beryled. so i think that your concern, zerks sheila, about other also peblsp the liquidity world remain important. i think we have made and are making a lot of progress there. that that single discipline of capital adequacy and liquidity adequacy, when we look back ten year s from now, unless i'm dea wrong, which is possible, is one

of the best thing that is we've done. keeping in mind, at the end of the day, all of us knows this. the straw that breaks the camel's bank with regard to failing institutions typically is capital. it's just pushing a button on a computer. and frankly, if we get corrective action at least close to right, those two things alone would have a very, very beneficial effect. not just on special banks, but on other financial intermediaries as well. >> well, you know, i agree with the premise of the krekcorrecti action to the statute is very

ineffective. i disagree that corrective action is a method of protecting the banking system in times of financial collapse. there's two ways one can look at the banking system. i really want a system that is going to be a hundred percent safe and not have failures. and taking that to it's extreme, you have a system that has a hundred percent liquid assets. it has very high capital ratios. the trouble with that type of bank which will never fail is you'll never loan money to anybody. it's a balance.

if you want to have an absolutely safe and sound banking system, you're going to have a system that is not going to provide credit to the economy. on the other hand, if you don't have enough safety and soundness, you'll have risking institutions. but banks, by their nature, are supposed to be risky. banks are designed to take risks, designed to leverage the capital base, designed to perform an intermediation service. the liquidity rules are not only excessive in my view, but are counter productive. why would rules say that you can invest a hundred percent in

italian debt, but you can't invest in a money market mutual fund that can only invest in u.s. governments. there's got to be some rationality in some balance in what we do. and the emphasis that safety and sound is aumlways going to be t predominant -- a regulatory goal is not going to work in the long run. >> so, as i just said, i agree. again, i want to clarify with what i was saying liquidity. my only point is there should be more capital and more emphasis on reducing their reliance on short term funding. the center piece seems to be putting more liquid access on. so some of the stuff they're doing is counter intuitive.

i want to suggest, it's very good. this emphasis on having a lot of sovereign debt, which i don't think will always be liquid in the crisis. just one foot note that is directly relevant to the point that you're making so the audience understands it. if you look at the balance sheet of the fed today or yesterday or last week or whatever, what you'd find is there is something in the order of two plus trillion dollars of bank deposits in the federal reserve banks. t $2 trillion sitting there. with a return on the excess reserve. that, by the way, is not wholly

independent of my suggestion in the essay that banks are part of the transmission mechanism for monetary policy. and let me tell you, the day is going to come, and you and i have talked about this on other occasions. we're going to have to figure out what to do with that $2 trillion. that's not going to be easy. >> no, it's not. so, how has the role of banks evolved over the last 30 years. and has bank supervision and risk management kept pace with this evolution? anyone can have a crack. >> i can't resist. >> go for it. of course. >> first of all, you know, by any standard that you can think of, including looking back at history for multiple millennias,

the last years or so have been pretty damn tough in terms of the incidents of serious, if not systemic financial shocks both here in the united states and around the world. and if you do, as i have, some comparisons and you look at the number of series financial crises that have occurred in the 30 years leading up to the panic of 1907, the fact of the matter is we've had more in the last 30 years than they had in 30 years leading up to the panic of 2007 which, by the way it was that panic that ultimately created the federal reserve. so it's been a rough go. one of the things that nags at

me is the following. did we do such a good job of managie inall of these cry says that created such a fathers and mothers sense of security that we'd al we'd always be able to pull a rabbit out of a hat until 2007 and 2008?

i guess i'm not smart enough to know the answer to that question. we've got to have a much more creative framework of thinking. people love to talk about c contained risk or a systemic risk. the fact of the matter is that it is extremely difficult to anticipate in advance the specific events that produce systemic risk. it's very hard to do noo. our track record of achieving that is pretty damn low.

a lot of people say if they fill up a room with mathematicians and statisticians and models and they start playing games with these things. my instinct tells me we ought to leave the models in the closet. we want to get some very smart people engaging in aggressive brainstorming sessions, not quantitative studies. got our squares and all of that nonsense. just aggressive thinking. how do these things happen? what are their triggers? why do we miss them? even when we get better at that,

we're never going to be perfect. even the last 30 years with a system that is able to absorb adversity. >> it's not easy. we put them in the closet. >> i think most of them belong in the closet, to tell you the truth. >> i'm with you on models. there continues to be a lot of advanced approaches, which we're still implementing. i encourage that. models are one bit of your tool kit for your -- >> i understand that. >> yeah, no, i know.

but you've got to use judgment. and the models are spewing that all of these mortgages were low-risk. they're based on a struggled data and had nothing to do with the kinds of mortgages that were generates up until the crisis. >> i think there were lots of thing that is we can still do and didn't do prior to the crisis to reduce the risk of stress and volatility at least in the banking system, which we want to be stable. i do think the increased concentration of the industry, the emergence of very, very large fnt institutions with implied too-big-to-feel status.

i wanted bondholders to take some of the risk of loss. i kept silling there's no insurance program for bondholders. no offense to them, but that is one ride. and i think, clearly, the bondholders, generally, or the regulators felt that there was zero risk tolerance. we suggested 10%. regulators needed that. they cannot do it all themselves. but, again, i feel that we're going to the opposite direction. we're going to give up on market discipline and think that we can replace that discipline with a more robust advisory presence. and i'm all for a robust supervisory presence.

but i just don't think that is going to do the trick. so we need more market discipline and we feed bondholders to clearly understand that they're on the hook, as well. and if we could get to that stage, the market would downsize. the empirical data information is just starting to come out.

my concern is that we don't know if it's the right answer. we don't know what it's going to do in terms of slow iing the economy or preventing growth. and we don't know if it's going to be the cause of the next crisis. let me use as an example, the basil risk-based capital placed tremendous emphasis on rewards for financial institutions to acquire back securities. so they bought back mortgages

with the same loans that originated. secondly, any examiner who looked at a bank in 2004 and 2005 and saw a concentration was probably going to compliment the management of that bank. so, you know, you can go all the way to what you think is safe and sound in operation today. but we don't know. and you're absolutely correct. we have no idea of know iing wh the next bubble is going to be. is it going to be stocks? farm larn farmland in the midwest? bit coins? we absolutely don't know. first of all, it's not going to be possible politically and we're going to wind up hurting

the country in the process. robust capital, stress tests, all make sense. there has to be a balance, too. >> let's talk about a topic briefed on you. three-part question here. given that some, if not many, financial activities are moving into the shadow system, how special is the shadow system in and of itself. what steps can be taken to mitigate the effects of the potential risks. finally, my favorite question, are there shadows for which the ris rks outweigh the benefits? >> let me respond first here. first of all, some of you already know, i recently put together a thin piece on the

shadow banking system. and presented that to a group of 30 a couple of months ago. that piece is available on the goldman sachs web site for anyone who wants to take a look at it. first, this is one of the most difficult things i've set out to put together by myself. and i'm very old fashioned at doing this stuff. it's very, very complex. i'll just make two quick observations. first of all, one of the complexes arises from the fact that the term that we all use about shadow banking is wrong. most of what is in the shadows is not banking, quite to the contrary.

