divorce, single parenting, hookup culture and sex in the city, are women more satisfied with their lives, and what about men? >> you can watch this and other programs online at booktv.org. ..

on august 21st, university of california president janet napolitano, homeland security conversation with disaster expert lucy jones on reducing personal risks from earthquakes, fires and other environmental threats, that should be an interesting program. on august 30th, steve israel will be here to talk about guns, politics and the future to have democratic party, that program will also be moderated to distinguished moderator, who as you may know former congressional representative secretary of state for arms control security and member of board of governors. on september 5th, he's always interesting, if you're not a member, this is a great time to join, you are enjoying the new

building? we do too. we feel lucky to be here. if you join you'll be the first to know when we have guests like white house and josé andres. he will save you money on great memberships and if you want to talk to him he will tell you details about joining the common wealth club, finally, question cards on your seats for our distinguished speaker tonight and collected during the program and brought to moderator and want to remind you copies of book are on sale in the lobby outside the room and please today sign them right after the program, we also want to mention the common wealth club is nonprofit organization. without any further due please

give a warm commonwealth club welcome. >> thank you. [applause] >> good evening and welcome to the commonwealth club. i'm ellen tauscher, former control of international security, i'm moderator for tonight's program. it's not my pleasure to introduce tonight's guest, the honorable michael chertoff, aughter of really terrific new book, exploding data, reclaiming our cyber security in digital age and secretary of the u.s. department of homeland from 2005

to 2009 mike led in blocking would-be terrorists, currently as cofounder and executive chairman of the chertoff provides strategic counsel to corporate and government leaders on broad range of security issues, today we will discuss secretary chertoff's belief that growth of internet made greatest threats not physical but digital. please welcome secretary chertoff. [applause] >> thank you. i want to say when i is that -- gavel, i was like wow, i haven't had a gavel since i use to bed

in court. >> i used to be when nancy was the speaker and it's five times, the secret is you don't bang the gavel, you go like this. so only effective if you have the look that my mother taught me which can make lots wife turn into pillar salt. i was interested not because the older that we all live in. is the data safe, is facebook really building communities or are they just selling your data as you know they have the largest stock decline and i approach the book and and

wondered, you know, this is really one of the technical, sometimes ponderous kinds of subjects, you have done a great of weaving in stories so people can understand what exactly is happening and why this is such an important subject. so i dogeared a bunch of pages. why don't you talk about how you organize this so people can approach it and i hope everybody is going to take this home and spend time with it. >> thank you. i was trying in part to describe the fact that the technology is outstrips the architecture of our laws and policies and as i

thought about it i thought when this happened before and i went back to the founding of the country and back before that to england back in the last millennium when we first began right to have privacy, it was all about property, it was about every person's home and all discussion about right to private of who can come and that's what i call 1.0, we write things down on paper. that was basically it. then in 19th century you wound up with photography and so for the first time generating data not face to face or in handwriting or typing and needless to say as soon as those technologies became widespread issues came up about whether government could get them and

make use of them so, for example, in photography there's famous of folding box company where a young woman her boyfriend took picture and without consent gave it to flour milling company and she got upset and pseudoand argument was invadeed her privacy and go back to 1.0. no one invaded your house, you agreed to the photograph being taken and you're not being defamed so it's not liable so you don't have any claim but eventually what the court said, you know, it's something about using image for commercial purposes that is something you ought to have right to control and so they created a right

against misappropriation. one other example is wiretapping, unless you penetrated the home or the premises that you were wiretapping so it was a technical trespass, you don't have any privacy right, conversation intercepted outside but eventually the court said, you know, we are missing something here, there's so much being done on the telephone now, we need the change the way we protect this so i layed these out, that the law does change but often requires a tipping point where finally the courts or congress or both say, you know, we have to go back to drawing board and understand what it is we are really trying to protect. >> so i think that that's a very interesting analogy to how to think about this but talk about angry birds. angry birds is now reaching

through data 3.0? >> correct. as we engage with any kind of app it is now often in a very kind of opaque fashion collecting data about where we are going to visit sites, other things that we are doing with device, are we using same device to play a game or use an app and we are not always aware of what they are doing or if they do make it to whereby writing a 60 page disclosure statement to make sure house-buying contract is a comic book you're not going to read it. a more challenging issue with respect to some applications, you don't really have a choice because effectively they are a monopoly and if you want to participate you surrender data and it's also an issue that we

