>> coming up, a house hearing on all t auto safety and a recent recall of cars. and then a hearing on domestic terrorism. >> the house senate and subcommittee held a hearing on whether auto recall regulations should be overhauled. this is two and a half hours. the committee will come to

order. good morning. i want to welcome everyone to our hearing today on examining ways to improve vehicle and roadway safety. i will recognize myself for five minutes for the purpose of an opening statement. certainly lives depend on the safety of cars, safety of trucks and on the roads themselves of the united states. and on the whole, the data is good around the decrease in fatalities against mines driven, b -- miles driven will you the hearings have underlined the severity of problems that do exist and there is no reason for going slow when it comes to safety and deception cannot and will not be tolerated. it is incumbent upon us, the national highway safety

committee and others to be in complianc compliance. this past year i think it has been clear to many of us on the committee and certainly clear to me that this is not always the case and that there is room for improvement. to that end, the discussion draft that we will examine today includes modifications to certain federal motor vehicle safety standards and their processes that will enhance safety practices amongst automakers at the national highway safety administration itself and provide more information to consumers about automobile safety. some include updating how the national highway safety

administration publicizes and makes recall information available to consumers. the discussion draft will address how nhtsa coordinators with automakers before publics recall notices to consumes are as well. it is to improve by providing drivers about a safety recall and giving them the means to take immediate action to get it fixed one the notice is received. the discussion draft also contains proposals to improve how nhtsa analyzes research information and directs them to explore additional protections to the driving public. to increase accountability and improve safety practices amongst vehicle manufacturers, the discussion draft extends their remedy and their repair

obligations under recalls and increases the time that they must maintain safety records to facilitate the identification of potential defects and institute safety incentives that encourage investment into next generation safety technologies. after a record year for recalls, the draft we will examine today also discusses roadway safety, vehicle safety and is a continuation of this subcommittee's efforts to restore confidence in american motorists that the cars that they drive are safe, that the recall process works and that automakers and the nhtsa are capable of keeping pace with technology and the future.

i will yield back the balance of my time. >> thank you, mr. chairman for holding today's hearing to enhance auto safety and improve the recall process. i think it is a mistake to hold this hearing without a non-government data security witness. this draft legislation includ includes -- i'd like to say victims of the gm ignition switch failure are here today in the audience. it has been 20 months since the initial gm recall and you'd think this committee would have acted sooner. as we see again today with the toyota recall of 6.5 million vehicles, these safety issues aren't going away. as a sponsor of legislation to

achieve the goals this bill attempts to address, i'm happy we're finally having a legislative hearing. unfortunately, i believe we're having it on the wrong bill this this discussion draft includes some ideas from the vehicle safety improving act that i introduced with ranking member palone and five other subcommittee members in march. those include require naenthat a and every automaker has someone responsible for all responses to nhtsa's investigations. i'm glad those provisions were included but it would have been much better and more useful for the majority to have engaged in a bipartisan consultation during the drafting of this bill as i have repeatedly asked rather than dumping this bill in our laps. had that dialogue taken place, many of the weaknesses in the

bill could have been addressed prior to this hearing. the act includes several provisions that would enhance safety and improve the efficacy of recalls, none of which are included in this draft legislation. the vsia would more than double nhtsa's funding for vehicle safety programs. the fvia would increase the quantity and quality of information shared by automakers with nhtsa, the public and congress while there is a nod to those priorities in this draft legislation, there's little meaningful change from the status quo. the bill would require manufacturers to fix all recalled vehicles free of charge rather than just those purchased within the past ten years. this discussion draft -- it

would eliminate the regional recall program the republicans draft legislation takes i reejous steps in the wrong direction. the bill would give automakers a break from health-based carbon emission environment in exchange for adding safety this provision is a big win for voeks waggens of the world but does nothing about i urge my colleagues to engage in a bipartisan,

legislative process that will yield a stronger and more comprehensive bill. i am anxious to participate in that kind of dialogue. we still have an opportunity to deal that. unless there is someone else who would want some time, i yield back my time. >> thanks for we take great pride in the industry's inventi inventiveness, resilience and creativity. it is what has helped the eye strooi become what it is today, a global leader in safety, drivability and experience. but over the past couple years we've seen the best of what the industry has to offer. i'm an optimism and i'm glad

we're here today to talk about starting to make fixes. we're in the midst of an exciting time of automotive ingenuity. what was once science fiction is not becoming reality. this innovation is to be applauded, not on because it will revolutionize driving, but because of what it means for vehicle safety, the environment and most importantly saved lives. the staff discussion draft we're going to review today is a starting point to achieve those ends, including fostering greater vehicle and roadway safety for years to come. some piecings look having an officer available for safety compliance isn't new. others involving cyber security my neither to further involve.

