are seeing an increasing number of countries adopt laws and regulations that make it more difficult to our customers in the market area we had another numerous examples of regulations that would require us to establish a mobile presence or use local banks or even hire a local

workforce all in order to gain access to that market. some nations aggressively regulate content and sensor political or religious use. together, all these regulations and way of godaddy competing in the market and developing innovative products and laws like these are harmful to providers and consumers alike and are various free trade. >> there's also an increasing number of new privacy regulations such as the european union's new general data protection regulation. and these regulations have traded a patchwork of laws which companies must comply order to operate globally. gvr compliance was a major undertaking . it's touched every aspect of our industry but most notably it has significantly disrupting the directory of contact information for domain name registry. it's a two-edged sword. serves an important tool for law enforcement and other stakeholders but it's also a gold mine of personal data or scammers.

currently we're engaged with representatives of law-enforcement agencies in our colleagues to try to strike the right balance between providing access to is for legitimate purposes inwhile protecting the private information of our customers also crucial to the health of the internet is the cooperative agreement between heanti-a and verisign . as you're aware,.com makes up a percent of domain names and the cooperative agreement holds wholesale price.com domain name $7.85 per year. this is scheduled to expire in november and it's our understanding and verisign are in talks to renew and possibly other than the agreement which could potentially raise prices. go daddy serves millions of small customers and in our experience they are sensitive to any price increase . we believe it's important to preserve price any cooperative the agreement.

eventually we believe our industry all consumers would benefit from the.com agreement put out for competitive bid. the internet has secured over thelast 20 years and while we have no complaints , there are several companies that could capably operate the.com registry equally as well and at lower cost . so again the opportunity to five-year today. we believe the us must push back on protectionist policies imposed by other countries and help mitigate global consensus privacy laws. we are hopeful that dia will increase transparency and extend the current pricing associated with any renewal of the cooperative agreement and engage with other stakeholders to thatagreement for cooperative or competitive bid. for your time and i will forward your questions.ou >> thank you very much, doctor lake . >> thank you chairman and ranking member chairman whitaker, you for your leadership on security and

cooperation and your defense of human rights. reminds me how americans can play a role in internet policy. for example mississippi is innovating in telemedicine agriculture as we enter the 5g era are economy will broaden. it's not just search engines and social networks, we want to export these new 5g platforms and services and this underscores the importance of today's hearing. our country has practiced international technology policy for 230 years. alexander hamilton's report on manufacturers from 1791 advocated on modernizing the american economy to break the bonds of slavery and supersede england and manufacturing. we wrote here hamilton for his role in central government and we will hear thomas jefferson is championing of individual freedoms. our policy legacy is balanced the rule of law with individual rights.

thesevalues should underpin our approach to internet governance . the united states is one third of the global tech economy and we should shape the international environment with our values but we won't have any credibility if our policy is just about american companies making money. we must export a value system and powers and rewards other nations to participate in a free market economy, to respect the rule of law, to regulate distortion, protect property and improve quality of life. this is how we ensure our regime is rational, fair and humane. a popular misconception is the global data protection protects privacy. it does not. the gcpr is about better regulation. your suggestion of two thirds s of america's digital goods and services and us companies are suffering because of its cost and complexity.

i'm in copenhagen so i have experienced this. i can no longer look at a newspaper such as the la times, chicago tribune, us daily news, hartford coram, orlando sentinel. 60 additional newspapers in illinois, indiana, minnesota, missouri, nebraska, washington and wisconsin are not available. this reduction in content has reduced visibility for us advertisers and shop and how independent exchanges. retailers williams and sonoma and pottery barn no longer sell you. companies from washington state shut down their communities and nevada provider of online itunes services no longer takes european customers. in while marketing platforms there are six offices in the united states has closed its operations and even the website of the association of national advertisers is not available. if we adopt such a measured in the united states likely violate our freedom of speech and the requirements are so onerous that they reduce

expressions. indeed, california's legislation should be federally for this reason. in the eu parliament is using the dvr as a pretext to become our fatally negotiated privacy these actions violate international law and we need to challenge them in court. now, the gcpr is a global standard for. the eu tried this with the last we would get on the platform.we copied them but m.we reprocess the pe, now we need the same strategy with the gcpr, copy different alternative for data protection and we can do that by meaningfully empowering consumers through digital competence education and incentivizingprivacy enhancing technology . applaud editor flowchart for leadership on a proposed bill area in closing must work for a consistent framework abroad, we need tostart home

. the right policy to be a consistent framework with the same rules for all players grounded in modern evidence-based standards and antitrust delivered by the trade commission. this also requires addressing the regulatory prejudice has ensured flexible pricing and innovation and business models and platforms. the cooperative agreements in the department of congress hotly the wholesale price of ra domain names but allows arbitrage to secondary markets. just justice jefferson has secured the mediterranean sea lanes for pretrade in the 19thcentury , we have to secure the information lanes for free flow of data today and this is now our leadership challenge. >> you very much. miss zheng class german wicker, members of the subcommittee, thank you for the opportunity to testify on behalf of the business roundtable.

few companies can succeed without making use of digital systems. recently there been a rapid increase in thepolicies around the world undermine innovation , trade and fragmentation of certainty, significant compliance process and other unintended consequences. the compliance environment is increasingly cumbersome to large companies and is certainly impossible for young companies to comply. the eu and china are the most active players enrolling digital regulation but india, russia and other asian and american companies are rounding up efforts to enforce a wide range of cyber security, privacy issues. china has the most aggressive regime in place mandate all important information and personal information be stored locally in china. britney, the wall would require any entity owned or operated a computer network and apply it to comportment of differenttypes of data.

india, russia , south korea all have laws that prohibit transferring. types of business and consumer data. these 34 different countries have localization requirements that can raise the cost of data by an estimated 30 to 60 percent covered companies. approximately 120 countries currently have data privacy laws and many more countries are considering legislation in this area. some companies have decided to discontinue offering products and services because of dep are compliance costs which are so i can no longer justify being in the market. some terms are blocking eu-based users from exhibiting their websites to avoid steep fines of b,20 million or four percent of annual revenue. the gdpr alone is costing fortune500 companies a combined total of $7.8

million this year . fragmentation of domestic o policy regulations in the united states is also on the rise. in addition to several existing sector specific federal and state privacy regulations, california recently passed a privacy go applies across many sectors. numerous other privacies are pending in state legislature that would further increase regulations across the us. cyber security regulations are also strangling. the financial industry is one that faces security requirements with more than 40 different policies including overlapping mandatory riskassessments , arbitration testing and multiple authorities in each country. don't get me wrong, cyber security is a serious matter and it should have mechanisms in place to feature protections uncoordinated policies across countries means companies must

reconcile competing regulations resources away from security for compliance. fragmented international policy landscape will likely have on startups and medium-size companies with limited resources. to comply with ambiguous requirements in countries like china, or people associated with eu policies and emerging technologies like artificial intelligence and block chain are hindered by regulatory uncertainty. the data minimization provisions of the gdpr could create barriers tocommercial development . in light of these trends i mwould like to end by outlining or different areas of focus. the first is to work on establishing alliances, particularly with like-minded countries as a condition to accessing more markets. we are more effective with wrong partners and allies.

