so, that's interesting. so there's a spot right now if you follow the space between microsoft and google about the disclosure timelines where google has a very strict 90 day timeline including two to microsoft's dismay they publically released an issue just two days before microsoft was going to fix it. so you know, 90 days and fixing one kind of thing is fundamentally incompatible with fixing a design problem that took 13 months to fix it right so there has actually been activity in that space now and google updated their policy just last week because of the recognition that there are a harder class of problems. >> so for 13 months he were able to disclose this is an

interesting -- sometimes the best thing to do with information sharing is to keep a secret. and in this case after, to their credit, they handled this fantastic. we are lucky that this turned out to be a microsoft problem because they had a sophisticated incident response security program and so it was their mistake 15 years ago but the people that handled it now were the right people and we are all very lucky. but they immediately bought it and there was no convincing them that this was serious. that took three e-mails. they worked on it very hard for a year. the best thing to do was to give them the runway to fix it right. the worst thing to do would have been to put an arbitrary deadline in front of them and told them to fix it fast. in this case there were not ways to fix it fast, so that would have been cited tracking to the

detriment of the end of the security goal. so in this case yesterday's way to share information was to give the vendor the runway to fix it and to keep it secret. >> but that is hard and interesting because keeping the secret especially for 13 months is hard. but we actually discovered this issue under contract with a third party so that made it even more interesting. fortunately, the third party happened to be ican internet corporation for the numbers. they are a 501 c. three do good organizations so they were cooperative, but it would have been a commercial client, they may have been less willing to give microsoft the runway to do what they needed to do. making it even worse, we had to release an interim report saying that we were sitting on a secret for a year in wait for the second report. so, you know, we couldn't sit on it for a year and not tell anybody.

it became very interesting. but my take away from this, first of all when we think about information sharing we have to think about former abilities and -- vulnerabilities and financial disclosure and how all of that works. but hard questions and we crappal with all these questions for the last year. first who do you tell? you tell the vendor but who else do you tell? there can be an argument that you tell the government. the government is kind of a big place. when you look at an international footprint then you get into which government? in some government, the emergency response teams are somewhat indistinguishable from the foreign service intelligence. so then you run into that series of problems. you run into the problem of the offensive versus defense applications. everybody wants to use this

knowledge for different reasons. some people want to use it for defense purposes and some people don't. you run into the problem of the economic vulnerability. so we have no money for this. and that's okay. one of my employees actually said this whole thing working out the way that it did basically depended on us not being rational actors, rational economic actors because we work hard because we had to tell people that we were sitting on it for a year of course we were contacted by people that character as -- characterize as in the vulnerability business. and in fact we are going to run out of basic patriots that are not motivated by money long before we run out of bugs.

>> this would have been seven figures, right? >> i don't know but it probably would have been a lot. it's a hard problem and it isn't going away. when we think about information sharing we need to think about this issue as well. >> by the way, you can tell the hobbies of the different people that are up here. he's policy through and through and uses policy language. mark is a nerd and jeff is a pilot so make sure to get him runway. give him runway. [laughter] >> i have a couple questions but why don't we start and i will look around for the audience if anyone wants to grab my eye i can start -- i started over here number one and then we will go to the back for number two. at the microphone is coming around. in the interim i will say hello to my nephew that's watching. >> andrew from dhs office of policy. question following the

conversation from the cyber security summit on the panel with secretary johnson. with regards to the type of information that they are receiving with regards to 85% of the air can express being what they pay for for the vendors and 4% from the isao and 1% from government and i want the reaction to that breakdown. you know, how much of that needs to be increased? what are types we are getting? >> that's fascinating. out of@h that we see in a year that we get 4% of the signatures from the isac and from the government. you are nodding the most. >> and concurrence area that's an amazing statistic because it would seem like it would be the other way around that they should get most of the information from the federal government or other sharing organizations.

but it also points to the source that a lot of the organizations themselves share among themselves without having to go to a higher authority or some other authority looking for problems that they can tell you about. this has long been recognized even before there was a dhs is most of the information we knew about ourselves is known by ourselves and we don't have to wait for someone to tell us the obvious we can just begin to look for it. the question then is how do you tell others. if american express finds a problem, can they come should they, will they tell their competitor, much less the federal government. that's part of the quandary and i know this is part of what you are trying to help break down some of those barriers so that we can do more of the private to private competitor to competitor type of sharing for the good of all. >> i would love to know how many they then shared with isac. i used to be the vice chairman and we were trying to figure out

how we could get devices from our own devices into different banks that way we could collect information. and it literally struck me i tried to back our way out of that because the information was already in certain places. the information was pulling in verizon and microsoft answer we don't actually need additional devices. we needto find out where the information is already pooling and write that mpt did you want to jump in on this one? >> i think there's a lot of ways information comes in and it's hard to do know what the origin of it is and that is one thing we are trying to get more information on. you get information directly that came from another bank and it could also be from the government and they are getting the information from ss isac. it's hard to know how the numbers work out. we need to do more research to try to figure out exactly where

information comes from and get to the point raised earlier on what are the most actual information in the quantities it doesn't necessarily mean quality. >> 1% was the most classified. >> it can be completely useless. we need to focus the efforts. we don't know the answer to that question. it's a great metric. if someone actually hasmeasured and parsed i think it would be interesting to try to draw the cost to say what are the resources that are the most luminous information and what are the most effective. that would be interesting and i wonder if we could get some money on that further studies and take a look at that. next we are going to go into the back.

>> this is an inherently international domain. and jeff mentioned the international dimension but there hasn't been much discussion of how the policy develops when you put it in the international frame. particularly if you agree that sharing the private sector to private sector is what this was about even involve national companies and when you make the national security clearance and important part of sharing how does that affect the ability to quickly share the information? i would be interested in the panel views on how the policy debate will go forward on the international complex. >> how is this working. does this start with the

others -- >> i think that the eo by its nature is designed to be international. the focus on the part about the standards body. one of the main reasons to have it be a nonprofit organization that is worked with to set up the standards that become the basis for folks for new information sharing organizations to come up is because it's really not focused on boundaries in focus on boundaries in any way. any company can join those organizations. you have an international standards. we have standards bodies to set up and work across borders today. we hope this will be a consensus private sector led body that will get at some of the international issues.

>> it's one thing that struck me about the british sharing. it seems the u.s. first we started in sectors and now loosening up a bit. and there seem to be everyone come join instead of keeping it small and trusted it seemed like it has been much broader in people can just come and join the party. >> history is always a good instructor. jay and i were together back in 1999 if you remember good old y 2 k which we all have largely forgotten about. >> look it up, kids. >> summer of '99 was an interesting time because we were in the military at the joint task force and worried about foreign adver saers vradversaries. we looked at it as being completely technical problem. but that summer one of our colleagues raised the point about wouldn't the attack

community want to use it as a vector to get into machines and cause havoc and make it look like a y 2 k bug problem? that was raised as an issue and we held an international conference of which 95% of the attendees were from the united states but because we had it in london it was known as an international conference. that's how we work here in washington. >> i didn't get invited to it. >> it has been a week admiring the problems from all sorts of different directions. what emerged was an international follow the sun model. it works out nice europe and africa tends to be in the slice. united states south america, central america and then asia so think china japan, australia