it also includes plans that will help modernize the work emission of nhtsa to ensure that the agency is fully capable of keeping pace with the innovation and progress of the industry in the 21st century. this is a life saving endeavor. i look forward to a thoughtful and engaging dialogue on the merits of each proposal and what additional consideration shall be this committee is unwavering in its commitment that the auto government can make cars safer and protect the lives of the

driving public and their passengers. i yield the balance of my time to the vice chair of the full committee. >> thank you, mr. chairman. i want to thank our witnesses for being here. chairman burgess, i think you've chosen the perfect day to do this hearing as we go back to the future and it is october 21st, 2015 and we all remember that movie and the significance of that date. here we are talking about interconnected cars. and using tablets and using this data. so perfect day to have this discussion. and, chairman burgess, i thank you for the draft that you have brought forward. my constituents are truly interested in this issue, whether they work with toyota or gm or nissan or in the after market auto parts industry with ought auto zone. everybody has an interest in

what we are doing. here's the reason why. when you look at the stats that we're going to have a quarter billion interconnected cars on the road by 2020 and the significance of that, as aushls have become more computerized, it's important for us to look at these technological ranss such as the week-to-vehicle communication, there's a lot of curiosity about that, we look forward to getting some answers as to how this is going to work and i thanks gentleman from texas for initiating the conversation and i yield back. >> the chair recognizes the chairman of the full committee. five minutes of an opening statement, please. >> the tigtle of today's hearin includes auto safety but it's

clear it does not cover safety. auto safety is a pressing top being that deserves our utmost attention. traffic fatalities grew by 14% and that comes after years of declining death. medically related motor vehicle injuries grew by 30% since 2014 and these increases should concern every everyone. earlier -- our bill would make real improvements to make sure the millions of drivers and passengers across this country are kept safe. it gets nhtsa the information, resources and authorities needed to protect consumers and our bill also empowers were more

information -- even though there's no apparent link between these technology and lower emissions. manufacturers would get these credits for things they are already doing, not as an incentive to improve safety. not only are manufacturers continuously touting their cars in including the latest in crash technologies nhtsa has already secured commitments from several automakers to include automatic emergency braking on all new cars. and many crash ai'ds and technologi technologies. in the wakes of the volkswagen emissions fraud scandal, i'm

alearned -- in effect, auto companies would receive a pass on solution because they inst l install. >> this bill privacy and cybersecurity provisions in this draft. as more high-tech vehicle safety equipment is integrated into cars, strong consumer privacy and data protections are more important than ever. but instead of improving privacy and data protections, this draft gives automakers liability protection simply for presenting a plan, even if that plan provides no real protections for consumers and even if those policies are not followed. because my time is limited, i want to turn to process for a moment. i'm disappointed by the unilateral approach taken by the majority in drafting this legislation. for months, we have been trying to work with our republican colleagues to draft auto safety legislation that would

meaningfully reduce deaths. but instead of pursuing a bipartisan approach, the majority chose to prepare this legislation behind closed doors. in addition, i'm troubled that the environmental protection agency could not find a way to attend today. regardless, if the majority wants to open up the clean air act, then this bill must be the subject of a hearing. and markup by the energy and power sub committee which has the expertise to evaluate these proposals. mr. chairman, this draft in my opinion fails to increase auto safety. it harms the environment. and relieve the automakers from responsibility. this is a weak bill that i can't support. yet again i can only express my hope that in the near future we can work together to make real progress towards improving auto safety. unless someone else wants time, i yield back. >> this concludes opening statements. the chair would like to remind members pursuant to committee rules all members opening statements will be made part of

the record. again, we want to thank our witnesses for being here today taking time to testify before the subcommittee. today's hearing will consist of two panels. each will have the opportunity to give an opening statement followed by a round of questions. once we conclude with questions on the first panel, we'll take a brief recess to set up for the second panel. our first witness panel for today's hearing is to include dr. mark rosekind, the administrator of the national highway traffic safety administration and mrs. maneesha mithal, the associate director of the division of privacy and identity protection at the federal trade commission. we appreciate both of you being here today and sharing your time with us. we'll begin the panel with you, dr. rosekind, and you are recognized for five minutes for an opening statement.