talk about in the book that we have to come to grips with. >> so the other thing that you highlight that stops people to think and i think most of us know about moore's law and everybody will move into that space and two more years later and you said that the interesting part about this is people don't understand that there is a simultaneous growth storage capacity, so the idea that everything you do lives on forever really, i think, people don't understand that. >> and there were two developments, actually three developments that transformed the way people think about even how they are publicly generated data is used, what storage

capacity, in the old days, let's say you did something in public, people could take a photograph or whatever, in the end it would get lost or wasn't the ability to make a lot of use out of it. that's changed because of storage but there's a second development, storage would be worthless if you can't analyzed what you stored. it's like movie invaders of -- raiders of the lost arc, in the end they take the arc and put it in big government warehouse, 10,000 boxes and you know it'll never be seen again and allows you to make use of stored data so it doesn't get lost, it can get operationalized and the third thing is cloud, related thing about selling data, you might think that if single individuals record you, takes a photograph and you go to store and use your loyalty card and

buy groceries, yeah, there's data being collect bud it's all actually n separate buckets, what you're not necessarily focused on if it's all up loaded to the cloud, the cloud provider may very well have ability to scan all the data and identify things about you or it can be sold to data broker who will go out and harvest different sources or data about you, all of a sudden, this indefinitely stored and analyzed data from all these different collection devices get merged together and now they became available for analytical purpose for whoever bias and i think that's what takes even what goes on in public and makes it very different now than it would have been say 30 years ago when season public work exposed but they have a short shelf life and their ability to be used was

limited by time and space. >> and that brings us to something that's really supporterred me and i'm sure many people, it's not only data analytics of being able to aggregate a bunch of data and analyze it and keep it forever, it's the webinizing of data. we have the ability to use very fast computers, to be able to look at someone who has been injured within hours and decide what to do for something that, you know, even just a few years they perhaps couldn't be helped because by the time the information went through the computer they were either too far gone or couldn't be helped. so there's a lot of good things about data but at the same time there's the whole now

weaponization. you talk about news, talk about that. >> we had discussion about what used to be quote information operation or active measures by the russians or other countries as well as that use variations of this and this is the use of media in order to propagate stories that are exaggerated or false or one side in order to drive behavior, social discord and even hatred, now, i have to say in preface this idea is not new, if you go backs 00 years to the common turn when soviet union existed, they had propaganda machine, they were not particularly skilled but the idea of using propaganda or trying to persuade people or

manipulate them is not new idea, here is what has changed and target susceptible groups in a very efficient ways, it's often difficult to know who is actually conveying the media, one of the issues is people mascaraing as your friend when they are pretending to be american when they are russians, the internet association in russia pretending that they are acting like individuals, an element of pretense and fraud about who is communicating, we have to be careful with this because i believe in the first amendment and i think that the fact that something is untrue doesn't mean that you can ban

it. at minimum as i say in the book, i think you can certainly require people to identify themselves honestly, indicate if it's a foreign government or foreign power, perhaps they can be required to identify themselves or maybe even be restricted because they can't affect our elections and you may be able to do other things that signal that there's something funny about the source but i also have to say in the end, ellen, it's on us to pay attention, many people with attitude i just want to hear what makes me feel good about what i believe and i don't care. there's an educational process within that's part of response to this. >> great. >> we have a question from someone in the audience, what do you believe data 4.0 will be and in connection with terms of service, what do you think about the ability to skip reading the terms or should there be something more about opt-in

versus opt-out? >> great question, 4.0 is hard to know exactly what it can be, i suspect it may be a couple of the following things, artificial intelligence, the use of machinery and machine speed to use to accelerate which is being done now and make it more precise and perhaps predictive and no matter learning what you have done or acting on what you are doing to do. and another reason what i've heard is deep fakes, video and audio and fabricate what appear to be accurate and convincing audio and video clips that are totally fabricated so that you become almost unable to trust what you see in our own eyes because people are manipulating, and the ability to protect

privacy and freedom by holding your data to yourself is not really going to be there anymore. just as with the telephones, you can no longer have conversations behind closed doors, i think it comes about controlling the data even after it's been collected by someone, what is your right to say, yes or no to the use of a -- of your data for other purposes and that's why your opinions in california, they just passed the law that basically say you have a right to require that before someone uses data you get asked to consent or not and i think that is what where we will have to go. one of the challenges it has to be real consent, it means you have to be told in plain language what they're going to do, not 60 pages of stuff and you have to have a real choice so if you have a what is effective monopoly, they should at least give you the option of participating maybe by paying a

