about this so-called vulnerabilities equities process. >> so you touch on a lot of it. we know that the nsa has a stockpile of vulnerabilities. we know that the u.s. stockpiling vulnerabilities is one of the main drivers of the economy of vulnerabilities. it raises the price because the u.s. is willing to pay quite a bit of money for vulnerabilities it thinks it can exploit. so we have this process that they -- kind of like, oh, my god heart bleed. oh, my god, people think we knew about it. what can we do? let's dust off this really old thing that we probably haven't been using for a long time and say this is going to be the process by which we figure out if we're going to review vulnerabilities so they can be patched. it's a multilevel weigh-in process where they are looking at whether or not you're vulnerable versus their own security needs.

now again, we come back to the nsa's dual functions and see over and over again whenever they weigh information assurance it gets surveilness, this side wins. so it's very unclear how this weighing process is going to play out. and actually one of the reasons it's unclear is that there's no transparency built into it. i think one of the key things we continually talk about throughout this is the need for greater transparency and how things are being applied. and they haven't talked about if any numbers are going to be made public about this process. who is going to be aware of how many vulnerabilities they turn over every year and how many they keep back. how many days on average that they keep things back. so these are core questions that need to be answered. things that can be made public. numbers that can be made public without great risk to national security if any risk at all. and it's not built into this process. it's just inherently kind of

tilted in one direction from the very beginning because the nsa values its surveillance mission so high. >> bruce? >> one of the things we haven't touched on is the -- this is not the nsa or nobody. there are lots of countries are looking for vulnerabilities. the government of china is doing the same thing. there are cyberweapons manufacturers. one is called hacking team out of italy that sells software to break into systems with vulnerabilities like these to governments like ethiopia, kazakhstan. governments who don't actually want breaking into the communications of their citizens. so as we look at these vulnerabilities, find them, fix them, we're not just making security better for us. we're making security better for a lot of people in the world that need security to stay alive. stay out of jail. and the international nature of this makes it very subtle. you'll hear a lot of arguments that we have to hoard vulnerabilities because if we

don't, china will and china will win. it's a very zero sum game arms race argument. but it fails to recognize that every vulnerability we allow to remain is a potential chink in our armor. and as long as we are a highly connected, highly computerized, highly internet enabled society, we are fundamentally at greater risk than the government of china is. the government of ethiopia is or north korea. that defense is really much more important, not just in general but to us specifically. because of this very international nature. >> i do think it's encouraging that the administration is taking up this vulnerabilities equities process. we're talking about one of your favorite recommendations. this is one of mine from the review groups. it's important to point out, there are real differences. i think if nothing we've learned

about the importance of language and trying to understand and define the meaning and intent of what the intelligence community is saying based on sort of the written word. and the review group's recommendation in this regard was to disclose, unless there was an urgent and significant national security interest. and in the aftermath of the accusations that the administration had exploited, the heart bleed -- exploit the heart bleed, they had said there was a strong bias toward disclosure unless there was a clear national security or law enforcement interest. that's very different. those are two very different standards. and so to amy's point, what would help to sort of inspire competence is to have more transparency. this is easily quantifiable under the circumstances under which a vulnerability is disclosed or whether it is stockpiled and used or even temporarily stockpiled and used. i think there's a lot to be done

on this front. and i think it's encouraging again that the administration is undertaking this vulnerability equities process and seems to have done so before they were accused of exploiting the heart bleed. at the same time, i think there are a lot of questions that remain about what the standard actually means in practice. >> correct me if i'm wrong. they say it should be used rarely? like that is the word they use. rarely should they not be disclosed. >> if you say immediate disclosure, very strong. >> do you know whether google has received any disclosures under the global equities process? >> not that i know of. the whole concept of information sharing is a little more tricky these days. >> i would so use a cut-out anyway. >> by the way, mark up tomorrow in the senate intelligence committee of the new information sharing senate bill. >> how do you counter the

argument it's unilaterally disarming. it's like you blow up the bomb you can't use it again. you discover a vulnerability you get a patch and no one can use it. moving on to our final category. a catch-all category. now that they've weakened encryption and has these back doors into a variety of products, it has a bunch of vulnerabilities into other products. what are they doing with all of that? it seems what they are doing is building a very large network across the planet of compromised computers and networks that they can then use to conduct surveillance. it seems a big part of this is something called quantum. and i didn't really understand the quantum stuff. this is something bruce has done an extensive amount of reporting in. i didn't really understand it until joe explained it to me. i was hoping joe could explain briefly what this quantum

business is. >> i was just explaining bruce's article to you. so that means i've done my job well. my number one job is to be able to explain things to people in a way they can understand. and bruce, jump in at any point. >> i write things so people can explain things in ways that people understand. >> it's so important. so quantum is this really scary thing. so scary and complicated it's easy to be like, oh, what? okay. i'm going to fall asleep. so if i see you falling asleep i'm going to yell at you right now for the fun of it. but quantum appears to be the u.s. government can respond quicker than any website you go visit, for example. so your browser says, hey, i want to go to cnn.com. they have stuff in the internet that can respond faster than actual cnn.com can. that's what we call a race condition which means the nsa is trying to beat the response from your actual thing you wanted to get access to with their stuff. and it appears that -- so this

is where surveillance gets really strange. surveillance, you tend to think of it as, oh, i'm watching a bunch of stuff flow by. i'll jot down some notes about what this person is saying. this is offensive. this is active. they are actually changing stuff. they are changing communications to do this stuff. so one example is, if you happen to be using the tour browser, and if you don't know what that is, it's a very awesome anonymity tour we should all look to. if you are using the tour browser and you go some place, they have stuff. it's hard to know what the stuff is because the documents very clearly don't describe that. maybe that's even too sensitive to write down. if you are using this -- the tour browser is an indication you may be a bad guy, for example. you may be looking up contraception in a place that doesn't allow that or something. that you are a bad guy, right. so you can respond so fast and poke a hole into your browser. use one of the -- weaponize this

catalog. not just a database of vulnerabilities that's may be out there that they haven't fixed. they've operationalized it into tools that can poke holes in your stuff and establish a beach head on your computer and do things later or do things right then. and so this is kind of scary. if you think about it, if you just happen to type the wrong thing in or happen to have the wrong book report assignment or something like that, you may, in fact, get a hole poked into your system by this vast set of infrastructures nsa has using the set of vulnerabilities in a variety of very, very clever and what must be just awesome network techniques. so the internet is really complicated. i could spend a whole day talking about how complicated the internet is. to have this global reach into what people are doing. and it's not everything. but it's just -- it seems to be a substantial chunk of what people are doing on the internet. that is remarkable. the kind of thing where engineers, you know, think of, hey, i'm designing this thing to

make it -- your communications confidential between here and here. there may be a bad guy listening, but we're going to design it with that bad guy in mind so we thwart that bad guy. unfortunately, the kind of bad guy we don't think about often is one that has infinite money and a global insight to everything that's happened. and that's exactly what we had to sort of re-evaluate the way we design systems. i'll save that later. >> also, i mean, let me sum this up. the nsa has compromised a bunch of routers, isps. >> something. >> a lot of vantage points around the global internet and it's watching for targets whether it's someone using the tour browser or searching for a particular thing or using a particular ip address or has a particular cookie. >> takes a trigger. >> it jumps out in front of that person's transactions and uses that opportunity to inject malware into their computer. is that -- >> and actually can work with --

yes. whange >> which is what joe described to me as crazy silon stuff. some of the sites being impersonated are major u.s. companies. linked in has been named. facebook. they have attempted to spoof google. david, how do you feel about that? >> again, it's one of those things that doesn't inspire confidence in the use of products and services. and when people use a product like facebook or google or another service, they expect that's going to be legitimate. and these sorts of reports are baffling and they are disconcerting. i think -- because it came, i think, in the sequencing of revelations where it came, i think these were no longer a surprise to people which shows how far we've come in terms of our understanding about surveillance programs and how

they work. i am not aware of any of these sort of incidents, at least ones that haven't been publicized but given that it's happened to other companies, there's certainly the possibility or likelihood that it may be happening. and with our services. >> bruce, are we making sense of quantum? do you have anything else to add? >> think of it as broad versus targeted. the way we normally think of hacker. some hacker that is going as -- access something network and trying to exploit, sending e-mail, trying to break in and using that connection to get more access. this is something very different. this comes from broad axis. the nsa has agreements with telcos to put equipment in the middle of the internet that watches everything go by and when it sees something that triggers, and it could be anything, they will use quantum

to inject data into the screen. in this one example we're talking about, it injects data in such a way that allows the nsa to take over that computer. so it is a targeted attack made possible by this broad surveillance system. there are a good dozen quantum programs that do different things but it's all -- we're monitoring everything, looking for specific things. now this is something the nsa can do because they have an agreement with at&t to put this computer between the user and google. and it doesn't always win but once in a while, it can respond faster than google and fool the user. now this is not -- the nsa can do this. we can't. but actually, we can. this is not a new trick. this is a hacker tool. you can download it. it's called air pawn.