>> it's a privilege to rep the men and women of the national highway traffic and safety administration. in offering the agency's perspective on how to strengthen our agency mission. our mission is focused on saving the 32,719 lives lost, preventing the 2.1 million injuries, and reducing the 5.4 million crashes that occurred on american roadways in 2013. nhtsa will continue to use every tool available to promote safety. in just the last ten months, the agency has done the following. strengthened our oversight and enforcement on vehicle safety, issuing penalties for recall and safety reporting failures and making innovative orders to improve safety performance in the auto industry. secured the first cyber security defect recall in automotive history and made unprecedented authority for the most complex safety recall in history involving takata air bag inflaters. we've embraced secretary fox's call to accelerate technologies that can save lives. accelerating proposed rule

making on vehicle to vehicle technology. we're taking view of our regulatory structure. to find and address obstacles. announcing our intent to add automatic emergency braking to our auto system. and securing voluntary commitments from automakers to make standard equipment on new vehicles. and we have answered the call of this committee and the american public to improve our own performance in identifying safety defects. pledging to fully implement recommendations of a recent d.o.t. inspector general safety report. these efforts underscore nhtsa's commitment to safety. whatever decisions this committee or the congress will make, nhtsa will seek to do all we can. with your help, we can do even more. dot and the administration have identified actions congress can

take to strengthen the mission. in the grow america act, secretary fox proposed significant enhancements to nhtsa's safety authorities, including imminent hazard authorities similarly held by other safety regulators, criminal penalties for vehicle hacking, and significantly enhance civil penalty authority to provide meaningful deterrence against violations of the vehicle safety act. grow america would provide significant funding to enhance our office of defects investigation and to address emerging issues such as cyber security. these proposals are essential to enhance our safety mission. and as i told your senate colleagues in june, failure to address gaps in our available authority, personnel, and resources are a known risk to safety. nhtsa has been only able to spend a few days on this legislative proposal that was released late last week. i would like to thank the committee members and staff with

their engagement with nhtsa and hope productive conversations can continue. however, even our initial examination has identified examples of significant concerns. the discussion draft proposal includes a provision that would provide fuel economy to automakers for deploying advanced crash technologies. i would raise two general points here. first, there should not be a tradeoff between safety and public health. the american public expects vehicles that address both safety concerns and public health and environmental concerns. second, the automakers already have ample incentive to deploy safety technologies. the lives they can save and the injuries they can prevent. the discussion sdraft draft would require motorists to register. state agencies are one potential touch point for owners, especially second or third owners of used vehicles. but the cost to establish or

maintain such a system are unknown. the technology is not yet in place, which is why grow america proposed a pilot program to work through these issues. under the draft proposal, states that do not meet the requirement would be kicked out of the national driver register, that identifies traffic offenders and ensures that commercial drivers have clean records. the committee's discussion draft includes cyber security and technology innovations. the current proposals may have the opposite of their intended effect. by providing regulated entities majority representation on committees to establish appropriate practices and standards, the proposals could undermine nhtsa's ability to set safety. ultimately, the public expect the nhtsa to set state of standards. the draft proposal would require

nhtsa to prepare recall notices with the manufacturer. this proposal would require nhtsa to withhold safety defect information from the public and give the manufacturers responsible for the defect control over the timeline and release of nhtsa initiated recall actions. this proposal weakens the agency's enforcement authority as in direct conflict with other congressional legislation. it would be very hard to argue that the best response to recent events affecting auto safety is to erode nhtsa's ability to oversey safety. it can achieve its mission by working together to address gaps in our authorities and resources. discussion of these and other issues is essential to our shared goal of greater safety on america's roads. i thank you. and i look forward to your questions. >> chair thanks the gentleman. gentleman, yields back. >> dr. burgess, ranking member,

and members of the subcommittee, i'm maneesha mithal. from the federal trade commission. i appreciate the opportunity to present the commission's testimony on the privacy and security related provisions of the discussion draft to provide greater transparency, accountability, and safety for nhtsa. the ftc has served as the primary agency protecting privacy and safety for the past many years. in addition to enforcing a wide range of privacy and security laws, the ftc educates consumers and businesses. most recently, the ftc launched its start with business education initiative that provides new guidances for businesses and conferences to educate on security. the next conference will take

