follow us at book tv for behind-the-scenes pictures and videos from book festivals and events all over the country as we celebrate 20 years of nonfiction authors and books, we want to hear from you. post your favorite book tv moments from the last 20 years by using that hashtag #booktv20. >>. [inaudible conversation] good evening everybody. we've got to try one moretime . good evening everybody. that's the energy we saw when you came in. my name is george, i'm the program director at the commonwealthclub and thank you for coming to an interesting program tonight with michael chertoff . we're going to learn a lot, a

lot of questions tosubmit. before we begin, take a moment, turn off your cell phones, any other noisemaking devices . while you're doing that, let me tell you about other upcoming programs. on august 21 university of california president janet napolitano, also director of homeland security will be in conversation with lucy jones on reducing our risk from earthquakes, fires and other environmental threats, it should be an interesting program. on august 30, steveisrael will be here to talk about guns, politics and the future of the democratic party . that will also be moderated by tonight's distinguished moderator, ellen tauscher who is a professional congressional representative for arms control and national security and a member of the commonwealth or of governors and on september fifth, steven pinker will be with us to talk about science, reason and humanism.if you're not

a member, this is a great time to join. are you all enjoying our new building? we do too. we feel lucky to be here. it's a great time to see events in our new building and plenty coming up. if you join, you'll be the first to know when we have guests like april ryan coming in the fall and noted celebrity chef josc andrea among others. in the back we have our own billy dean, raise your hand. he won't talk about moneyball but he will serve you money on great memberships and he will tell you all the details about joining the commonwealth club. finally let me tell you there are question cards on your seats for our distinguished

figure, they will be collected and brought to our moderator. we want to remind everyone that copies of secretary chertoff's book are in the lobby outside this room and he will be pleased to sign them after the program. we want to mention the commonwealth club is a nonpartisan organization and we ask our speakers be allowed to make their remarks without interruption and now please give a warm commonwealth welcome to alan chertoff and ellen tauscher. [applause] >> good evening and welcome to the commonwealth club. i am ellen tauscher, farmer under secretary of state for international security, former member of congress and member of the commonwealth club word of governors. and i'm your moderator for tonight's program. it's now my pleasure to introduce tonight's guest, the honorable michael chertoff, former secretary of homeland security under george w. bush and author of the terrific new book ,

"exploding data", claiming our cyber security in the digital age. as director from 2005 to 2009, mike chertoff led the country in blocking would be terrorists.before heading up the department of homeland security, secretary chertoff served as federal judge in the court of appeals for the third circuit. currently as cofounder and executivechairman of the chertoff group he provides high-level strategic counsel to corporate and government leaders on a broad range of security issues. today, we will discuss secretary chertoff's belief that the growth of the internet has made our greatest threats not physical but digital. please welcome secretary chertoff . [applause] >> thank you and i want to say when i saw the gavel i-4 wow, i haven't hadone that close since i was a judge . felt like banging it over there.

then i realized when you're on the court of appeals, you don't actually use that. >> i used to use a gavelwhen i presided over thehouse when nancy was speaker and it was five times the size of this and the trick really is that you don't bangthe gavel . you go like this . so , it's always a second to look at what my mother taught me was which was a can make lots wife turned into a pillar of salt. let's get down to conversation, this is a great book, "exploding data" and i was interested in it not only because of the world we all live in, is your data safe? is facebook really building communities or are they just selling your data? as you know, they had the largest start climbing the world today. so i approached the book and

wondered this is really one of these technical, sometimes really ponderous kind of subjects. you have just done a great job of weaving in stories so that people can understand what exactly is happening and why this is such an important subject, so i've dogeared a bunch of pages and i wanted to go through. you put the world into three types of data. data 1.0, data 2.0 and 3.0. why don't you talk a little bit about how you organized this so people can approach it and i hope everybody is goingto take this home and spend some time with it . >> thank you. let me show you, i was trying in part to describe the fact that technology has really outstripped the architecture of our laws and policies and there comes a point where you can't shove it into the old architectureanymore .

you've got to say we've got to go back to the drawing board and as i thought about it, i thought when has this happened before and i went back to the founding of the country even before that to england. back in the last millennium when we first began to have a right to privacy, which later became the fourth amendment. it was about property, every person's home is their capital and all the discussion about your right to privacy was about who could come into your house, who could take your stuff and look at it. but that's what i call 1.0. basically, the way we generated data was we talked, we wrote things down on paper and that was it. then in the 19th century, you wound up with photography. and for the first time we were generating data not face-to-face or in handwriting typing. and needless to say, as soon as those technologies became

widespread, issues came up about whether let's say the government could get them and make use of them. so for example, in photography there's a famous case called roberson versus rochester folding box company where a young woman whose boyfriend took her picture and then without her consent gave it to a flour milling company that put her photograph on the side of one of its bags . so she gotupset and she sued . and her argument was it invaded her and caused her distress by using her image to promote something she didn't want to report and the reaction of the court was to go back to 1.0 which is to say well, no one invaded your house. you agreed to the photograph being taken and you're not being defamed so it's not liable so you don't have a claim, but eventually what the court said is there something about using your image for commercial purposes that is something you want to