, the us must lead in the development of international and standards for cyber security, privacy and data flow as well as emerging technologies with ai and block chain because those technologies do not yet exist . third, the us must work to harmonize policies to avoid global fragmentation. we cannot afford to be missing from the important international forums on international policies such as china and other countries are actively looking to rewrite the rules of the internet that are fundamentally hard with open market democratic values. finally, and perhaps most immediately, congress should act to protect transplant data under the privacy shell planning on the person present permanent position in the state department. it should also confirm the nominees for the privacy and civil liberties oversight board which plays a critical role in fulfilling the requirements under the privacy shell. nyou for your leadership and

we are encouraging dialogue and i look forward. >> thank you very much, misterpainter . >>. >> german wicker, ranking member, members of the subcommittee, a pleasure to be here to discuss the impact of global internet governance on american businesses and the us policy of promoting and maintaining an open interoperable and secure internet. for over 26 years i divided my type like two-sided internet issues including serving asthe fourth coordinator for cyber issues . in that role i worked with the department, interagency and outside stakeholders to advance us vision of cyberspace to our technical and policy challenges. i'll focus on the policy change challenges and recommendations. first, important to note fithe policies that we face the listings are interrelated and have academics human rights and security wholeness. when china claims absolute sovereignty over its cyberspace, rex additional

wall in the name of security, has profound and human rights application. it is vital that our response not be left silent but coordinated . a whole range of stakeholders to advance an integrated us policy. second, cyber internet issues are being debated in virtually every country and every regional organization i believe we've reached a point where the issues discussed in these forums will have a major impact on the future of the internet and cyberspace. accordingly and us vision of cyberspace including us interests requires precedented us international engagement . among the many policy challenges are by repressed regimes to replace internet governance with one that is driven by government only multilateral on or multiple contracts to obtain a free flow of information, close by, and others online freedom economic attacks, mandatory a

localization requirements via or practical and are often used oppressive governments to monitor and control their, countries and multilateral on exacting or considering regulatory policy or legal regimes during some aspect of cyberspace including online privacy, cyber security and market access that conflicts with us values or risks reading regimes to fragment the internet finally threats by nationstates and other bad actors trying to undermine our confidence in the internet that strike at the core of our economy and democracy. my overarching recommendation to address these challenges is for the us to step up its international engagement and an international priority. this requires structure of resources and the whole of government strategies. instructor i applaud the continued efforts of my former colleague, commerce

and other agencies but i believe those efforts have been hammered by the lack of traditionally high-level offices at the state department and the recent abolition of the cyber division in the white house. i commend the house and senate effort was forthright in my office and the cyber diplomacy and i'm pleased these efforts were bipartisan reflecting the bipartisan nature of most of these issues. in the past, the whole of government coordination on these issues have been boosted by the cyber coordinator position in national security council.a lot of high-level position is at least a temporary promotion of my higher office complicate interagency coordination and says unfortunate plan to our adversaries that the demonstration is not prioritizing. resources are also going. this includes falling for building last year, capacity building includes working with governments and or regulatory, helping companies and laws, strategies and working with companies lose their ability,cybercrime . x we are relatively small amount of money, only half

the us holding a coffee stain the ability to work with us but in support of developing countries for our vision of the internet. also important in the private sector and other stakeholders would continue to engage in these efforts and enhance their participation. many companies are already making evaluable contributions in international forums wednesday, we must find ways to increase it. the us has a high level crosscutting integrated strategy that encourages stakeholders in these countries to deal with the many challenges we face internationally and help them direct and prioritize their engagement. another of justin's including strengthening multistate holder institutions including the internet governance forum, showing leadership on privacy and other internet policies, addressing data localization through the cloud and supporting cyber security, cybercrime's ability and all are dependent on you international engagement plan.

i'll forward your questions. >>. >> thank you all for this very, very fine testimony. sounds like we've got some challenges and in thatinregard, secretary , the nti a recently elicited public comment on internet policy, priorities and in your testimony you mentioned how so much of the internet value is in its global picture so how do we balance the business needs for the free flow of data with the point you make about the need to protect our freedom of action which would positively greater ownership and control of our data even when it is accessible to others. >> so i think mister chairman

you're referring to my fare. >> and pay for your testimony. >> so here's what i think. >> are doing, here it is. >> i think he's doing well if you're reading it. >> hundreds of people are watching right. >> i do think that there is people who need to take ownership of their dataand many have more control over data , particularly because of what is being generated en now that really if you don't have some mechanism to ensure that we have a say in what is done with it, we risk our freedom. at the same time based on the testimony it tends to be a little overly bureaucratic andoverly heavy-handed in terms of regulation . we need solutions to recognize that certainly with most of the world that shares western values, we have a common general approach in

the importance of individual freedom and individual privacy and we should acknowledge that and work in a cooperative way to help the system rules that honors fundamental executive but doesn't get so heavy-handed that it creates areas to the free flow of information. we succeeded in doing this and other areas particularly with the europeans and to echo what michael witnesses have said, this does require consistent engagement by the us government and by us civil society and its counterparts in other parts of the world . >> doctor lee, you specifically testified. >> ,a popular misconception about the eu's general data protection regulation is that it protects privacy. it does not. talk about that and if we're

going to try to negotiate with the eu on tariffs and preferences, shouldn't the gdpr be part of our negotiation? >> short answer yes, absolutely. >> the word privacy only appears three times in the entirety of thegdpr and it's their version oof data protection . you can go to many countries in europe where numbers are publicly available . people are naked in public places but we have very different conceptions of privacy. what i would like toó is that the gdpr is a geopolitical, not a humanitarian move coming after 10 years of economic raises.

the dissatisfaction with brothels.. less than 40 percent of europeans both in the election this is areaction to that . and i would say they europeans and i want prosperity. the public opinion was not on board with the heavy-handed approach with the eu took. >> i believe you said itis not . >> that is correct. the idea of an evidence-based p process would include a process ofdata and outcomes so in the hundred 73 provisions , you have something over a decade of gdpr kinds of rules that have been in place and after a decade what we can see is that only 20 percent of europeans even shop outside their own country and only 20 percent of businesses are online the rules have not worked to increase trust in their own online systems. the whole idea, that they would a single digital way we do in the united states and these rules have not helped

them to achieve these goals. >> your position is not good for americans either. >> absolutely and to share one last thing, now europeans have now adopted a policy that they will not trade with soccer players and cannot disclose the information on their injuries if you want to have a by a particular soccer player for your team, you're not allowed to know what injuries they . this is also hurting back on governments as well. the european governments are also liable. >> we will probably take another rounded we can. senator. >> thank you mister chairman, thanks to all. mister baker, you were the state department coordinator for six years and you describe the importance of the position as policy away in the abstract. i'm wondering if you can give me examples of what you did made a difference in terms of the government of the