similar similarly my experience in doing my work and research on this was as follows. that the hypothesis that has a lot of support. stuff to the shadow banking system, based on my work, that does not appear to me to be right. it's very much a two-way street, not a one-way street. and if people get themselves seduced into thinking that they're going to get their arms around this, with the hypothesis of a one-way street, they're

going to be very disappointed. it's very hard to put this all together. if you look at that data, one of the really kind of shocking things is that in 2008, based on those data, the size of the shadow system was 20 trillion. give or take. whereas the size of the core

system was $14.7 trillion. a $5 trillion difference in 2008. by the middle of last year, the thing had reversed itself. the size of the shadow system had shrunk from $20 trillion back to $15 trillion. and the size of the core system was now $15.7 trillion. needless to say, when we're talking about trillions, this is not small change. i did put together some ideas

better ways to get our arms around this thing. the work that's done by the stability board, which is, as you know, the cousin of the basel committee. and the work, particularly, i want to acknowledge that is being done by the fed and, especially my old colleagues at 33 liberty street in new york, is really quite impressive. progress, really, is being made. and there are specific initiatives. one of the things that i made as a pretty good argument in this space was the financial infrastructure stuff, including settlement systems in all of that.

right now, when you move away from probably the five or six or eight or nine best-managed clearing systems, there are now dozens of them around the world. and i suspect that in many cases, the discipline is being applied to risk control and risk management. i suggested for example that for all of those mechanisms, there should be, among other things, a minimal standards whereby using stress tests and related techniqu techniques should have a

standard that would say any one of those places in the world should, among other things, have the capacity that on a given business day, they could survive the simultaneous default of their two or three largest participants. so that's pretty direct stuff. i think it's symptomatic of the fact that we've got a lot of work to do to get our arms thoroughly around the shadow system, keeping in mind, above all else, that it is a two-way street. i think dodd-frank dealt with two things. initiative one, that they're outside the traditional banking sector.

the ig-type model -- the so-called title i designations. and then, under title viii, there's also a methodology on systematic activities. this is where this is identified as a systemic problem and asked the fcc to address it. my view of a lot of this is more activity than institution oriented. my assessment is the institution is viewed as unable to fail in traditional bankruptcy without systemic disruptions. the best answer is to make them resolve until they can be. to accept their ramifications and put them under fed zup violation under title one is not

under observation. recently, identifying some issues that you viewed as potential problems with the asset industry, you know, there was a big overreaction, i think, to that report. but i do think the issues that they identified, if they need to be addressed should be through activity regulation and most lid by the fcc. but, again, that requires that the agency or jurisdiction to move forward and get ahead of these types of problems. so there are mechanisms to deal with the shadow sector based on the lessons we learned in dodd-frank. i think they can learn if they're used appropriately. the shadow sector works great in good times. in bad times, we have to give it away.

i do worry, you know, peer-to-peer lending is maybe one small example of where you're having, you know, a separate mechanism now for making loans. so now we're getting into small business loans. in a venue that is quite regulated. so the competition is nice. i like -- there's been a problem that there's been a problem with credit availability. i like the fact that they're getting credit out there at lower costs. the banking sector, which does

more in that small business space will still be there. so i do think not just systemic stability, but also regulatory arbitrage has to very much be in the focus of regulators when they see these new types of mechanisms outside the traditional -- this is the consumer bureau. >> i'm not sure what the term shadow banking system means. my concern if it means everything that is not regulated by a federal banking agency is the shadow banking system, i think it would be a mistake to try and bring all of these institutions into that system.

therefore, i kind of like what sheila said that the failure would cause a systemic problem, rather than simply saying we need to regulate the shadow banking system. i don't think that is necessary. and i don't think it would be productive to say we have to be subject to federal supervision. i also agree with sheila that there could be regulatory arbitrage which is unfortunate. but i don't think the solution is to impose the same regulatory regime.

there are certain regulatory advantages. >> over the last ten years, as we all know, how can we distinguish between asset bubbles that propose systemic risk. >> nobody knows when there's an also set bubble. i think it's hard to node when somebody's going to pop. but prior to the crisis, you know, my mother saw it. she would comment about it. for heaven's sake. let's have some common sense here. i think there are some things regulators can and should do that government actions don't further asset bubbles. one is a more robust regulation that requires roans to be based on your ability to repay.

if you're lending to a business or a household, they've got income. you're not just basing the loan on the asset is going to appreciate: people were able to get loans without being able to document that they could pay. i think leverage is another way. not just capitals for regulated banks, but i applaud the leadership on this loan guides. yes, i do think that regulated monetary issues does create the

risk of asset bubbles. i think it's hard to know when it's going to turn. everybody thinks it's going to keep going, right? that kind of group dynamic is something that regulators have to regulate against. it will help restrain some of the silliness that's emerging in other markets. >> the practical matter is it's almost impossible to stop it. let me illustrate that with just a few examples.

in 2006, regulators had a modest guidance on commercial real estate lending. there was attempts to ring in franny may, fred dee macand were capitalized in 2004. there would be one chance in 500,000 if franny mae would become uncapitalized.

he became the regulator from hell. that's what he was called. he tried to tamp down spending. when you're in the middle of a bubble, if you tried to tap down the credit, you're going to be accused of being the regulator from hell. you're going to be accused of hurting the economy. you're going to be accused of preventing disadvantaged people from the house. now, what would have happened in 2005 or 2006 if the agencies have said we're going to

prevent -- we're going to tell our banks they can't prevent mortgage backing. it was in buying the loans that the banks lost the money. >> i think the reaction would have been very, very harsh. >> the regulators are going to get too much political pressure. that's while they have independence. that's why they have term protections. that is their job and they need to do their job. just throw your hands up and let the craziness go on again. congress is going to whack us, if we don't. i just don't buy that. i agree, the political push back is materialble.

i think you can do it. i think, again, you've got much turned levels. a lot of support for that. i hope to see that finalized, soon. push back on that, too. but i think the regulators are going to be encouraged to move ahead. >> let me just respond briefly. first of all, i didn't say throw up your hands and do nothing. i agree with you. that regulators need to do something. and i think appropriate capital standards, appropriate liquidity, appropriate supervision is part of the solution.

it's also hearings that i'm talking about. congress passed legislation directing federal housing finance agency to ensure franny and freddie led the nation to providing home mortgages to very, very low and moderate income people creating guidelines that they'd have to meet. in the '80s, regulatory fo forbearance was put in the law.

you can't simply say that regulators put up a straight face and nothing happened. if they're wrong and there wasn't the bubble, it's not quite as easy as that. >> no, it's not easy. i took a lot of that flak. i think regulators need to get out there and explain what you're doing and why you're doing it. you identify geve got to get oud explain what you're doing in the public domain. if you can't, maybe you should rethink it. i do think there are tools that need to be used more aggressive.

sometimes, they're a positive influence that i'm sorry most of the time they're not. they're a negative influence. there's a legitimate role that should be done through hearings. i don't think they're the people with the technical expertise. they're the ones who go through the comment letters and that's why they have these jobs. to make these kinds of decisions. >> it's hard to go to people who are buying houses and tending to flip them that we're going to take away your credit because buying a home isn't a good idea.