have rights to control so they created a right against misappropriation. similar example of wiretapping. initially unless you actually penetrated the home or the premises that you were wiretapping though there was a technical trespass, if you were just on the wires owned by the phone company, the courts took the attitude you don't have any privacy rights, this is conversation intercepted outside of your property but eventually the court said we're missing something here. there's so much we do on the telephone now, we need to change the way we protect it so i view that that the law does change but often it requires a tipping point where finally the courts or congress or both say we've got to go back here to the drawing board and understand what it is we are trying to protect. >> i think that's a very interesting analogy to help to think about this, but talk

about angry birds.angry birds is now reaching through into data 3.0. >> correct, because what's happening is as we engage with any kind of act, it is now often in a very kind of opaque fashion, collecting data about where we're going, other things that we're doing with our device. if we are using the same device to play a game or use an app, where they're not aware of what we're doing but if they do make us aware by writing a 60 page disclosure statement to make sure your contract looks like it's a comic book, you're not going to read it and an even more challenging issue is with respect to some applications , you don't have a choice because effectively they are a monopoly and if you want to participate in the interchange, you either surrender your data or you don't play and i think that's also an issue which i talk

about in the book that we have to start to come to grips with. >> the other thing i found that you highlight that causes people to stop and think is i think most of us know aboutmoore's law which was developed by the founder of intel which effectively said every two years , profit size will double and then immediately everybody will move into that space and then two more years later. and then you said that the interesting part about this is people don't understand that there is a simultaneous growth of storage capacity, so the idea that everything you do lives on forever, really i think people don't understand that. >> there were two developments, actually three that have transformed the way people think about even how their publicly generating data is used.

what is storage capacity? we can't store everything forever. in the old days let's say you did something in public, people can take a photograph or whatever but in the end it would get lost or it wouldn't be distributed. there wasn't the ability to make a lot of use out of it. that's changed, but there's a second development. storage would be worthless if you can't analyze what you stored. it's like that scene from the movie invaders of the lost ark where in the end they take bark and they put it in some big government warehouse with 10,000 boxes and you know it will never be seen again and it allows you to make use of stored data so it doesn't get lost. it actually can get operationalized and the third thing is that the cloud or a relating thing about selling data. you might think that a single individuals takes a photograph and you go to the

store and you use your loyalty card when you buy groceries. yes, there's data collected but it's all inseparate buckets . what you're not necessarily focused on is if it's all uploaded to the cloud, the cloud may have the ability to and all the data that comes in from all the different sources and identify things about you or it could be sold to a data broker who will go out and harvest from various different sources all the data about you so all of a sudden, this indefinitely stored and analyzed data from all these different collections devices gets merged together and now they become available for analytical purposes to whoever buys them, whoever operates the cloud platform and i think that's what takes even what goes on in public and makes it very different now than it would have been 30 years ago when seasoned public were exposed but they had a short shelf life and

their ability to be used was limited by time and space. >> that brings us to something that bothered me and i'm sure many people is that it's not only in the data analytics of being able to aggregate a bunch of data and then analyze it and keep it forever. it'sthe weapon arising data . and that's the capricious side of all the developments that have happened which have goods to them. we can process things now in hospitals much more quickly, traumatic brain injuries. we have the ability to use vast computers to look at someone who's been injured within hours and decide what to do for something that even just afew years ago , they perhaps couldn't be helped because by the time the information went through the computer, they were either too far gone or couldn't be helped. so there's a lot of good things about data but at the same time , there's the whole weaponization of it which i

think bothers a lot of people . you talk about fake news, talk a little bit about that. >> obviously we've had these things in the last couple of years or discussion about what used to be called information operations or packing measures by the russians, although i think there are other countries that use variations and this is the use of media in order to propagate stories that are exaggerated or false or one-sided in order to drive behavior, social discord and evenhatred . now, i have to say in preface, this idea is not new. if you go back 100 years to common terms when the soviet union existed, they had a propaganda machine. the tools were very primitive and they were not

particularly skilled, but the idea of using propaganda or trying to persuade people or manipulate them is not a new idea. here's what's changed. the media is much more ubiquitous, the ability to target susceptible groups in a efficient way allows the people to try out active measures to be much more productive in terms of what they want to do. it's often difficult to know who's conveying the media and one of the issues that's arisen is people masquerading as your friend or pretending to the americans when they are really russians or botnets acting as if they're human or troll forms like the internet association in russia, pretending they are acting like individuals, so there's an element of pretense and fraud about who is communicating. you have to be careful because i believe in the first amendment and i think that the fact that something is untrue does not