internet. rn>> short. among other things, i think really essential is showing the us leadership and building alliances so that we can push back on a lot of the things we talked about today, particularly since my russia, china and other countries to impose internet for multi-lateral control over it. and then the un and other places, getting the coalition of countries and having interaction . that was the us taking the lead, we were sitting on the back bench and i think that was important. also dincorporating issues around human rights issues in every dialogue that we had in the whole of government dialogue in a number of other countries . they were still planting one area or another. we also hopped onto the freedom online coalition is a group of 30 countries to who come from freedom online and

also working in all these international venues and we created an advanced framework ntfor cyber civility that included the application of international law, norms of behavior and cyberspace confidence building measures twhich addresses some of the instability issues because the internet as a platform is secured really under unreliable commerce and we're hoping that happens there. >> number of other things. >> so we should reestablish your position, what should we be doing? >> there's a number of other things we can be doing. one is we set up this whole government level engagement across the board and work with companies and that involves forming coalitions again with like-minded countries would support usand who have you and engaging in that level. another thing is to provide concrete alternatives . we don't like some of the things going on, i think we all agree on but if the us is providing concrete

alternatives, some of these elections are trying to export their loss. for instance, china or even the eu with gdpr. we don't have an alternative to other countries looking. they're going to adopt those things. and they are to their benefit to having things like there was in the obama administration the privacy bill of rights, there was a distillation to bring forward. we had a concrete alternative that really balance all the issues that the panelists thought about that providing alternatives and i think those are some of the key things we could do there are many others but those were two . >> secretary, i think a lot of us struggle with the desire to look at what happened in 2016 in terms of election interference, especially on social media platforms and to want our national security agencies and the platforms themselves and even voters to be more moengaged so that we are not as tolerable in the future. but what we do is that we

have to be pretty careful and precise in terms of what model we establish working with the government to push back against constitutionally protected speech. and that's the difficulty, because those tools that we establish will be an example not just for our allies and our like-minded friends around the world but some of our adversaries and authoritarian regimes and i will in a minute or so remaining you could talk about today, how we strike that balance and i'm not sure you can answer that and so how we work on striking a balance isthe fundamental question . >> center, i think that's exactly the right question. briefly i would say this. i think we have to be protective of the first amendment and therefore the interestingly proposal

content or say certain content is off-limits. the first amendment gives us freedom of speech except in a very narrow category things. where i do think there's room for action taking affirmative action is in the area of disclosure or identity about who does posting things for example, i know there's legislation pending about requiring entities that bypass or otherwise pay for space on social media platforms area i think consistent what we do off-line and there's no reason not to do that. likewise i don't think there's any first amendment protection or impersonating americans for four box for automatic trolling or other ways of manipulating search engines. those are areas we can focus on, working together with the social media companies. >> thank you senator schatz. senator fisher. >> doctor layton, you

mentioned that in your there's different aspects when it comes to privacy. i express how you define privacy in the digital era and how do we manage the privacy expectations of consumers? >> i'm going to give you the research that europeans, the agency for network security and privacy and trust is a function of four things. it's the level of education of the consumer, a user. it's the level and types of technology, business practices and institutions and when you look at something like gdpr, only focuses on two of the four things so when i say if we only did one thing , we as a nation will have to do more to help people be digitally competent and digitally aware . and it may not necessarily be something that congress find

exactly what it is but we have a tremendous amount of information and ability to communicate so for example i want to recommend mister, mister chair possible and he talked about buyer beware, you have to take responsibility for the platforms, the networks that you use so to define privacy interest we are now, the first would be buyer beware. >> up to each of us. >> so right now in what, we need to close the gap in terms of the idea of digital literacy or what are the 10 things i need to knowbefore i go online to protect myself . that is the gap which is missing in the gdpr today. it's what the research shows is important and we don't even need to legislation. we can every person can take a step up and take responsibility for what we do online . >> expectation is that each

individual is responsible and the internet is the space where you take your chances. >> that's not what i'm saying. i'm saying or the four factors i mentioned were missing, two out of the four right now. we have lots of regulations. we have lots of rules on businesses and lots of institutions missing caeducation and awareness and incentives for privacy enhancing technology. so i'm trying to promote as individuals we take more responsibility for what we do mister secretary, you feel a lack of any kind of unified data privacy policy could lead the united states to becoming more isolated? >> i do, senator. i think that first of all, california's now passed a law that goes to the issue of controlling data.

we could wind up with multistate laws that are conflicting with each other and inconsistent and certainly would be helpful to smooth here but beyond that to come back to the fundamental point, i recognize that a country like russia or china is going to be fundamentally different in their attitude toward issues like controlling data and information and so therefore there may be limited scope for agreement there inwestern countries , although their particular approach is different than ours and much more regulatory, micromanaging i think the basic value system is very compatible and that's where i think ability to reach an agreement as to what our overall objective is would open the door to working on some differences which have created barriers for our businesses as well as some confusion about what the rules are. so to me, this is about ultimately how do we protect

people's rights to make sure their data isn't being used in a way that contrary to their interests or an area that we think they ought to be in control of? >> many calls on this committee serve on the armed services committee and we worried about the security of the information that agencies have and that agencies also share. a lot of times civilian agencies don't have security say as the department of defense would have . how can we ensure that the information that's out there is more secure? in your role as head of the secretary of dhs, you were very involved in. what do we as policymakers need to look for? >> i think the challenge here is an effort among a lot of

different agencies, many of them don't regard security as a core mission and exhibit a is the office of personnel management which probably everybody in this room was a little bit of a victim of that . i think the administration has made the right decision in designating government security, dhs is playing a lead role and it is important to make sure that the department has the authority necessary to sure that all the agencies live up to the requirements of basic cyber hygiene and cyber security including continuous diagnosis and monitoring response plans and other kinds of elements of a layered defense so that set authorities, making sure that firmly lodged in one accountable agency that is appropriately funded i think would be a big step. >> thank you misterchairman . >> thank you senator fisher. >> i'm glad that senator fisher brought up the situation on the defense

authorization bill because i see a lot of similarities here. we will be voting on that hat the conference at the house. last weekend we will probably have it on thursday and i pr guess, but i've been watching and this does change what the administration, we went through the administration, years of the obama administration in all fairness really didn't have the authority on defense that a lot of us believe it should have. >> as a result, we have areas, i'm getting trying to determine where russia and china are now relative to us in this subject hand in this committee because i can tell you right now there are a lot of areas in defense , areas of artillery, areas by rapidfire in range and

actually, russia and china are ahead of us in those areas. there was in our nuclear activities, our triad and hypersonic is a big thing that's going into the defense system because it's a system that operates at five times the speed of sound so it's very significant and so i like to start off meeting, i ask anyone, i keep hearing i know you are experts but i fear that yes, we are still in our areas a of china and russia but they are catching up. is that accurate characterization? >> thank you for the question. i think i probably shouldn't speak to their capabilities as state actors. from our perspective as a private sector company we see that the largest and most frequent attacks on our

systems are originating from russia and from china and our cooperation is primarily through sector and industry coalition and coordination both vertically and horizontally throughout the technology industry. >> you mentioned also in your written statement t when you were speaking a moment ago that there are now 120 countries that have adata processing law . thatmeans there are a lot don't .and we should have you know, projections. i think everyone agrees with that and we are more effective with partners. the question i would ask you is we all agreed that but how do we connect the relationships with the partners that should be doing the job with? what's the most effective thing we can do to go out and you would also agree that we are effective if we do as a