that world tends to be in a slice. we were there at this international conference and we built a follow the sun model with the internet at large as we move through. that lay the groundwork for what today is a strong international effort in the computer emergency response team world that even today is very strong. they meet physically as well as virtually. the model has been replicated world wide in other sector-based sharing. the international piece is a very mature very well driven thing. the big take away is it came down to individuals recognizing they needed to build this partnership. this 24-hour cycle. those individuals took the effort to make it work. from they're sprang forth fantastic organizations, but it boiled down to people

recognizing that information shared is the most powerful building. there are other barriers that we can break down with legislation, but it really is about people who can do something about the problem. the international, domestic, local, regional. >> the global side of this presents an interesting historical problem. many of the companies are multinational companies. so one so one of the historical problems of information sharing has become how i share this information internally given different organizations. i might have citizens of countries that don't play well with others. all sorts of things, challenges

that we have been facing since we started sharing information. you have to hold the secret that one of the problems is when you get classified information what can you do with it? i have to hold it secret because it is classified and that means i cannot action it. one of the facets is how i deal with international orders. >> and i know the financial service has been expanding out into europe and asia many people have us security clearances and the interesting thing is to see how we can copy it to look at the model. in in your opinion as this international sharing potentially been hit either by

the snowden revelations or what nsa had been up to or in the resulting sovereignty laws? if information can't leave europe or wherever does that automatically by definition hinder the multinational information sharing? sgh. >> i think the key is the rules. that is part of the reason that we have emphasized this set of concerns. if we make sure we have the information we need for the purpose it is being used for for that cyber threat, what is the reason we are sharing it and privacy controls over it and oversight mechanism controls for it i think people feel more comfortably internationally than they do with people using all

sorts of different definitions and pouring information and without the thought of privacy on the other side. the key is in terms of making sure we are sharing information we need and have the mechanisms for privacy. >> one of my favorite moments at the summit were amongst my favorite moments, mentioned hear -- here today about wanting to get practical. let's get down to we want to share this with these people. what are the impediments to get from here to here? amongst my favorite moments last week was a panel on sharing. she has been in the committee for years, associated with the electronic frontier foundation and others and said i have my friends that work on signatures from our sit down and show me the different ways that they share the signatures.

i saw nothing that impinged in privacy, any one of those things that they showed me which is just a powerful example. if we say we're going to share stuff it brings up what i think are very understandable and automatic antibody, and here someone that is fully on that side saying i don't see a problem. i really like that as an aspect and hopefully we can do more. >> other plans for me going to issue an rfp. >> we will do a request for information and that will get a number of questions out there and that will give us a sense. the plan is to work with the community to make sure the rfp is aimed at what folks want to

see. i'm sure privacy will be part of that discussion. >> i have been waiting to ask the question. i get a lot of questions from critics on the focus on information sharing. something they bring up a lot is would sharing have actually helped sony, anthem home depot, target jp morgan? so i am looking, what sharing have helped and if not what else can we be looking on now that we are starting to get sharing under our belt? >> it depends. >> how long have you been in the beltway? >> we get this down. down. it's an absolutely fair question

and something we always ask. but for what, and certainly knowledge that the bad actors we are targeting, could somebody -- we went through this drill with september 11. what did we know before it happened that we could have told others about, integrated, shared? armchair quarterbacking is what we are good at. i don't know that even if they had perfect knowledge that individuals would have taken proper action and would have known what to do because that boils down to the individuals being key and even if information is put in front of them, would they even recognize the threat and see it as a problem? could someone else see it without full context and sound the alarm? again, you can armchair

quarterback this to death and there is no correct answer. >> i think looking at the framework in some ways is a better discussion to have. the the companies companies figure out where they were vulnerable. taking a look at that and trying to figure out if that would have helped. information can help feed into and address those issues but it is almost a better thing to say what kind of risk modeling and management did they do in advance before they got hit as opposed to if they had had this one piece of information. >> and we talk about these unknowns. it is right they're in front of you and you don't recognize it. that is an education piece. how can we train a workforce that can recognize these things. this is another piece being worked on. none of these things stand independent of each other. there is know silver bullet, that fixes cyber security and all of these initiatives, they

interrelate and have to be in order to move the ball forward. >> my answer is i probably would diverge. but it is a funny thing, many information -- security risks stem from preparing for the wrong adversary or not understanding the adversary. or thinking you have a different adversary than you actually have. in that -- you can make the argument that many of those companies were not prepared for the adversary they actually had. they were prepared for the adversary reading from the pci compliance manual not the one that wanted to embarrass themá+atju @r(t&háhp &hc% do whatever. so i think as we move up the stack so to speak in our information sharing, so information sharing right now is a lot about tools and signatures and things like that, but what we're talking about right now is moving up the stack to threat actors, motivations, capabilities.

as we move up the stack and understand the kind of actors out there, what motivates them, what capabilities what capabilities they have, who they might be interested in targeting and why, that sort of information sharing, had that existed several years ago it may have actually helped someone like an anthem realize that there are different sorts of people out there. there are different sorts of people out there. >> and i know our board director, if she were here she would be pitching the basic cyber security controls. >> once you figure out the risks. >> so if anyone has questions, please catch my eye. i did want -- cisco have been

helpful as we were putting this together. i wanted to tip my hat to them. firstly we will start over here. sean linkous with as ew. can can you comment on the decision by the top tech companies say about the white house relationship with industry when it comes to information sharing? >> that was completely overblown. the people at the summit know the tech companies were there. the main panels we set up were designed to have a wide range of folks from different industries involved. we had a couple tech people on the panel. the one keynote was from a major tech company and then we had all four of the major companies mentioned in these articles saying that they did not attend.

we had all their chief information security officers there. i think it was a bit overblown in terms of their participation of the summit. the goal of the summit was to try to talk about cyber security in a way that addressed what consumers were thinking about which means health companies, financial companies, retail companies. tech companies obviously play a role in that, too. in terms of the breath of what we are looking at for the summit we felt like we have the companies in the room that we needed. >> you were aiming to give specific commitments companies and the fact sheet from the white house. yu obviously this won't be a success unless you get further commitments. what is your action plan to get even more commitments online? more trips to san francisco. >> that's the interesting thing

is getting folks to make commitments. we use it as well. that is what the executive order is. the other work that we do. we make a commitment to the companies that make a commitment to us. that is a big key to get commitments. we have a number of policies rolling out down the road. and we will use that to get more folks on board with some of these issues. i was i was pleased with how many companies said they are using the cyber security framework and with the companies like intel or bank of america who are now saying that they are using it. they are requiring it of their vendors on the contracts. that is great news. that shows that the market and you have insurance companies saying they are requiring it of their policy holders. that is going to make the cyber security framework a success in

a way that we are not requiring it. it is the market place that is requiring it. >> and so you said the policies you are working on now. >> you know, who knew that these would be out now. were just working on the calendar to try to move forward. we talked about the areas where we still have barriers i i think there are several events that happened at the same time. certainly the sony one got a lot of people's attention. >> i am sure the president wanted to sign this one so he could release it or around the same time we did our paper. >> arnold abraham with the institute for defense analysis. i have a question. i am a little surprised about the emphasis on security clearances. i spent time with the department of homeland security. we looked at the sharing for threat information with local police departments.

over 10,000 local police departments in this country. a lot of people were pushing. we said at that time that that was not the answer. jay and marcus with your time in the private sector after being in government do you think an emphasis on security clearances is a proper, effective answer or not? >> i will take a quick stab. >> and then i am going to go to jeffrey. >> the security clearance thing is a bar that sometimes we cannot meet. particularly if we have a smart a smart person who might not have a clear of all background, how do we get them on the team? if the only people must have top security clearances. this is a new question that we have not had to ponder before. in an earlier era we could focus on those who had the proper background, but now we need the brainpower of those he might not have had that clean background.