necessarily mean you can ban it but at a minimum as i say inthe book , i think you can certainly require people to identify themselves honestly, indicate if it's a foreign government or foreign power, perhaps they can't be required to identify themselves and can be restricted because they can affect our elections and you may be able to do other things that signal if there's something funny about the source but i have to say in the end ellen, it's not us to pay attention. there are many people whose attitude is i just want to hear whatmakes me feel good about what i believe and they don't care . so there's an educational process that is part of their responsibility . >> we have a question from someone in the audience. what do you believe data 4.0 will be and in connection with the terms of service, what you think about the

ability to skip reading the terms or should there be something more about opt in versus opt out? >> 4.0 is hard to realize what it can be. it may be a couple of the following things. artificial intelligence, the use of machine learning to accelerate what's being done now and to make it even more precise, perhaps predictive so that it's no longer a matter of people learning what you've done but then acting on what you think they're going to do. another thing is what i've recently heard is called the fakes. it's the ability to take video and audio, marriott together and fabricate what appeared to be accurate, convincing audio and visual parts that are totally fabricated so that you become almost unable to trust with your own eyes because people are manipulating. tested the second part, this is part of what i'm suggesting in the book, is

the ability to protect your privacy and your freedom by holding your data to yourself is not really going to be there anymore, just as with the advent of television telephones, you can only have your conversations behind closed doors so it becomes about controlling the data even after it's been collected. what is your right to say yes, sir no to the use of a, for your data for other purposes and that's what i think the europeans and in california have passed a law that basically say you have a right to require that before someone uses your data, you get asked for consent or not and that is where were going to have to go. one of the challenges is there have to be real consent to it means you have to be told in plain language what they are going to do, not 60 pages of stuff and you have to have a real choice with you have what is effectivelya monopoly , they should at

least give you the option of participating, maybe by paying a fee but not necessarily having to give up your data so you're not given the choice of being shut out entirely or havingto give your data over for whatever purpose someone wants to use it . >> i think everybody wants to support local stores and people in retail but i think most of us use amazon a lot. i have family all over the country, it's easy to send gifts. they know more about methan i want them to know . that's a benign part of this, this is kind of the good side of it, but there's a lot of other things obviously where people worry about. you talk about in the book new laws that you think should be promulgated that can help block some of these scenarios. what part of it is educated people so they become empowered and know what to ask for . >> this is about being

mindful about what you do online. i am not totally off the grid, i don't use social media but i do things and i always make a decision, why am i doing this and what information am i generating? so for example if you routinely get asked when you go to a news site to use locational data to better send you notices. if i'm using google maps or gps, i give them my location because otherwise it doesn't work, but for most of the things, no. i still could do without the notice of what you offer me so i also to be honest and mindful of what i searchon . and if i'm going to use my device. one thing i do is kind of maybe mixes of the algorithm is i like crossword puzzles so i do a lot of online searching for crossword puzzle clues and i want to

say that to the machine, if you can figure out what this means, good luck. >> speaking of the grid, why does a power system have to be connected to the internet and maybe you can talk about data? >> we've known for some time that they control data systems and operate real stop in theworld . there were cases in the ukraine in the last few years during christmas that the lights went out several hundred thousand people because the russians have the control systems and resulted either in false readings that caused the engineers to shut them down or they interfered with the operation of the system and that issue of industrial control systems really is at the core of the ambiguous concerns people have about five or warfare, cyber attacks that the short answer is a lot of this stuff should not be connected through the internet but for example, many of you will have in your house the thermostat you can remotely

adjust when you're outside the house. and you can understand there are engineers particularly who do it with a wide system where there are a lot of different elements in the pipeline. they don't necessarily want to visit each one to take a reading, and see whether it's okay. the other problem is this. often, people think they're disconnected but there's some part of the system that is connected that is the door to everything else so some years ago, the chamber of commerce in washington got hacked because although they had a good security system had a remote connection to a thermostat in another building and that became the entry point or a foreign nation to get into their data system. we think about theinternet of things , that's going to be a big issue because many of these smart things really don't have any security.

they use of all password like 1 to 3 or they have no capacity to update or patch though the kinds of ransom where things we saw recently can target them and that becomes a problem for everything that'sconnected . >> this is another take up the fake news piece. how can government controlled the distribution of the news or foreign manipulation of our information distribution systems without infringing on the first amendment? >> that's exactly right. you can't control fake news content without censoring. and believe me, there are many people who would love to do that. the number one guide to sign up would be prudent because the russians believe that cyber warfare includes information they don't want to have with citizens to read so i'm very first amendment fundamentalist on this issue and what i say in the book is , i think there's something

you can do without infringing the first amendment. i don't think there's a first amendment right to me to be ellen casher and pretend to go to her friends.there's not a person right if i'm a russian to pretend i'm an american. if you're a foreign government and you want to advocate for an election, we already have laws that have been upheld that prohibit foreigners from making those contributions so you can do a lot about identifying the source of something and also preventing the use of large-scale botnets to artificially affect the search engine and ranking of particular things because again, there's no first amendment right to promote your story by misleading or by generating something by robots, but when you get into content, there's pacific exceptions. we generally in this country say that the right answer to false content unless it's defamatory or fraudulent is to have more speech.