group. >> i think that point was made by the other panelists but i'll go ahead and build on. it's the deliberation of different privacy relations is creating confusion. it's creating friction and is growing issue as another one of the witnesses testimony notice. that gdpr is gaining momentum or a framework is gaining momentum and i think the answer is that we continue to show us leadership by helping to push back on the differences and the inconsistencies between the various frameworks and focus on those areas of commonality and try to rally around those corporate goals, what we believe to be the protection of data by allowing the free flow of information and the conduct of commerce across borders. >> that's good. secretary sergio, you say

specifically you talk about the role of the united nations and rrussia and china want to enhance that role. we allunderstand and agree with . but how effectively could we try to accomplish that? >> i think the us. [inaudible] i think the us has generally been consistent in saying we don't believe that you is the right forum or dealing with these issues, partly because particularly with the security council, that would essentially politicize the process of dealing even with the technical aspects of the internet which is why the russians have been trying to do that. i think we need to continue to look to again, the mall where we go to engage the private sector, business c community and consumer and coming up with proposals for how to reconcile various

interests that are part of the internet. just to follow up a little bit on the prior question, there used to be a lot of licenses showing up, all of dealing with these issues showing up. by being present, by dealing with your counterparts in other countries, my experience is you find there's a greater degree of fundamental agreement that might not be evident at first but in order to have the impact you got to play. >> thank you very much. >> thank you very much senator, chairman capito. >> he department of homeland security is in new york today announcing a think a really move on their part which is a new cyber to protect the structure. it goes a little bit into what we are saying today but just to be that nexus point

of the nation's banks, energy companies and other industries to protect from major cyber attack . i want to thank the secretary and i know you're moving forward so it's a very good thing. all of you have talked about that havecome from the eu.ns some of you have addressed it in a problematic way . i think mr. bladel, you talked about how it's causing you to diver assets and figuring out how to do this. i think doctor layton, you said a popular misconception is that it protects privacy. you said it does not. is it about data protection or more accurately data governance and in your written statement it says

data protection is a technical issue whereas data privacy is a legal issue so do you think as we look at governance, we need to look at both of these issues together? if you could talk about a little bit i think the key difference is privacy we might see as a national right , has something we are born with whereas in europe it's a government grant so that the key difference there is what government gives, governments can take away. the key difference from the us perspective is our national right are things that are inherent area we don't ask anyone of anything else out those rights versus the european approach is making requests and requirements of others in order to do those things so our understanding ofprivacy is fundamentally different . the other aspect is these 173 provisions, it's really a hodgepodge of essentially a laundry list of a set of stakeholders that want to have certainregulations, to be to go after american companies , to achieve outcomes they could not see

antitrust and the gdpr itself reverse engineers to create a class action lawsuit culture so that people can have standing in court to begin to bring lawsuits they couldn't before. today, the europeans didn't want to have this process for better or worse and that's changed now so that we have in the abuse of complaints, you can get 1 billion complaints in a day that i generated so there you protection authorities in the eu and they don't havetraining on how to do this . the enforcement will be very disjointed. it primarily focused on us. >> i guess if we're looking at this in terms ofthe future we need to look at lessons learned . so mister painter, your statement along the same lines use a gdpr and tries to write to the forgot and mandate that individuals

enforce service providers to remove information. what i asked when he was in front of our committee, i asked him do individuals have the right to delete their individual information? in other words, remove themselves from facebook. i believe they should have that right. he assured me they do have that right but i'm still not convinced it's not out there somewhere and cannot be retrievable in some form or fashion though i don't know if you have a theme on. >> senator, there are apositive benefits to your data and i do agree that you can control your data and have access to your data, that's some of the data privacy things we should be looking at. what this does though i think is create tension with the first amendment and human rights because what it says is you can delete your data anywhere . you can figure other newsworthy stories that people have a right to consume and tax first

amendment rights so the trick is making sure you are doing this in the right way and the approach taken in the eu is too broad.i agree for providers of facebook, it's your data and you should have a chance to have access to it . >> it seems to be just in the general sense, if we're going to figure out how to move more internationally on privacy, there's so many conflicts and we haven't even in my questioning got into what russia and china think your right toprivacy is . thank you sovery much . >> before i recognized senator peters, does the gdpr statute enacted by the european parliament's or was it written by a regulatory agency? i know just went into effect in may. who can answer that?

doctor leahy. >> if you ask don philip albrecht who's the member of parliament and thefather of the gdpr, he says it formalizes laws of the european union . it would be parliamentary laws and there would be an eu -- >> who issued it? >> the parliament so that's their congress, if you will. the eu congress . >> i think it's important. as i understand, the parliament, it's the council which is all the member states and it's the commission which is essentially the bureaucracy and they come together and they're looking at something around certification for cyber security projects right now which the us has been engaging in this is a cumbersome process that there's a chance for the us to intervene, you have put and we need to make sure that happens. >> would take an act of parliament to amend or change the gdpr?

>> senator peters, thank you for allowing me to interject. >> thank you for holding the meeting. thank you to our panelists, i appreciate the discussion and as we talk about the gdpr coming into effect we have to remember the united states, we were going to show some leadership and we should probably have comprehensive policy regimes are so so if we are still lacking it's hard to show leadership to the rest of the world if we can't get our act together in this country and ask all of you know, our largest companies are under pretty intense global scrutiny right now for their mistreatment of data and all the countries erare beginning to levy fines against these companies . we are just now beginning to ask the questions of whether they are too big and perhaps a in need of being reeled in somewhat so amid some of these antitrust discussions,

mark heard and other tech giants are recognizing that perhaps some privacy regulation may be necessary. however, there still seems to be a lack of will to participate in discussions about where these, what these regulations should look like so my question to the panel is as we talk about gdpr as it relates to global e-commerce and the impact is going to have on companies, from your perspective were companies affected by this regulation, were they at the table? were they part of the discussion? or was there lack of participation a result of or resulting in why we are in the position we are in today and the concerns that you ai raised? can we start down here, mister chertoff. >> i was not involved in any discussions but my impression is a lot of these companies do have a significant presence and they tend to lobby and interact but i think the effect of that is diminished if the us government is not fully engaged for obvious reasons.