place on november 5th in austin, texas. on the policy front we conducted a workshop on the internet of things where we specifically hosted a panel on connected cars. we released a report on the workshop earlier this year. with this background we're pleased to offer our views on title 3 of the discussion draft. we have serious concerns about the privacy, hacking, and security provisions of title 3. first as to privacy, we're concerned that the safe harbor from ftc action is too broad. a manufacturer who submits a privacy policy that meets requirements but does not follow them may not be subject to any enforcement mechanisms. even though the privacy policy is only required to describe privacy protections for vehicle data, the commission could be precluded from bringing a section 5 action on the manufacturer's website, even if the misrepresentation is unrelated to vehicle data.

second, ago to hacking, section two would prohibit unauthorized access to vehicle security systems. security researchers, however, have uncovered security vulnerabilities in connected cars by accesses such systems. responsible researchers often contact companies to inform them of these vulnerabilities so the companies can voluntarily make their cars safer. by prohibiting such access even for research purposes, this provision would likely discourage such research to the detriment of consumers privacy and safety. finally, as to security, the bill creates an advisory council to develop best practices. manufacturers that implement these best practices will have a safe harbor. under section five of the ftc act. however, the current draft may not result in best practices robust enough to protect consumers for several reasons. first, at least 50% of the council's membership must consist of representatives of automobile manufacturers because any best practices approved by the council will be by a simple

majority of members, manufacturers alone could decide what best practices would be adopted. second, the discussion draft contains eight areas the best practices may but not must cover. in this respect, the draft does not create a minimum standard for best practices. third, there's no requirement to update practices in light of emerging risks in technologies. fourth, by creating a clear evidence standard, the bill gives nhtsa too little discretion and would likely result in the approval of plans that meet the bare minimum best practices on paper. but ra in practice not appropriately tailored to foresee evolving threats. finally, the proposed safe harbor is so broad it would immunize manufacturers from liability, even as to deceptive statements. for example, false claims on a manufacturers website about its use of firewalls would not be actionable if these subjects

were covered by the best practices. in sum, the commission understands the desire to provide businesses with certainty and incentives to implement best practices. however, the security provisions of the discussion draft would allow manufacturers to receive substantial liability protections in exchange for weak best practices by a council they control. the proposed legislation could weaken the protections that consumers have today. thank you for the opportunity to provide the commission's views on the discussion draft. we look ford -- forward to continuing to work with the sub committee. >> gentlelady yields back. we will move to the question and answer portion of the hearing. to begin, i'll recognize myself for five minutes. ms. mithal, let me ask you to clarify.

i don't think it was in the written statement that i had available to me last night. you mentioned there would be one of your start with security business initiatives in austin, texas. is that's correct? >> that's correct. >> what's the date you gave for that? >> november 5th. >> very well. so, for the benefit of our c-span audience, i just wanted to repeat that. because, although my congressional district is a little north of austin, it obviously will affect people in my state. dr. rosekind, thank you for being here. thank you for always being very generous with your time and very forthcoming whenever they are questions. thank you for opening up the doors of the national highway traffic safety administration to committee members, to come and visit with you and see the good work that you and the men and women employed there -- the good work that you're doing. i have a copy of the inspector general's report.

i'm sure you're familiar with it. this was issued in june of this year. can you take just a moment and go through which recommendat have been implemented? >> certainly. just as context, i'll be clear that one of the things we did was actually commit to fulfilling all 17 recommendations within a year of which the inspector general made sure i understood that's never done, to actually make that kind of commitment, and we actually gave a schedule. i mention that because the first one has been completed two weeks ahead of schedule. and we're often schedule for on the other 16 at this point. >> very well. can you briefly describe the operations for the council of vehicle electronics, vehicle software, and emerging technologies, that council that's being set up at nhtsa?