the bigger question is how much of what the federal government knows has to be classified. that is really where we are going. if the federal government comes up with something that needs to be shared one of our many frustrations is they will pull in a private sector individual and brief that individual but that individual can't take action because you have been told a government secret and sworn to secrecy. you can't walk out the door with that. so frequently we will say what is the terror line? and that means if you have something classified, here is what is unclassified. you you turn it off and pass it along. so we will ask. the answer comes back hours, hours, days, weeks later, rather than when the information is

first prepared it includes a line right up front. so prepare with the information that can be made public, minus the sources and methods and things which begs the question why not take the tear line and set it in front of industry so we can do things? this is a process problem, nothing nothing more and something we must work through collaboratively, improving the speed of information coming at us that has been previously classified. you guys have done a lot. we we have seen remarkable changes in washington in terms of streamlining. there is certainly a long way to go, but the steps are being taken in the right direction. >> i would second that. the most frustrating thing for quite a while has been you clear one individual at a private sector organization and he or she cannot do anything with it which becomes a a struggle.

to answer your question, clearances are valuable. some things should be cleared. >> classified. >> of course. course. some things should be classified but there is a balance. i i don't think anyone would argue that they're is a tendency to over classified. there is value. i think we are moving in the right direction. >> we are not going to clear our way out of the problem. we need more information out in an unclassified way. dhs is working hard on that. however, they're will still be analysis that will be classified, and more companies want that than currently have the information, so we need to address it. >> sometimes the clearance just

gets you into the room even if it is not the information. but if you look at a lot of the cyber conflict we have been through that was very clear. the amount of intelligence they gather, to me if the bad guys are releasing their attacks over the internet that makes them -- it doesn't matter if we collected it through a satellite, through whatever it doesn't matter. it's on the internet. they're not going to suspect we have some sneaky signal intelligence. they put it on the internet. to me unless we were in there system and taking it in figuring out the signature than we have plausible deniability.

i agree with the panelists. i learned a lot of my trade. you always try to lower your cost of control. you go to the cheapest control that will get you to your desired outcome and clearances are a really expensive high cost. any anytime they hear someone say we're going to deploy something, there is probably a better way to get it. >> this really follows on i think, i hope. are there companies that you would not want to see participating? this is a state-owned enterprise

say that may have large -- clearances is one way in which you would say no. i would like you to help me understand how much information sharing is in this isac. >> i'm going to pull this apart in a couple of different ways. you deal with big telecommunications providers , some of which are in countries the us may or may not have good relations with. i am very interested in the company to company basis how that goes. and then when we are looking , how it works when we say all right, let's bring in this persky or let's work with these companies with big chinese banks or the rest. >> a great question. for a sector-based we are sector centric and you are generally in

that sector. so the water isac is water companies and the energy is energy. it wouldn't make sense for wal-mart to join the airline isac. it is just not what they do you see where i'm going. like companies forming an information sharing organization that is sector centric. we also see sharing organizations that are not isacs. he talks about one group that emerged. we start to see warms and things happening, international and oriented on individuals vetted by other individuals. in order to join somebody has to nominate you as an individual and then you are vetted by others as being trustworthy.

these trust groups are very powerful. it's almost like the movie series of survivor you can be voted off the island if you are untrustworthy. these groups make their own rules. >> they are sector specific. they need to share sector specific information and there is a formality to that. they will still be there. >> someone asked the question. >> it is good to get the clarity and a lot of it is based on what you can bring to the table. are you a player? are you a contributor? can you can you pull a lever, do something, action on the

information being shared? each of the groups will have to write their own rules. how can you build a group of sharing individuals? how can you learn from previous groups that have gone through the process so you can increase the amount of sharing going on and still keep the trust and privacy and the things we feel must be in place in order for rapid sharing to happen? >> and the us government to five. >> let's take. >> the way the executive order is going to work, they're will be an rfp and the staff group formed just that standards. trust is the currency. if they're are elements, people that join which causes people to not trusted it will be sharing much information and it will fall apart. we have seen it happen. in fact, i worked in something

that became the anti-spyware coalition. prior to that there was another group that was run and people do not trust the. we came up with our own standards of selecting who the membership was and what the roles were for it. we were not sharing threat information but discussing definitions that became the basis. it is the same type of thing, how you go about building trust and keeping it. they can pop up. you can have two or three. >> i wish i remembered. the anti-spyware coalition is coalition is a great example of what we are talking about a clear goal. we want to take spyware out of the system. who who do we need to include? and that is what i love. focus on the outcome.

sharing is a supporting part of the process but doesn't necessarily drive the process. i wish we had more space to explore this. the net supplier of cyber security information and net consumers of cyber security information, and most companies are on the down stream. they have the demand for cyber security information but a lot of the companies are here, palo alto, semantx microsoft. they have the overall suppliers of information. and they love to look at these more market-based solutions. %ñ i am one of those people that thinks, that is a place for market. if supply and demand don't match up then what can you do to get the market there?

have a couple hands joining in there. we we will come over here. >> chief security officer. two things. i think we should be careful not to be overly critical of the framework. a number of companies don't quite understand, but it is clear the value as a risk analytic tool for global organizations and a translation engine so that global companies can compare apples and apples in contrast apples and oranges for they're global operations and suppliers. secondly, i ask how we are leveraging the examples given earlier regarding the defense industrial base framework agreement being expanded across the critical infrastructure for closed mou information sharing and the training alliance for sharing among the major banks. how well are we leveraging to

strengthen information sharing? >> using the framework. >> we use the framework as one of the risk analysis tools for understanding global operations and suppliers. >> thank you very much. so i mean, michael talked about those concepts. i i don't know if i can go into more detail. certainly in terms of expanding we think it was successful in getting information out to those who need it. >> can you explain in 30 seconds. >> we have a set of signatures out there that can be used. the defense industrial base contractors getting to them the signatures so that they can use it to protect themselves in a

way that they don't even necessarily need to bring it to an individual company. it can be used to help protect them. we have a similar set of efforts going beyond critical infrastructure. it has been more difficult to get the other sectors to spread the news to use the same set of standards that we are planning on trying to get it out in a more comprehensive way in the future. folks should look at how we go about expanding that. >> i will take the last two questions from the audience. this gentleman hear. >> hi. thanks. head of the cyber threat intelligence information sharing ecosystem project. you hit the nail on the head in

a town where money is the answer, what is the question there are net producers of information and net consumers of information and there is a bit of an air, we will do all the work,, the government we will set up these information sharing groups yet economically it does not make economic sense no matter how much government might say you really should share. is they're kind of a focus on helping out or recognizing that there is a reason why verizon has services that people pay for, symantec has services that people pay for and so on? >> i'll start to get us warmed

up. it is too bad. we try to keep our panel limited. there are a couple of other folks who would love to have on the panel. we would have loved to have someone from the hill to talk but also someone involved in one of the companies that is set up to facilitate sharing, identifying the space. been in this business, red sky alliance. been in this business, and it would have been interesting to here how they dive into this. you can look at crowd strike in releasing the information as part of identifying the market need. and a targeted question which surprised me a little bit. when it comes to these, cloud strike. in the mentioned cloud strike could set up one. that is interesting.