fee but not necessarily having to give up your data so that you're not given the choice of either being shut out of something entirely or having to give your data over for whatever purpose someone wants to use it. >> now, i think everybody wants to support local stores and people retail, but i think most of us use amazon a lot. i have family all over the country. it's easy to send gifts and send things, they foe more about me thanked i want them to know, that's the benign part of this, that's the good side of it but there's a lot of other things obviously that people worry about, you talk about in the book, you talk about new laws that you think should be promulgated that can help lock some of -- block some of the scene -- scenarios and protect

themselves. >> i'm not totally off the grid, i don't use social media. for example, you row -- routinely get asked to use data, if i'm using google maps or gpsi give them my location because otherwise it doesn't work, most of the part no, i also to be honest i'm mindful of what i search online and if i'm i'm gog to use my device, one thing that do i to mix it up the algorithm i like crossword puzzles, i want to say to the machine if you can figure out what this means, good

luck. [laughter] >> speaking of the grid, with the grid at huge risk, why does the power system have to be connected to the internet and maybe you can talk a little about data. >> we know for some time that systems that operate in the world are vulnerable, there were cases in the ukraine in the last few years during christmas that the lights went out for several hundred thousand people because the russians hacked in control systems and either resulted to cause engineers to shut down or interfered with the operation of the system and that issue of industrial control system security is core of the kind of biggest concern people have about literally cyber warfare or cyber-attacks. the short answer is, a lot of this stuff should not be connected to the internet but, for example, many of you will have in your house a thermostat you can remotely adjust when

you're outside the house, that's over the internet and you can understand there are engineers particularly with dealing with a wide system where there are different elements in the pipeline, they don't necessarily want to visit each one and see where everything is okay. the other problem is this, often people think they are disconnected but there's some part of the system that is connected that is the door to everything else, some years ago the chamber of commerce in washington got hacked because although they had a good security system they had remote connection to a thermostat in another building and that became the entry point for foreign nation to kind of get into their data system and when we think about the internet of things, that's going to be a big issue because many of these, quote, smart things really don't have any security. they don't -- they default password like 1, 2, 3 or no

capacity to update or patch so the kinds of ransom ware things that we saw recently can target them and becomes problem to everything connected. >> yeah, this is another take at news piece. how distribution system without infringing on the first amendment rights. >> that's exactly right. you can't control fake news content without censoring and there are many people who want to do, the number one to sign up would be putin because russians believe that cyber warfare includes information they don't want to have citizens read so i'm very first amendment fundamentalist on issue. what i say on the book, there's things you can do without infringing first amendment.

i don't pretend to be ellen and go to her friends. i think if you're a foreign government you want to take out or advocate an election, we have laws that have been upheld that prohibit foreigners from making contributions. so i think you can do a lot about identifying the source of something and also preventing the use of large-scale to artificially affect the search engine of particular things on a platform because, again, there's no first amendment right to promote your story by misleading or by generating something robots. but when you get into content with specific exceptions, we generally in this country say the right answer to false content, unless it's defamatory or fraudulent is to have more speech.

in europe to be honest they tend to go the other direction, now there's a move in europe to go in and say that certain kind of speech ought to be outallowed, hate speech, what they call, fake news, i don't know where you draw the line there and one thing in our country we are skeptical about letting government have that kind of power and also create a problem for platforms that are global because if you get punished for putting a story that germans don't like online, it could wind up in americans and not being able to read the story which infringes our right, it's a challenging area which is one of the reasons i highlighted it. >> there's another great question, we often speak a lot about educating the public about cybersecurity, is the nature of the problem more information or the incentive of individuals and corporations to do what's right? >> you need both. i think on the security side,

frankly some of the worst hacks have been because somebody clicked on a link that turned out to have malware and often people don't understand how you -- at least make a reasonable effort to assess whether something is real or not. i think in the security area as well institutions have to be incentivized to secure themselves, that particularly gets done through the legal system one way or the other either law or regulation like we have, for example, with personal identifiable information or people get sued like the tort system. i think on the fake news piece that's going -- a lot of it will be educational process, teaching people how to evaluate things and it starts in grade school. i remember when i was a kid television was relatively new and, you know, there was a little bit about worry like now they have the commercials, is

everyone going to believe what's on the commercials is true and, you know, eventually your parents will tell you when you're little, don't believe that a lot of that stuff is nonsense, you will not grow when you eat wonder bread. >> it was a lie? >> exactly. you get a sandwich. we have to start the educational process. >> so this is another tough question, how did we not see this coming? and what were the barriers to our not seeing it coming and since we didn't, what might we see in retrospect to get ourselves ready for the next thing? >> that could be a whole separate book. let me say this, i do think you have early warning about this but for a long time i think there are a couple of things