>> the current -- sorry. just trying to clarify. >> is there a council for vehicle electronics at nhtsa? >> we have an office. >> an office. >> right. >> okay. >> in fact, and i'm just trying to get my bearings there. in 2015, i actually -- and we can send it to you, we published vehicle and cybersecurity. it talked about what we've been doing in this arena. it actually describes how over the last few years starting in 2012 we reorganized our offices to have a specific office that addresses that with people looking at the cyber security issues with vehicles. >> is there a separate office for vehicle software? >> that's in that -- and we have seven people in d.c. and three at our ohio vehicle research and testing center that's there. >> and who leads that office of that council? >> well, right now the associate administrator is the technical lead on that. >> and that also includes the

center for emerging technologies at nhtsa? >> correct. >> is there a mission statement that has been published for that office or that council? >> i don't know if there's a specific mission statement for that office, but all of that would be in the 2015 nhtsa and vehicle cybersecurity that we'll send you. >> if you were to give us a thumbnail of what the mission of that office is, could you do that? >> sure. you know, in 2012, i think this was trying to look ahead. what's been interesting for me is everyone saying this is an issue now. this has been on us for at least three years, starting with a structural change to the agency that would have at least focused people looking at this. and they're looking at policy, testing, research, and having continual interactions in the industry. >> let me just ask you does federal trade commission

currently coordinate with the national highway traffic safety administration on data privacy and security? >> we do, yes. for example, we've had several meetings with nhtsa staff. we also commented on their report on vehicle to vehicle communications last year. >> let me just take a minute, dr. rosekind. this may not be entirely within your area, but you're aware another subcommittee held a hearing on the volkswagen emission issue. do you know what are the standard allowable nitrous oxide emissions are? we were told in the other sub committee that 10 to 20 to 30 to 40% more than was allowable. can you give me a figure in grams or liters of what is allowable under nitrous oxide emission? >> i can make sure we send you a technical report so i can give you a specific number.

>> that would be great. and i would like to know what that was in calendar year 2000 as a reference point. would that be possible? >> you bet. >> i will yield back. recognize the ranking member, ms. schakowskyschakowsky. >> thank you. i'd actually like the victims or their families of the gm switch failure to raise your hands. i want to thank you very much for coming today. i know this is of great interest to you. i have a question for dr. rosekind. so this draft would require nhtsa to coordinate with auto manufacturers before publishing any notice of vehicle defect or compliance concern. it seems as though a manufacturer could obstruct the notification process at least temporarily by failing to submit

the vehicle identification numbers. how would requiring nhtsa to coordinate with manufacturers before publishing a notice of a defect present a risk to nhtsa's ability to issue recalls when necessary? >> and i'd like to handle this actually from two angles. one is what you're highlighting. this actually addresses nhtsa initiated actions. why that's important. because many of the recalls that occur are initiated by the automakers. they identify something and they move forward. a nhtsa initiated recall is because they have denied the need to do that and we've had to have the action. the concern is the timeline and control of that would be basically under the control of the person who created the defect. but i think the other part really has to do withholding the safety information. it's really frustrating to put the information out and not have

the supply of parts. but i can't imagine any of us sitting here and knowing that we had vehicle safety information, holding that back, and have someone lose their life. that's's part of what we've done in the beginning. if people have they information, they get to choose what they'd like to do, including park their car or get a rental. one has to do with the control in timeline, that would be the manufacturer. the other is for us to think about the potential delay in providing information, which clearly we'd rather do as soon as we have it. >> thank you. it's clear the ability to move quickly in situations in which a vehicle defect poses a series serious public safety risk, even the life of someone is

essential. but nhtsa has no authority to take emergency action. that's why in the legislation mr. pallone and i have introduced the vehicle safety improvement act includes imminent hazard authority, which gives the administration the ability to step in and issue a recall in cases where defects substantially increases the likelihood of serious injury or death. so how would this imminent hazard authority be helpful to nhtsa in carrying out its mission to reduce deaths, injuries, and economic loss resulting from motor vehicle crashes? >> thank you, congressman, for identifying. we don't want to go from withholding information. we think we need to be in the other direction, which is what you have talked about. that authority, which others already have, is not available currently to nhtsa. >> some of my colleagues have noted today traffic deaths rose by 14% in the first six months of 2015. injuries have risen by 30% since