it works in a wireless network. you can get that privileged position. but it's the exact same thing. this is a way hackers have of taking over your computer when you're on the wireless of, i don't know, this institution. so we have a choice here. we can build the internet to make this attack not work. we can do it. it isn't hard. you have to do it. and makes us safe from hackers, from criminals, from foreign governments, from everybody who might use this, including the nsa. or we can leave this massive vulnerability open, allowing the nsa to use this broad surveillance to attack probably legitimate targets while at the same time leaving us all vulnerable. >> so it's this kind of behavior that has led a lot of u.s. internet industry representatives to express some concern and dismay, and be

worried about especially the impact on the trust of foreign consumers. you had mark zuckerberg personally calling president obama to complain. after a meet with the president complaining they're not doing enough to reform these processes. i forget apple's particularly strong words. microsoft likened the nsa to an advanced persistent threat. a security term usually reserved for chinese military hackers or russian mafia. and then, of course, google where a couple of lead engineers there, after learning about how the nsa was attacking google specifically, said, and i don't think there's a delay on c-span so i won't say the word itself but basically said, f the nsa on google plus. wasn't an official google statement. but they were pretty ticked off. what were they ticked off about, david? what did the nsa do to you guys? >> this was "the washington post" that reported the nsa was sort of tapping the private links that connect our date

centers. and i think that we expressed outrage about it on the continuum of likely to unlikely in terms of this happening. i think we probably thought it was less likely. we were right about that. and, you know, we've been working to ensure that the traffic between our data centers is encrypted. i can say that we're pretty much all the way there. you can never say you're 100% of the day there but we've been working pretty aggressively. i think the "post" article noted that even before "the post" reported that particular revelation we were working to encrypt the traffic between our data centers. but that was a particularly troubling and disconcerting revelation because, you know, there are mechanisms, including those that congress authorized under the fisa amendments act of 2008 that enable the intelligence opinion to seek information through the front door and to do so in ways that

just weren't envisioned or countenanced by previous types of fisa surveillance. really is a loosening of the requirements. to see the extent of their efforts to go and tap the links between our data centers to obtain traffic in ways that it wasn't targeted and swept up millions. hundreds of millions of communications. i think you just sort of reinforced our ability to redouble our efforts and do as much as we can on the security side, notwithstanding anything that congress might do to limit the ways the nsa conducts surveillance. >> well, so it seems beyond just policy responses, one of the other key responses is armoring up. trying to improve the security of your services to counter these particular threats. amie, you've been working an a project in regard to that. can you tell us more about what companies -- what we should expect the companies to be doing at this point. >> sure. so when i came to access, we talked a lot about transparency reporting and how absolutely vitally importing transparency

reporting is. one of the reasons for that is we have now this window into the nsa's activities. provided in large part by edward snowden. but it's time limited. we only know what we know from the documents he was able to provide to us while he was there. we're not going to know what's happening next month, next year, five years from now. we need ways into the future to keep that window open or at least as open as absolutely possible so we can continue to have this dialogue and conversation about the extent of nsa authority. but that's not enough because transparency reporting actually really only provides you with numbers based on when the government goes through official judicial processes to get information. how many times they ask a court to provide them with information on their users or on their accounts. so what we are looking at is all of the different times when the government doesn't go through judicial process and actually taps into the fiber of the internet. and tries to get communications

that way. and what needs to happen to make sure that all of your communications are protected. we put forward a plan that's been signed by a lot of forward thinkers, internet companies, including twitter and duck duck go. we have another big announcement coming tomorrow. teaser alert. it's also been signed by leading civil society groups, oti, cdt, the electronic frontier foundation. the liberty coalition. a broad range of groups saying that here are seven things that companies can do if they are going to collect information on people, on each of you, in order to make sure that information is properly protected. so unauthorized users, foreign governments, the nsa, bad actors, criminals, cannot get a hold of it. so it includes things like encrypting data when it goes between data centers and when it's flowing over the internet.

making sure the data at rest is protected. making sure that your passwords are strong and that you have -- you are moving toward a two-factor authencation system. really kind of core things, common sense, seven pieces of really common sense activities that we're finding that companies across the board are engaging in. i think if these seven things can become a floor on internet security that you can then start moving forward. and here's the minimum, the bare minimum of what's accepted. now become inventive and protect people's innovation more robustly. if you sbred, that's at encrypt all the things.net where we have those seven things listed. we're trying to promulgate that and to keep that moving. >> so it seems there's a lot of things, frankly, that you need to encrypt if you actually want -- you need to encrypt all things. so you'd need to encrypt between you and the website.

encrypt between you and your e-mail server. you want e-mail servers to encrypt between each other which google just released a transparency report showing a lot of servers not doing that and shamed a few of them into turning that encryption on. there's also end to end encreption. and google put out a plug in to help enable you to use encryption for your e-mail on web mail. bruce or joe, can you talk more about what we, put aside what the companies can be doing, what we as users can or somebody doing to try and protect our own privacy against the nsa or anyone else? >> again, we'll talk about old versus focused. if they want into your computer, your computer, your personal computer, they are probably going to get it. almost certainly going to get it. we as security people cannot defend against a well-funded, well targeted sophisticated attack against a system. we are not able to do that.

attack is easier than defense. that's really not what we're trying to defend against here. what we're defending and trying to defend against is bulk surveillance. can the nsa, the chinese, the criminals get into everybody's computer? can they do it in bulk? officially, automatically, can they do it on a broad scale? and there's a lot we can do. we talked about encryption. that will protect your data as it's flowing from one place to another. they are going to be ways to get at it if the fbi gets a warrant. gets a lot more complicated. but in the normal case of bulk surveillance, that doesn't happen. it's going to be, if it's easy to be grabbed, if it's not it won't be. there are things you can do there to protect anonymity. the issue is going to be that a lot of the data that's being collected is not able to be

protected in this matter. it's what's being called meta data. it's really data that the system needs in order to operate. you can encrypt your e-mail but the from line, the to line, the time of day cannot be encrypted. you can have a secure voice conversation but who is talking? how long they are talking and when they are talking cannot be encrypted. your location, your cell phone is a location tracking device. we can secure that, but then you can't receive phone calls. the system has to know where you are. so this data cannot be protected by actions you take because the system needs it. so when i talk about what you can do to protect yourself, the single most important thing you can do is advocate for political change. there are a lot of tech solutions but they are fund mentally around the edges. this is a little issue and the solutions will be political.

so that is the most important thing you can do. and with that, you can talk about the technology. >> law moves slowly. law and policy moves slowly but it's a critical component of fixing this in the longer term. standards. so the people who decide how your computers work and how things work on the internet move just a little bit fast er than laws. so something we're doing is making sure that we're present in the conversations that the internet engineers are involved with and saying, look. this is not just a spoof thing. not just an industry thing. it's also something that regular people have interest in and care about. getting to the text specifically, i like to think of this in terms of hygiene. you can go about your life not caring about your hygiene, not carrying about how you look or whatever and you'll not have as good of a time as someone who might be more sensitive to those

social norms. i like to talk about digital hygiene. what can you do to keep your house in in order a digital sense? there's a variety of things. i'll mention a few in passing. vpn. three letters. essentially if you have one of these pieces of software and turn it on, all the local stuff that's happening outside of your computer is sending signals out is encrypted. if you go to a coffee shop or airport you often see free wifi. it won't have a little lock next to it like your home probably does, or should, in my opinion. even though you have to sort of click on some terms of service or pay a little bit of money, all the communications you send from your computer aren't encrypted. if you use a vpn, at least all the communications out right there locally are encrypted out to some other thing and then it looks like it came from new york city if you are in d.c. or something like that. that's a really -- that helps

you and protects you from the people that might be trying to subvert you in your local coffee shop or aurirport. these sound like maybe they aren't nsa level protections but they all sort of add into making you less smelly in your digital lives, so to speak. the other swon a password manager. i know three passwords. and i really only need to know one but i have 1200. some of those i haven't used in many years. they are randomly generated. i never have to think about it. there's a password manager that manages all of that. the eff, electronic frontier foundation makes a really handy plug-in called https everywhere. that means when you see the little lock in your browser, you are -- the long url line will go from being http to https which means secured.

it's encrypted. this plug-in is dynamite technology over there. makes sure if there's an option to have an encrypted connection, use it over the unencrypted connection. there's a variety of these but i can show you. >> thanks, joe. so we talked about a variety of technical solutions and a variety of policy solutions. i have one more policy thought to throw out and then i'll open it up to you guys for any thoughts. one issue we didn't talk about was a policy response to this offensive hacking by the nsa. and this is an issue in the context of law enforcement. we're having an above board for the first time in many years conversation about what should the rules for the road be when the government wants to hack into a computer. it has a broad carve out for law enforcement and national security.

and we're only now starting to see a few court decisions about when is it okay for them to use vulnerability to break into your computer remotely. and we're starting to see a discussion in the advisory committee of the u.s. courts that discusses like what warrants should look like if you're going to use a warrant to break into a computer. we haven't in the context of the nsa discussion had a debate about what the rules should be if the intelligence community wants to break into computers. and pulling short of making a policy recommendation, that is a discussion that we need to have and that it hasn't yet begun except in the law enforcement context. aclu has done some other great work on that issue. but on that, i'll leave it to you guys if you all have any other ideas, thoughts, policy recommendations or closing sentiments before we open it up to questions. >> thanks for coming. the fact you came means you care about this.