that really bends the model. >> and that is what i imagine. is not the system you think of. an individual company could become. in the in the short term the advantage of that is that becoming they are saying, we follow a certain set of standards. once the rfp is out there the standards body is formed and there is a baseline. general counsel knows what they are getting into. so by automating it people can feel more comfortable because they know what it means. that is useful. obviously our legislative

proposal has this other hook which says you get liability protection if you self assert so that gives obviously another real advantage there. and then you might start seeing individual companies start saying so we are sharing with other individual companies they are following these rules and then you get liability protection in place for that. then you see different companies in different sectors. i think that level of complexity and change will affect the way people think about it but it is useful for expanding the discussion in building trust. and getting rid of friction when people say i want to share information and then it turns out you have to get all of these lawyers to sign off and you have to get all of the other lawyers

to sign off and say what they are doing and answer questions when there is no basic set of questions to ask each other. >> this is going to be interesting. we continue to move up the stack. if you look at the last 20 years the private sector intelligence has been largely antivirus vendors. going out and finding the signatures and publishing that as a part of the product. as we move up the stack and get more information and more interested in who is doing what and why and capabilities and that sort of thing, i think that the things that private sector intelligence organizations can do and the things the government can offer will become more interesting, more dynamic. and like anything there will be

value in both. there will be certain information from one and certain information from the other. >> let me also add, we have an audience of thinkers. we are searching for something as an analogy for cyber space. and often the one that comes up as the weather system. we think because the weather system, where is the snow? we can see something different, expecting something else. we think cyber works the same way. there is predictive mechanisms. we can put censors out. there is truth, all all we have to do is look at it and we will see the truth. that's not how cyber space works. we unfortunately get caught up in analogies where we think that because it is something like what we see in the natural system it ought to behave like

that. when the sun comes out in seattle people stop what they are doing and run outside. when the sun comes out in miami they are like, this is too hot. almost a different reaction. in the private sector world there is information that private companies can gather to to there observations of what they see in cyberspace. that is that is information they have developed, sense, can market and sell. they're are things that the government sees that might be more public in nature. i think it all works together. there is plenty of room for the public side to infer and see things, plenty of space for the private sector to infer, analyze, sell the information, but this is the think -- the thinking question, what is the

model that we are using here? it's not atmospherics. that is what we like to look at. we need to develop a new model that comes together with this magical thing we call information sharing what we all do what we are best at and amplify with the private sector can do. maybe your think tank can answer that question. >> especially the funding. okay. last question. >> hi. the department of defense. one of the lessons we learned the government signatures were not necessarily not necessarily as valuable for the industry as we thought that they would be. we found that there are differences in vectors that come

to industry and i wonder if you have seen different vectors in different sectors so that there is no one size fits all. certainly there are some, but in other cases they are not. >> i think, i mean, yes and no, or it depends. the vectors, there is a short list of low hanging fruit that works pretty much anywhere. your basic vulnerability suites, social engineering, spear fishing has become shockingly effective in the last couple of years. i don't know why we haven't solved that one yet. we don't seem to have. in that way we are all kind of the same know matter what

industry: what you are doing, what your line of interest is. but but from there it all changes. from they're it is then who and why. is your objective to embarrass, exfiltrate, steal and then based upon your sector and what your business looks like. but the initial vector, even if you look, they have been reasonably foreseeable hazards. >> from that perspective the frustration was with the signatures, all threats come from the network and can be detected by this wall that we put up and if we can put the right cards in place with the right filters we can make the bad go away. the threats come from all over the place, and they are holistic they are looking not just at the

network devices but people and environment, everything around them. that is where the pilot showed that the process can work. can we share? yes. can we get to the legal pieces? yes. back to the original thesis can we do something with it or just sharing? i think that is the biggest lesson we're taking away. what do you share, what do we do with it? how do we action on it? they been doing pretty well and learning as we go along what we share amongest ourselves so we can action on it. >> i will come to you gentlemen for a last one minute comment. in closing our next cyber risk wednesday we will be on march 18 releasing report we have done.

>> the 13th and 14th of march. we are holding our cyber student challenge. there are different competitions for university students. ours is the only one for policy students to come in and say as if they are advising lisa monaco at the national security conference after a major cyber aacto -- attack to give real national security advice. the 13th and 14th of march looking for sponsorship positions. let's turn to final thoughts.

>> in general like many problems in cyber security policy today it's really a collective action policy. so we need folks here from all the different places moving these things forward at the same time. think about it. we want to to know what your thinking. i wish we could explore this more. i would love to get behavioral economists on this. the short-term, there is a good chance i we will get yelled at even though i know it is collective action. to me this is such a nudge problem. this is such a behavioral economics problem. i would love to see more of in the field.

>> i think you hit very close to the conundrum we have. our sons and daughters we tell them in preschool to share. when they grow up and get on social media they don't share. keep things private and then they become adults. you are supposed to share. we have to work through this culture. what is sharing? and a think tank is a perfect area. what does it mean to share in this highly connected world where we are socially connected in a way that humanity has never been done. what should we know about each other about badg things, good things. leverage the social media, the crowd sourcing and new tools coming out of silicon valley.

we were out there last week because that is the hot bed of this type of thinking. can we use that to our advantage in this new world moving forward. let's work on that together. >> jump in on that. when you don't perhaps another time. >> everyone on this panel, a familiar face, talking for literally 20 years. i am heartened that the sophistication of the conversations is improving kind of reflecting back of where we were pre9/11 and post 9/11 when the world kind of changed and we are now we are making progress. i am heartened and excited about the steps the administration is taking on these fronts recognizing the importance. i think there really is -- we

are at a point where it is going to change and dramatically get better in the next couple of years. i'm actually really excited. >> so we are the cyber state craft initiative. you can't have it without states men and women. they have been drinking from nice cyber states men mugs. we have several mugs to give to each of them as partf oour thanks. please help show your thanks, as well. with live coverage of the u.s. house on c-span here on c-span we show the most relevant congressional hearings and on weekends c-span 3 is the home to american history tv with

programs that tell our story. battlefields and key events american artifacts touring museums and historic sites to discover what artifacts reveal. history book shelf, the presidency, looking at policies and legacies. lectures in history with top college professors in america's past and real america featuring archival government and educational films fr open internet rules. then white house cyber security coordinator michael daniel talks about cyber threats and information sharing. the fcc has approved new open internet rules to regulate internet service as a public utility. the net neutrality ruling prohibits servers from blocking or discriminating through legal

contents. commissioners discuss the decision and explain their opposition. this event is hosted by tech freedom and the international center for law and economics. it runs about 50 minutes. and we're tweeting on fcc live so feel free to join the conversation on twitter. we are live streaming so we will take questions from the audience and make sure we get you a mic. if you can turn ringers off on your phones we are recording today and c-span has been kind enough to cover this event. thanks for coming. here we are five years later and rob mcdowell is here to kick things off and tell us about his first crack at this.