in europe to be honest, they tend to go the other direction. they're moving europe to say that some kinds of speech to be outlawed. a speech, what they call fake news. i don't know where you draw the line there and the one thing in our country, where skeptical about letting people have that power and it creates a problem where platforms that are global, because if you get punished for putting a story that the germans don't like online, it could wind up with americans not being able to read the story which could infringe our rights so this is a challenging area which is one of the reasons i highlighted. >> there's another question here, we are often speak a lot about educating the public about cyber security. is the nature of the problem more education where the incentives of individuals and corporations to do what's right? >> you need both.

on the security side, there is cyber education because some of the worst packs have been because somebody clicked on a link that turned out to have malware and often people don't understand at least how you make a reasonable effort to assess whether something is real or not. in the security area as well, institutions have to be incentivized to secure themselves. that typically gets them through the legal system one way or another. either it's a law or regulation like we have in personally identifiable information or people get sued . i think on the fake news piece, that's going to be educational process. teaching people how to critically evaluate things and i think honestly, this has to start in grade school. i remember when i was a kid, television was relatively new and there was

a little bit ofworry like, now they have these commercials , are they going to believe that what's on the commercial is true and eventually your parents would tell you whenyou were little , don't believe that, a lot of that stuff is nonsense, you're not going to grow your adult height in two seconds if you eat wonder bread and you would wind up then. >> that was a lie? >> you get a sandwich instead of watching commercials so we have to start thateducational process . >> so this is another tough question. how did we not see this coming? >> that's a good question and what were the insurmountable barriers to us not seeing it coming and since we didn't, what might be seen in retrospect to get ourselves ready for the next? >> that could be a whole separate book but let me say this. you've got some early warning about this , but for a long

time, i think there were a couple things that tended to have people avert their eyes from the challenges. one was i think there were just fun new technologies and people were excited about being able to use them and also there was a little bit of a sense that silicon valley and the tech community were glamour children. it was innovation, it was disruption and by the way, when i grew up disruption that you got sent to the principal but i know here disruption is a positive but there was a little bit of like, we do good so you don't have to worry about us because we want to make the world better and between that and the excitement of playing with new things, i think we were slow to realize the problems and that's not unique to technology. the hardest thing is to know the next thing that's going to happen and the good news is, you come back to where we talk about this 4.0.

issues like artificial intelligence, face recognition, other things that might be the harbingers of new technological advances, you're starting to get people asking questions earlier about what should the limits be and i was at a thing in austin with the folks from the engineers who do a lot of the work on this and they had to bring humanists and novelists into their program because they said we need to start teaching engineers about the humanities and philosophy and we need to teach humanity and philosophy professors about engineering and much has happened when the nuclear age dawned. we've got to make sure with these new technologies you're not so excited about the bright shiny objects that you don't start to say where can this object wind up in mark. >> traditionally governments

have left basic behavioral values and structures to religion and in today's complex globalized world, should promoting universal civil peace values, education the scene is the duty of government in civil society? >> as i grew up, we did have civic focus on american values. it wasn't a particular religion but the values of the first amendment, fourth amendment, tolerance. we didn't always honor them in execution, but i think i remember that this was part of the education, you might say in the constitution, people still invoke the constitution. most don't understand what it says but it's invoked as an iconic symbol of what america is. one of the great things about the country has been for the most part that when people do come in as immigrants or new americans, unlike in some

places in europe where you're not really french if you haven't been there for generations, we don't measure your being an american based on your longevity of ancestors or something like that. it's based upon your willingness to embrace and be faithful to the constitution and american values and i remember when i used this where people in which i did as inventory of homeland security, i would say you're as much an american as i am or the guy whose great-great-grandparents came off the mayflower . >> the idea of community has always been embedded in the constitution, the bill of rights. add almost if you think about it, it's a primer on how to do it. there's so much about the world today. you think of terms like weapon eyes and you think of another term, tribal. we see a lot of tribalism.

my dad passed away a few years ago but he wouldn't want anything but msnbc. the cause he was a yellow dog democrat and he wanted to have people reinforce what new. mother i would have watched fox news once a week so i would know what was going on. she was a reliable source, but there's a way of knitting together communities and the way we live now. the way people have moved around . the whole pace of things. how do we get ourselves back to the sense of signing up to some simple premises and some simple ideals and reinforcing them with our children and in different generations, but also making sure we don't lose touch with what has always been the best of us including welcoming diversity and immigrants? >> a lot of people are talking about this question

and i have a couple of thoughts about it and my wife works in this area in her work. some of it is actually this awkward word, subsidiary but it's about pushing decision-making down to the lowest level you can comfortably make a decision in so obviously with national security that's a federal issue but if you get into towns and states, generally you get a lot less of this dysfunctionality because when you're on the local school board, you have to look your parents and i when you go to the grocery store and if you're not delivering, you hear about it so reinvigorating localism and federalism, not in a negative way, as a way of reading these bonds i think is important as well and of course that also means we've lost some of the community organizations we used to have weather religious or not , there's that bowling alone