2013. i'm concerned this draft bill would put more strain on nhtsa and its already stretched resources without actually improving safety. according to one estimate, the number of vehicles on u.s. roads grew by nearly 4 million vehicles from 2013 to 2014. meanwhile nhtsa's budget has remained relatively flat over the past few years. appropriations for fiscal year 2016 continue that trend. coming in more than $70 million short of nhtsa's request. do you believe that stagnant funding for nhtsa has made it harder for the administration to do its job of keeping unsafe vehicles off the road? >> there's no question. last time i appeared before you i made the comment give us more resources, we'll give you more safety. the equation is very straightforward. if you give us more requirements at the same resources, you will get less safety. >> this draft calls on nhtsa to conduct at least eight new

reports and studies without providing any additional funding. would you expect that additional reports and studies to require a diversion of resources from other nhtsa programs? >> absolutely. we need the technical and other resources to produce these kinds of reports. >> thank you. i yield back. >> chair thanks the gentlelady. chair recognizes the vice chair of the subcommittee, mr. lance, for five minutes for questions, please. >> thank you, mr. chairman. good morning to you both. the state and motor vehicle agency in new jersey has contacted me, and i think this is a concern of various state agencies. there is a section directing motor vehicle agencies to notify drivers of open recalls on their vehicles when they are renewing registration and in new jersey that's once a year and i presume that's true in other states as well.

and there is some concern at the state level that this would put an undue burden on the various states. i understand the benefit of increasing notification and remedy recall rates, but i do share some of the concerns of the agency in new jersey. could you please, dr. rosekind, comment on the feasibility of your agency's coordinating with state agencies to ensure they are able to have the information necessary to inform drivers of recalls? on vehicles within their states? >> congressman you just used the word, which is feasibility. nhtsa held a retooling recalls event. how do we get remedies? automakers have been doing research. you've hit on the concern. there's no technology. nobody knows the cost. nobody knows the procedures to use dmvs to get this information out.

it's a great concept. they're a super touch point to get to people. the question is how to do it. for grow america, the question was for a pilot study to figure it out. and make sure it would actually be effective. >> i presume the pilot study would be with one or several of the various jurisdictions. and is there anticipation as to how that pilot study would occur, dr. rosekind? >> some of that is outlined in grow america. it involves two states. just the things that i mentioned, which is we need to figure out the technology, what would be the procedures, what would be the cost. you do a pilot in a couple studies. obviously with your view to how you would scale it for the whole country. were, with, does it even work that way or not. >> is it typical in the states that vehicle registration is once a year or are there multi-year registrations in some of the states? >> i believe it's annual. if there's an exception, i can find that out for you.

>> thank you very much. under the legislation, automakers would be required to take reasonable steps to ensure that other entities adhere to the automakers privacy policies. and the automakers privacy policies as applied to automakers would not be subject to ftc jurisdiction. what about the privacy policies of other agencies that would have to adhere to the automakers privacy policies? i request any comments you might have on that. >> it appears that the safe harbor action would apply to the manufacturers. so i believe we would still have the authority to go after other entities under the ftc act. >> thank you very much. i yield back the balance of my time, mr. chairman. >> chair recognizes the gentleman from new jersey, mr. pallone.

five minutes for questions, please. >> thank you, mr. chairman. high-tech vehicle safety technologies are expected to save thousands of lives per year once they are in broad use. it's estimated that two types of v-to-v technology could prevent more than 3,000 crashes. i'm concerned, however, that in spite of the benefits of these technologies, title 5 of this bill is based on a false trade off, vehicle safety instead of environmental safety. sections 5.02 and 5.03 would exchange credits. for manufacturers installing advanced technology. particularly in light of the shocking emission fraud scandal surrounding volkswagen, i'm worried that automakers will comply with environmental regulations. let me start, dr. rosekind, i understand that nhtsa is already working with advanced technology in more vehicles, is that correct? >> yes. two things. one is secretary fox has asked

us to accelerate anything that is a new life-saving technology. the new vehicle proposed rule will get out at the end of the year. yes, i think we need to acknowledge ten manufacturers came forward and made a commitment to make automatic emergency braking standard on all of their vehicles. that was without any mandates. >> the proposed rule you mentioned would require all manufacturers to make all their vehicles v-to-v enabled? >> correct. >> and that you said by the end of the year? >> the proposal would be out by the end of the year. >> and then you said manufacturers are already installing these advanced technologies in their cars. are there other incentives such as revising end cap that you're considering to get these technologies deployed to all cars and not just the luxury cars? >> there are three tools. we like to use all of them. rule making is one. end cap, the new car assessment program, which is under review right now. more to talk about that in the near future, but i'm also highlighting these ten auto manufacturers to do this on their own.