that tend to have people overt eyes from the challenges, one is i think find new technologies and people were excited about being able to use them and also there was a little bit of a sense that silicon valley and the tech community were the glamor children, it was innovation, it was disruption, by the way, when i grew up disruption, you got sent to the principal but i know here disruption is a positive thing. there was a little bit of we do good, so we are good, you don't have to worry about us because we want to make the world better between that and excitement of playing with new things i think that we were slow to real some of the problems and that's not unique to technology, the hardest thing you need to know, the next thing that will happen, i think the good news is to come back to where you talk about with 4.0 on issues like artificial intelligence, face recognition, you know, other

things that might be the new technological advances, you're starting to get people asking questions earlier well, what should the limits be and i said in austin with folks, the engineers who do work on this and interestingly they had, humanists and novelists into their program because they said we need to start teaching engineers about the humanities and philosophy, how we need to teach humanity and philosophy professors about engineering and that's, much has happened when the nuclear age dawned, you have to make sure that when you develop new technologies you're not so excited by the bright shinia object where you don't start to say where can this wind up. >> that's great, traditional secular governments have left

basic behavioral values to religion in today's globalized world should promoting civil peace values, education be seen as a duty of government since civil society? >> well, you know, i think we've actually -- as i grew up, we actually did have civic focus on american values. the values of first amendment, fourth amendment, roll attendance, we didn't always honor them in execution but i think i remember it was part of civic and people still invoke the constitution and may not always understand what it says but invoked as iconic symbol of what america is. in fact, one of the great things about the country has been for the most part that when people do come in as immigrants or new

americans unlike people in europe you're not french if you haven't been there for generations, we don't measure you being an american based on longevity or willingness to embrace and be faithful to the constitution and american values i remember when i used to swear people in, i would say you're much as american as i am or the guy who is great, great grandparent that came off the may flower. >> almost if you think about it, there's so much about the world today, you think of terms like weponized and you think of another term who we see a lot of tribalism, my dad passed away a few years ago but he wouldn't

want -- watch anything as msnbc, he wanted to have people reinforce what he knew. she was reliable, but there's a way of knitting people and the way people have moved around, the hope haste of things, how do we get ourselves back to the sense of signing up to some simple premises and some simple ideals and reinforce with our children including welcoming diversity. >> i have a couple of thoughts

about it. some of this is actually what europeans call awkward but it's about pushing decision-making and government down to lowest level that you can comfortably make a decision in. so obviously with national security that's a federal issue but if you get into towns and states generally you get a lot less of this kind of dysfunctionalty because, you know, when you're on the local school board you have to look your parents in the grocery store and if you're not delivering, you will hear about it. reinvigorating localism and federalism not in a negative way but a way of creating stronger bonds, i think, is important as well, of course, that also means we lost some of the community organizations we used to have whether religious or not is that boeing along phenomena which

contributed, oddly the internet form and communicating with other parts of the world and was there for a lot of people and they can communicate with anybody and gravitate to people what they believe and becomes enforcing loop which actually embeds people even more firmly into their own prejudices. i think -- one of the things maybe something that was lost and we eliminated national service was the idea that you would go in and spend a couple years with people who were a lot different than you and worked for common effort and one thing i wished i talked to people about and there's a generation

of young folks, not that young, 30's or 40's who served in the military, went after 9/11 and they are now beginning to talk about getting involved in the political process and i i say amen to that. they worked with people from a wide variety of different backgrounds, they worked with people when they were in afghanistan, locals who they worked with, they understand them as human beings and patriotic and they seen the world and i'm hopeful that there's a generation rising that will have immunity against some of these attitude. >> yeah, i always believe when i was in congress that community service, we had to broaden the description of it and it was a lifetime opportunity not just to military service, it's wonderful but could be reading to children, many, many different things, it could be local, it

could be obviously the peace corps but, you know, there should be a sense of obligation and a sense that sometime in your life no matter whether you are young and you have the time or maybe you don't have the time until you're old like me where you can do things that are really going to get back to your community, everyone should want that and want communities to thrive and i think we've become more than we really should. let's talk about propaganda and data manipulation in the election. what do you think we have to be looking out for in november election which is 14 weeks away? >> yeah. so i do think as director of national intelligence said that russians will attempt to affect