phenomenon which i think is also attributed to a sense of tribalism. the internet originally i remember, people bought this is going to inform community because your kids are going to be communicating with kids in other parts of the world. they're going tolearn we are a lot alike . what we may be misunderstood and misjudged was that for a lot of people, when they can communicate with anybody, they want to gravitate to the people who believe what they believe and it becomes a mutually reinforcing group which actually embeds people even more firmly into their own prejudices. i think maybe something that was lost in eliminating national service was the idea that you would go in and you would spend a couple years with people who are a lot different than you. but who were working with you in combat and one thing i wish i talked to people about

is there's a generation of young folks in their 30s and 40s who served in the military, went in after 9/11 and their now beginning to talk about getting involved in the political process andi say amen to that . they work with people from a wide variety of different backgrounds . they work with people in iraq and afghanistan. they had local they worked with, they understood that as human beings and they're also patriotic and they seen a bit of the world so i'm hopeful there's a generation rising that will have immunity against some of these insular attitudes. >> i've always believed when i was in congress community service, we had to broaden the aperture and the description and it was a lifetime opportunity not just to of course military service is laudable and wonderful but it could be reading to

children, it could be many different things. it could be local, it could be the peace corps but there should be a sense of obligation and a sense that sometime in your life, whether you're young and you have the time or maybe you don't have the time and your old like me where you can go and do things that are going to get back to your community. everyone should want that and want community to thrive and i think we've become more balkanized, unfortunatelythen we should . let's talk about propaganda and manipulation in the last election. what do you think we have to be looking out for in the november election which is 14 weeks away? >> i do think as director of national intelligence coats and that the russians will attempt to affect elections. this is not a single national election. so they don't have to affect everything.

they'll be able to figure out the analytics, maybe what may be the 30, 40, 50 key races are. then you get several things. there could be some attempts to interfere with the mechanics of the election. it's actually rather tough to change votes but you could do things like make it difficult to determine who's rich and who's not registered. some years back i think in 2014 in the ukraine they tried to hack into a media outlet or they did a false report of the results. they knew in the end there would be an accurate count but they thought this was create confusion. more likely issues our efforts to just undermine turnout and undermine confidence in the result by doing things that either interfere with the ability to get to the polls, maybe not the power out or you do something to mess up the kind of mechanics but more than that, just an intensification

of the fake news stuff and the effort to drive total division and by the way, it's not just an election. they have attempted to foment civil disorder by encouraging right-wing and left-wing groups to go and demonstrate, wrap them up and then they have the ability then to go through with the police response by hacking into their ability to communicate and things like this so i do think we need to be mindful of this element of manipulation and again, to put it in context, back in the 60s when the soviet union existed, theyuse to try to do the same thing . they did embed people in various groups to try to generate violence. but it was notscalable. and it was rather rude . but if you're electing americans, it's not new but the scale is much greater.

>> most people don't understand elections, even national elections are run on the county level and it is a disaster to work both, depending on who had the money, who care,who didn't care. you got this and that, even inside of counties . you've got in different communities different ways of voting. in the west, oregon is completely vote by mail now. increasingly in the bay area, most people vote by mail so the idea of getting challenged when you go to vote physically doesn't happen. but there's a lot of people that worry about going to the polls and getting you know, a provisional ballot does some but he says little mary sunshine, i've never seen you before and i don't think you live here, here's an official ballot and they get pushed off to the side . can you talk about shouldn't we be doing something now? shouldn't we have been doing something the months after

the election in 16 to get some sense of people like you that are out of government, smart people to do a commission to say this is the best system we should have, let's go do it? >> i do think we work slow and now the department of homeland security is focused on this issue and although i believe now i was told that all the states to some degree or engaging on cyber security. i should mention that i'm cochair with andrew rasmussen, secretary general of nato which is going to try to bring best practices as well as awareness of some of the threats not just to the us but to all our allies in north america and in europe. so the there is work we've done on this but are not where we need to be.

but at least we will be in the right direction's i think some of you may have saw this evening that claire mccaskill's campaign started today, immediately and it was as if the russians had done it. i don't know whether they did or didn't but this is the kind of thing that even if you look back now at the summer of 16, i don't know if i can do that without crying but if you look back and you hear a lot of the things that were happening about john podesta's emails and hillary's emails, those emails. you realize that it wasn't the emails. it was what is on those emails. it was the data analytics of the campaign. it was her schedule. it was the polling data. so it wasn't are you coming to lunch or where are you going to be on tuesday. this was really important information that was apparently bent around and

used by perhaps the trump campaign, we're going to find out eventually but what do you think you see coming up and what do we do? because these things tend to happen within the last two weeks of the campaign when it's too late to react, people can't get themselves organized to understand what happened and explain it. what do you think people should be doing?>> this is what they use to call the october surpriseproblem . we see by the way the original october surprise, remember back when carter was running and the iranians held the hostages because they wanted to basically, i don't know if they wanted reagan, they made a big mistake because he was not good to them but they didn't like carter and there were going