if you didn't understand it, come ask us. >> it's a little complicated. >> we'll translate it into a television sci-fi context. questions? who is working the mike? okay. great. right there. front row. >> we know this guy. >> hi. my name is chris. i work with the aclu. a lot of the surveillance you guys described relies an the assistance of companies and the assistance that we're so scared about is when companies are forced to subvert the security of their users. the quantum stuff that you described, for example, subverts our security but probably relies on the voluntary assistance from companies. it's tough to imagine a court order forcing at&t to install these malware probes everywhere in their network, particularly given they wouldn't be installing it for a specific target computer. they just put them there and use them on an ongoing basis. subversion to security that troubles me is when they subvert the security of their users

voluntarily. we've heard a lot about how companies have really beefed up security in the last year. and google has really beefed things up, but -- and some places you are still providing voluntary assistance. and weakening the security of your users. the one example i want to highlight here if the police get a warrant and they seize a cell phone they gan to google and google will unlock that phone for law enforcement f. to google's credit, they insist on a warrant when others might do it with less. there's no law requiring you to have the ability to unlock phones or circumvent the feature on the screen. i am wondering a year after snowden if you are now thinking about whether that's a feature that should still exist or whether you should be taking it away. i think many of your users who enable that locked phone do so that only they be able to remove it and the fact the police can get a warrant and ask you to remove it may surprise and anger

some users. >> i can -- my response is brief which is, i don't serve a compliance role for google. i haven't heard about that before but i'm happy to take that back to our law enforcement team and ask that question. >> i'd be happy to say one of -- i really think that this level encryption is a key technology and that enabling this level encryption on things like phones is the kind of thing that would make me very, very happy to see. it's weird without ios. some things are encrypted. some things aren't, right? so i know that there's practical problems. it takes a long time to do certain things. but it would be nice if you had to sort of turn that off. i'm not a product guy. i'm just a nerd. >> first of all, a lot of cool

cloak and dagger stuff. thank you. i'm going to go and watch sneakers tonight when i get home. with respect to what's going on, i mean, joe, i think you make a great point about the password managers and two factor authencation. i think a lot of people in the room and at home already use that type of stuff. what type of activities are -- and steps have the companies themselves taken post-snowden revelations to make our communications more secure? and i'd be remiss in not asking joe and kevin to also discuss perhaps ecba reform. after 180 days our electronic communication protections significantly decrease as well. >> so i can just talk some. i'll shut up quickly. we've seen more encryption on the web. we've seen what's called -- there's got to be a better word for this thing. i don't want to use any of the nerd words.

i'll call it ephemeral cryptography. the keys are the same forever in some cases but a lot of web properties have been moving. google was the lead. often the lead at this. they are using a model of encryption where you have one key per session. so if you come back tomorrow and start up a new web browser, the key that encrypted your stuff is not the same as yesterday. it requires a little more work on the side of the companies as you may know, carl. but it's worth it and it's often not that more expensive than other kinds of stuff. and i'll shut up. >> the place to look is the eff has a good scorecard of the major internet companies and seven or eight different things that they should be doing to encrypt the web to protect their users. that is the place to look. it's really updated so you can see who is doing a lot. and then you can look at the history. who did it recently? who did it a long time ago?

that's a way to get a handle on which company is doing what things to protect the security of their users. >> i would be remiss if i didn't add a certain civil society technologist is offering personal incentives to types of organizations if they move to different types of default, mainly ssl. >> it's a good incentive to do it. >> very briefly, because it is an important issue. the electronic communications privacy act, law of 1986, our first digital privacy law. but it's so broken at this point because it was based on a lot of assumptions about how technology works such that the e-mails you have less than 180 days old require a warrant issued by a judge based on probable cause. e-mails older than that require only a subpoena written off by a prosecutor. under the doj's reading of the law, they don't even need a warrant for your e-mail.

even if it's less than 180 days old if you have opened it or if it is in your draft folder or in your sent folder. so the really incredible takeaway is under current law, the most protected e-mail in your e-mail account is everything in your spam folder. >> or stuff you haven't read. read your e-mails. >> and so there's -- >> there's one practical tip of things you doon to protect your security. don't read your e-mails. i'm glad we're here for this. >> so many of us led in a coalition effort by cdp called digital due process. coalition of companies and organizations have been pressing for many years to try and reform ecpa starting with a single clear rule if you want somebody's content, your e-mail content or whatever, stored content with a provider, you need a warrant. we think this follows a basic principle of in the digital edge

what you store in dropbox or g mail or whatever should receive the same protection as the files you keep at home. right now we're in a frustrating place where we have a bill in the house that has a majority of the house sponsoring the bill. whatever the magic number is, 218-plus. and it's still not moving. so from my perspective as soon who has been working anesthes issues in both intelligence and law enforcement for a long time. in a weird world where it seems like nsa reform has more heat than what should be a really uncontroversial fix to the law enforcement digital privacy law. momentum is still building. at some point the leadership and committee leadership are going to have to move this bill because the tide is unstoppable. >> ecba reform is truly the lowest hanging fruit on the

surveillance tree. there's a reason there's a majority of congress that supports the bill and enjoys broad bipartisan support both from republicans and democrats. and i'll point again to the riley decision from a couple of weeks ago where there is a passage where the supreme court was saying that some users aren't familiar with the data they store on their cell phone is stored locally or stored remotely. they said it really doesn't make any difference for fourth amendment purposes. it's a unanimous supreme court. it is a fate decomplea but it's not. they're sending signals that to the extent that type of case comes before it, they will hold it. that there should be an iron clad warrant for content requirement. but we see, i think what we're seeing in the different context with the debates around the limits that may be imposed on the nsa is while that warrant requirement isn't so iron clad. maybe there are circumstances where the nsa should be allowed to search communications that they've already collected if

theidata is lawfully collected, then there shouldn't be restrictions to query it. it focuses just on what happens to data after it's been collected. it's a significant constitutional moment at the point it's collected. one thing i probably should mention in case my overseers from mountain view are following this. the plug-in you referred to. we released search code for end to end which is going to be a -- hopefully is going to be a browser extension for chrome that if it works right will enable seam to seam using open pgp. we're not there yet. we're kicking the tires and encouraging other people. we have a vulnerability rewards program. researchers that discover any vulnerabilities or problems with the source code, we're encouraging them to report things to us. >> nsa pays 10x, though.

>> one last thing to add is that a lot of the things that we talked about, the security researchers and people have known or suspected for a long time. and so one of the good things in the past year is this is something that's coming up for like meaningful public discourse which is where -- which creates a much greater opportunity for what bruce highlight chd is political change because it's very clear now that a lot of these laws are outdated. these are things that affect real users. as we keep getting more stories like the one on sunday that there's a lot of collection that's happening that's incidental that makes people uncomfortable and they can actually talk about it in a responsible and well-informed way. and that's very positive for sort of moving the political process forward and seeing reform on a wide variety of issues. so i think kevin has said this before. this is the beginning of what will be many years worth of fights an a lot of these issues. it doesn't mean it's going to be

easier. the changes are always going to be once the people -- especially in the advocacy community love. it means a lot of these conversations are happening and they are long overdue. >> you should put the tin foil around your cell phone, not your head. >> i don't know. my personal -- i come at this from an experience of previously working at the electronic frontier foundation and suing at&t and the nsa based on whistleblower evidence from 2006 that they were sitting on at&t's network and filtering out what they wanted and looked at us like crazy conspiracy theorists. and at this point finally admitted that, yes, the nsa is sitting an our domestic internet backbone. now we need to actually do something about it. >> first of all, thaunk ynk you for this. it's very interesting.

i'm with digital liberty and americans for tax reform. it is indeed the peek of ecba. two other events this week. one at cato and one on the hill on thursday. but i have a question for you that i've written down because it is indeed complicated. so what i wanted to ask is, how does nsa target bad actors if any kind of weakening or strengthening of security affects the entire world? so it's been said the nsa has the ability to target government to government espionage but it was also said that often we don't know which programmer is the underminer of encryption. and then how do we/the nsa, find foreign or criminal bad actors? does this also mean we don't know who is hole poking in our different browsers? so really how does the nsa target? and when i say how do we find out, who is we? >> so let me ask clarifying

questions. >> yes. >> you mean how do they do it now technically or how would they do it if we encrypted everything? >> actually it would be great to answer both of those but that would probably take forever. i guess what i'm curious is you sid the said the nsa has ways of getting everyone's information to everything and i wonder what they are doing to target bad actors and bad governments. >> you break into a network. the criminals want to get into our corporation. they want to pull credit card numbers. they break into the network. they did that through a partner. they used standard hacking techniques and read the data and left. that is what the chinese government did a couple months ago. we indicted five chinese military officers in absentia for exactly the same thing to five u.s. corporations stealing data for the chinese government. this is something we believe the nsa does.