elections, they have to figure out maybe stolen analytics maybe the 30, 40 key races are and you can see several states, there can be some attempt to interfere with the actual mechanics of the election. i think actually rather tough to change votes but you could do things like make it difficult to determine who is register and who is not registered. in some years back in ukraine they tried to hack into a media outlet in order to get a report of the reports, they knew in tend there would be accurate count but they thought this would create confusion. i think the more likely issues are efforts to use undermine turnout and undermine confidence in the result but doing things that either interfere with the ability, people to get to polls, maybe knock the power out or do something to kind of mess up the mechanics of the voting system but more than that, just intensification of the fake news

stuff and the effort to drive social division, and by the way, it's not just election time, i mean, they have attempt today -- attempted to ferment right wing groups and left-wing groups and interfere with police response by hacking into their ability to communicate and things like this. i to think we need to be mind mindful they did embed groups to generate violence but again not scalable and rather crude but if you elect americans, you know it's not new. the scale is much greater.

>> even national elections are run on county level and it is a disaster depending on who had the money and who didn't care, you have this and that and even inside of counties you've got in different communities different ways of voting. in the west, oregon completely voted by mail now, increasingly in the bay area most people vote by mail so the idea of getting challenged when you go to vote physically doesn't happen but there's a lot of people that worry about going to the polls and getting a provisional ballot because somebody says will mary sunshine, i have never seen you before, i don't think you really live here, here is a provisional ballot and they get pushed to the side, can you talk, mike, shouldn't we be doing something like now, shouldn't we have been doing somebody months after the election in '16 to get some

sense people like you that are out of government, smart people to do a commission to say, this is the best system we should have, let's go do it? >> i do think now the department of homeland security is focused on the issue although initially a lot of states and counties reluctant to get the federal government involved i believe now that we are told that all the states to some degree are now engaging on cybersecurity i should mention that i'm cochairing with former secretary of nato on election integrity which will try to bring best practices as well as awareness of some of the threats not just to the u.s. but to all of our allies in north america and -- and in europe. so the reason work being done with this, but i will be honest and say we are not where we need to be but at least we are moving in the right direction. >> i think some of you might have seen before you came in

this evening that claire mccaskill's had been hacked today, even if you look back at summer of '16, i don't know if i can do that without crying, if you look back and you hear, you know, a lot of the things that were happening about john podesta's emails and dnc's emails and hillary's emails, those emails, you -- you realize that it wasn't the emails, it was what was on those emails, it was the data analytics of the campaign, it was her schedule, it was the polling data, so it wasn't, you know, are you coming to lunch or, you know, where are you going to be on tuesday, this was really important information that was apparently sent around

and used by the perhaps the trump campaign, we will find out eventually but what do you think you see coming up and what do we do because things tend to happen within the last two weeks of campaign when it's too late to react, people can't get themselves organized to even understand what happened and then explain it, what do you think people should be doing? >> they used to call the october surprise problem, it's not limited to online problem. remember back when ben carter was running and iranians held hostages because they wanted to basically, i don't think they wanted reagan, if they did they made a big mistake, he was not good for them, they didn't like carter and he was going to affect the election, this goes not just online, so obviously we want to do the best we can to make sure there's no actual interference with the

registration process and things like that and you want -- you can identify foreign efforts to promote full stories or things of that sort, you want to prevent that, but i also can imagine other things, for example, imagine on the eve of the election in a particular area, the russians ferment a civil disturbance and wind up doing something to interfere where the ability to respond, you know, that could have effect on the election, could affect people's morale and as you have been in elected office, turnout becomes a big issue, not only the question i'm going to change your vote, but you can make people not go and that has an effect, so i would watch for those things if i was an election official i would be on my guard for the last-minute thing that either disrupt it is ability to go to polls or even creates a disturbance of some

kind and, you know, doesn't have to be foreigners, you can get americans to do this as well because everybody has to learn game. >> this is a good question, how can we use data to prevent gerrymandering, we have to use data to draw a new congressional lines and the year of decade we do census and then in one year we, the first year of the decade we reorganize the congress to amoddate moves of populations and 435 members of the house, so we look at where people have moved, they've analyzed the census data, they figure out and they subtract seats from states, mostly northern, more industrial states and they add them to mostly southern, western states and then they redistrict them and draw the lines to accommodate the influx of population. so that's how you use data to do

redistricting, gerrymandering is another issue and you know, what do you think about -- >> i actually -- unfortunately the analytics makes it easier to gerrymandering, you see the pictures of weird districts -- >> snakes. >> animals from outer pace, now you can really get down block by block to see how where people are disposed to vote and you could draw districts so you take, you know, most of your people from the other party and shove them in one district and then the other districts, you know, you have more favorable to your party so i actually think there's a bigger problem, the solution turns out not to be data but i think there's got to be a formula for drawing districts based on geography rather than population and what i think they have in california is have an independent commission as opposed to where