to try to affect the election. this goes on not just online obviously we want to do the best we can to make sure there's no interference with the registration process and things like that and you want to the extent you can identify foreign efforts to promote false stories or things of that sort, you want to prevent that but i also imagine other things. imagine on the eve of the election in a particular area, the russians full meant a civil disturbance and then wind up doing something to interfere with the ability to respond. that could have an effect on the election. it could affect people's more out and you've been in elected office, turnout becomes a big issue. i don't know that you change your line of boats from that or vice versa but you can make people vote up and that has an effect. i would watch for those things if i was an election official, i'd be on my guard for that last thing either

disrupts the ability to go to the polls or even create a disturbance of some kind. and you know, this doesn't have to be foreigners, if you can get americans to do this as well because anyone is learning this game. >> how can we use data to prevent gerrymandering? but we have to use data to draw a new congressional line and we do the census and one year, the first year of the decade, we organized congress to accommodate moves of populations and 435 members of the house so we look at where people have moved, they analyze thedata , they figure out people have moved and they subtract from state, mostly northern more industrial states and they add them to mostly southern western states. and then they redraw the

lines to accommodate the influx of population so that's how you use data to do redistricting, gerrymandering is another issue and what do you think about? >> i agree. unfortunately analytics makes it easier because if you're drawing a district, you see these weird districts that look like an animal from outer space. now you could almost get down block by block to see where people are supposed to vote and you could draw districts or take most of your people from other parties, shove them in one district. then the other district, you have more favorable to your party i think there's a bigger problem. i think there's got to be a formula for drawing districts based on coherent geography rather than population and what i think they have in california is an independent commission as opposed to having something where

interested parties get involved in drawing lines. >> case law as part of national caselaw but it's called communities of interest and people move for lots of reasons. they move for their jobs, to be closer to family but people also tend to move because they find the people in a certain place to who are like them. and it's not surprising if you look at a map, if you look ata colormap , red and blue, itis not pixelated . it is a clump, because people tend to go to places where people are like them. and it's interesting, but it's important that i think we've done a good job in california with our commission, to be on the commission, to draw districts you have to know almost nothing about politics.

that's actually a good thing because you're not trying to influence one partyor the other but it's improved our situation a little bit but it's not as good and the rest of the country. we may have itright here in california but we only have 50 greasy . you need to have 218 to pass something so we need the rest of the country to cooperate and do something more like we are doing . how do you feel about big data and healthcare? and is optimizing data efficiency the right thing we should be doing or should we have concerns about an unauthorized breach and commercialization of our private data? >> this is an area where there are pluses and minuses. there are things that can be done in healthcare with remote ability to help treat people over distance rapidly. there was something i saw on television about the ability to have someone when they're picked up an ambulance have

someone do preliminary operating because you have somebody remotely controlling a robot arm using their hand and basically corresponding to the robot arm. that's all good and there are rules. this is an area where there are rules about safeguarding private data so therefore i hope that it doesn't have restrictions that would require both heating privacy and also securing the data so that's a good thing . i think there are two risks you have to watch. one is you have to continue upgrading security. i think you're holding that data and making sure you're not flipping and that's why you want to keep it separated and have a firewall between that and let's say your business data but the other problem is what happens when your insurer decides when you're not want not just to look at your health data but other things and there was a story in the paper the other day about insurers who are now looking at what kind of clothing you buy because if you start to buy a larger size of clothing, a think

you've become overweight and they ought to raise your rates so that's pretty scary. and then imagine all the other things that they look at. if you change your name, they think maybe you're getting married or divorced and that could lead to stress and therefore that should affect your rates. the main nightmare i present in the book is the idea that everything you do can result in him either reward or punishment and the chinese are working on this with what they call a social credit score. like you have credit karma, don't they will tell you what your score is to get a loan. this would be looking at everything you do, your friends are, what you're looking at online, your behavior day today and determining if you're a good citizen or a bad citizen and if you're a good citizen, that's a better job, better education and if you're a bad citizen , less of that. that's what i worry about. that's when you start to

lose your freedom and that's what i think the next battle is . >> so this person says since we can't trust to protect us against cyber security, what are we doing to help and what is the top priority? and thanks for protecting us's thank you. i do think the departments are trying to work in the area of cyber security. you saw the fbi did do the investigation that led to the indictments of those russians and those indictments are quite detailed and there's a lot of work that went into investigating the. the department is working to bring the sector and closer to helping them manage, gettingmore visibility to what threats are and that's a good thing to . and i think some of the agencies are also looking at making sure we do a better job of securing our supply chain . there's a controversy arising

because some of the chips that are made in other parts of the world may have back towards in them and therefore you don't want to put them in critical infrastructure. but this is also a game where the private sector has a major role because most of the assets are in private hands so the private sector has to invest, have to ask critical questions about who their suppliers are and who's doing the engaging on their network to make sure it's secure and they have to train their people not to do kinds of things that often result in downloading malicious tools onto your network. >> globalization and trade are constantly being talked about these days and in many ways, they are used fungible he and the truth is that lots of people are hurt in the workplace by globalization, by jobs moving offshore. but trade is interesting because we have four percent