you want to target north korea, you hack into their computers and target them. so there's lots of targeted targeting techniques for targeting targets that everyone uses and, you know, we can talk about the technology of those. but that's what's done. and that's very different than targeting every -- going after everybody. so you try to ask, what does the nsa do? near as we can tell, there is a series of filters. so the nsa will put a computer on the internet backbone and this is not something -- this is nothing the chinese doesn't do in their own country. not nsa specific. we just know a lot of nsa details. don't think of this as a magic nsa technology. this is what any well-funded government will do. russia does the same thing. we'll do a broad collection of everything. and then very quickly, based on names, based on keywords, based on topics, cull out stuff they

don't care about. you're watching cat videos, we don't care. get rid of that. and that whittling process, you'll get things you don't care about. you'll lose things you care about. but the hope is you do pretty well. now last week i made a very interesting story from "the washington post" that the end result of that entire funnel were reports given to nsa analysts. here are communications that have passed all of these filters. they are no, not american, on bad topics, from bad people, whatever. here it is. and what we learned is about 90% of that stuff is about innocents, including americans. the filters actually don't work all that well. even with all of that filtering. not if that answers the question. that's basically the process. >> i think it does -- so that we actually find targets so that -- >> the way that you look at our

successes and law enforcement and terrorism, they are -- they don't stem from looking around saying, ah-ha, there's someone suspicious. they stem from following the leads. the kind of police and intelligence stuff you see in movies and television. we're going to go after that guy. who is he talking to? what is he doing? the things you don't need broad surveillance for. normal investigative procedures that start with a target and figure out what's going on. that the successes -- and we see this from review groups that have looked at these broad surveillance programs. and there actually isn't a lot of value from looking at everything, looking for someone saying the word bomb. i just made this up. but it's probably true. so i can look -- everyone saying the word bomb. if you say the word i'm going to start watching you. that has extraordinarily low value because random people say bomb all the time. and people that blow up things

actually don't say bomb at all. so these bulk systems don't work and they are incredibly costly. the big discussion here, we didn't talk about the effectiveness. we talk about the cost. the cost and security for the rest of us to enable those broad surveillance programs. no one is arguing here that there isn't a valid intelligence mission, a valid espionage mission that targeted surveillance with a warrant by the fbi. isn't a great idea, but what we want is transparency oversight accountability of presumption of innocence. and the ability of us to protect ourselves from all threats. did i sum up well? >> i think so. i'll just add that in a way part of what we are debating and what bruce keeps going back to is we used to live in a world rev tail surveillance. you'd pick a target based on

some sort of suspicion and then surveil that target. now we've reversed that where you collect on everybody and then you decide who to target. and ultimately, that change to the law happened without us actually overtly having a discussion about whether that shift in the way we investigate people made sense in terms of the tradeoffs we were making. it's the discussion we're finally starting to have like now, far too late. >> thank you. former member of the british parliament. >> -- although we did abolish slavery quicker than you did. nor am i going to complain about one of the members of your community. please start paying tax to the

united kingdom. we'd like you to pay actually tax towards us with all the money you are taking out of the country. >> that would be you, i think. >> a serious point. i joined the defense committee. i was on the defense committee for 30 years. i chaired it for eight years. i was moving up the hierarchy a long, long time. and one thing i learned, morality in politics is important, but not too important. what you have to do is to protect your society. and if you are being confronted by even those who are using every trick available to make life difficult for us, extorting money, putting us in danger, the idea of responding to that with an excess of morality seems to

me, as we would say in the uk, bonkers, stupid beyond words. it's difficult to say that, but when i was on the defensive, we knew who the enemy was. they were playing nasty. and if we did not play nasty, we would be absolutely pilloried and we didn't do that. so i don't know is there someone who has a perspective that's not a very nice perspective, but it is a realistic perspective. you've had your big inquiry which some of you think hasn't been good enough. you know that your intelligence services play dirty games. thank god they do because if they did not play dirty, as the other side did, then the bigger problem you would have would be exploitation and the possibility of political economic disaster. so if i do appear a little bit off message, it's based on 30

years of experience. i have had it. election observation missions through the osce for 25 occasions, occasions. all of the russia, evil countries, not evil people, evil countries. and i knew firsthand that all of my period in parliament, it was fighting the dangers of our country and our lives. i'm glad to hear that we've had a strong degree of realism that should be a greater degree of realism. i'm not defending every nasty thing that your government has done. i'm certainly not defending your mr. snowden who's buggered up to that great democracy in the world, russia, although i still call the soviet union. i don't think we need any

acknowledgement from them or people like that. if we have to play dirty, we don't admit it, but we have to play dirty. i'm absolutely certain the consequence of playing it decent as they you're playing football, again, not that the english are any good at that, but if you're playing -- congratulations, the u.s. is getting farther than we did which wasn't very difficult. frankly, no doubt if you have to play dirty in world politics, you better do it. question? how did you tolerate me speaking for so long? >> first off, i just did want to allow you to finish because, one, it's not an uncommon perspective, but also i wanted to hear it all so i could fully comprehend exactly why we threw a revolution. but -- i do want to reflect on what you said about making

arguments about morality. in fact, i think much of the discussion and the discussion we've been having -- that we had in the spring and that's the focus of our paper is trying to step away from a civil liberties argument, though that most motivates me, and talk clear headedly about the cost of the prooms we're not talking about. cost to the internet security, cost to our economy, cost to our internet freedom agenda around the world. i think there are a whole raft of reasons to be concerned about these programs, completely separate from concerns about civil liberties or the morality of nose wthose who are engaged . m >> that argument is fundmently a fear argument, and i can summarize it is one sentence, terrorists will kill your

children. we must do these awful things otherwise terrorists will kill your children. it's an argument that shuts down key baidebate, it's an argument that can't be argued with. now, the problem here is that argument short circuits any discussion of, are the things you're doing actually effective? right? do they do any good? up here we're not making a morality argument. we're making an efficacy argument. we're making a cost argument, right? yes, there is a threat. there's a threat at the bad guys and the bad guys don't play with the rules, that's fine. but what does that mean the defense should be? there are actually many threats in society. we have been talking about the threats of government overreach. actually very serious threat. in the united states, you're eight times more likely to be killed by a policeman than a terrorist. terrorism is not the one thing you're worried about or mobile accidents. i can list dozens and dozens of threats. we're trying to balance them.

we balance them by looking at costs and benefits. up here we have talked about the costs. if the costs of broad surveillance are greater than the benefits, we don't do them. even if the bad guys are bad guys. bad guys aren't going to go away. the question is, what is the best way to deal with that? the arguments we're making is that there are more effective ways. not that we're going to be moral and they're not and they're going to win. that's dumb. that makes no sense. if the question is what is the efficacy of the various tactics, what are the variety of threats and what are the best ways that we as society can deal with them? and in order to get those arguments, you actually have to dampen fear. because once someone says, terrorists will kill your children, all that discussion goes away. no congressman will vote against something that someone says if you don't do this, terrorists will kaill your children.

there will be blood on your hands if you don't vote for this. that's never explained, never justified. as soon as it's said, the fear sets in. one of my great worries right now about reform is that if we ask congress to oversee the nsa, we will get a more per missive nsa, because right now congress is scared. not just scared of the terrorists, scared of being blamed if something happens. getting beyond this fear is the single most important thing we can do to move society forward. and honestly, this might take a generation. you and i might have to die before more sensible people take over government. >> simply can't be terrorized. that's exactly what bruce is explaining. no wroun you know we have to stand up to pressures in cases of low

probability and argue very soberly that that's not worth it. >> this gentleman right here has been raising his hand very highly for -- >> correspondent for "euro politics" newspaper. i was just wondering how this issue of the encryption and internet security aspect more than the surveillance aspect, has this appeared on the raerds of other countries around the for example, europe, considering its whole data privacy regulatory framework at the moment? and sort of follow-on for that, i mean, it seems to me that the reason the nsa can do this so extensively is because all of the companies involved are u.s. based. you know, does this create an incentive for more, say, european companies to develop software that has encryption in it that cannot be hacked into by the nsa because they're not subject to u.s. rule? >> danielle? >> so i think -- so first of

all, i think there's been -- some of the stories have talked about not just the u.s. intelligence agencies but other intelligence agencies including the british actually doing this, but it's most certainly as one thing we have learned and when you look at the economic costs to the united states, we've seen a huge rise in sort of this excecompetitive advantage from foreign companies in europe and elsewhere claiming they have more secure products or products that haven't been tampered with and that they're using this as a way to get, you know, to lure business which is incredibly profitable. and so i think the broader thing -- we talked today about the cost to internet security specifically, and sort of how in an attempt to protect security we may be weakening our security. we're doing it at a great economic of the. there's a cyber crime cost and sort of actually the amount of money that we're spending on all these programs in order to weaken our own security. there's also what we're doing to american companies and that's a serious, from a purely u.s.-focused perspective, a

serious problem because we are sort of driving customers away from the united states. that doesn't also always mean that we're driving them to more secure alternatives but driving them to what they believe are more secure alternatives. just because it's not a u.s. product doesn't mean it's more secure, but if you believe the u.s. government is interfering with u.s. products, you may be more likely to try your luck elsewhere which is kind of one of the big challenges. >> i think we have time for one more question right there. >> hi. matt stoler with congressman grayson's office. so a couple weeks ago, b.a. systems said that -- went on -- a representative from that company went on cnbc and said that there was a cyber attack on a hedge fund, and their stock popped by rough byly 2% and thei