so you were on the commission for six years? >> seven. >> and here we are again. >> here we are again, groundhog day except a little different this time. >> mark said first time tragedy, second time farce. here we are a third time. what would you call this? >> we could be back to a tragedy. it could be a cycle. this is an unfortunate day. i think everyone is familiar with my views. a couple of quick things. number one the fcc went far beyond what the president said he wanted to do. not only is independence a question by what it did yesterday, but the overkill with which it executed its actions is really quite astonishing. we don't have an order to read yet so we will have to caveat all remarks given that. based on the statements and the memo the chairman put out a couple weeks ago we know that

they went much farther than they said they needed to originally. all talk of light touch i hope that mask is revealed. i hope that is revealed as a farce and completely disingenuous. >> big picture looking back on all of this, where do you think this went off the rails? >> at the very beginning. was it ever on the rails i think is the question. it was a run away train that was never on the rails. so, you know first of all, i think the other side -- i'm trying to look at this as objectively as i can which is difficult. the other side did a masterful job of messaging. they had to create a sense of a crisis. and then say the internet is so broken that only the government can fix it. and then on top of that say that three unelected washington bureaucrats of which i'm a recovering one and i have two good friends in the room and they understand their role

those three are better able to resolve all of the challenges of the internet and manage its growth better than entrepreneurs and engineers and consumers. and we need more than just existing law and that something is wrong with this market place when it's not. the american internet is the greatest success story of all time. and so this could all be turned on its ear to have one of the most massive government interventions into a world leading economic sector that is improving the human condition unlike anything else in human history is really a shame. >> but when you were fighting this fight it wasbed net neutrality and now about title two. is there bait and switch? >> history is important and you are a terrific student of

history. remember ten years or so ago this was advertised at making sure internet service providers could not block content or degrade the content or act in an anti-competitive way to harm consumers. it was a last mile focused thing. it wasn't happening. the government never did a market study which i called for in 2008. and there are already laws on the books that exist that would make that illegal. so it wasn't happening because of market forces and because of existing law that existed prior to yesterday. it has evolved to be the term net neutrality an empty vessel into which anyone can pour their hopes and dreams of the government regulating their rival but not them. that's what many requests boil down to at the fcc, please

regulate my rival but not me. he is running too fast can you slow him down? i think the point that for all these years net neutrality purists have rejected the notion of the bona fide peer review market study shows that there is a fear of what that might reveal. the last time anything like that was attempted was in '07 but by the federal trade commission which in a unanimous vote said there was nothing broken in the internet to access market and warned against the unintended consequences of new rules in this space. and it was actually pressed. here we are today. >> you mentioned comcast and said that could have been addressed by existing laws. do you think things would have turned out differently if the federal trade commission had gotten involved and looked into whether it was unfair trade practice?

might that be a different direction? >> absolutely. federal trade commission is very well equipped. 100 years of case law and common law separates in many highly complex parts of the economy. operating systems of computers and the rest and has done a good job there and is enforcement based. you have the due process protections of going to court and can operate in a pretty quick manner. one of the arguments against the ftc or consumer protection or antitrust enforcement in this area one of the arguments is that is too slow. the net neutrality has been trying to get fcc involved. could have done a number of market studies and had the fcc act in different ways in that time. you have the due process protections of being in court. at the fcc you have no due process protections. the fcc is fact gatherer

investigator judge jury and executioner all before the company knows what is happening to them. >> in comcast the fcc never conducted a factual investigation. people never visited and talked to regional manager to find out exactly what was happening and why. the fcc acted anyway. it could have been handled under different law much more flexbly. what is really going on i think is all about economic regulation. this is the cap stone despite the protest to the contrary yesterday. i think the majority of the commission they swear they are not going to do rate regulation whether implicit or not. we will see. access to networks and rate regulation are intertwined and i think there will be a complaint at some point to say by some so-called provider that we will have networks that look a lot

like an isp. they will be saying isp provider or internet back bone provider is providing me access saying they allow access to the network but at a price we think is way too high. do something about it. the fcc is going to be put in the spot of saying we said we weren't going to rate regulate and we are not rate regulating. you are right. that price is too high. please come back to us with another price. that is going to happen because that is really the folks who are against usage space pricing or tier pricing or pricing freedom. those against it that is what this debate really is all about. >> so just to wrap up where -- >> two very important guys waiting in the wings. >> where do you want this debate to go? what do you think is the best case scenario? >> that is gets blown up in the appellate courts to smithereens. i am hopeful bordering on

optimism but not quite there yet but i'm hopeful there could be a legislative solution here but the president can veto it so there is that. >> thanks so much for coming. thank you for having me. sorry to rush through this. i now introduce the current two commissioners on the federal communications commission who are joining me here with jeffrey manny of the international center for law and economics. please. >> as many of you know jeff and i are pretty much sick of each other at this point. so to get started here so evidence of a problem, is there any? >> i think there is evidence in the fact that some think the dress is gold and white and others think it is black and blue. the government needs to fix this. thanks for hosting this. could not be more timely. i think what commissioner

mcdowel pointed out is you would search in vein not just in this order but throughout the fcc's consideration of this issue that there has never been a systemic analysis of what the problem of the internet is. in this order you see scattered niche examples of madison river attended at degrading certain applications. you see apple and face time and that controversy all of which result through private sector initiatives. the agency decides to create digital dysfunction in order to swing the sledgehammer of title 2 regulations at it. i think net neutrality is a solution that won't work in search of a problem that doesn't exist. i think that is absolutely where we are today. >> let me read you a quote. back in 2007 the fcc tried to revise ownership rules. they have been through this before and failed in court.

a congressional democrat objected and said there is inadequate data and time to put together an independent panel and objected to the agency moving forward without fully understanding the effects of the decision. that was senator barack obama. and yet today seems like things are very different. >> there are two parts. first and foremost is i think the latter that it has been talked about in a number of different forums is the right to have the document available to the public. it is something i have been pushing for and my colleagues pushing for, a number of chair men in the house and senate have pushed for. we should have had this document three weeks ago. we should have made that available so people can look at the specifics of the issue look at what we are talking about when complaints that i raise and my colleague raises going forward. that wasn't allowed disappointingly. it is something that not only applies in this context but should in many other contexts.

there are a lot of other forums. i make the argument that it should be done for every open meeting and make the items circulated available for every open meeting. we will have the conversations continuing at the commission and maybe at some point able to make it happen. to the bigger point and i think it is to your first question to my colleague is there a problem and the answer is there is a problem. it is the document that we adopted yesterday. that is the big problem in terms of what is going forwardism i know people haven't had the opportunity to read it like we have. i had the benefit of reading it on my honeymoon in hawaii. that was a little bit comfort. i made this point that it is a page turner. and in the sense that you don't know what the next page is going to do. it is 300 plus pages. you read through it and you are like what is the next one? what is going to happen next?

you are looking for justification and of course a lot of that is missing. i have problems with the content in and of itself. that is the problem in my view. the bigger question is is there a problem in the net neutrality issue that we are trying to solve. i think my colleague highlighted it well. its prophylactic. there is no underlying problem. this is to go forward, something we are trying to guess. it's guilt by imagination, trying to figure out what might happen in the future even though it is not happening in the market place today. >> has anything changed since the 2010 order or since the evidence amassed such as it is evidence that was described as examples that aren't enough to tell a coherent story about net neutrality anything changed in this order? have you seen any additional

evidence that suggests there is a greater need for some kind of action? >> a tremendous amount has changed. broad band deployment is greater. investment has gone up tremendously. on the mobile side much more penetration and much more speed. the market place that the fcc claims is competitive in some areas have declared others not competitive. >> last may you proposed doing independent studies in the model. even that wasn't enough and last may the chairman ignored your proposal. what would you have wanted -- >> i have gotten used to that. >> part of the reason why it is proposed is that this issue has been largely fact free for the better part of a decade and it