>> what are your thoughts on asset bubbles? >> the public basically thinks, we all know who people speculated in houses in the middle of it and thought they were doing the right thing. and it made sense if you believed in the bubble. and i don't think you can go to the press and say we're going to take away your funding. >> there were things that could have been done that weren't done. >> absolutely. those are two countries that have done exactly that and it worked. >> it worked. and it needed it. >> so in the interest of time, a final closing question and then we can take questions from the audience.

so based on what we've discussed this morning, what is sort of a short, snappy response to that question, if you can. the government balanced the buchblgt. simple. that would give us more room to finance private investment. if you want to get the economy back on track, one of the that is going to have to happen is more private investment. so that's that one.

financial service provide eres, especially for financial service providers, with all of the things that are being done, revisiting models cutting expenses, all of that is very good. but what i would like to see is more attention within financial institutions of all kinds. more attention placed on effective governance and future. ultimately, those are the things that are going to provide the clue that really, really, really makes being special and, in fact, would make other forms of financial institutions also special.

with regard too consumers, et cetera, one of the things i would love to see is for payday lenders to disappear off the face of the earth. and within that framework for outreach programings that really do make progress in reaching out with banking services to low-income and other members of our society. who could use some help and could use some education.

and then finally, greater transparency in terms of things that really matter. one of the things that's all over the place, including in the morgan space, but it's not limited to that. is a lack of transparency. one of the things is what i like to call embedded leverage. it's highly trucktured complaints we've got to do a better job within the regulatory community of trying to get much more effective disclosure particularly as it surrounds that con september of embedded leverage.

>> we need fiscal policy to get more robust growth in our economy. the fed can't do it. i wish congress, you know, with all the problems we have with unemployment, why there's not a greater focus on jobs in growing this economy. i don't know. i think that's the benefit for everybody. including the banking sector. think of making money by

providing a real value, not quick bucks or hidden fees or selling instruments or constructing complicated derivatives and people don't understand what they're buying. give them good customer service. i think they need to get more in financial reform to combat some of the issues and push back regulators. i think they need more counter weight and put some counter political pressure. it's age-old advice, but know what you're getting. i think the consumer bureau is

helpful in terms of getting better disclosures and congresswom developing better disclosures where the fees are hidden. know what you're getting. if you're unhappy, go someplace else. i'm not just talking about banks, i'm talking about brokerages, as well. making it easier to improve the sector. >> well, i certainly agree with the comments that i've heard so far. i'm just going to add my

thoughts in addition to the recommendations. i think the government should start to think about long term policy and not short term political gain. it's too much, in my view, of playing to get the next headline, tomorrow's paper and they really need to think about what's the best policy for the united states country and not for themselves. financial institutions really screwed up. i think some should seriously consider whether they want to be in banks at all. i'm not sure that they are the best institutions to be in the consumer business going forward.

or, if they are, to have to have the kinds of ethics that would be discussed right here. and what was the third one? >> consumers. >> consumers, yes. consumers, my advice would be just because you can get a loan doesn't mean you should take it. any questions from the audience? take one or two questions right here. >> hi, good morning. so you said that there hasn't been enough years to have gone by. how much longer before the banking industry stops the games. >> well, first of all, i'm not

representative of a banking industry. would oppose. let me give an example of what i'm talking about. i recently read a paper from the boston fed that talks about adjustable rate mortgages. the conventional wisdom is that adjustable rate mortgages were a big problem because when the rates went up, people were tricked into getting loans at a low interest rate and had a rate shock two years later and not able to repay the loan. the data coming out now says that that is not factually what happened. when interest rates went down there was no increase in their monthly

month ly payment. if you look back over 15 years, there is no correlation between -- very little correlation between adjustable rate mortgages and mortgages that defaulted. they defaulted without there being an increase in their interest rate. there is a lot of regulatory effort to -- and it ultimately didn't happen -- to ban or provide penalties for adjustable rate mortgages. it turns out that that would have been an inappropriate reaction. i think it can be a very good product for people moving or starting families in a starter home, it would have been an economic benefit for the population that could easily have been taken away. so that's just -- you know, one example.

we are beginning to get evidence, certainly i think prudential standards and better liquidity, better and more reasonable capital requirements, these are all things that make sense no matter what the cause of the crisis. but we need to make sure that the actions we take are based on facts and not on conventional wisdom. >> i'm sorry. i can't contain myself. i think the -- the industry -- not, you know, listen, there has been some industry sponsored research and other kind of, you know, reinventing history, creating fuzziness about what caused this crisis. whether that serves people interest, let's create a lot of confusion about what the problems were.

they defaulted at much higher rates. it's just silly to suggest otherwise. and if you want research that does not necessarily reflect the entry view, i would suggest you go on the website and most certainly yes, there was a significant size of the troubled mortgage market. they were flippers. they were professional investors. lying on the mortgage applications. you bet you. that ugly stuff was out there. there were also a lot of people living lower income neighborhoods that once had nice safe mortgages who got refinanced into these and yes, the default rates were very, very high. so there are definitely two different perspectives on that. >> i have to respond because i feel like my -- >> okay. did the industry have any responsibility for this crisis?

the government forcing them to give poor people mortgages or, you know, sophisticated borrowers ripping these investors off? i've heard that so much. i heard that in 2006, 2007, 2008, i am still hearing it. take some responsibility for this. we can't get it fixed until you start taking responsibility. >> we have time for a couple more questions. >> i -- >> use the microphone. one more rebuttal. >> i respect you, sheila. and i think -- no, you are a heroin. what i'm a little troubled with is the reference to industry-sponsored research. i don't think that's industry research. it may be. if it is, i retract all i say.

you might want to say, ray -- >> look at the default rates -- >> okay. >> talked about -- >> why don't you two take this discussion offline in the speakers lounge after the fact. >> yes. since we're at a symposium honoring the 150th anniversary of the occ, i must ask this. in your book, one of your proposed reforms included abolishing the occ. though you express cautious optimism at the time regarding the agency's future with mr. curry taking over as controller. do you still espouse this proposal. if not, how has it caused you to change your mind and are there any particular rules, guidelines or other regulatory actions that you would point to as evidence of this improved and reformed

behavior. thank you. >> well, look, i think my experience with the occ was during the time -- predated tom's tenure here. he was at the fdic on the fdic board, was one of of great frustration. i felt that opposed being a partner, it was an impediment. i also think having so be regulators can compromise supervisory response. and you hadded holding company regulator. that would be a merged fdic/occ entity, seems to me to make some sense. i think tom showed tremendous leadership here. i think occ examiners are some of the best in the country. they really have been topnotch. and i don't think the congress

is going to abolish occ any time soon. i think most of the occ folks here would agree with, dealing with the funding base. they have to rely on examination fees which is difficult especially as the industry has become more and more concentrated. the fed and the fdic have the advantage of having different funding sources. some combination of shared fed fdic funding i think would make it a stronger and more independent agency. that's something i would hope would be in the short term doable. i think tom has done tremendous work here. i do think the examiners are some of the best and most sophisticated among the regulatory community. that said, unfortunately the occ i felt was an impediment not a

partner in trying to get these problems fixed. >> thank you for a great panel. my question is about the bank funding molds. banks are supposed to be a liquid. they're a liquid by design i always thought because they borrow short and lend in trade long. if you look at the liquidity coverage ratio, the net stable funding ratio whose status is unclear, but they make noises about getting u.s. banks to issue longer term debt. are regulators suggesting that the borrow short lend long model is no longer tenable oar the banks can't really do that anymore or in the same way. >> that's what they're doing anywhere in for a surprise. >> i think the issue is nondeposit funding.