of the world population. we need access to the other 96 in order to sell our goods . we actually didn't have a lot of tariffs until recently, tariffs are taxes by the way so what do we do about the data issues about this and what about companies like cde where we have real concerns about who they are, what they are doing? >> we first of all, on the technical side, the us is done very well on the tech reference, to the point that a lot of countries sometimes use their privacy laws a little bit to handicap american companies where they drive toward data localization and all the data

on citizens in that country which is a way basically of fragmenting the global reach in our companies so there is. we've definitely done well out of the global reach of data and to be honest, you do have to have a globally more or less seamless set of rules because if you have a lot of fragmented rules, you don't have an internet, you have many internet so we benefit from that. we do need to however recognize countries that do have an interest in protecting their citizens and part of what we're talking about now is how do you at least with respect to countries of a similar value system, democratic countries, how do we synchronize a way to have kind of a common picture of what the rules are that govern data and what the rules of the road to be that we don't wind up with your foot in a situation in terms of how we manage the data? i think that's going to continue to be a big thing.

now, i don't believe in tariffs . and i think on balance free trade is good for the country although it doesn't always evenly spread winners and losers sometimes. but there is an area where i think the administration has been correct. the chinese in particular have been very adamant about trying to get our intellectual property. they steal it. either stealing it online, they use spies. espionage, there was a report that came out a couple of days ago on a counter intelligence folks in the united states government and they do have to worry about chinese companies buying the technology either directly or by acquiring companies or by getting into that supply chain . so we need to make it clear to the chinese that if they're not willing to let commerce work without

interfering with it, that is going to become a handicap for them and they're going to pay a price in terms of people's willingness to trust their systems . >> they're going to have to play by the rules . >> correct. >> do you have an opinion and this is more of an elaboration on things we've been talking about, do you have an opinion as to whether content should be regulated and if so, who would be responsible for the regulation? the government, law enforcement or a web provider like google, what do you think? and can you talk about dvd-r which is the data privacy? >> gdp r is their effort to control the data after it's been collected and it's a little bureaucratic in a way that they implemented but the basic concept makes sense which is before someone can

use your data for a purpose other than that which is the obvious reason you've turned it over, they have to get your permission and it's got to be like in plain language. it can't be 60 pages and i've even gotten notices saying if you want to use our wonderful marketing, please click here. i never click on it. so that's kind of where i think we need to head, giving people more control over your data . that might mean that to get a service you will have to pay for it and that's fair but again, you have to pay for it behind a pay wall that at least then you have a choice in terms of what you do. i am as i said earlier not a fan of content regulation except for narrow issues like defamatory material, things about children are a separate category. and i'm not a fan precisely because who's going to do the regulation? i wouldn't want to see the government regulate. that's censorship and that strikes at the heart of our

constitution . the private sector i would give a little more leeway to although when you have a dominant organization , that could become inhibiting. you don't want to have a sickly the power to control discourse in private-sector hands so i would be careful about again, totally in my view okay with artificial efforts to drive certain stories are impersonating people or doing things to kind of make it easier to get a certain kind of story and another story where you're manipulating the algorithms. i'm on board with putting that off-limits but in terms of content other than the narrow issues we talk about, i think i'd honor the first amendment. you get into close cases like incitement is not really protected by the first amendment so if there's incitement, i think you can stop that. i would worry about a message

that said go pick up a gun and kill somebody. i think that would be bad. i think you could ban recruitment for terrorism. you could ban inciting people for terrorism. when you get into instructing people, you get into a little bit more of a gray area depending on how definitive it is but i would tread very cautiously in the area of content regulation. >> as you talk about so eloquently in the book and i love the stories that you we then to make things seem real and relatable, there's a lot of politics behind this. it doesn't seem as if congress can do much these days so the idea that were going to come together and do gdpr. what's interesting to me is when mark zuckerberg testified a few weeks ago as kind of a gift in the first five minutes he said we're going to adopt gdpr. >> ..

i talked about a couple of course cases in the book, jones and riley. one of them has to do with something was placed on a car and they basically used it to surveilled individual in the car like i think 30 days, like 24/7. they didn't have a warrant because it was just public. public, yet the right to protection under the fourth amendment. the court said no, in this case the volume of surveillance is so qualitatively different from what you could've done back when the constitution was framed or yet to send people around to

follow somebody that we are going to say at this point you need the fourth amendment. a couple of justices with further and said the court can went up on the idea you put something on the car so that was a trespass, but some of the justices said, and not just liberal justices, no, we had to say whether it's a video camera or things on cars, that this limit to how much you can collect even in public. in another case there was an effort, if you are arresting, consent to arrest, , accident ad seize evidence. they basically got into the phone. the court said you needed a wart to get into the phone because they're so much of data on the phone that it's not like what you would have searched if you found a piece of paper in someone's pocket. it's like their whole life and that requires a warrant. just about a month ago, the supreme court dealt with the