>> mr. bladel. >> our company was not engaged at the development of gdpr, however we were engaged as part of the multi-stakeholder governments from and understanding what to do with gdpr and how it impacted our industry. >> did you see it coming? >> we probably had less notice than we would have liked. about a year to 18 months in advance. >> doctor layton. >> i've been pleased by the response of congress to look at these issues. i think there has been a good faith effort on both sides of the aisle to address the issue and i'm encouraged by that. what i'm to say about the american merit of it is that we have focused traditionally on sensitive information. we know there are things that are sensitive, financial information about children the advantage of that would be for taxpayers is typically, we focus our

resources where we know wthere's a threat. we as an academic, i have the same reliability as a major company so there are concerns about small entities being unduly burdened and so i think that there is real value to the americanapproach . >> the business roundtable represents the largest american companies, not all the sectors of the american economy and i would say our member companies are engaged in gdpr. they do have a presence on the ground in europe . however, the european union is going to take their opinions with a grain of salt because it's ultimately, these are american companies headquartered in the united states. american jobs. about the growth of american companies. they are willing to hear liour concerns but i don't know how interested they areaddressing them . that said, i think that companies are very much

willing to come to the table now and have an honest discussion about national vestandards for data privacy in the united states and how to oengage with the european union in these countries in asia to promote an interoperable framework. so we look forward to working with members on that.rs>> i agree and i emphasize that word interoperability. we're not going to change, however i think it's important that we have regimes that are interoperable and we also support our own results. there was a lot of engagement by trade associations and frankly the government to try to push back or just like we do in a lot of other areas. i can always be stepped up. i'll use the recent example and it requires i think of you in your that many, that the us doesn't care about privacy. the fcc probably goes more enforcement of privacy and most of the european entities, however we need to fill that void and show

leadership. this so that this doesn't become a global standard. i'll use an example of the certification regimes . i was talking to parliament about that, lots of industries over there and there have been changes in that draft law that incorporates a lot of the things that the us industry and us stakeholders and global stakeholders wanted, making sure there are voluntary, making sure this reflects a risk-based approach. level of engagement needs to be known. >> thank you, i appreciate it . >> thank you senator peters, senator gardner. >> thank you to the witnesses for your time today. i had the opportunity to visit some nations in southeast asia. i visited vietnam, i think it was the same week they were considering legislation requiring data globalization. and what that would mean for vietnam, i was trying to understand and explain.

>> when you talk to businesses, do your businesses interact, do they talk about the need to tear with the foreign governments, democratic values, ideals, things that we believe in america? >> absolutely and i would say there are various rooms we could be pushing the agenda more aggressively. for example in our negotiations on naphtali, digital trade should be part of that negotiation. the underlying open markets, priorities should be included as part of that. there are also other forums we should be more actively engaged in such as the gdpr for online privacy, oecd is also taking another look at their privacy next year. we need to make sure not only companies but also the american government, that we are fully engaged in this forum. >> what does a government

like vietnam, what you intend to do with the policies? >> i'm not sure what vietnam has in mind . i want to put that question to another person on the panel. >> secretary chertoff, what does chinahave to do? >> china and vietnam , there are various reasons. one is to for a realistic concern which has been hard to get data for law enforcement. i think we need to do more of these bilateral agreements but the third is to monitor and control our citizens better and russia is a good example of this. if you have all the data out there it's much easier to have mandatory data turnover legislation, to make sure the intelligence and other services have access. that's often what the goal is and that's why we also have to push back on this human rights agenda t.

>> that's exactly right. secretary chertoff, what role should us companies play. these technology companies will be involved in the build-up by the localization or data centers so what responsibility does us business have a point? how do you balance the need for economic opportunity and the market access with the fact that a government that may be using it starts within its own country? >> that's a challenging ethical problem for companies. it's a little bit like the issue where you furnish intrusive technology to companies to impress their own citizens. companies take the view that as long as we're talking about china's citizens health in china, but that's agnostic. others view that as enabling issues consistent with senate withdrawal. so i do think that we need to

be thinking very carefully about the extent to which we enable the kind of behavior on the internet that's fundamentallyinconsistent with our values . >> you mentioned a cyber nato, could you talk about that? >> i think we have a regular nato which has a cyber dimension but the former president of estonia talked meabout having a community of like-minded nations that would defend our cyber assets against attacks and not necessarily rising to the g level of war that we get into with article 5 but something that attempts to manipulate the political process or engages in systematic espionage or things of that sort . >> when this past congress and i concluded legislation that required a cyber diplomacy strategy, you were there. so given this need for a

cyber nato or at least this idea of their nato approach, given the idea to have more agreements of like-minded nations as it relates to cyber data issues, are we on the right strategy?do we need a new strategy or where are we? >> where not showing leadership from the top that we need and there was a lot of work we did really starting this issue from the ground up, the diplomatic issue a number of years ago and we are the first officer in the state department to indict other countries that have those offices but it's important to revise the strategy that we have and make them stronger and that strategy not only helps the efforts of the particular agency but across the government and other stakeholders so that they know where we are. there have been a number of things that we had an

executive order on planet security issues. we still haven't seen a strategy come out of that. haven't seen a comprehensive strategy of how to all these together . the 2011 international strategy, things have continued to advance. we need to make sure we are prioritizing. one of the things we did is every regional bureau around all these issues and we had two versions of them to find to those efforts. >> do we need an ambassador? >> i think we do. where supportive of the cyber diplomacy act. i testified in the house and i'm encouraged. i hope it passes the chamber as well. that is not just the ambassador position, the structure that has to end and the priority . >> are the panelists all in agreement on the concept of a cyber nato? does anyone wish to take oe issue with that?

no one? >> i think it depends on how formed. i know it just depends on the details of how this gets funded but the idea of having like-minded countries come together in the common defense against shared threats, that's important . >> based on that description it's something that would be interesting but we haven't formed any sort of position on that yet, we are just hearing about it . >> it surprises me that we don't have such a thing. what's the closest thing we have two disagreements? >> nato does actually work with the center of excellence and they do address this issue . the issue becomes i think a part of what you reach the level of invoking article 5 and whether that needs to be somehow adjusted in the context of cyber activity. i will say that in 2007 when i was secretary we did work when they were attacked by the russians so i don't think

this is a big stretch. it may just be more a question of formalizing what has beenoperating for a while now . >> nato has done a lot of things. that was back seven or eight years ago. and the last communiquc, nato cyber has played a key role. there's focus on defending nato countries assets and also what they can do in terms of responding to threats and part of this is going to be beyond analysts. want to impose costs on , versaries like russia working with our allies, not necessarily all of nato that it's going to be a subset. >> important testimony. thank you senator gardiner. we now have senator hatch. >> thank you for this hearing and thankyou to all the panelists for being here today . i wanted to start with a

question you secretary chertoff. on the topic of cyber security i want to address russia's attacks on our election system and our grid. the wall street journal published a story that stated that russia's military and intelligence sought to us utilities and critical infrastructure. in a few instances, russia's state-sponsored hackers gain access to the utility control systems. as one the hs hospital stay, the russian hackers got to the point where they could have thrown switches area russians penetration of one of our nation's most important utilities under the years of a russia cyber attack that would lead communitywithout electricity for days, weeks or even months . while serving the secretary you will stand up the preparedness directedness at the department of homeland security which is charged with defending against cyber

attacks and strengthening the security around our nation's critical infrastructure. given your history with this mission, could you discuss how dhs can better defend against these russian attacks on our utilities and what sort of tools and relationships are needed to stop these attacks? there was a discussion about this new that sounds like a good first step but what should we be doing? >> i agree. this is a good first step. we talked about cold locating the principal actors in the private sector, critical infrastructure together without government officials so we can work in real time in identifying threats. we are not there yet but this is a good step. what i would continue to press that as well as giving clarity to some of the elements of critical infrastructure about what they need to do.