there was way too much reliance on the retail and commercial paper market and that was an increasing portion of the liability structures in these larger institutions. so i think in terms of the nondeposit component forcing them to issue more long-term debt is good. that will have the indirect effect of making the uninsured deposits more stable. to protect the uninsured deposits. i think that is the right direction to go. but i think you need to distinguish between the two. >> you're changing the nature of banking which is what is happening. we're changing how banks are regulated. how banks are funded. that is going to result in different impacts upon the

economy. so as a general matter -- i'm not saying it's not appropriate. but there's no free lunch. there's going to be higher costs for borrowing, higher costs for credit. maybe that's good -- i don't think it's good, but it's going to be an impact. so we can have that model, but it's not free. >> well, like to thank each of the panelists. thank you so much. the congressional internet caucus advisory committee hosted

a discussion about the national security agency's surveillance programs. it included stewart baker and advocates of an open internet. they considered the affects of nsa surveillance on cloud computing and the development on new technologies. this is an hour and 15 minutes. a little housekeeping item. tim is not here today so he asked me to make sure you all know i'm here as my capacity. i am with the american enterprise institute. i am not holding any of their opinions and the people here will state whether they are stating the opinion of themselves or the organization. this is really not meant to be a technical debate. it's a debate of where are we a year after the snowden revelations and what we've learned. and i'm just going to ask each one of our panelists who are really well written and well spoken on this topic to give a

couple key points of their point of view. be thinking about questions. so i'm going to start with stewart baker. were you the first policy assistant secretary? i want to make sure i get that title right at dhs which is something we've seen grow in its responsibilities. probably fascinating to know what you know and then be where you are now. so i'm going to open with stewart and just a shout out for those of you looking for a summer book read, he has a great book. you might want to look that up. >> scathing on stilts. you can download it for free. you can give it to your friends for holidays. and there's a blog that goes with it. so that's where you'll find it. i was also long ago in the '90s

the general counsel of the national security agency, so i know them well. i have to say i think this entire thing is -- i'd call it a tragedy if it had not been so carefully orchestrated by people who had an agenda. the folks who control this data are determined to cause as much damage as they can to the national security agency. and they have done many of the things they accuse the intelligence community of doing. withholding information from people that -- from the public that doesn't fit their narrative. they did that with the very first disclosure when they told us that nsa was collecting the phone metta data for everybody in the country and withheld for two weeks any information which they had about all the limitations on what nsa could do

with that information and on their ability too actually look at it. and that has been consistent -- consistent with the snowden journalist approach ever since they have come as close to misrepresenting this data as they could. and the only people who control this data are people that are deeply hostile to the nashlg security agency. so it is a tragedy. i think it raises interesting interests for congress. the hard problem, the problem that we are all debating is how do you do oversight of intelligence. it has to be obvious you can't do it by ex-posing all your intelligence programs. if you once grant that proposition, it's kind of hard to imagine what further oversight would have been appropriate and it does seem to

me that there has been quite a bit of effective oversight in this context. and so i would be glad to talk more about the details of the oversight or how we ended up in the position we're in today. thanks. >> great. thanks. next we have kevin bankston. he's at the new american foundation. obviously you've been follow thg area for a long time and snowden probably put a lot of this stuff into perspective for you. kevin also just recently wrote an article on the anniversary and it's a great read on his website if you want to take a look at. >> thanks. so kevin bankston. so surprise, i come from a civil libertarian perspective when it

comes to government surveillance. but i think what i want to talk about today is the fact that however you fall on the national security versus personal privacy and civil liberties debate, i think that there can be argum t arguments made that we need to see substantial reforms in the way we do surveillance to address all the other issues being raised by the snowden revelations and the programs it did reveal. this isn't just about national security -- a fairly unproven national security benefit. it's about survey -- national security versus privacy and civil liberties and versus the internet economy and versus the security of the internet and the openness of internet architecture. it's about the continuing viability of our internet freedom abroad. the continued health of our relations with our allies and

emerging governments abroad. so even if you don't care about privacy and civil liberties, i think there are a lot of minuses is the plus/minus columns when we're talking about these programs and how we need to respond to them. one point i've heard is that it's not actually the programs fault it's the snowden revelations of the program's fault. i think that is a moot point or at least a semantic one. the information is out there. the damage has been done and the u.s. government does have to act in a way to address the credibility concerns that it has now raised in regards to its own behavior and the security and functioning of the internet as a whole. in addition to the short piece we did on cnn we actually have a short paper that you can find on the desk out front that actually runs through the variety of costs that have been reported on

since the snowden revelations first began and runs through many of the things i just spoke about. and that's in advance of a much longer paper that will be published before the end of the month. suffice to say on the economic impact, we have predictions of billions of dollars lost to the u.s. internet industry. we are starting to hear numbers of particular companies saying things like, we have lost half of our international hosting business in the past year. there is a real impact coming from this. and we need to act to address it. so thank you. >> great. thanks, kevin. chris is the director of policy at the business offer alicense. i was reading his biothis morning and found out he's a fellow any brass can. you have a long history of doing technology policy and looking at the challenges for companies.

you want to address that. >> thanks for the opportunity and for being here today. i think where i've ended up here physically not in the middle between the two of you is perhaps unfortunate, but really it's where the technology industry has ended up caught in the middle of a much larger debate about really what should be seen as a new era of privacy. because we're entering a new era of technology. and i appreciate that kevin came back at the end to what are at this point very real consequences for the technology industry. this is -- this is obviously a huge debate about privacy, about the balance of law enforcement and surveillance interests and national security. and that is a huge debate that we have to have. it also i think should be seen

as an economic debate because of the huge impact that this is going to have on the technology sector moving forward. >> so just sticking with you, so your companies are seeing ramifications after a year? they feel like they've seen an impact? can you elaborate on that? >> absolutely. and i should mention at the time bsa is represented -- represents a broad swath of the traditional software and hardware companies in the it sector. speaking here today, i'm not speaking for any one of those members and at times i probably will be speaking for myself. yes, it's been pretty widely reported as kevin mentioned. there has been a real impact on this. i've seen probably most recently the news that verizon lost a contract with the german government and the german government specifically cited

security concerns and wanting to keep its network domestic. we are hearing lots of examples of countries, customers, end users raising security concerns as to whether or not they should use u.s.-based company's for their services. hearing questions even in companies that don't -- have not been pulled into the whole national security and surveillance debate, they're getting questions about this. so we're absolutely hearing a lot of examples of concerns from customers around the world. >> so stays on the trade thought for a second, so the impact on the u.s. government's credibility, we think this is real? it's not just a posturing issue or being used as a trade lever? >> so i don't know -- a trade lever as much as a lever to