issue of subpoenaing locational data from a cell phone in the hands of the service provider. and the rule is always been it did is in the hands of a third-party like a bank, you don't have right to prevent the bank from turning it over in response to subpoena. they don't need a warrant. here the court said no, there so much locational data we will say it goes beyond what we would normally think is a reasonable expectation so we will require a warrant. justice gorsuch dissented from the result, made an interesting point along the lines where i said in the book, which is the focus on the fact that even when someone has your data it doesn't mean you lose all your right to it. you still some interest that ought to be protected. in this case he didn't feel come he didn't apply but it suggests to me that justices, not just the liberal ones, are thinking about these issues now in terms

of the new technology. i think that's a good thing. >> this is nursing question i'm going to change it a little because i think it down still with what you talked about, mike. is personal data, should citizens be able to monetize their own data and how with the government regulate that transaction? but what if we instead help people understand that the data is an asset and it should have maybe not a monetized value but it should have a value to everyone and it needs to be protected like things that are important. >> i think that's exactly right. other people describe your personal data as the new oil or the new gold but it is clearly enormous value to a lot of people. it's valuable to marketers, it's valuable to politicians. it's valuable to people who are providing health care, who want to assess trends in what's going on with respect to potential health problems. it can be valuable in

determining outbreaks or contagion or things of that sort. so there is real value to it. i'm not recommending people sell it but they should treat it as an asset that is every bit as significant as your house or your bank account, and i think that's part of the process went to be educating people about. >> how would we put together an education campaign for people to understand that started with little kids, so easy to make little kids understand things but how do we get people to understand how to calibrate that so that it actually is operational for the? >> i think you start with little kids but this is part of what we ought to be writing about and speaking about, and really the result with the book was to get people to think about this and to understand that the data is valuable, that it is being collected and used in ways they may not understand, how they need to take responsibility for the own decisions but also let's talk to our legislators. people in sacramento paid attention and i think you can

get other states. one of the beauties of the federal system is you can do things at the state level. even if congress is gridlocked a lot of states are not. once you get the ball rolling with that that's going to have an effect across the entire country. >> and early adopting state like california where we have made lots of history and a broken the mold and done things for ourselves, we could be an early adopter for something like that. >> and you are with respect to the issue of again giving notification before data is used. there may be other areas i get where california and other states can be early adopters. >> we have about three minutes left but i'm going to ask a long question that will go into our closing, but at the end of the book you talk about five specific frameworks for new laws and rules that can block these problems. can you quickly go through them and give people a sense of what they should be advocating for?

>> i think we talked about some of this. we talked about the need to have control over your data. i think you have to go through the five of -- >> i can do that. so you have, the first is to protect against attacks on our physical security by bad actors. number two is speedy that means really embedding standards about cybersecurity and creating legal incentives that will award people to secure the data and also people who don't secure the data windup libeled. >> assumpsit is we have become enormously defensive with our greed and other parts of our economy and data have become enormously defensive, bigger walls -- read -- tough ways of doing things, two kinds of revocation, three kinds of verification. when does a a change to offense at? >> we do often to think that one of the other recommendations i make is let's not try this at

home. the government has a a role to play with offenses cyber activity, but having the private sector do it is a a great way o start a war. or to damage innocent people. other than under strict supervision for certain contractors, i would be very much against the ideas that would take matters into our own hands. >> third is avoid fragmentation of the internet. >> that's what we talked about. we need to harmonize our rules with our allies overseas because otherwise you wind up with a lot of different internets. i recognize china and russia will have different set of rules and they may wind up going in the wrong direction but they will pay a price for that if they do. we want to make sure we don't pay that price. >> and forth is the law must involve to control use of private parties can make of individual data. >> that's what we've been talking about for most of this section. >> the law must incentivize private parties to collaborate in protection against shared

probabilities. >> this isn't that where this his whole issue of something called a vulnerability equities process. we do find a lot of vulnerabilities even in venerable operating systems and software. there's got to be a way to share that so we can correct the problem quickly before it gets out and bad guys use it, that means you have to have trusted relationship where when the government find something they share with the private sector so the private sector can protect all of us. >> i want to thank my culture for being here, secretary lahood link security and off with a book, "exploding data: reclaiming our cyber security in the digital age." i also want to thank everyone for being here and everyone that's listening to it on the radio, the internet and on television. we want to remind everybody here that copies of the book are for sale and he will be pleased to sign books outside the room immediately following the program. i'm allentown sure, and now this meeting of the commonwealth

club, the place where you are in the know, is adjourned. [applause] [inaudible conversations] >> pulitzer prize winning author geraldine brooks as a guest on "in depth" fiction edition, our live call-in program on sunday october 7 seventh at noon eastn with her most recent book. watch live sunday october 7 at noon to 3 p.m. eastern on booktv, and be sure to watch "in depth" fiction edition next