formed a partnership with the think tank called the center for financial stability and there was a lot of discussion about cyber attacks in the financial space. i think it was last week, the systems said that, in fact, they made a mistake, there was no cyber attack on hedge fund. it was a training exercise which they confused and thought that there had been an attack but it was essentially that it was their own training exercise. >> complicated. we told you. >> well, i mean, that probably, you know, probably helped their business. it's not -- i don't know what happened there. but there's a lot of money in saying cyber security is this big problem. right? and if you don't know anything about technology, and i'm not a coder, i don't really know that much about it, you know, how much of the sort of fear of the cyber attacks, how much of that

is just profitable for entities to push for their own security businesses? how much is legitimate? how much is the nsa doing in terms of defending the country from these kinds of afa faattac? how do you risk these against climate change, so on and so forth? i don't have a framework. when i'm thinking about political action and questions, you can certainly say let's carve out, let's have warrants. that tends to be a good idea and has been ever since the magna carta, but how do you think about these new really novel institutional threats? >> okay. 30 seconds. go. >> wow. complicated. you know, there's a lot going on. i mean, there is -- yes, there's a lot of profit motive, lot of profit making, a lot of fear mongering but there's a lot of threat that's real. we tend to, for example, overexaggerate the terrorist threat and underexaggerate the

criminal threat. so you will find discontinuities on both ends. i mean, cyber crime is enormously possible. it's a very big deal, very big business. companies are not doing enough to defend themselves. on the other hand, threats are overhyped. there's an enormous security industrial complex, providing weapons to the u.s. military, being a lobbying force for some of these draconian laws. at the same time, there's real stuff that needs to be sold to real companies. nsa is not doing a lot to defend the country, but that's really not their mission. their job is to defend military an government networks. they have not been tasked with defending the broader internet. that's probably a good thing. so we really can't judge them on that. there's a lot going on here. how to compare this with climate change? your guess is as good as mine. climate change is the single most catastrophic threat our species is facing, but it's 100 years out. we as people cannot do threat

analyses 100 years out. we can barely do to the next harvest. we're not equipped as a people to do that. that's why this is complicated. but there's a lot going on. a lot of moving pieces in profit makinger making versus real threats. is that 30 seconds? >> close much bringing it full circle, it's complicated. thank you, panel.

the internet content i think we all agree should remain free from regulation especially by if not solely from the fcc's regulation. as susan crawford has said, it's like confusing the conversation for the sidewalk. of course we want the conversation to be free and unregulated and fcc has no place regulating content online. they have always made sure the communications pathways stay open. so today we have a regulated phone system, or at least the vestiges of a regulated phone system. the fcc doesn't regulate what i

say to you when i kale ycall yo make sure the communications pathway is open, affordable, nondiscriminatory and there for everybody to use. >> it's crucial to think about whether those platforms remain open the way they have historically. the internet has grown up as a network where anyone can communicate. anyone can get online. a teeny little company can get access to the network and become in some cases like google or facebook, a huge business. and it's vital that that not change as the internet evolves. >> more o pin wherepinions on t open internet policy and flow and speed of web traffic tonight at 8:00 eastern on "the communicators" on c-span2. on facebook, we're asking should president obama use executive power on immigration? join the conversation at facebook.com/cspan. paul answered our question on facebook saying "not unless it

is to order the national guard to the border to forcibly evict the invaders. especially the teenage ones." and if olga, "the problem lies in the monumental prejudice we have against these people who are trying to do the same thing your ancestors did, come here to dream." the house and senate have passed different legislation designed to improve veterans health care and reduce the amount of time veterans have to wait for medical care. the house and senate veterans affairs committee met last month to begin negotiations on compromise legislation. this house senate conference committee meeting is almost two hours. >> statements would be added into the record, all conferees would have five legislative days with which to revice and extend their remarks. today we meet to begin debate in negotiations regarding the house amendment to the senate amendment to hr-3230, the veterans access to care act of

2014. i'm going to recognize myself first and then recognize our co-chair, senator sanders. following that, conferees will be recognized in order of seniority alternating between the house and the senate and the majority and the minority bodies. each conferee will have five minutes at a maximum to make brief remarks. an se though i recognize we have a lot to discussion, i would ask everybody to please be cognizant of the five minute time limit so each one of us has an opportunity to be heard on this matter. this is the first time in 15 years that the veterans affairs committee have, in fact, engaged in a formal member conference. i'd like to acknowledge senator rockefeller and our colleague, carek carine brown who participated in the 1 999 conference.

it's also my honor to serve alongside my good friend, chairman sanders. and each of you as we work to address the longstanding deficiencies the department of veterans affairs has that's negatively impacted the care. the va health care system is suffering from widespread wrong swrn doing and systemic lack of integrity. veterans by the thousands have been left to wait weeks, months and even years for the care that they have earn ed deserved. some died before they could receive the care. for them, the work we begin today is too late. for those veterans still waiting, our work begins not a moment too soon. the bureaucratic failures to brought us to this point are legion and can only be solved by

nothing less than meaningful reform. that reform enacted after close and careful consideration in a face-to-face deliberation of both bodies. the work done by the house and the senate veterans affairs committee is historically bipartisan and i expect the work that we begin here today to be the same. though we may have differences that wild need to be addressed as we move forward, all of us share the same primary goals. first, to ensure our nation's veterans have timely access to high quality health care and secondly to ensure va leaders and employees are held accountable for actions that harm veteran patients. the work we do in this committee will impact the way in which this country's second largest bureaucracy operates in the manner in which veterans throughout the country. receive needed care for years to come. and there's no doubt that hard work and tough decisions await us in the days ahead.

however, those of us gathered around this dais bring experience in business, law, medicine, and a variety of other discipli disciplines. some of us are even health care providers. several are veterans. including our friend, senator john mccain, who sacrificed to our country few of us can fathom. and senator -- [ applause ] senator, the gavel that i use over in the house was taken from the deck when the ship was sunk off the coast of pensacola, but this was part of the deck of "u.s.s. ariskany." a ship you know very, very well. [ inaudible ] >> yes, sir. all of us share a passion for making the va a better place, a better service. together we'll more than meet the challenge ahead of us. be responsive to the needs of both our nation's veterans and her taxpayers and we will live up to the sample set by those

who wear her uniform. i'm committed to nothing less. i want to thank senator sanders, senator burr, ranking members and each one of our esteemed conferees for the work done so far and work that remains to come. i look forward to hearing your comments as we move forward. with that, i yield to chairman sanders for opening statements he mae make. >> we begin we saying, in fairness, the people down on the list, i'd very much appreciate if all members keep their remarks to five minutes. let me begin by thanking chairman miller and ranking members mischeau and burr and all the members of this committee for their hard work on veterans issues. defeat a very partisan environment here in congress, i am confident that as democrats, republicans, and independents will come together to pass a

significant piece of legislation which addresses some of the very serious problems currently facing the va. both pieces of legislation, the house bill and the senate bill, focus on two main issues. first, the feneed to provide access to health care for veterans in a timely manner. and holding dishonest senior officials at the va accountable. nobody around this table i believe will accept va officials lying about wait times or falsifying data. nobody around this table will accept the fact that honest whist whistleblowe whistleblowers, people who want to improve the system, are having their legitimate concerns ignored. i am pleased that in reality, there are more similarities than differences between the two bills and i'm confident that we can reach an agreement that will

be satisfactory to everyone and, frankly, that is what our veterans deserve. i think everyone in this room understands that the cost of war does not end when the last shots are fired and the last missiles are launched. the cost of war continues until the last veteran receives the care and benefits that he or she has earned on the battlefield. war, as everyone here knows, is a terribly expensive proposition in terms of human life, in terms of human suffering, and in financial terms. and in my very, very strong view, if we are not prepared to take care of those men and women who went to war, then we shouldn't send them to war in the first place. taking care of veterans is a cost of war, period. in terms of iraq and afghanistan, the human cost of those wars is almost 7,000 dead. the cost of war is 530,000

veterans seeking care at the va in 2013 for ptsd, alone, not to mention those who are struggling with tbi. the cost of war is too many service members coming home with missing arms and legs, lost eyesight, or lost hearing. the cost of war includes veterans each and every day dying by suicide, struggling with high rates of divorce. wives trying to rebuild their wives after losing their husbands. kids growing up in one-parent homes and too high rates of unemployment for returning home service members. those are some of the costs of war that none of us should forget. three weeks ago, senator mccain and i hammered together a proposal to deal with the current crises at the va. i think it's fair to say that it is no secret that senator mccain and i have very different world views. john, is that correct? that a fair statement? [ inaudible ] but i thank him very much for

working with me to move this legislation forward and to move it forward expeditiously. sanders/mccain bill passed the senate with an overwhelming bipartisan vote of 93%-3% in terms of funding by a vote of 75-19. the crisis in the va is an emergency and should be paid for through emergency funding. we've seen a significant increase in the number of veterans utilizing va health care. in addition, many of our veterans from world war ii, korea, and vietnam require a greater amount of care as they age. further, a recent va audit revealed that more than 57,000 veterans are on too long waiting lists in order to be scheduled for medical appointments, and in hay digs to th addition, there are other veterans seeking care at the va who were never even added to these wait lists. this is clearly unacceptable and must be dealt with immediately.