influence and grow economies around the world. what we are seeing is obviously the companies that have been drawn into this debate are u.s. companies. they are the leading providers of technology products and increasingly technology services around the world. what we have here is an inflection point, a moment for other countries, other companies to close the gap and to use this as an opportunity to -- to really catch up to the i.t. industry in the united states. >> that would be my sense. there is no doubt that there are genuine privacy concerns here, but there's also no doubt that there are motivations on the part of the government. the biggest impact probably is in cloud and people saying we

want our stuff stored here. and the desire to have stuff stored locally has a lot of motivations. one is more jobs locally. one is that we don't hear much about is all of this move that i'm sure kevin has been enthoous yast ik about about encrypting communications, encrypting the link to the e-mail providers, that has cut off access by local law enforcement to a whole bunch of information that they can only get now by coming to the united states and asking pretty please. they would rather force all the e-mail to be stored in brazil or germany so that their law enforcement agencies can just walk in and take it which is the general rule for most of these law enforcement agencies. that is bart of the motivation in demanding that there be more

localization of the cloud. it's probably bad for privacy, but it is part of the motivation. >> if i might add to that, i think in some instances we agree on this. in the sense of several of the trebds that we're seeing now preexisted the snowden revelations but they have hastened them, have given ammunition to those we were arguing with on the issue of data localization. there were certain governments very focused on trying to get american companies to locally host both private data and youtube videos and the like so that local governments could exert greater control other content and have easier access to data. the snowden revelations have much strengthened the hand of governments pushing for that kind of data localization. so in a way that i think impacts human rights. i mean one of our biggest concerns about data localization

presnowden is that many of these countries were doing this not because they were trying to protect themselves against the big, bad americans, because they want to exert greater control over internet data and speech. similarly, even prior to the snowden revelations, there was a big debate over the role of the u.s. in internet govern nance and what should the future be, should immaterit continue to be multi-stake holder. oar should it be the realm of governments in an enter governmental process. we've had countries like china and russia and saweddy arabia. that trend existed pre-snowden. however, they have significantly changed the contours on f that debate. given a lot of ammunition to

people we don't necessarily want to have control over the internet. they can say we want to get up to shenanigans like the u.s. >> if i could put it on a bumper sticker, it would be snowden, better for russia than for privacy. >> taking a slightly different point of view, from the idea of encrypting your e-mail from end to end, is that actually a healthy thing from a cyber security perspective? >> i would say it's an enormous benefit. although, it is also costly. they have had to spend a great deal of resources to do this. i think there are a great deal of benefits to that as well. google and yahoo should have been encrypting their data links. we want more websites to turn on

ssl so that you see that little lock when you're browsing. and we want to see more encryption between e-mail servers. this is actually something google just recently published a transparency report. all of this goes to the good. all of this goes to the hardening information security of the internet. >> it's also against authorized access and this is the problem. every country has criminals that they are quite entitled to investigate. when you encrypt everything end to end, their investigations will end up in multi lateral assistance treaty requests for assistance to the u.s. government if they don't have a treaty and most of them don't have a treaty we're willing to cooperate under, they have no way of getting information even fwens the criminals that they're investigating if they're using g mail or yahoo mail and the like.

that's going to create enormous tension between the companies and those governments. it's going to lead them to pursue hacking into people's computers as a second best alternative. and, frankly, for most of us, if your biggest worry is the police or the national security agency encrypting end to end has a pretty significant effect. if you think that the people's liberation army is more likely to break into your system, if you're in the united states, that is the case, encrypting end to end doesn't really solve the problem. you want to encrypt the data at rest. all the information we've been spending those boat loads of money on are aimed at the wrong target. >> it's obvious from the actions of the companies increasing encryption both at transit and at rest, the goal here is

ensuring the confidence of the consumers, of the end users, that their data is secure. stewart quite rightly notes the existence of criminals, the importance of being able to pursue proper investigations and ultimately does that increase state hacking, positive blichlt i think what we would suggest and propose is we see the reality alternative and the message is the importance of international cooperation and conversations about this. this is a place at this point we feel governments need to be coming together to talk about how to govern access to data and to create a framework that works around the world. >> i mean, i would agree with that and syrimply add that muchf the focus is in technically hardening the internet against all unauthorized access. and that much of that focus when

it comes to government access is to ensure if the government does need data, which it often does, no one questions that, that they come through the front door with appropriate legal process rather than the back door. >> they're going to move the front door to brazil and germany and romania and russia and cha na -- china. we're going to completely lose control of any privacy standards with respect to the foreign government access to that data. >> i feel like we're arguing past each other because i share that same concern but i think we have a different idea of what are the root causes of that. i think that the snowden revelations have given a great deal of ammunition to the countries that want to do that. and i think that -- but i'm not going to accept that threat as a reason why we should not also secure our data. >> can we unpack that a little

bit? i think that's a really interesting point. let's use brazil, okay? so if i have data as an american citizen now in brazil, what do you think my concern is? >> i'm willing to bet i know more about the european standards. >> i picked the wrong country. >> it's a safe bet that the brazilians don't have a higher standard for access than the germans and the dutch and the french. the fact is that in practically every country, law enforcement can walk in and just say, would you like to give us that information? thank you. and by the way, it's understood you're not going to tell anybody you provided that information. >> for clarity, the law enforcement person and they in that sentence is the local -- >> they will -- anybody who stores data in brazil is subject to having the police come in and ask for the -- their subscribers

information voluntarily, in quotes. and without disclosing because it would be embarrassing the fact of having provided that information. and if you are an american who just happens to be taking a visit to the world cup and you do e-mails from brazil, there's a decent chance under the standards all of that stuff will be stored in brazil and not anywhere else and that your data will be looked at by the authorities in brazil for whatever purpose they want to use it for without any of the protections that we are now arguing about how to improve. >> kevin -- >> i think the more apt suggestion to be hag is what do others think is going to happen to their data if they store it in the united states.

and right now, what people believe is going to happen is that the nsa is going to have unchecked access to it and that is causing people choose not to do business with american companies and causing governments to propose new infrastructure for the internet to limit the amount of data that travels through the united states. >> i don't disagree that there are people and media with strong interests in keeping that issue alive in foreign countries and that it is being used in some cases in good faith, in some cases in bad faith. to try to get localization of data. i'm not sure that that's a completely successful move in every respect. but the more we prevent governments from getting any access to this except through the really more or less broken process, the more likely we are to inspire a determination to localize that data where we will

completely lose privacy protections for any americans who happen to be caught up in that web. i think we do more or less agree, i'm just not sure -- what would you suggest? an apology tour? a world apology tour? this is something being misused by governments. most of the public policy proposals currently before congress, you know, let's get rid of the 215 program. let's do something about back end data searches for americans will have zero impact on the campaign that is being put forward. >> indeed. >> if what you would like is an international agreement that we're not going to do espionage, that's about as plausible as agreeing that we want have extramarital sex in the future. it is simply something that is going to happen and we're not going to be able to regulate it. if we signed up to that, we'd be the only people to try enforce