one of my recommendations has been to take the safety act which applies in giving liability protection for certain counterterrorism technologies and extend that to cyber security so you create an economic incentive for companies to invest in processes and technologies that would lower their risk of cyber. that's one area we ought to be focused on. the second candidly as we need to have a clear document about how we respond to various kinds of intrusions by enemy or adversary nations into our critical infrastructure . we know what we did in 1963 during the cuban missile crisis when missiles were positioned in cuba. what happens when malware is positioned in critical infrastructure? do we treat that as espionage and reconnaissance? do we treat it as positioning potential weapon? we need clarity about what

our responses are to these threats. i know indy and daa there's a provision for a project solarium in the cyber which is the equivalent of what we did after the invention of the atomic bomb to develop a doctrine and having a doctrine and having a strategy and a set of rules of engagement would go a long way in creating some elements s of deterrence to what right now is a very ambiguous and challengingenvironment . >> i think that's a critically important part we don't even have a declaratory statement . it caused economic damage or this repositioning, that's something we're going to take action on. we need to do that now . >> that's helpful and on the issue of the private public, not only interaction and partnership being important, it's something that i agree with you on and that's why today senator portman and i are introducing a bill that would establish the dhs cyber incident response team and it

would authorize a law and allow select private sector cyber experts s to persist in these themes so we are trying to move this forward. i appreciate that insight but i also take to heart the point about having a doctrine and really creating a cyber attack as the threat that they are and the attack on our country that they are. mister chair, i'm just about out of time so i will yield back. >> we didn't have a doctrine in 1963 until it happened. did we, secretary chertoff? [inaudible] -- essentially positioning missiles close to the united states was sufficiently a warlike that we could engage in. we called it a quarantine to

fuzz it up a little bit but i think it relied upon the physical world that was well accepted.it gets more complicated in cyber because first of all, we use the word. sometimes it just means espionage whichis never regarded as an act of war . sometimes it means something that could result in loss of life which isunquestionably war and then you have this middle position . this is i think a much more ambiguous set of circumstances than the physical world. >> thank you very much. senator udall, you've been very patient. >> thank you chairman wicker. >> your recognized for 5 anda half minutes . >>. [laughter]. thank you senator schatz. as a member of the foreign relations committee, i'm particularly concerned about

how powerful tech savvy countries like russia and china limit access to the internet and their own nations by planning and controlling any dissent online while simultaneously using the same band platforms like facebook to sponsor and promote disinformation in the west and in the us. we are now all too aware of russia's pervasive misuse of social media in our election and the vote in the uk. the us has a critical role. olas all of you have been talking about, ensuring that we are deterring this kind of state-sponsored disinformation campaign while promoting an open and global internet. i get this first question but others can comment as mister chertoff and mr. painter. russian malicious cyber activity remains a national

security threat, no doubt about that. they attacked our election and sponsored the destructive malware. what are the most important actions our government should be taking to the tour russia from this type of malicious activity and just focus on one or two or three like that would begood . >> i think when you deal with ran somewhere, particularly ran somewhere that can affect industrial control systems and have an impact on human life, i think that deserves the kind of response that we do with respect to a physical attack that might have a threat to human life which means we have to have the ability to respond either in kind or in another way to deter that. when it comes to information operations which to be honest go back 100 years before the union existed idon't regard that as an act of war . i think it's a matter where there are things we can do in terms of calling out who's responsible for putting posts or things like the internet

research agency in st. petersburg where they use armies to drive stories i think legally as well as in terms of our in general set of values, wedon't want to censor content . even if we know be untrue and false because the fewer or falsity tends to be true and once you go down the road of tensor ship, it doesn't always. >> i would add to that that we see a lot of activity from russia and there one of the four most damaging cyber actors. china, russia, north korea but russia at the top and russia has a variety of ways including the election interference and including this position. in the end we haven't really done anything to affect russia in any event though

obviously we don't want to be overly solitary. twhere not going to shut off the lights in moscow but we should do something that will affect putin and his decision-making in the future and there has been this effort to call it out, a number of countries got together and it's good to build those alliances, saying that russia was responsible. great, butyou're not going to name and shame russia. that goes to the doctrine. >> . also i think in the us it's like having a high-level task force for election interference. as the cyber guy, i don't think we saw this coming area we saw infrastructure, espionage but the cyber attack is something that requires a considered approach and the declaratory policy i talked about is important to.we can use all the tools we have , law enforcement and others we don't have high-level messaging and consistent messaging from the top, that undercut this ever so if you send the message athat this is acceptable or send a message that it's okay, that undercut everything that were doing . >> mister chertoff, do any of the other panelists want to

wait in? >> i just want to say thank you for bringing up this concern . what i'd like to emphasize, i think when you think about the threats to our security, not just from military but their economic threats. and if i have any bit of dadvice to congress, i think we haven't paid attention to the rise of chinese platforms. two years ago, the chinese market exceeded the united states revenue and downloads and i know a lot of people who already use other chinese versions of amazon and google and so on. and they don't want to open their markets to the united states, they want indigenous estechnology strategies they want to kind of take our market so i'd like to take up the threat of china from an economic perspective.it's just as great as the cyber security threat fromrussia . >> if i could have my 30 seconds. >> one other thing i think we

need to focus on, the chinese indicated in the next few years they want to become global leaders in artificial intelligence. only you google artificial intelligence is with data and it's not a surprise that we've seen some incredibly large data center the last few years like the opm that, yahoo, not expedia, one of the other credit companies i think we need to be mindful that these kinds of data that's while they may not seem that critical can be feeding a very significant growth in artificial intelligence capability which may be what we're talking about and can mean like this in five years. >> you mentioned mister chertoff on the misinformation and the answer is truth. we should be mindful because

the frustrating thing is there's an old saying in the west, alive halfway around the world before the truth on its boots so we need to realize by being open like that, we are also taking a at the front end but we have faith that it will prevail in the end, that the truth will prevail. thank you very much. >> well, senator marty, are you ready? let's jump in front of senator cantwell. >> it's a privilege to be at such an important hearing today and mister painter, in your written testimony you state the viability of the internet and social good hands on platforms security and the long-term ability of cyberspace. i share your belief in the importance of cyber security and i'm concerned about cyber threats on the internet of

things or the internet of threats. which it is simultaneously. swhere devices or appliances or machines now connect with one another. mr. painter, the eu is considering a cyber security which would create a single certification standard for information and communication technology devices. i have introduced similar legislation in congress, the cyber shield. my bill would establish an advisory committee of cyber security experts from academia and industry, consumer advocacy and the public to create either security and sparks for iot devices such as laptops and towels. iot manufacturers can certify their products meet those industry-leading security and data security benchmarks and

display that certification to the public. mr. painter, hard supporter of establishing voluntary standards like this in order to inform consumers and capitalize industry s.investment in cyber security? >> the us has a history of inventing the things. in this area, this is a lot like the ul? >> underwriters laboratory, we call it a lot they. >> i think it makes a lot of sense, particularly all things. one, a serious, built within industry likeyou, that industry is not one-size-fits-all . bwe believe your bill to be go with industry and the advisory committees. it also needs to be risk-based you are not describing a particular technology butlooking at what risks are involved . there's a lot of the comments the us holders have had in