is shocking that recent decision making has been thrown by the wayside in favor of what i consider an idealogical agenda. the fcc approved president obama's plan. this should not be a political issue. never has been before. there has been a historic bipartisan consensus. according to the "wall street journal" you had white house aides casting a ballot for an initiative they thought would build the president's legacy. to me it seems the internet should be governed by engineers. >> what would you say is an appropriate response if any to -- quoting you from yesterday, the order giving most charitable interpretation possible says that isps hold

tools necessary to deceive consumers, grade content or disfavor content they don't like. assuming there aren't examples of actual conduct that is the sum total of the problem. if we agree that is the problem what would you do about it? >> let us concede for the sake of the argument that isps have not only the ability to discriminate but would discriminate in the future it seems to me that to the extent that there isn't a current problem regulation isn't the way to go. there are many, many tools from antitrust that are available to strike at any competitive conduct by players with market power who are behaving in ways that harm the consumer. the fcc's decision yesterday strips one of our major agencies of that tool and that is the ftc because of the common carrier exemption. that is the tool that they need

in order to protect consumers. the fcc sweeps all of those powers in order to argate the sole determination of the whim of three elected as to how the internet will work. >> can i jump in? the earlier question was what has changed since 2010 item? and the answer in part is the court has ruled that the last item was problematic except for the transparency rule. two parts got thrown out and that became the question of what is our authority under section 706, i don't believe there is authority under section 706. the court ruled otherwise. that was not enough for the radical protesters. they had to have title ii. i made the point it is a means to an ending. it wasn't about net neutrality. it became about title ii being imposed on all of the internet. not just the last mile but about

every aspect of it. that is very problematic. my point to your second question let's assume that isps have this power. you have to break that down. that's a very broad assumption because think of all of the small isps. i was in st. louis talking to the wireless guys. they have hundreds of customers, not millions of customers. they have hundreds of customers. i talked to 100 customers and stringing together a network to provide the best service they can to their consumers. they have no market power. i made the point if they called up google and said we want to block your offering we are not going to let your product reach our consumers what are you going to pay us, google wouldn't take their call. we have to be very careful lumping everyone together. there are small cable providers that do not have this power.

instead the argument had been made and a strong argument that there should have been some type of treatment providing to small providers and the commission ignored it. >> so on this example i'm really struck on the example back in 2011 metro pcs trying to get to adopt and there were attacks as being the first to commit a major net neutrality violation. what they were really trying to do is give people free service partnering with google. what do you draw from that example that radicals will point to a company that had no market power but was doing something that wasn't strictly nonneutral? >> i think the message is how dare they be innovative? how dare they try to differentiate themselves in the market place.

the product must be at these speeds and have these features and anything that provides anything different that tries to figure out how best to operate in the market, what might meet consumer needs is not acceptable? >> i think it is disturbing of what is to come if you look at fcc analysis of the conduct standard that sweeps in virtually any kind of internet related business practice. it is pretty clear the agency has on the chopping block all kinds of innovative service plans like metro pcs's previous service. the best example is what the fcc said yesterday. let me read you a response to the question. the press posed a question. can you tell us more about the internet conduct standard? what are some examples of how the fcc might use it? this is a quote we don't really know. we don't know where things go next. using this kind of construct of

what is reasonable. the fcc will sit there as a referee and be able to throw the flag. is there a better example of the fact that now we will have lawyers and bureaucrats making these decisions than that? if you were an entrepreneur trying to make a splash in a market place that is competitive how do you differentiate yourself if you build into your equation whether or not regulatory permission. permissionless innovation is a thing of the past. >> as it was said reasonable is the most litigated word in the english language. >> to the point made yesterday the question was from the press conference does an isp have to get preapproval of what it is offering and the answer is ta don't have to. i would hate to be in that situation. >> just to give you another quick example first over lte, everyone agrees it is a fantastic service that requires

priority coding to work properly. by definition engineers say it has to have priority coding. it follows other related applications can't. is that a net neutrality violation? i don't know whether three bureaucrats in the fcc will decide it is or isn't. >> and it is one thing if it was three bureaucrats. we are talking about something delegated to the enforcement bureau or some other part where we may never see it. that decision may be made long ago and the practice may have been threatened against the company and will stop doing it. that's something we may never rise to our level given the structure of the item. >> so this is intentionally naive but i'm going to ask it anyway because it is possible. there must be some limitations to the order. i know i have seen reports that there are seven factors that

will inform the decision. that doesn't strike me as much of a limitation. is there anything else that would rise to the level of limitation? the court in the verizon case pointed out that 706 had limitations. these limitations are no limitations at all. did they try to put that kind of limitation here? >> let me put it this way. the best argument against that point with respect to limitations comes from the electronic frontier foundation which submit last week and put a blog post in two days before vote this week saying the seven factors are vague. nobody knows how they will be applied. smaller competitors will have to lawyer up in order to get a plan approved. i would add that what it doesn't know is the plan says the list of factors is nonexhaustive and there may be a number of other factors it might include.

if looking at a regulatory body in washington applying the circumstances test it really is the whim as to what is reasonable. >> they don't call it a catch all for nothing. it is intended to catch everybody. i can think of like data roaming where you can argue some are more specific than others and whatever else we feel at that moment. put your finger in the air and see where the wipd blows. >> is silicon valley about to get an ugly wakeup here? the electronic frontier foundation in 2007, 2008, 2009 warned about the claims of ancillary jurisdiction. they worried about that being trojan horse. last year they seemed to embrace title ii. now they are having cold feet. do you think they are going to be unpleasantly surprised how this develops? >> i think we are already seeing evidence that they are unpleasantly surprised.

look at google last week people got wind the fcc is going to classify broad band subscriber access service arrangements [ inaudible ] i really recommend google's export abecause it demonstrates what happens when an agency which doesn't have expertise in the area opines in the dark. according to google there is no such thing. they called it imaginary and said it would have second order effects and be disastrous. google said it would empower to engage in some sort of sender pays approach which would be devastating. but for the fact google made the voice heard the fcc would have been on the brink of creating this without public input. i think there are a number of authority things that they will be very unhappy with. >> i think my colleague said

this well in terms of when you read this document it's worst than you imagined. i think folks are going to have an opportunity to digest it. i have been making the case to edge providers for years that they are going to be in the fcc's authority and that is extremely problematic and they do not want that. the pushback has been they feel comfortable that that won't happen. i do not feel comfortable having followed the fcc for so many years and working at the fcc that i believe it will capture edge providers and all of the activity that they do today although the amazing things it is able to bring forward to american consumers. >> i think you opined on this before. isn't that true under 706? title ii making that a bigger problem than it would have been? >> i think it is problematic under 706. i think title ii brings exactly

what my friend highlighted is all the rate regulation. you can argue that 706 may prevent some of that depending on the structure. certainly what -- there has been the presentation that this won't get to rate regulation. i think the previous presentation highlighted you are going to have to get to rate regulation. when the complaint is filed how do you resolve without consideration of the rates. i think that means that the edge providers are going to be in that debate and that is a terrible place to be in terms of what they can actually bring forward. >> i think also the commission's reliance on 201-a is problematic even more than 706 because it is relying on statutory provision. they can specify on what terms infrastructure has to be deployed and specify through

routes. this is really onerous. i think a lot of people will be unhappy to see it. >> from the point of view of an edge provider and different cases where this will matter more and less. arguably at least title ii applies to telecommunications service. doesn't let the fcc regulate what it can't under the act. i'm curious again and this may be too hypothetical to answer, to the extent that edge providers in particular might be at risk do you see 201-a being the primary source of trouble or is it 706 enough to cause them concern? >> either could be problematic. the problem is fcc is focusing on the end rather than the means.