it on our own government. >> and they don't necessarily hit the programs most going to impact people outside of the united states including section 702. i think that is a deficiency of the proposals. as far as things we can do, you can look at the very back page of the paper handed out that has a number of recommendations. i think one of them is 702 reform. limiting the scope of the data that can be collected. greater transparency which is something we've been working very hard with the companies to try and obtain. a variety of confidence building measures in regard to u.s. government encryption standards and -- you mention the -- the emlap process as well. i think our answer to the issue of how do -- if we encrypt the data, other governments won't be able to get it on their

territory, what do we do about that. i think what we do about that, and certainly is the position of the reform government surveillance co-lation, we actually do need for the 21st century a modern quick responding way for governments to internationally make requests between each're for data stored in their jurisdictions. >> i agree with kevin. to stewart's analogy, we don't need a world apology tour but it's pretty clear that doing nothing isn't getting us anywhere at all. there's lots of extramarital sex still going on. >> whatever we do, the fact is billions of dollars are beginning to be lost. and there's going to be more to come. what we are seeing is, you know, i used the word ammunition before. we are seeing a lot of energy now being put behind things that could fundamentally fragment the internet, could shift the locus

of internet development technically away from the united states. right now is when we have to be acting to prevent that. >> there's a very large focus on what is the dollar impact on this. what is the impact on the companies. you know, what has happened. and the problem with looking at numbers of what has happened is by the time you have a dollar, a real dollar impact, that business is lost and it's not coming back to u.s. companies. and i think that that is the danger of sitting and waiting to see how this plays out. it's hurting u.s. companies. it will hurt worse, it will hurt our surveillance capabilities worse if we let this path continue to play out by doing nothing. >> that's actually a really great point. not that i'm necessarily -- >> i want to hear this. >> to those -- i mean, i'm a civil lib ber tear january, but

the fact is to the extent you chill people from storing data in, that distinctly impacts our intelligence capability. regardless of what you think the argument is or should be in terms of what the lael standards are, if less of that data is here, we will have less of that data for intelligence purposes as well. and that way the economic impact and the impact on the internet itself is also going to have a security impact for sglus so should we be concerned -- there's a a recent report saying mathematicians are turning away work from the nsa. does that mean we may have a different level of harm that we're not considering in this prar dialogue, which isn't necessarily a trade issue. how do we move forward out of this? how do we say to young engineers going forward that we still have

an interest in knowing what's going on, do we put parameters around it? how do we manage this going forward? >> one of the things i would suggest, if this is what we're worried about, most of the reform proposals have nothing to do with this and aren't going to as kevin more or less acknowledg acknowledged, aren't going to change anyone's view. the longer the fight goes on, the more attention gets paid to the snowden documents and the perception that nsa is collecting everything. if this is what we're worried about, we should focus things on reform and frankly, rather than a world apology tour, we should be taking some of this fight to the people who are misusing it for mercantilistic advantage. high on that list has to be the european union which has

patented the business method of holding american companies hostage over their objections to some u.s. government policy that has nothing to do with those companies. they did that to airlines over pnr. they did that to swift over u.s. collection of terrorist finance information. they're doing it now over safe harbor trying to find a way to say we will threaten all the u.s. companies with losing their protection under the safe harbor as a way of trying to extract confessions on from the united states on unrelated topics. they want -- they have no authority to regulate any intelligence service in europe. the only intelligence service they think they have the authority to regulate is the united states. it's time to call their bluff over this. one of the things for frankly people here in congress you ought to be thinking about is

the european parliament comes over here all the time. they continue standpointly thinking of ways to hurt u.s. companies. when they come here, they hear nothing to congress to suggest there's anything wrong with the positions that they are taking. congress here needs to be as aggressive about protecting u.s. interests as the europeans are about protecting european economic interests. that means taking actions to prevent and specify consequences from any effort to screw around with the safe harbor over this issue which really has nothing to do with the law of privacy in europe which the safe harbor already fully indicates. >> let's get away from a second and say there's an art imitates life and a company decides to become the google of brazil, is is there an -- >> we call it or cut.

>> to do a check the box exercise of i would like all my data to avoid a u.s. server? can the zeros and ones really do that? there's an element of the dialogue we're having which is pragmatic prom a policy perspective, but i don't know technically some of the things are feasible. >> i think i would rely on a real technologist to answer the feasibility of that. i think you are seeing some companies saying if you want to host your data in a particular market, we will host your data in that market. the problem is only the goe lie yaths can do that and there is a huge swath of the technology industry that is not that big and is not built that way. and the cost to a lot of bsa member companies of trying to assure every customer by saying your data will be held in x

locality just can't possible. you undermine not just the efficiency of the system and the value that cloud computing and other things bring, but you undermine the cost. >> when putin said he wanted all twitter -- if they were allowed to keep tweeting, they'd have to stay on a local exchange server. i don't mean to make this specific to one company, if you're a company at that point, do you just say good luck? we'll do our best? i realize we've had these challenges and iterations with yahoo in the past. if you're one of these edge providers, how much credence do you have to put to some of these people or do you say, great, russia, we wish you the best with that? >> twitter is not a bsa member and i think it's really hard to

answer some of those questions from a company perspective, especially when you are answerable to stockholders. and some of the market, some of the worst parties here are fairly large markets. >> it's a business call. i think you have to decide how much is it going to cost me, not just in funds but in disappointment on the part of your customers. versus what it will cost you to get out of that market. you know, when the chinese started censoring google, google said, see you, this is not our market. when the europeans decided to sensor google, google said, what do we have to do. that's a decision they have to make. and you make it on a business basis. >> i mean i'd also add there's a layer technically and figuratively between the edge providers as well if you move up a layer and look at the isps and

the -- you know, the backbone providers, those who have the internet exchange points that carry all this traffic. we are moving into an age were there aren't a whole lot of those and there are fewer and fewer entities controlling all those peering points. you look at the emerging markets, especially in countries less friendly to human rights, there are very few and under strict control by the government such that it's actually kwiez feasible to say we don't want this or that traffic coming out of the country, we want to keep it internal. and so it's worth being mindful of that. you know, it's also worth noting to the extent that major isps agree we want to keep our bits on these particular lengths. that is certainly feasible for them to do. we're seeing it discussed in the

context of the european union and germany. those bits are not going to leave europe. that is technically doable. it's not going to be very easy and it will be not very cheap. but such a thing is technically possible. >> this is just like any owe security decision. you have to decide what it's worth to you in money and hassle. and it has to be worth it to everybody who has control of the -- the decisions. and it turns out, i suspect, that in most of this, it isn't worth it to all of the people that would have to be persuaded to build a zone for the internet to do that. it might be worth it -- certainly it's worth it for governments to say if you're going to host our data, we want our data hosted in our country. and frankly, that's the u.s. position. so it's not a surprise.