political parties get involved. >> it's part of national case law, communities of interest and people move for lots of reasons, they move for jobs, they move to be closer to family but people also tend to move because they find the people in a certain place to be like them. and is it's not surprising, if you look at a map, if you look at a color map, red and blue, it is not pixelated, people tend to go to place where is people are like them and it's interesting but, you know, it's important that -- i think we have done a good job in california with our commission actually to be on the commission to draw districts you actually have to know almost nothing about politics, that's a good thing because you're not trying to influence one party or the other but i think it's

improved our situation a little bit but still not as good in the rest of the country, we may have it right here in california but we have 53 seats, you need to have 218 to pass something. we need to rest of the country to cooperate a little bit and do something like we are doing. how do you feel about big data and health care and is optimizing data efficiency the right thing to be done or authorize unauthorized breach or commercialization of private data? >> i think it's an area with pluses or minuses, there are things that can be done with health care with monitoring, with remote ability to help treat people over distance rapidly, there was someone telling me about the ability to have someone when they are picked up in balance, have someone do something, preliminary operating because

you have somebody remotely controlling robot arm using their hand to basically correspond to the robot arm, that's all good, and so therefore health data does have restrictions that require both keeping privacy, analysts are securing data, that's a good thing, i think there's two risks you have to watch, one is you have to continually upgrade your security if you're holding the data and make sure you're not slipping and that's why you want to keep it separated and have the fire wall that and let's say the business data but the other problem is what happens when your insurer decide not to just look at health data but want to look at other things and there was a story in the paper the other day about some insurers who are now looking at what kind of clothing you buy because if you start to buy a larger size of clothing they think you are

becoming overweight and ought to raise your rates, i mean, that's pretty scary, imagine all of the other things, another thing they look at if you change your name maybe you're getting married or divorce and that could lead to stress and therefore that should affect your rates and what i kind of main nightmare i present in the book is the idea that everything you do can result in some either reward or punishment and the chinese are actually working on this with a social credit score, if you have like credit karma, they'll tell you what the credit score is to get a loan, this would be looking at everything that you do, who your friends are, what you're looking at online, your behavior day-to-day and determine if you're a good citizen or a bad citizen and if you're a good citizen that's a better job, better education, better place to live and if you're a bad citizen, less of that, that's what i worry about, that's when you start to lose your freedom and that's what i think the next

battleground is. >> so this person says since we can't trust trump to protect us against cybersecurity, what are we doing to help and what is the top priority and thanks for protecting us. >> well, thank you. i do think the departments are really trying to work in area of cybersecurity. you saw the fbi didn't do the investigation and indictment of russians and if you read the indictments they are quite detail, obviously a lot of work went into investigating that. the department of homeland security is working on bringing the private sector in closer to help them manage cybersecurity and get more visibility to what the threats are and i think that's a good thing too. and i think actually some of the agencies are also looking at making sure we do a better job of securing our supply chain, there's a controversy arising now because some of the chips that are made in other parts of

the world may have back doors in them and you don't want to put them in critical infrastructure. but this is a game where the private-sector has the major role because most of assets are in private hands and so the private sector has to invest, has to ask critical questions about who their suppliers are and who is doing their -- engaging on their network and train their people not to do kinds of things that often result in downloading malicious tools into network. >> so globalization and trade are constantly being talked about these days and in many ways they are used to and the truth is that lots of people are hurt in the workplace by globalization, by jobs moving offshore, but trade is interesting because we have 4%

of the world's population, we need access to the other 96 in order to sell our goods, we actually didn't have a lot of tariffs until recently. tariff is a tax, by the way, and so what -- what do we do about the data issues about this and what about companies like zte where we have real concerns about who they are, what they're doing and the trapped door issues? >> so we first of all on the technical side, the u.s. has done very well on the tech revolution to the point that actually a lot of countries sometimes use their privacy laws a little bit to handicap america companies where they drive towards data localization, requirements that you hold the data on country which is fragmenting the global reach of

american companies. so there is -- i mean, we have definitely done well out of the global reach of data and to be honest you do have to have a globally more or less seemless set of rules because if you have a lot of fragments rules you don't have an internet, you have many internets, so i do think we benefit from that. we do need to, however, recognize that countries do have an interest in protecting citizens and i think part of what what we are talking about, democratic countries, how do we synchronize a way to have a kind of a common picture of what the rules are that govern data and -- and what the rules of the road ought to be so we don't wind up with conflicting situations in terms of how we -- we manage the data. so i think that that's going to continue to be a big a thing, now, i don't believe in tariffs.