and i couldn't agree more with senator mccain when he said on the senate floor during the debate, i quote, "if there is a definition of emergency, i would say that this legislation fits that. it is an emergency. it is an emergency what is happening to our veterans and the men and women who have served this country and we need to pass this legislation and get it to conference with the house as soon as possible." end of quote from senator mccain. i fully concur with what he said. veterans in this country must get quality care in a timely manner and we need to provide the funding the va needs to accomplish that goal and to do it in as expeditious a manner as possible. the simple truth of the matter is that the va needs more doctors, more nurses, more mental health providers and in certain parts of this country, more space for a growing patient population. in a letter sent to the house and senate veterans committee on june 17th, which was signed by virtually every major veterans organization, the american legion, paralyzed veterans of america, vietnam vets, iraq and

afghanistan veteran, all of the groups. this is what say said, and i quote. "protect and preserve the va health care system. any changes whether temporary or permanent must protect, preserve, strengthen the v a health care system so it provides a full continuum of timely health care to all enrolled americans. the letter continues, "unless the legislation simultaneously sets va on a path to intelligently strengthen health care delivery, expand access and capacity, real walocate, the current problems will inevitably occur." from the veteran organizations. i agree with that important statement. in order to address the long waiting periods, the senate legislation says to veterans around the country that if you cannot get into a va facility, you're going to be able to go to

a private doctor. you can go to a community-based -- you can two go to a federally qualified health center, d.o.d. base or indian health service. that means veterans will have access in their community to the health care they need. this bill also says the veterans who live 40 miles or more from a va facility that if they choose, they have the option of seeking care outside the varks. so let me just conclude by saying this. we are all aware of the problems within the va. and i think we will hear some very valid criticisms of the va today. there's one point i want to make in closing is that if anyone in this room thinks that the va is the only health care system in the united states of america that has problems, they would be sorely, sorely mistaken. i don't have to give you the quotes about 200,000 to 400,000 people dying every single year in hospitals around the country

because of poor, and errors made by those hospitals or the 45,000 people who die each year because they don't have health care. i think we all know those facts. my hope is we can work together in a bipartisan way and develop legislation which strengthens the va so that every veteran in this country who is eligible for va health care gets quality care in a timely manner. thank you, all. all right. now we're ready to go, and i think we begin, right, with congressman mishaeo. >> thank you, senator sanders, and representative miller. as you said earlier, it's been well over a decade since lawmakers gathered in conference from our respective committees. this is an historic occasion. we have an opportunity and responsibility to provide services in the way our veteran services are delivered in a timely, safe, and high quality health care way.

we are all well aware of the incredible failures within the veterans administration. just yesterday, those systemic problems were compounded when the office of special -- we know that this inaction can directly harm our veterans. i urge all of us to see beyond the immediate crisis and take this opportunity to have real conversations on how we can fix the va. i hope as a group we can put forward meaningful reforms that positions the department of veterans administration to provide high quality, timely, and flexible care in the future. we have a responsibility to endure that the va has the resources that it needs and most importantly the ability to plan strategically for the future. so that the needs of our

veterans, no matter what age they are, or where they serve, are met. i'm proud to how quickly that both the house and the senate chambers responded to take action in this country. however, i do believe we could have made the amendment that passed in the house much stronger if we included a number of other bills aimed at strengthening performance outcomes and accountability within the va and holding all va executi executives, both senior executive service members, antie 38 employees, accountable. look at what happened in phoenix, arizona, florida, and some other areas, those were title 38 employees that were responsible for that in these performance measures that passed the house does not cover those employees. i also believe that it's important for us to look at how we can deliver flexible care for our veterans in their local

communities. the program allows veterans to receive high-quality care they need in their local communities with a built-in support network of family and friends nearby. i constantly hear from veterans in maine how much they love the program and i sincerely hope we can grow and expand the program through this conference. i will also note the fact that when cbo scores the program, they do not score the savings. in maine, alone, the program has saved well over $600,000 in travel cost. $600,000 in travel cost. which is not considered in the cbo score. i urge all of us to remember first and foremost that we are doing this for our nation's veterans. these are men and women who put their lives on the lines day in and day out for our nation and our freedoms. when they made their incredible sacrifice, to earn the well-deserved benefits that they

should be receiving, benefits they do not -- they do so by working together in a cohesive and in the spirit of cooperation toward our national goal. we hold them the same. as we move forward with legislation to address this health care crisis. and i urge my colleagues on both sides of the aisle and both chambers to work together in a collaborative way so we can get the best legislation to the president's desk for his signature. with that, mr. chairman, i yield back. >> thank you, congressman michaud. senator burr? >> chairman sanders, miller, thank you. let me ask at this time unanimous consent to enter into the record senator joe hynes' comments. let me say, we owe everything to our vets, we owe everything they need to be provided. we're all aware there's widespread systemic failures that plague the department of veterans affair health care

system. the culture that has developed at the va and the lack of management accountability is simply reprehensible. it's becoming increasingly obvious that a cultural problem has taken deep root in va and simply increasing funding will not solve it. in fact, it could prove to only reinforce the culture. reforms are desperately needed within va, and some of these changes can't be fixed through legislation. they must come from within va. but addressing the cultural problems within va won't provide relief for the roughly 100,000 veterans experiencing long waits across our nation today. it's now time for us. in partnership with the va. to begin to repair the damage that has resulted from systemic failures, that have undermined the trust veterans have always placed in the veterans administration. to begin to change the culture at va, there are several reforms we must pursue to ensure veterans have access to timely, quality health care.

now, the start of an effective congress, and a conference, comes with accurate numbers. and since ranking member michaud mentioned cbo, let me talk numbers for just a minute. va is basically broken down in two sides. the veterans benefit administration and the veterans health administration. last year, this congress for this year appropriated $55 billion for vha. the veterans health administration. of that $55 billion, most members would be shocked to know that 48% goes to direct patient care. we're talking about $27 billion of appropriated money goes to the delivery of health care to our nation's veterans. 52% goes to administration and other programs that emanate out of the vha budget. of that $27 billion, that's doctors and nurses, it's the delivery of care to all of our

8.4 million veterans who cbo has scored enrolled and active. now, it brings us to the house bill and the senate bill. the house bill was scored at $35 billion a year. and if fully implemented after the two-year period scored it $50 billion. the house scored it $44 billion. basic difference of timing on the wait times from 14 days to 30 days. now, i ask my colleagues around this table, is the cbo product that they've produced reflective of anything sane? that the scoring of a bill that offers limited choice if one of two things is triggered in the

house side, gone past the 30 day established by the va, or they live outside of 40 miles from any va facility, be it clinic, outpatient facility, or medical major facility. that it would exceed by $7 billion on an annual basis what we spend for the entire delivery system for our nation's veterans. to my colleagues, this is ludicrous. this is impossible for us to even start an intelligent discussion on what we put in legislation and when we've got numbers that are this so grotesquely out of line. let me give you a few more references to this, if i can. va estimated that of the 8 million veterans eligible for va, but not enrolled, that if we pass this legislation, they would automatically drop whatever coverage they have today. be it medicare, tricare, private

insurance, many who are federal employees. when they drop that, they would immediately go into the va system for two years. i want to ask you to stop and think about that for just a second. to a veteran on medicare, they're going to drop their medicare, go into the va for two years and then pay the penalty to get back into part "b" medicare? for an employee who has private insurance they're going to drop their insurance and leave their spouse uncovered because they see some advantage to being on va? it's estimated that 90% of those veterans who are eligible but not enrolled in va have less than 50% disability rating. the threshold to where it's va care comes without a co-pay. these are individuals who have already made a determination that the coverage that they're under is the best coverage that they could have.

if not, they would be enrolled in the va today. so, the fact that cbo now says with just the execution of this minor reform legislation it would trigger 8 million people into the system that don't exist today but are enrolled, again, is just as ludicrous as the $35 billion or $44 billion price tag that cbo has put on the bill. cbo determined, as you would imagine, that only 3% of their cost is attributed to the 40-mile trigger that we put in the senate legislation. in other words, there are very few veterans around the country that live more than 40 miles from va facility, but like i've heard some of my colleagues say, when you've got something that makes as much common sense as this, that it's less expensive to let them get local care than it is to pay their reimbursement to a va facility, can't we

accommodate the veterans' wants, his needs, and the taxpayers' fiduciary responsibility to come out cheaper by doing it? and this is the only place within the cbo score that they actually agreed that the impact is minimal from a standpoint of the number of people that are affected. so it leaves one thing. how could cbo come to the conclusion that the va was at a point where it couldn't add anymore enrollees without a massive increase in providers? in other words, the va's full, don't knock, don't come. let me suggest to you that the va just on one matrix, that's primary care panels, sees 1,200 patients, when non va providers see 2,500 patients. the non va providers see 2,500

patients. when we talk about systemic problems, when we talk about culture changes, this is not targeted at foam folks that ve don't see every day. it's targeted at providers that for whatever reasons within the va don't conduct themselves at the same rate that non va providers, in fact, experience. so i say to my colleagues, i hope that the chairman and the ranking members will challenge cbo on this score. to start this process, we need to know exactly what it is that happens when we begin to move the dials one way or the other and to start at the point we have started because of that score is, in fact, more challenging than anything i could ever think of. i thank the patience of the