so on some things they have the leverage and they can do it relatively inexpensively and they will do it pretty much no matter what we do for the next year on snow deb response. and for the rest, they won't because it isn't worth all the hassle just as it sometimes isn't worth all the hassle to have a 20 character password. we should. we mean to on january 1. but by january 30, we've decided it's too hard to remember. >> so certainly worth it to some governments and certainly worth it to foreign competitors. they've been very outward about talking down u.s. competitors. >> they have been, but you know, everybody -- all their customers are also quite cynical about that and they are quite prepared to say, okay, if you're 2% more

expensi expensive, we might take that hit. but if you're 20%, to hell with you, we're going with amazon. >> if i may, to jump back to another point, i do want to make clear when ever he says you conceded a point, you need to rethink what you said. specifically usa freedom doesn't do enough on this score to reassure the foreign markets. but i -- i do want to be clear that it does do a number of things that i think would help address this problem. it would prevent bulk collection of any and all kinds of records if it's done right which i think should be reassuring to anyone who stores data oar has records kept about them in the united states. it would also do an enormous amount transparency. both transparency in terms of

allowing the companies to report more about the process that they're receiving and how they are or are not responding to it. reports from the government about what types of process it is issuing and information it's inge ingesting. it's also worth noting that usa freedom isn't the whole world on the legislative proposals right now. there's actually a really incredible vote last month in the house where almost 3-1, the house approved an amendment that in addition to protecting the rights of americans by saying the nsa needs to court order to search data from the 702 surveillance program for american identifiers, it also said no nsa and cia could not attempt to mandate or request that a u.s. provider of a

communication service or technology that they have to build in a back door to their product. i think that speaks directly to the type of economic and security concerns we're speaking about today, as does representative grayson's amendment also approved by the house which would prevent the nsa from using its relationship to undermine the encryption standards. so i think there are things on the table right now that do impact this debate. i think passage of usa freedom would impact this debate. but i also think there is much more that could and should be done especially on the 702 front. >> i would agree with kevin. i think there absolutely is action that can be taken that would have a very real impact on this debate. i think passage of an amended usa freedom act would be a huge step, greater transparency, greater accountability.

reform which we've been work on for years would be a huge step to ensuring customers that their content is safe from law enforcement's reach without -- without -- unless a government gets a warrant. the safe harbor negotiations have been going on for a certain amount of time and regardless of how you feel about the substance of what's going on there, there have been positive statements coming out of european commission officials. i think there are -- >> i'm positive i'm going to take this away from you? >> so they've said that things are 90% bax. at this point, to get positive statements out of the european commission to cool some of the rhetoric, to let things lie, because who knows what else the guardian has, who knows what else the post has. to cool some of the rhetoric around this would be hugely helpful to industry. >> yeah, glen said he was doing it finale on americans who've

been spied on. >> i can't believe it. >> so it may be that they are largely done, though you never know. one of the things that's been missing from this discussion and really needs to be part of it is there's a cost to all of these things and to the campaign of recrimination against the national security agency. it produces less intelligence, we know less about the world, and it's a very dangerous world in which a risk averse intelligence agency responding to all of these things produces less warning about things that are going to get americans killed. this is an enormous problem. and i live this. the last time we had this kind of climate was not surprisingly the second term of the last democratic president we had when -- a time when republicans

discover their inner civil l libertaria libertarians. there was a dramatic campaign against the intelligence community and against the fbi at the time over civil liberties issues. and at the very time that happened, the court impose add wall between parts of the fbi that did intelligence and parts that did law enforcement and the result of that was that we could not use those law enforcement assets to try to find the hijackers even after we knew -- the fbi knew they were in the country and the people who had the resources on the law enforcement side were chomping at the bit to go find them and they were told to stand down because of a civil liberties doctrine that had been imposed by the court responding to a public climate that is very much like the public climate we have today. two weeks after that, 9/11 happened. there are very real costs to just saying how much more

privacy can we do. you never know what will be the biggest problem. but just saying can we do more, can we provide more assurances of this or that, can we find new ways to shackle our intelligence agencies are going to have real consequences that we are not going to like. >> i want to respond to that because i think you're falling into the trap i spoke about at the front end, which is this false debate between the civil libertarians or the snowdenistas versus national security. you're going to have blood on your hands. first off, i think it's personally insulting. i was in lower manhattan on 9/11. i take this very seriously on a personal level. >> name one thing you have suggested in the last five years to make our intelligence agencies more effective at a cost -- even a very small one -- to privacy.

one thing. >> that's not my job. >> your job is to advocate against the national security side and for more privacy and i'm pointing utility there's a big cost to that. >> i'm sorry. >> i think we have to remember that we have people in the room here. >> of course. >> and part of their job is to find the balance between the dialogue that you two aring. >> i think that's right. and this is why i'm glad i'm not in the middle of the two of you. i think that's the important thing here, that we talk about that balance. months ago when industry was knocking on the door saying, please let us be more transparent about the number of requests that we've gotten, the response from -- from many was you don't want to report these numbers, people will be scared by these numbers, they'll be so big that people will go running. what we've seen is more hunger for the kind of transparency reports that companies are putting out. people want more granularity.

i think what we need to do is strike that balance that shane mentioned to find a way to talk about what's going on here in a way that does not hurt our surveillance capabilities. >> can i ask a question? all the companies that we're suing to get more transparency drop their lawsuit when the government actually agreed to allow greater granularity and reporting. are those same companies having dropped their lawsuit just lobbying to get what they agreed not to litigate for? >> so i think there was a pretty small group of companies that sued the government. and i think they -- they got a deal at the time that, you know, is on paper and they've been using that. i think there are a whole lot of other companies that weren't involved in that lawsuit that also want to be able to report. >> they feel strongly enough -- >> i think there are a lot of companies not covered. right now if you're a company

and you're going to report the number of law enforcement requests for data that you've gotten, you have to start with zero. so, you know, what do you do if your number is zero? and it's zero to a thousand. so you're essentially going in -- the implication there is that i got a thousand. >> and you can understand why the u.s. government might be uneasy about somebody who reports zero, zero, zero and has like 300 customers and then suddenly reports one to a thousand. all the customers are going to say, i wonder who's being wiretapped among us. >> understood, sir. that's why i think it's important to talk about the balance. there are some small companies that would be like that. they've got 300 customers. there are also huge companies who have thousands of customers. and they might want to report a zero. >> i'd also add when that happened, when that deal was made, first off, it wasn't a

settlement technically. they agreed to withdraw the suit in exchange for a commitment from the doj. they preserved their right to sue again and elsewhere. and they saul made clear their intent to continue to press for a stronger and better deal through the legislative process. i don't think there was any misleading there. i think they made and some made a different strategic decision that that was the best deal to get on a quick timeline to start being able to public at least some information which they needed to do. >> and at this point, they're legislating some of them not to change the deal, but just to lock the deal down. because it's a settlement. and it could be revoked. that's -- you know, explains a certain amount of lob big. >> i'm going to go to the audience. do we have a microphone? great.