and i think on balance free trade is good for the country although it doesn't always evenly spread winners and losers and we need to consider how to compensate for that but there's an area where the administration has been correct. the chinese in particular have been adamant about trying to get intellectual property. >> they steal it. >> they steal it online, spyies. >> espionage. >> espionage, a report from counterintelligence folks and there you have to worry about chinese companies buying the technology either directly or by acquiring companies or by getting into that supply chain as we talked about so, you know, we need to make it clear to the chinese if they're not willing to let commerce work without

interfering with it that that is going to become a handicap for them and they will pay a price in terms of people's willingness to trust systems that. >> they will have to play by the rules. >> that's correct. >> do you have an opinion, this is more of elaboration of things that we have been talking about, do you have an opinion where internet should be regulated and if so who would be responsible for regulation, the government as in law enforcement of the laws or web provider like google, what do you think and can you talk a little bit of gdpr, the use data privacy? >> to become with ggpr, effort to do what i suggest, control the data even after it's been collected and it's a little bureaucratic in the way they implement it but basic concept makes sense before someone can use data for purpose other than that which is the obvious reason

you turned it over they have to get permission and has to be in plain language. i've even gotten notices, if you want to keep pushing our wonderful marketing material, please click here. that's part of where we need to head, given people more control over data, that might mean by the way that to get a service you'll have to pay for it and that's fair but you have to pay for newspaper behind pay wall but at least that gives you a choice in terms of what you do. i am as i said earlier not a fan of content regulation except for narrow issues like defamatory material involving children it's a separate category and i'm not a fan precisely because who will do the regulating, i wouldn't want to see the government regulate, the censorship and that strikes directly at the heart of our constitution. you know, the private sector i

would give a little more leeway to although again when you have a dominant organization that can become pretty inhibiting, you don't want to have basically the power to control discourse in private sector hands so i would be careful, again, to itly in my view okay to be dealing with artificial efforts to drive certain stories or impersonating people or doing things to kind of make it easier to get a certain kind of story and another story which you're manipulating algorithms, i'm putting on board to putting that off limits. in terms of actual content than narrow issues i talk about, i honor the first amendment. you get into close cases line incitement, that's not protected by first amendment. you can stop that. i would worry about a message

that said go pick up a gun and kill somebody, i think you can ban. i think you can ban recruitment for terrorism, i think you can ban inciting people or, you know, for terrorism. when you get into instructing people you get into a little bit more of a grayish area, depending on how definitive it is. but i would go cautiously in content regulation. .. ..

>> i talk about a couple of court indications, jones and riley. something was placed on a car and they basically used it to surveil the individual in the car, like dish think it was 30 days, 24/7. and they didn't have a warrant because their argument was this is public. you're out in public, don't have a fourth amendment protection. the court actually said, no, in this case the volume of surveillance is so qualitatively different from when constitution was framed and you have to send

people around to follow somebody and they said this point you need the fourth amendment. a couple of justices said, it's not -- the court kind of went off on the idea that you put something on the car, so that was a trespass. but some of the justices said, and not just liberal justices -- we ought to say as a general principle whether it's video cameras or things on cars, there's a limit to how much you can collect even in public. in another case there was a -- an end disif you're arrested they can do a search incident to arrest. pat you down for weapons and seize evidence. they seized the phone and they basically got into the phone, and the court said you needed a warrant to get into the phone because there's so much data on the phone that it's not like what you would have searched if you found a piece of paper in someone's pock. it's like they're whole life and that requires a warrant. just about a month ago in carpenter, the supreme court debt with the issue of

subpoenaing locational data from your cellphone in the hands of the service provider, and the rule has always been that if data in the hands of a third party, like a bank, you don't have a right to prevent the bank from turning it over in response to a subpoena. they don't need a warrant. here the court said, no, there's so much locational data, we're going to say that it goes beyond what we would normally think is a reasonable expectation so we're going to require a warrant. actually justice gorsuch, who dissented from the result, made an interesting point, which is he focused on the fact that even when someone has your data, it doesn't mean you lose all your right to it. you still have some interest that ought to be protected. in this case he didn't apply it, but it suggest tuesday me that the justices -- not just the so-called liberal ones -- are think can about issues now in terms of the new technology, and