chairman. >> congressman ineberg. >> i'd like to thank the chairman for your leadership on this issue. it's an honor to be part of this conference committee. i look forward to working with you all. lack of transparency at the va and data manipulation and secret wait lists made it very difficult to expose the true nature of the problems facing our veterans. there are almost 100,000 veterans living in my district. in an effort to find out what they're seeing, i've held conference calls with local leaders. i've spoken directly with the facility direct es in denver and colorado springs to evaluate the quality of care and put out a call to veterans to call my office. we've heard from witnesses from the va. i've sent multiple letters demanding answers as i'm sure all of us have. i've supported legislation to expand fee-basis care and to give va leadership more flexibility to fire negligent

employees. at first, the va attempted to do downplay the significance and extent of the problem, only through the efforts of whistleblowers. brave individuals from across the country that have taken great risk to expose the truth has the depth of the issues at the va come to light? subsequently, the interim va office of inspector general report validated these whistleblower claims and has labelled them as systemic. yesterday the va's bimonthly access data showed that the electronic wait list for the va med ical center in denver that provides care for many of my constituents had more than doubled since their last report just two weeks ago. this problem is not getting better. it's getting worse. we cannot kick this can down the road. we can't simply seek to create an assembly line that gets veterans in and out faster without regard to the quality of care. ultimately, we must focus on changes that yield better health care outcomes for our veterans through timely access to quality care. in order to achieve this and

ensure that these solutions are lasting, there are multiple items that have to be addressed. obviously we must pave the way for the va to use non va care to expand veteran access and clear the current backlog, but we can't just fix the problem by simply throwing more money at it. the va has had more medical care funding than it could spend during each of the last four fiscal years. to include $1.4 billion as recently as 2010 and set to carry over $450 million this year before dipping into those funds for the current accelerating access to care initiative. this has led to multiple testimonies by va and non va witnesses who noted it's not a lack of funding but a lack of accountabili accountability. for this reason the legislation we mold must hold individuals accountable who fail to meet performance standards and oversee mismanagement and neglect. the incentives that have led to

secret lists must be eliminated. any incentives must have an impact on improving patient satisfactions, outcomes, and performance in productivity. finally, our ultimate product must protect whistleblowers that step forward to share the truth. the last thing they should face for bravely standing up to our veterans is retaliation. as i said before, we can't simply seek to create an assembly line that gets veterans in and out faster without regard to the quality of care. ultimately, our efforts must lead to changes that yield better health care outcomes for our veterans. that's more important than metrics. this is what our veterans have earned and they deserve nothing less. thank you, mr. chairman. i yield back the balance of my time. >> thank you. senator rockefeller? >> i thank both chairmen very much. as well as ranking members. it has been 15 years since we did this, which is not a very happy statement in and of itself. it's a long time.

anybody here remember the name jennings randolph? anybody? >> yes. >> you do? good. yeah, no, i took his position on this committee in 1985, and i've been here ever since. became chairman in 1993. im i want to give a little bit of context to some of this, too, how we've tortured our way along. i resolve to do anything that any chairman would resolve to do. we were faced immediately with unresolved illness questions coming out of the persian gulf. and so we started having hearings on gulf war illness. and the soldiers were told, men and women, to take something

called bromide which had not been approved by the fda for use on animals, much less on the united states military personnel. we had a lot of meetings, lot of fights. they're still going on and nothing has been fully resolved. at that time, veterans were told, probably to some extent still are, that the ailments are pretty much in their head, so to speak, take an aspirin, go home and sleep it off. it's amazing to me that a government could allow something like that to happen. that was gulf war. and it was a very special, painful experience for a lot of us. then we moved on -- actually began with -- first thing we did when i got here was atomic veterans dying from radiation in terms of exploding bombs in various places for the second world war.

during the second world war. later we worked on veterans suffering from the effects of agent orange, and i think we all remember the powerful testimony of admiral zumwalt and how that testimony virtually turned the entire argument around, as his son had contracted cancer from agent orange. and then since 9/11, we have heard from soldiers exposed to burn pits and sodium dichromate. so everything has a history, and everything is hard. i don't think anything underscores the vital nature of services for the veterans administration more than ptst. it's a simple word, so vastly complex. so vastly attacked. we make progress in cancer. we don't seem to be able to make enough progress in ptsd, and people suffer horribly. you go back home and you listen, no press, no staff, and you

listen to veterans. at first it was veterans' wives when the iraq war was just starting up. then veterans, themselves. and the sheer terror of explaining their experiences. that's the advantage of nobody except you and eight ptsd sufferers, discussing what they found that they had found themselves doing, and hard, pushing children sitting on their laps softly away from them so they wouldn't hurt them. not being sure what their reaction would be. i mean, the hurt is just -- is so astounding and so hart swrn breaking, yet we're still working on it. actually there's some very good working with done. some in vermont on ptsd. and i had a cousin who was killed recently who was very much a part of that. obviously all this is unacceptable, but i want to be absolutely clear in what i'm

si saying, that we need to improve the va, not tear it down. when the gentle man indicated we need accountability more than we need money, we need both. we need both. you can't get pediatricians, you can't get clinical psychologists or anybody else to come and serve their nation the way the veterans they would treat. the mental health issue is overwhelming and not well understood. it's so deep. unless you've, you know, gone through what john mccain did, how do you possibly understand all of this? if i've learned anything, it's that we need to listen to veterans, we need to respond simply to what their needs are. in some ways, it's not that complicated, and i just don't want us to do what we've done to so many other generations of veterans with complaints who have died, the guy in the wheelchair sitting before us at

my very first veterans hearing talking about what it was like to die from cancer that he got because he went into a radiation area. this conference is a very important conference, i need to say. thank you. >> thank you very much, senator rockefeller. congressman ralph? >> thank the chairman very much and also would like to thank everyone in this room for their dedication to serving veterans. as i said last night, for the veterans who can get in there, they can get good care. this committee has an opportunity to elevate that to great care for all veterans. i think that's one of our goals. i see this as two basic problems. one is the backlog which is easily fixable. we can fix that in a short period of time. the other is the culture of the va sitwiwhich is much more diff to fix. i find it incomprehensible that people would place people, veterans, any patient in a delayed status and then gain

financially which is what happened in phoenix, arizona. it's unbelievable we let that happen. and set up a system where that could happen and then reward people for doing that. i am a veteran. i served in the second united states infantry division, 1973 and '74 in korea. and senator mccain, thank you and the other veterans around this table for your service. i spent about two weeks ago about 30 minutes in the hanaway hilton. that was enough for me. i trained at a va medical center. i'm a physician in the medical corps. i practiced in the private sector for over 30 years. i believe i gained a unique knowledge of the capacity of any hospital, var or private, to operate efficiently. we need to take a look at best practices on both sides and streamline efficiencieies to alw doctors to see more statements. as was stated by mr. lamborn, each should be seeing as many as we saw on the private side. there are systems already that stepped up. had a call just yesterday from

memphis, tennessee, in 72 hours i'll see any veteran e on a primary care or specialty consult, 72 hours. it took them less than a week to do that. our practice is right now ready to do the same thing. another example of the amount of time it takes for a veteran, i was at my ophthalmologist yesterday getting examined. he saw right here in washington, d.c., a veteran in january who needed to be seen, didn't get seen. five months later gets seen. has a retinal tear and is probably going to lose some of the vision in his eye because of his delayed care. we've all heard stories like this. no matter how much the private sector wants to help, they can't do it unless they get prompt payment from the va. and sometimes i've talked to providers who have taken to year to get paid for services they provide. the va is that slow in providing those services. you can't expect the private sector to really shore up the va if you don't pay them for it. there's a very simple way to do this. you allow -- i think senator

mccain had this idea several years ago. allow a veteran to go out and see me as a patient, as a medicare patient. it's very simple. it's not a complicated deal at all. if the veteran is low income and can't way the co-pay, the va can cover the co-pay and medicare can cover the rest. we can do this for our veterans very, very easily. but i think also for this bill to be physically responsible, we've got to be sure and careful who we open va care up to. i don't need to be on the va care right now. i can provide for myself. i have adequate health insurance as a veteran. i don't need to be in line in front of a needy veteran. there are many of us, millions of us out there who feel exactly the same way. so i don't think we can afford to expand coverage to every veteran right now. and i really truly believe this from the bottom of my heart that throwing more money at a system that's behaving like this would be the wrong thing to do. i think we have to change this system the way it's currently

working or we're going to make the problem worse. the backlog we can fix. we've got to change the culture. i said this a couple weeks ago. if you ask anyone who works on a va campus who shay work for, they'll tell you the va. the right answer for that question should be i work for veterans. that's the answer that should be. and that's not what you'll get on most va campuses. so i really appreciate this opportunity that everyone around this table has. we've been given a unique opportunity to change a va system for decades to come. we need to do this right. and i certainly look forward to working with each and every one of you to do that. with that, i yield back my time. >> thank you, congressman. senator isaacson? >> thank you, chairman sanders. chairman miller, thank you for your hard work. ranking members, appreciate what everybody has done. i want to particularly acknowledge senator mccain. a decorated hero from our milita military. a committed person to veterans who really rolled up his sleeves in the senate, worked with chairman sanders and sought to it we got a product out of