the danger, though, which i tried to illustrate in another context is edge providers like netflix. one could make the argument that open video standards are critical to the functioning of a good consumer experience for when it comes to video. i said i don't want the fcc to go down this route. it is not inconceivable to think if there is market power in the online video market place and deploying to disrupt some of the video traffic that from being recognized could a future fcc decide if that is a violation of this virtual cycle? sure they could. there is no distinction between the two. >> the chairman kept saying he did a rigorous analysis. where is the rigor? >> did he use the word rigor? >> he did several times. >> could i answer the first question. there is this belief that it is title ii. the truth of the matter is you

should get both. it's not one or the other. you get both and lay it on top of each other and then get an opportunity to see how far title ii and 201-a goes. you don't need the rest of title ii based on the views of where this commission wants to go because you have 201. 201 does everything. you really need 151 and 201. you don't need the rest of the provisions. congress is wasting its time by including language. i'm not sure why you need any other provision in title iii. >> so this is odd because mobile broad band doesn't exist. 25 mega bits per second is the standard. 4 g subscribers. >> is that what you mean when you talk about [ inaudible ]. >> the interesting thing and i don't want to get too specific

but when you have an opportunity to digest the document the argument is presented that forebearance is used extensively so only certain portions of title ii are implied. 56% of my analysis is from in an optical sense of the word. 44% still applies. that 56 that is being forborne the provisions are subsuned into 201. those provisions [ inaudible ] you can do it in 201. earlier language providing specificity on how clear that all that can be covered by the other provisions. you only need a couple core provisions to cover every problem that doesn't exist today but may be seen in the future. gl the addition it is remarkable how many times the document uses for now and at this time. we decide to forebear from now

from this provision. we think at this time this provision isn't necessary. what we have seen are a lot of promises of regulatory restraint change based on not facts in the record. >> so just to summarize and be clear here what i'm hearing you say is they are not forebearing from the important parts but what they are they are promising not to use those in ways today. what are they giving up if anything? >> i would argue that they are promising to be a little more specific and promising not to use a specific provision here that they are forebearing from but will use 201 to do dirty work. >> what do you say to the chairman when he insists forebearance worked find for wireless voice. >> if one looks at the

trajectory of spending by the wireless industry it was driven by explosion in mobile data use. because voice was classified as title ii it is -- >> that matters because mobile is not title ii. >> mobile voice. >> mobile data. >> secondly, i noted it is an irony as we know there is no such thing as mobile broad band. additionally there is a problem with respect to for bearance that people assume that reasonable -- i will leave it at that. >> i would concur with that. i certainly with the problem in terms of definitions when you start seeing mobile data i think the statute is very clear. i think that as i said yesterday they are trying to find their way out of the issue and try to

subsume it and treat it the same knowing that mobile has so many different components that make it so different than a fixed broad band offering. >> so i want to make sure we leave time for questions. we haven't covered any broadband and a few more process questions to wrap up. senator obama back in 2007 also talked about the need for public to see the order. and he said that it was not enough for the fcc to make a decision but had to give the public a chance to see it and give congress a chance to react. why do you think that they wouldn't do what chairman at the time did, put the order out for another round of public comment, got another 30 days avoided concerns about legal challenges, about not having proper notice. >> delayed the vote.

>> why did the commission do that this time? >> well, it has been publicly reported that the agency was struggling with the question. should we put new proposals on the table. the president having instructed the fcc to implement his plan which had never been on the table the agency was worried from an administrative procedure act perspective. they decided not to seek further comment. why? i think because they were being beaten up by the same groups that had successfully according to the journal blind sided the chairman. those groups were saying we do not want to delay. delay is not necessary. there is a crisis to solve now. solve it. >> so you would say there is a reasonable question whether the title ii sufficiently? >> i think there is a significant issue. >> absolutely. >> surely the groups pushing the fcc care about having rules in

place. they wouldn't benefit if this fight starts all over again and get to raise money all over again on this issue. that would be ridiculous. >> young fool only now at the end do you understand. >> i think my colleague has framed it well. a number of the groups. >> you can have a hard time getting that one. >> a number of the groups had an artificial deadline in their head. you saw this in our previous meeting. we had protesters in previous meetings say what are you delaying for? i think the pressure on getting something done was more important to have an artificial deadline in february rather than waiting until could it wait 30 days until march until you build a more stronger document? i think the groups had said we are going to do this now and has to be done now. again, if it goes down they will spend years and years looking

for it fighting, raising money, advocating for it again. >> i want to turn to broad band, one more question on this. the chairman when he announced the fact sheet before the order made a big deal about modernizing the communications act. is that the fcc's job? >> no. it has no right to do that. and i think the fact sheet in my opinion is very misleading. i think it is very problematic in terms of what was on that document and what you will see eventually in the final document. >> my colleague put it will. i will add you cannot have it both ways and claim these are strongest rules adopted by the fcc and then claim that you are modernizing the communications regulation. the consumer, isps aren't going to see a dime's decrease in user revenue revenue. i am confident based on what i have read and i know my colleague feels the same once the public sees how far reaching this is they will realize this

is anything other than modernizing. >> it is a point we have made a number of times. you will see additional costs. rates are going to go up because of this item. you are going to see universal service decisions made. it defers the issue as highlighted in the fact sheet. it defers the question of whether broadband should be subsumed into universal service funding. that is a matter we will deal with and consumers will see higher rates because of it. >> the fcc's defenders insist it is only $11 billion in new taxes and not 14 or 15. what's wrong with that? >> to that struggling family figuring out whether to keep broadband in the household and trying to figure out things given different economy they are facing that matters. every couple dollars matters to

a consumer. we know that to be true in terms of adoption rates. >> every time one of the issues arises we are told it is only the cost of a cup of coffee. it's just a little saucer full of tea. eventually you realize this is ridiculous for the american consumer. nobody is complaining that the broadband bill is too low but that is what the fcc will feed into because of the second order effects. reclassifying telecom services exposes to higher property taxes, district of columbia has 11% general receipt tax on other information service providers. 11% tax on products. there is zero recognition of that in this order. >> you both mentioned a few times the 706 report, the fcc redefined broadband to mean 25 mega bits down and three up. what was wrong with that report?

>> you want to start? >> that is too fast. >> it's an extensive report. let's start how it is so important that mobile be subsumed into our broad band regulations we adopted yesterday. mobile is not counted for that purpose. it is exempt and said we don't have enough data for that purpose and by the way it wouldn't meet it anyway. it wouldn't meet the test that we have. i have argued extensively that the new standard is done for one reason and that is to make sure that the commission reserves its authority to try to use, to impose under 706 and not about the standard itself. i have been talking to a number different small cable providers and talked to somebody who said i tried to build my network out. i went to 101 because i know that is where the chigz is going and i went to 20 and trying to be ahead and the commissions

determine that i'm not actually qualifying and i have to deal with that problem. i have consumers saying i don't have broadband you must increase speeds. that's not the purpose of the report itself. that is problematic for his business going forward. >> this administration has taken a cool hand luke approach. what we have is a failure to communicate. we have seen they raise the bar to say the market place isn't competitive. the proof in the pudding is when we have to adopt rule makings involving ree issues of broad band deployment. updating universal service fund. we targeted 10 as the standard and said we will spend up to $10 billion to make sure it is deployed. the mega bit per second standard why are we wasting money that isn't broad band. >> what is the point of the exercise? really about justifying more power grabs? >> i think that is part of it