i think that's a good thing. >> so this person asks an interesting question, and i'm just going to change it just a little because i think it dovetails with what you're taking about, mike. its personal data the future currency? should citizens be able to monetize their own data and how would the government regulate that transaction, what if we help people understand that their data is an asset and should have -- maybe not a monetized value but should have a value to everyone and needs to be protected like things that are important. >> that's exactly right. i heard people describe your personal data as either the new oil or the new gold, but its clearly the enormous value to a lot of people. valuable to marketers and valuable to people who are politicians, people who are providing health care who want to assess trends in what is going on with respect to potential health problems. it can be valuable in

determining outbreaksbreaks or contagions, so there is real value to it. i'm not recommending people sell it but they should treat it as an asset that is everybody bit as significant at your house or your bank account, and i think that's part of the process we have to be educating people about. >> how do we put together an education campaign for people to understand that, starting with little kids, it's always easier to make little kids understand things but how do we get people to understand how to calibrate that so that it actually is operational for them? >> i think you start with little kids and i also think this is part of what we ought to be writing out and speaking about. the reason i wrote the book was to get people to think about this and understand that their data is valuable, it's been collected and uses in ways they may not understand and they need to both take responsibility for their own decisions but also let's talk to our legislators. obviously people in sacramento here paid attention. and i think you could get other

states. -- one of the beauties of the federal system is, you can actually do things at the state level and even if congress is gridlocked, a lot of states are not, and once you get the ball rolling with that, that's going to have an effect across the entire country. >> an early adopting state like california where we have made history and broken the mold and done things for ourselves we could be an early adopter. >> you are actually with renegotiate the issue of giving notification before dat is used and california and other states can be early adopters. >> we have three minutes left but i'm going to ask a long question that will good goh into our closing, at the end of the book you talk about five specific frameworks for new laws and rules that can block these problems. can you quickly go through them and kind of give people a sense of what they should be advocating for? >> i think we talked about some of this, talked about the need

have control over your data. i think -- you have to go through the five -- >> oh, okay. >> i'll answer each one. >> so, you have the first is to protect against attacks on our physical security by bad actors. two is -- >> that's means really imbedding standards about cyber security and creating legal incentives that reward people who secure they're data, and also people who don't secure their data wind up getting held liable. >> a subset of that is we have become enorm lousily defensive, our grid and other parts of our economy, and our data have become enormously defense simple. bigger walls, tougher ways of doing things, two kinds of verification, three kinds. when does it change to offensive? >> well, we do do offensive thing. one other recommendation i make is, let's not try this at home. the government has a role to

play with offensive cyber activity, but having the private sector do it is a great way to start a war or to damage innocent people. so, other than unrestrict supervision by the government for certain contract are would be very much against the idea that we take matters into our own hands. >> third ex-avoid fragmentation of the internet. >> we need to harman iowa our rules with our allies because otherwise you wind up with a lot of different internets. recognize china and russia are going to have a different set of rule and may wind up going in their own direction but will pay a price. >> fourth us the law must involve control the use of private parties can make of individual data. >> that's what we have been talk us about for most of the session. >> fifth is the law most innocent vice private parties to co will be brate with government and protect against shared

vulnerability. >> an area where there's an issue of the vulnerable equity process. there's got be a way to share that so we can correct the problem quickly, before it gets out and bad guys use it. that means you have to have a trusted relationship where when the government finds something, they share it with the private sector so the private sector can protect all of us. >> well, i want to their mike chert staff for being here, former secretary of homeland security and author of the new book "exploding data: reclaiming cyber security in the digital age" and i want to thank everyone being here and everyone listening to us on the radio, internet, and television. we copies of secretary chertoff's books for sale and he would be pleased to sign the books outside the room immediately physicalling the program. i'm ellen tauscher and now this meet offering the commonwealth

club, the place where you are in the know, is adjourned. [applause] [inaudible conversations] >> you're watching booktv on c-span2, television for serious readers. hires tonight's primetime lineup. at 7:00 p.m. eastern, naval historians recalls the 19th 19th century american seaman and merchants who competed for profits in the tea and opium trades. following that at 7:45, conservation biologist hasn't send explain this evolution of bees and their relationship to humans. then on book of the's "after

words" at 9'm. lieutenant colonel discusses gender bias in the military. she is interviewed by military times reporter, todd south. at 10:00, it's marian wolf study on hour our brains process reading print versus digital mediums. and we wrap up our primetime programming at 11:00 p.m. eastern with keith o'brien's recounted of a group of female pilots who made aviation history. tonight on booktv on c-span2, television for serious readers. a reminder that this weekend's full schedule is available on the web site, booktv.org. [applause] >> thank you for coming. recognizing some people in the room but first i want to ask you, is there anyone here who doesn't know anything about the indianapolis story? s