in the very back there. sorry. there is a microphone. can you identify yourself as well? do you mind standing up so we can see you. >> i'm frank with -- the point that i wanted to make is we're focused on the impact on u.s. industry. and i guess in foreign capitals onto hear, oh, it's hurting, great. actually, i think with the big big picture admitsing is that they're hurting themselves at least as much as they're hurting us. in two ways, first one of their objectives is to -- they say they want to increase the takeup of cloud and technologies in their economies and they're doing exactly the opposite, you know, because they're not just preventing american companies to inhibit ability to provide services in their markets,

they're creating barriers to industry, they're hurting the business model of the next startup. it's going to make it hard for a local company like, well, theres all these regulations and requirements. it's not just like, you can't buy americans. i have to do all these things to set up my business, i guess i'm going to do something else. point one, point two, you know, they are not -- so the users of cloud commuting don't have an easy access to american services. they don't have an easy access to the german cloud commuting start-up. and so all of the efficiencies that are supposed to come from that are not there. so you're throwing inefficiencies into supposedly an efficiency machine. last time i looked a to the european economic picture, it wasn't that great. by the own admission of european authorities. so they're kind of counterintuitive, that they would try to hurt it to --

>> or it may help part of their industry and hurt everybody downstream of that industry. it may help their cloud provider and hurt every start-up. and i don't know any start-ups that buy equipment anymore. they all set up on a web server, a web surface, like google or amazon. and it will be harder, if it costs more to have an all-german cloud, then german start-ups will have more trouble starting up without buying equipment. >> i think we've started a marketing campaign for them, though. laura, did you -- or a comment? >> hi. so, i'm laura. i'm a career civil servant at the state department. and i have to say that one of my first reactions to learning to who mr. snowden was and what he had done was to ask myself, why are we outsourcing core government functions to i.t.

support contractors? and i'm curious why none of you guys are ever talking about that. because that would seem to be a potential point of commonality among the three of you. this can't -- to have the nsa contracting out to apparently 500 or close to it, i.t. support contractors, for the collection of signals intelligence, it can't be great for privacy and civil liberties. it also can't be that great for security. i think if you've got that much outsourcing and people cutting corners with security background checks, it's only a matter of time before you end up with someone like snowden, it would seem to me. a short-term contractor, not a great deal of loyalty towards the organization. i'm just wondering if you guys can comment on that, and whether you see that as a point, perhaps also in need of reform, thank you. >> i'll try it. i'm unaccustomedly nuanced on this question. the nsa has built its culture around the assumption you start there and you're in for life.

and that has allowed them to make certain assumptions about their workforce, which are undermined when they bring in contractors. and they have not found a way to deal with that. at the same time, the fact is that the skills that nsa needs, just like the skills that microsoft needs, change dramatically every five years. and you can't expect to retrain your workforce every five years for 30 years and have people who are as good as the folks that you would find in the market. and so, they have to find a way to go to the market to get to skills and they've done that by going to contractors. i do think they need to watch those employees much more carefully. maybe there's a basis for agreement on that. we should audit the people who work for our intelligence services and our law enforcement agencies more carefully, for sure. but i don't think that just

saying, you can't outsource, you can't contract for this is going to be necessarily good, because then you're going to get somebody who learned how to do a new task, just by taking courses in maryland after work, which may not be the best way to do it. >> i'll just add, thank you for that nuanced take. i have less to say about whether that's a good idea or bad idea or what should be done about it, than in how to respond to the fact of it. to the extent that when you have an intelligence community that is moving toward not only a contractor culture, but more of a digital culture, where it's easier to exfiltrate a lot of data, the government needs to respond. part of the response to that needs to be, the government anticipating the fact that such leaks are going to occur. and i think one of the great failures of the government in this whole affair is not, clearly not having a strong game plan for if and when some of

this stuff leaked. for example, by overfocusing initially on the issue of, oh, don't worry, this isn't -- this is not impacting american citizens' content, you know, the response to that from mark zuckerberg was like, hey, man, like most of my customers are outside the country, you're kind of throwing me under the bus here, you're not helping. you're actually making it worse by harping on that. they actually need to think about, how are they going to deal with the political and economic and messaging impact if and when these leaks do occur. they are going to continue, despite our best efforts. >> i would just pick up on what kevin said, and say that that narrative at the beginning was incredibly unhelpful. and i understand, as some members of congress have said, no european ever voted for me, but the -- >> it would pay for our products. >> lots of europeans buy services buy products from the people who did vote for you.

other questions? >> over here, i'm sorry, there's a lady in the -- >> i'm an adjunct with the open technology institute with kevin. my question relates to a comment i heard to personal democracy forum last night, which is that the technical market is largely driven by convenience and fear. as someone who worked on the hill for ten years, one of the ways that i look at that nsa debacle right now is the con tinall. it's often in uniform. that's why so much technology has the cybersecurity label on it. something i've noticed in the last couple of years is this willingness of the technology community to invest more in the long game of policy, with policy shops tharnt just self-interested lobbying shops.

just in the last year, and i'm hoping that engages the civic piece of technology and starts to build capacity. i mean, this question about privatization and contracting out, recovering from a debacle like the nsa over collection surveillance is different than engagement for capacity building in the public sector. and that, as someone who worked inside coke for ten years, desperately needed. we don't have the technical chops inside government for the long game. and that seems to be changing. could you comment on that? >> i think your microphone's -- >> as a representative of bsa, i would like to think we've been focusing on the long game for a long time, looking internationally, at how markets are going to change and grow. and i think many of our companies are actively engaged in cdt, kevin's group, lots of

other groups, and as this process has unfolded, i think you see increasing awareness and increasing appreciation for those points and more attention, obviously, will have to be paid. >> i think on the horizon, one of the things we should think about is the ability to share data, and that goes to transparency, but it's one of the challenges of, noaa has really interesting stuff that could share, that could be very usable, both to the public and private sector, and you know, we have a lot of data we need to figure out how we use that in an appropriate fashion. so that will be probably a future forum here. question on this side, i know i've kind of ignored you guys over here, sorry. on the back. >> thank you, brandon with the office of congresswoman, susan davis. i focus on trade issues, so this is actually bringing that back to that discussion. for mr. baker, i want to make sure i understood your comment, which is that you suggested that

if we were to call out the europeans and come over to trade negotiations, somehow that would be -- when they invoke privacy and we realize it's actually for their own economic interests, that somehow advances the debate. i'm not quite sure how it does. the europeans will come back and say, okay, it's for my economic self-interest, so what. for me, it seems like 256-bit encryption, and you know, end end use encryption and more transparency goes a lot further in making inroads with american companies in europe than calling out the europeans for being economically self-interested. >> you know, here's my concern. they are seeking to influence u.s. policy by threatening u.s. companies with a loss of a safe harbor. the legal basis for that is nonexistent. the whole theory of the safe harbor was, you can sign up by contract to treat your european

customers as though they were governed by european law, even though the data is stored here. and you can -- that is the assumption of the safe harbor and the terms that you sign up to do match european law. where's the european law on restriction of intelligence agency collection and storage of data. there is none. and that's why the safe harbor doesn't deal with it. and to say, we're going to take away the safe harbor and conclude that your law is not adequate, because you have not adopted measures that we want, assuring us about how nsa is going to function, how fbi is going to function, how dhs is going to function is inconsistent with the law, and we shouldn't be apologizing, we shouldn't be saying, oh, maybe they're right, they're european, and that accent sounds so good. but the fact is that what they are doing ise