and part of it is it is just a great headline. >> i think we better look for questions. >> one final question and then questions from the audience. >> you need broadband pre-emption. >> the constitution in the laws of the united states. >> other than that, how was the play? >> i made it pretty clear and you can see that i think under gregory v ashcroft it is clear that the fcc fails the clear statement rule here. if supreme court said it wasn't sufficient enough for congress to be determined to given preemptive authority i don't see how this possibly could. >> i couldn't agree more. i have problems and articulated my views on broad band in and of itself. if you do analysis of different

provisions that states have enacted over the years to make sure that rate payers and taxpayers are not fleeced in these new monorails that are being built in many locations, we had a number of them fail. that's -- you look at the list of the activities that states have imposed and most of them make complete sense, referendum. you have to actually have a business plan. we actually preempted the requirement that a state said they should have a business plan. can you imagine that they would go forward without a business plan? there are so many different requirements that make a lot of sense in the broadband world. our ruling and you will have an opportunity to see that at some point highlights that anything less than a flat band the commission can preempt. what we are doing is driving states to enact total bans on

broadband. if that's where they want to go then that is where states will go. >> before you ask the question we have very limited time with the commissioners. i would like to get as many questions as possible. >> one word answer. >> i'm a long time telecom entrepreneur. i'm going to read the 317 pages or whatever. i'm going to find in there where my next startup is going to be clearly not regulated. so i have started six, seven companies to this point. the first thing you look for is find out where you are orient it versus traditional regulation. am i going to find that as to where my next startup should be? >> the order exempts coffee shops that provide internet access today. for now. >> at this time. >> if you are looking for a lucrative business you should be

a telecom lawyer. >> that is part of the problem is the order is so vast it is hard to say where you would find such an opportunity. >> i want to ask about this fake 4 million number which i find offensive having organized comments that oppose title ii and the opposite sentiment is attributed which is offensive to me and the people who said we oppose this including most people in this room. the actual data release from the commission had 2.5 million comments. they claimed there were 1 had the 4 million that no one saw. we know at least 100,000 came from abroad. i don't think those should count. suddenly it is 4 million plus. we have a guy who wants to regulate the internet who thinks

3.9 is greater than 4. why is this claim being given any purchase? >> i have raised this point. at least a million were on the opposite side. it's been subsumed we saw it yesterday and the press releases that 4 million people have weighed in. a good portion of them do not like any activity. i'm still getting e-mails today people sending me please don't do this. this is wrong. it's the wrong direction. >> one final question. >> so it's probably playing what ifs. when this started a year ago the chairman initially proposed rules under 706. do you guys think if you had

supported the rules then, the rules under 706 if this would have played out differently and if we would have ended up where we did now? >> if you believe net neutrality activists were placated by republican support for weak need gutless according to them net neutrality regulations then i have a bridge to sell you. >> if you think that we can support something that will be where the majority will stay as opposed to where the administration will weigh in on title ii do you think we can hold that day, that's a different commission than i know. >> fair enough. commissioner, i have to take off. please join me in thanking them. [ applause ] on the next washington journal tom shoop has the latest developments in funding the department of homeland security and the legal and political

status of president obama's executive orders on immigration. anna gal nd talks about efforts to recruit massachusetts senator elizabeth warren to run for president in 2016 the prognosis's request to congress to fight iisis. and founder and ceo of american majority discusses the deservative movements legislative and political agenda. we will take your calls and join the conversation on facebook and twitter. washington journal live at 7:00 a.m. eastern on c-span. we have received more than 2,200 entries from 400 schools across the country in this year's c-span student camvideo competition on the theme the three branches and you. wednesday morning we will announce the grand prize winner and show their winning documentary. following the announcement you can see all 150 winning

documentaries at studentcam.org. the c-span cities tour takes american history tv on the road traveling to u.s. cities. next weekend we partner with comcast for a visit to comcast for a visit to galvaston, texas. >> with the opening of the suez canal in 1869, sailing ships were almost dealt a death blow. coal-fired ships had a shorter route to the northeast, to india, to all of those markets. so sailing ships had to find a way to make their own living. instead of high-value cargo, they started carrying lower-valued cargoes. coal, oil, cotton, et cetera.

so elisa really found her niche in carrying any kind of cargo that did not get to market at a fast pace. >> we return now to the tech freedom forum on the fcc's open internet rules. this panel is discussing internet service providers from blocking or discriminating against legal content moving through their networks. this runs an hour and twenty-five minutes.

well again, thank you so much for coming to this joint-type freedom international krepter for law economics. as always when we do these panels, we try to present both sides.

you heard from one side of the debate and now you're going to hear from the other side of the debate. as you know, here to defend i'm sure, the fcc in all respects and every detail and then i'm very happy to have my former colleague, barbara esben who was at the fcc veter ran communications lawyer. and now represents small cable companies, including the american cable association at the law firm of cinnamon and ure. so, with that said, we'll just get into it. so we just hard from commissioner pi and commissioner o reilly.

i would love to hear your reactions? let's start with process. do you think this was the most open transparent democratic riggering that the fcc ever had as the chairman said yesterday? or could it be done better? >> i suppose it's always been done better, but i can't remember one this's been more, you know, open or thoroughly hashed out than this. this is just the standard fcc process. but it did it almost on steroids with lots of workshops, town hall meetings obviously town hall meetings. and at the end, at the very end,

some people are asking well, this should be done differently than the commission has ever done in the last 20 years. it's a little late in the game to change the rules.

the initial decision under the panel fcc that got us here was, itself, controversial. it went to the ninth sir cut the ninth sir cut overturned the commission. the ninth circuit refused to take the case and then that was overturned. >> you're referring to the initial classification? >> the initial title, that's right. the initial deregulatory approach. you had a ninth sir cut reversing the fcc and since that time, the fcc has seshltly struggled to try to figure out how to operate in the space.

>> there is a process an old process, for putting a tentive decision out for further public notice and comment. and that was used in computer 2 in the early '780s.

>> to me the biggest problem really is, you have, for kmampl wheeler saying today's open internet order is a shining example of american democracy at work. now, i understand the importance of public comment e comment in fcc decision-making for a long time. but it is afterall, an expert agency that it's supposed to be we think to justify its kpisz tense because it has a particular ablt to collect, assess highly technical sort of information. what i would say about the idea, for example, opening up the dock et to more comment is from what i can tell, from the way

chairman wheeler would have responded to that it wouldn't have mattered anything from the other side. there's actually enormous amount of that in the docket. and, yet, he says, you know, we listened, we learned, we adjusted our approach based on the public record. i've seen the public record. and the public record, i know because i criminal intented thousands of pages to it. i know that it contains an enormous amount of information that contradicts the view. but if you listen to wheeler it's like, you know, we've got four million comments and that was enough to sway us. that doesn't sound like to me, what the fcc should be doing. >> it's an enormous amount of information and data on both sides that's completely contradict each other. but i think from the chairman's perspective, what you just said is a bit unfair. certainly, from his perspective and even from ours, to a degree

he began with a proposal, you know, back in may of last year, you know a proposal under a kmeshlt reasonable standpoint. and so the chairman himself evolved from a 70 6 to a sender-side to title 2 now to a very different type of title 2 and jet sinning, even at the last minute, the sender side. >> what concerns me the way it sounds like what pushed in that direction was