the cyber security. the one thing i'd also be cautious about is to make sure that it's not creating a conflicting regime but at the same time i think it would show us leadership, allow countries think about this. i know four and another of other countries are looking at iot regulation and artificial intelligence regulation. i know the hs and commerce put out principles on this year and a half ago but i think this kind of voluntary regime has a lot of merit. >> do any of the rest of you agree that a voluntary regime could work in the united states using that kind of framework?>> i agree with that and as i suggested a little bit earlier it might be relevant which is to take that concept which we use with respect to counterterrorism technologies and apply that here as well because it creates an economic incentive to get the certification since the

safety at castle liability and damages though i think that kind of approach would be very worthwhile. >> thank you. miss zheng? >> i want to reiterate interoperability is a key issue here. one concern is that there is a voluntary regime in the vo unit prior to that dictates how iot products are , that ed or maintained other countries would also be to give them licenses to develop their own national approach get there again you have tremendous fragmentation . i'm happy to hear that the approach that your thinking is inclusive of industry and development but that fragmentation. >> mr. painter, if i may, secretary tillerson chose to

downgrade that position last year, even though there was an intensification of iver attacks on our country. we know there's b& cyber activity coming from north korea, from russia, from china, from all these places. what's your recommendations as to what our government should be doing in order to elevate rather than downgrade this role? >> the threats are only increasing, the actors that are attacking us whether it be transnational or state, we akhave to make this a national priority. we can't afford to demo this decision. this after the and ingrained national priority from this administration to every administration and i think downgrading these roles send the wrong message to all of our friends and our adversaries. >> i agree, i think the administration made a big mistake. we will laws on the books, i'm afraid they're just going to come after we have a

catastrophic event in our country and everyone will say who knew this? we know this. that's why youare testifying today. we should put the laws on the books . >> thank you senator marty. senator cantwell. >> for having such an important hearing and i appreciated the testimony of the witness, they all said and lightning things as it relates to our challenge as a nation on the commercial side of working together on typing up where we are and certainly mister chertoff, you talking in the grid and the large-scale efforts on things like ukraine can be devastating to the united states and mister painter, thank you for articulating we need to be doing much more than we are currently doing . that's why last week my colleagues and i senator graham sent a letter to the president saying please step up on the assessment side and the resource side of this is a big issue one thing i wanted to ask about writ

large given all of your testimony because i agree. i don't think provocation comes anymore with a force of sticking its nose in us waters or a plane flying over. i think allocation comes from this kind of acting of a powerplant or pipeline or something of that nature that we are seeing in other parts of the world. so i think this debate has gotten a little off course as it relates to what we do and what other people do and i just wanted to be clear since you are all articulating an international focus. it should be clear and should the united states lead such an effort any attack on an election system, that is the actual system itself, should interfere with the election should be something that we should unite the entire world, that that is the cyber crime and should be prosecuted?

>> very much so. i think we saw two aspects of this. one, the attempted attack on election infrastructure and also the influence operations. we meet those in two different ways but if you look at critical infrastructure, we are working on repositioning our power grids but it's an attack that undermines the democratic foundation of our system, that's a huge deal and we need to take that seriously and this commission that secretary chertoff and i are on, we released a postmortem for governments and others to take up which is exactly that. you should not attack the systems, the devices, the mechanisms used for elections for democratic and other elections and i think that's a key thing. absolutely that's one of the things we should do is have discussions with other

countries on. we know the germans, french and others and the estonians and almost all the baltic countries have seen this is a big deal . >> is everybody else in agreement with that? >> i welcome congress taking the concern, taking this up but what i think is important to say is that there is a desire by other countries to influence our elections for decades so this isn't the first time it happened. it's great that congress is on now but it's been goingon for a long time and to pick congress is going to pick up legislation to look at particular areasof cyber security . >> i'm asking whether you believe that we should be leading the charge internationally to say that anybody who tries to influence what the election process in a cyber way is a cybercrime and that we should unite the world against that?

>> what i'd like to express is i think the cyber concern lohas 80 for 25 years now and we've been fully integrated into the military so i don't think we need to make a silo, it should be part of the military from the ground up . there's been some resistance because of maybe the way we establish the defense department are, they been reluctant to bring cyber integrated as they should have. >> that's all quiet on working with senator graham. mister chertoff. >> i agree that we ought to work with all our like-minded itcolleagues overseas to say that interfering with the actual infrastructure of telections is completely off-limits and unacceptable . information operations gets challenging because while we should resist them, we need to be careful how we articulated because if you go to moscow, they will say great, let's do the national endowment of democracies. >> i agree, that's why i'm

bringing this up because i do not want to lose action on the first part. we should be leading the charge.no government should be involved in interfering withthe actual election operation , end of story there are some people running around this town they swell, there's other stuff and we should let this go. we should not let this go. >> i agree with you, they are totally different . we should not blunt our ability to respond. >> thank you. >> thank you senator cantwell, senator cruz. >> doctor layton, this past january as you know a memo league from the national security council call for nationalizing the 5g mobile networks and since then the

administration has been less than clear in rejecting the idea that i and many members of the senate think it's a profoundly bad idea area as wife senator cortez masto and i introduced legislation aimed at that without authorization from congress. doctor layton, in your judgment what would it mean soif the government were to nationalize our nations 5g networks? >> it would be a disaster. thank you and senator cortez masto for your leadership. it helps me sleep well at night but i would say if there's one point that we know intel conditions patients policy is that governments should not be horunning the telecommunications network. it's been a waste of money, waste of energy and it's not ho where we should put our resources, particularly when we have private company

willing to put up $300 billion to have all kinds of competitive $35g networks so it's not where we should put our money. >> so your judgment is the right action for this committee and congress to go? >> absolutely. >> does anyone on the panel disagree?does anyone think the federal government nationalizing 5g is a good idea? secretary chertoff, what are your thoughts on the implications if the government were to nationalize that? >>. [inaudible] in general i think nationalization, a function like that stifles innovation and put the government in a position which overreaches in terms of what its proper role is. >> mr. bladel. >> there has been considerable attention devoted in congress and in

the national discussion of the role oftech companies and social media companies . engaging in political censorship . what do you think the role and what does godaddy think the role of government should be in censoring others? >> from godaddy's effective you do not want to be an arbitrator of's speech. we don't believe that the private role for us as a onprivate company. we are supporters of an open and internet that supports free expression and welcomes all use. that said, we do have terms of service for using our platform for communication and there's very specific cases that would cause us to suspend or terminate service. illegal activity, threats of violence and pharmaceutical sales are things that are called out in our terms of service so any content

complaints that we receive are subject to a case-by-case review and then we decide according to our terms of service but as a private sector company, we do not want thatrole . >> i think would not find disagreement when it comes to shutting down criminal enterprises, conduct that clearly violates criminal law . what does obviously raise questions is when not criminal conduct, it is simply content that may be authentic, may be wrong, but that is not illegal. and then the question becomes who should be the gatekeeper? who decides what speech is permissible and what speech is not? have there been instances in your company's history where because of disagreement with content , you have shut down access to a website? >> typically, as part of that