there. and senator coburn who as a practicing physician and shutly committed oversight member of the senate who brought about a lot of great solutions included in the senate version and hopefully will be in the final product. i very much support the accountability. i very much support the choice. but i also think we all need to recognize that while it is an emergency, chairman sanders, over time the solutions are permanent. and they're going to cost permanently. we have to be sure that we're paying for them. and i think senator burr is absolutely right. i made the comment at a dinner the other night that i've always been mad at cbo for not doing dynamic scoring in terms of the positive revenues we get from positive tax policy. this is dynamic expenses in the way they scored this. ranking member burr has made excellent observations that we need to work on. the improvements in this bill are great. our veterans need them. we need to make sure we are committed as members of the united states congress, the united states senate, to doing the oversight necessary so the culture of corruption becomes a

culture of accountability. and accountability to our veterans who have served and who because of their service we are all here today in this committee. my personal experience with accountability and oversight in the va, and i'll finish after this, took place in august of last year when i called a hearing in atlanta because of the three suicides that had taken place. we had a 2 1/2 hour hearing. everybody but secretary shinseki. fox carried it on tv. all of a sudden things started changing at the atlanta hospital. a recent report that i called on the i.g. for about six months ago just was released on friday showing the marked improvement atlanta's made in terms of accountability, in terms of transferring people who weren't doing the job, tracking our veterans in terms of mental health, and see to it the drug overdoses that happened in the past no longer happened again and specimens taken for the purpose of diagnostic have the type of security we have today and most hospitals we see and certainly in our clinic in the

united states capitol. change can take place. you can take a culture of corruption and make it a culture of excellence if they know somebody is looking over their shoulder. so as we finish this conference committee, as we make a report to the congress and as we pass a bill that hopefully deals directly with these problems, let's make sure we don't go home, turn off the light and say we have another job next week. from now on, we have the job of oversight to see to it that veterans health care is the best it can be, not just today, but every day as long as we have authority in the united states house and the united states senate. thank you, mr. chairman. >> thank you, senator. congress m congre congressman? >> good afternoon co-chair sanders and co-chair muller. thank you for the work you've been doing. i thank the ranking members. it's an honor to serve in the conference committee. in the wake of reports of misconduct within the va, learning that so many of our veterans aren't receiving the care they need in a timely manner, allegations some veterans may have died as a result of long wait times, and those deaths may have been

covered up. i look forward to us all working together to pass a bill that will give us -- that will give our veterans access to the health care they need and deserve. it clear that any solution must include accountability measures for va employees, improve vha scheduling ex-petiexpedite appointments and prevent future abuse and provide our veterans with timely access to quality care. it's also clear, especially in light of yesterday's allegations, about cover-ups at the phoenix va that we need to re-evaluate the culture at the va and take steps to ensure that the department truly is veteran centered. our goal should be to strengthen the va health care system, not dismantle it. by in large, once they are in the va health care system, veterans say they are happy with the care. our final legislation should break down the barriers to entry we've learned about in our hearings. must also remember that what works for one region of the

country won't necessarily work for all. giving veterans the opportunity to seek non va health care may be a solution in areas where private care is plentiful. in districts such as mine, however, where we have a shortage of health providers, i'm not sure how much of a difference it will make. in fact, every member of this conference committee represents counties with service areas. populations or health facilities that are designated as primary care, mental health, and/or dental health professional shortage areas by the department of health and human services. for primary care, that means the physician to people ratio is 1 to 3,500. mental held, we all know is critical for the veteran population, that ratio is 1 psychiatrist to more than 30,000. furthermore, the va's internal audit found that front line staff members said that the single biggest barrier to care was a lack of provider slots. that's why i believe increasing

vha's capacity should be a key component to our final legislation. yesterday, i joined representatives titus and o'rourke, fellow members of the house veterans affairs committee in introducing legislation that would increase the number that number of residency slots at v.a. medical facilities by 2000. i hope that this committee's final legislation will include modified language from the senate amendment section on health care provider recruitment and appointment based on the o'rourke bill. we musz must ensure that's interoperable within the v.a. system. we must encourage that interof rabblety. we know the disconnect by the d.o.d. and the electronic health care systems.

thank you, mr. chairman. i yield back. >> thank you, senator murray. >> thank you very much, mr. chairman. i believe that when it comes to caring for our nation's heroes, we can't accept anything less than excellence. i'm very frustrated to be here, once again, talking about these deeply disturbing issues and allegations. it is extremely disappointing that the department has repeatedly fail today address wait times for health care. gail and the inspector general have reported on these problems many times through the years. in last congress, we did a great deal of work around wait times, particularly for mental health care. we learned then that the v.a. has no way of knowing if they are providing timely access to mental health care. and i think the v.a. is starting to see that business as usual is

not acceptable. so i'm very glad to be serving on this conference committee. calling for a formal coffin frens committee is a very rare step on veteran's issues and i think that shows how severe the problems facing the vas are and how serious members are about fixing them. there have been major bipartisan efforts in both the house and the senate to move legislation addressing these problems. many of the members here have been part of those efforts and i commend them all for their commitment to bipartisan ship. i personally want to thank chairman sanders and senator mccain for all of the work that they did. i appreciated working with you over those weeks and look forward to seeing where we can make compromises in order to pass a bill and begin ensuring that veterans get the care that they need and deserve. i want to thank chairman miller for bringing the conference

together. working with both of you over the last year, i know how dedicated you are. i really appreciate it. now it's time to build on that bipartisan momentum to address some of the concerns plaguing the v.a. and fixing its deep-seeded, structural and cultural changes. the bills before us have some important provision that is will help address the very complex problems. first and foremost, caring for our veterans is a commitment we make as a nation when we go to war. our service members have sacrificed much. and we need to make sure that their country is there for them when they come home no matter what it takes. i know members here have a wide range of concerns and i hope to work with everyone here to address these concerns responsibly in and aactualway t gives the v.a. the tools they need to address the challenges we face.

that means building and strengthening the v.a. system so it delivers the best care over the long term. it is very important for us to act quickly to start making these changes. and as more probables are uncovered and as the investigations proceed, we will need more action from the v.a., from the administration and the congress. the government made a promise to the men and women of active duty. and one of the most important ways to uphold that is making sure that they have the care they need and deserve. >> thank you, chairman, senators and thank you, chairman miller for calling this committee. i thank each of the members for joining in this cause. i'm humbled working to finalize legislation to help our veterans. when our military men and women return to civilian life, we owe it to them to provide them with the best health benefits possible.

additionally, nearly 64,000 veterans never received their appointments. having one denied an appointment or having to wait is unacceptable. we must focus on creating a more acountable v.a. with a smaller bureaucracy. it has been disheartening to

learn that the looking forward to a bipartisan accountability for v.a. management. i believe the new v.a. secretary will need the tools to cut through the mouths of red tape and the senior substandard behavior. it is time to put the interests of the americans ahead of the federal bureaucrats so we can keep the men and women with freedom of liberty. the department's failing to do their primary job chrks is to provide the best fen fits to our veterans. our nation's heroes deserve better. i look forward coming together with our fellow confer reels to

iron out the differences of our respective bills and to ensure that our veterans are receiving proper, timely care. we need to chart a path to build a v.a. for the 21st century. a v.a. that is focused upon putting veter rans first and following core values. this v.a. should be smaller, more agile, more responsive to americans' veterans to the hard working american taxpayers. we need to develop a moon shot approach to do this in the near future. thank you, i yield back. >> thank you. senator brown? >> thank you, mr. chairman. chairman miller, thank you. it's an honor to serve on this committee. i thank the senators for their work in shepherding a very good bill for the united states senate. i've served in the veteran's committee for eight years in the senate and i've never seen anything but people in both parties, ranking members, chairs, whatever, that always put veterans first in both parties.

we should all be commended for that. congressman rowe said something that i thought was particularly apt that it's the care once in the v.a., the care has been very good for the 6.5 million american veteran who is have been fwh that system. it's access to the system that's the problem. we have veterans waiting too long for care. we need to fix that. we have a culture where it far too many facilities, problems were hidden. that's why we're here today. for the so called choice card, we've seen this before. in september, 1993, president clinton addressed the joint chamber of commerce. the president talked about reshaping the nation's health care while holing up a card that looks a lot like we will see, a choice card. he said every american will receive a health care security card that will receive a package of benefits over the course of an entire lifetime. instead of privatization

schemes, we should simply make the v.a. better. it makes care and services unmatched in the private sector. there are questions of diverting money from care to profits. there are significant questions to medical privacy as veterans will be shuffled from the va to the private sector. a dozen years ago, we went to war without paying for it. a dozen years ago when we went to war, we failed to scale up veterans' services. and in the ensuing decade, we've seen hundreds of thousands of more people demanding services from the administration. some have launched an unfair attack on the vast majority of va employees. these employees chose a career serving veterans.

whether it's a police officer or a claims processor at cleveland's varo, whether it's a nurse at the community-based outpatient clinic, these employees are on the front line of care. they're the ones helping to administrate veteran's homelessness, trying to prevent suicide, they're the one who is create new ways to receivable our veterans more effectively and efficiently. 6.5 million veterans used the health care system, the v.a. in 2013. 85 million patient visits. for that, we should be proud. we shouldn't castigate those who are innocent. we shouldn't condemn v.a. employees for the wrongs of a few.