review , the post would have to contain illegal materials or rise to the level of a direct callfor or a threat to violence or to take action . >> you obviously operate within the tech space . should social media companies in your judgment be neutral public forums? should they respect first amendment principles and allow as john stuart mill the cure quarterback speech to be more speech rather than a a priori censorship? >> my view shared by godaddy and other companies in our space that we want the internet to be as open and welcoming as possible or free expression and that is not the role of the platform to

judge content. on whether offensive or whether allow allowable. it should only beon those narrow cases . >> thank you very much senator. >> thank you to all of you and we have a judiciary hearing going on so i step down here and i want to thank you for your work . as many of you know i've worked because of my role on judiciary rules committee, i've worked hard on thisissue and i see this , what happened to us in the last election as a cyber attack and there are plenty of issues that were raised by my colleagues about the power grid and other things i want to focus on. i'll start with you mister chertoff. you mentioned the bill i have with senator langford, your elections would streamline information sharing between federal and state agency despite the outrage of our

owstate that were hacked and many of them didn't find out for a year and that way can't protect themselves because they don't know what other was going on in another state . a person is using our state are adequately prepared? we got the 380 million in the last budget agreement and what else should we be doing to protect our voting equipment? >> i think there's greater understanding how they have to engage and they have to engage with dhs.when i was at aspen a couple weeks ago, the word we got was that all the states to some degree are engaging now but to be honest, this is going to take a while to turn around. you've got anaging infrastructure in many places . in some instances they are not aware of how much they are connected to the internet. >> you also have dean state who have no paper ballot or a partial paperballot . >> right, and that's going to require changing protocol. so the short answer is we are

not where we need tobe and we're moving in the right direction. we want to press the accelerator on this. i don't know that were going to have this problem fixed by 2018 . i would bevery helpful but certainly we're going to have elections in 2020 and by then we should have had the problem fixed . so we got to step it up. >> what's microsoft's defending democracy initiative doing? >> it's a relatively new initiative working with a lot of different groups. both how people understand what the threats are a public forum we had in aspen, they indicated that they had identified candidates whose databases have been hacked. by raising awareness, sharing information about technical solutions and working both in terms of raising the game on infrastructure protection and more generally on information acquisitions, they're looking out to support all these

efforts . >> also on the political front, you know it wasn't just about elections but disrupting democracy. i was on the exact with senator mccain and warner. you agree important that we have unified standards across platforms? >> absolutely. it's crazy to say that we can require for television ads or newspaper ads not to do it for platforms and let me add one other thing. this is not just about elections. i think that we are seeing and will continue to see rushing to motivate people that have several disorder where they both groups on the right and left home to the same place and they tried to gin up violence. >> ganother issue and some of the platforms are saying we should just do candid add which is not the same standard for tv or newspaper and we see what they were

doing in energy issues and other things where they have financial interests and i think they've been overlooked because of the obvious focus on the 2016 election. doctor layton my last question here. over the last few years we've seen several information he disclosed. we are proud of our social media and internet companies in the us. they are incredibly innovative and a lot of smart people are working there but even mister zuckerberg's hearing has said we need to put some rules of the road in place. they don't have to be what your day . comment on the social media privacy protection and consumer rights that senator kennedy and i introduced to. >> i want to applaud you for your leadership and i think if anybody thinks i'm is not you've proven them wrong. you guys were turned something around and i'm grateful for that. i think in this hearing, this is exactly the steps that we need . in terms of, and this is a

conversation that would be wrong to say europe did this, what are you version, that's a mistake. this committee is going through the necessary steps digging in the input from all stakeholders. and i think my particular feedback today is the two important components we haven't included is the consumer education component as well as we need incentives for privacy enhancing technologies and that's why state harbor that would allow a company to innovate a new technology that wouldn't be punished for it because we know the first time you make a version of your product it may not work and so there's no kind of, we need a safe harbor for that innovation. i think your provision for that and i thank you i think ultimately we will witness through innovation, science and technology. >> and the rest of the questions i will do on the record. i'm out of time i did have

request request from our data localization and the problems that on the record and mister painter, i'm sure we'll have some sitequestions what have you very much . >> thank you senator klobuchar. i have a letter dated today to senator schatz and me from king, senior vice president of verisign incorporated i asked consent to place it in the record at this point. without objection, that will be done. we are told then that another distinguished member of the committee may be on his way. senator schatz, this is been an excellent hearing. >> perhaps we can filibuster or another moment or two.

of course, there are dozens of questionswe could ask . you know, doctor layton, are you speaking for aei or on your own behalf? >> thanks for giving me the opportunity to clarify. only shows that i do not represent the positions of aei or any other entity, i'm speaking my own capacity. soi also am a visiting researcher at alamo university in denmark. we the center that works on privacy and security of research so my work is, and i'm speaking from that center but it isinformed by the research we do . >> you are speaking today on behalf of this roundtable . i noticed that aei published an article just a few days ago with regard to the $5

billion suit against google. and it stated the eu's record for antitrust violations involving the android operating system is protectionism masquerading as consumerism. it strikes me that aei had a point there. >> aei doesn't make any official additions. we have many, over 200 scholars with different views . we have major debates within our organization, sometimes we have more anger against each other and people outside we did very disparate positions because we believe in the competition of ideas. >> very good. would anyone else like to comment on that?>> senator, thank you. i think from our perspective it shows what we are up against when it comes to the

eu's ability to impose fines on tech firms and whether that's coming from this particular distance involving a mobile operating system or whether it's a from something like gdpr, it's one of the reasons weare proceeding cautiously with regards to those regulations . >> you say that all is not well between government and the eu. the hearing will remain open for 10 weeks and during this time senators will be asked to submit any questions for hethe record. the witnesses are requested to submit their written answers to the committee as soon as possible . thank you all and this hearing is now adjourned. >>.

>>. [inaudible] [inaudible]

>>. [inaudible] tonight 9:15 eastern watch our profile interview larry kudlow, director of the economic council and senior economic advisor to president from. >> i have been a believer that under the right policies which provide economic opportunity and freedom and incentives, we can grow the american economy at least at

historic rate which since world war ii from more or less i was a 1952 the year 2000 we grew 3 and a half percent year. and i see no reason why we can't with proper policies. >> larry kudlow tonight at 9:15 easter on tran 21 or listen with the free radio c-span2. >> we cover the annual net roots nation progressive conference in our companion worked c-span today and our live coverage will continue tomorrow. see for congressman tim ryan, housing and urban development senator julian castro and congressional candidate alexandria ocasio cortez.

>> there are a lot of people who feel like i don't want my kid to read stories that are sad, disturbing, downbeat, whatever. that's not a totally illegitimate thing to say. i want to choose is apparent when my kid understands stuff that might bring degrees but there's also a certain point beyond which is like well, they are 14 now. when are you going to introduce them to the idea that not everything is perfect outside your all-white suburb? >> ..

the next the us chamber of commerce in washington dc posted a daylong forum on working investment in india in the asia-pacific region. you can watch the entire event at the speed .org just search us investments in asia but here's part of the program with the indian and singaporean ambassadors to the us. they are discussing energy issues. this is one hour. [inaudible conversations] [inaudible conversations] >> good afternoon everyone. that was a fascinating conversation