these are three different tools. i really have been pushing collaboration and the opportunity to expedite and expand safety beyond the minimums we get from rule making. >> again, v-to-v be installed on every new vehicle is already in the pipeline. you said the insurance institute for highway safety requires the vehicle to be equipped with certain safety technologies? to qualify for its top safety ratings, is that correct? >> that's correct. >> then you said you worked with iihs to get certain commitments on technologies from manufacturers. >> correct. in january, we announced that automatic emergency braking is being added to end cap and there are further changes that are coming soon. >> okay. i think most consumers would like to have a car that is both fuel efficient and safe. i mean, that makes sense. do you support giving automakers credits for installing

automotive technologies? >> i think the general principles that i stated are pretty important here. the american public expects both safety and public health. and the second part is i really hope that the manufacturers have enough incentive for life-saving technologies. those are going to be the lives say save and injuries they prevent. >> do you want to give me an opinion on whether you like or support this idea of giving the automakers the cafe credits because they install these advanced auto technologies? >> we don't think there should be a compromise. you should be able to get safety and public health and environmental concerns addressed. i think the incentives are already there. saver lives, present injuries. >> all right. i appreciate that. what impact would the corporate average fuel economy or cafe

credit provision in this draft have on vehicle fuel economy and how might that affect consumers that buy these new cars? you want to couldn't on that? in other words, what impact would the cafe credit provision have on fuel economy? >> the credit? >> yeah. >> i'm not sure it would change the actual -- the levels of what are actually covered under fuel efficiency. may not change. it's more of the incentivizing that's part of that proposal. >> so do you want to venture a guess as to how it would affect consumers that buy these new cars? >> these are very good questions, but i'd like to get a little more detailed before taking a position on it. >> thanks. >> the chair recognizes the gentleman from kentucky, mr.

guthrie, five minutes for your questions, please. >> thank you, mr. chairman. appreciate it. dr. rosekind, did nhtsa or the department of transportation participate in the development of the cybersecurity framework and will it participate in future iterations of that framework? >> we have ongoing interactions with all kinds of government agencies. we are always involved pretty much in participating as well as having them participate in our activities. >> are there ways nhtsa could participate to develop best practices for automotive cybersecurity? >> yes. in fact, if you look at the model of having the ten manufacturers come together to work on aeb as standard, it is a model to be applied across all kinds of issues, including cybersecurity. so everybody has already read

the secretary's plan, and he has identified safety and seeker security to talk to those ceos about. >> and the other question kind of follows what you just said. as nhtsa had a conversation on how to apply the framework to the development of automotive security? >> yes, those discussions have began. >> and ms. mithal, what extent have they tested the cars appropriate lay before they put them on the market? >> so our standard is section five which prohibits unfair, deceptive practices. if they make an unfair or deceptive claim, not reasonably available by consumers, it's an a cost-benefit analysis. what we do require is reasonable security. >> and then in your testimony

you discussed the ftc's start with security a business initiative. can you discuss how that should be applied to car companies and others involved in the connected car space? >> sure. i can give a couple examples. one example we give in the start business guide, is that companies should test products before they launch them, as opposed to launching the products and finding the problems later. it's security by design. another thing we talk about is having a vehicle to accept vulnerability reports so that companies can have their ears to the ground and know of security research that's out there and evolving threats and emerging issues in their devices. including cars. >> appreciate your answer, mr. chairman, i yield back. >> chair thanks the gentleman. the gentleman yields back. the chair represents the gentleman from massachusetts. >> thank you very much for your testimony here today. and i want to thank the chairman

for calling the hearing. many of today's cars contain a range of navigation, tell matics and data recording systems among others that all have the ability to record history and information, manufacturers, other third parties also have access to this wealth of information. it's a bit concerning to me, candidly, and i'm sure it concerns a number of other consumers as well. people want to know that the data is being kept private and when it is being use, used with their consent. data privacy of would require that car companies submit privacy policies to nit sa, but it does not give nhtsa authority to make changes or acceptable policies. is that how you read it? >> nthat is how we read it. >> so do you think consumers

should be concerned that there's no ability for nhtsa to make changes? >> i think the public wants them to make guidelines. >> and ms. mithal? >> yes, i think there are concerns that although the bill prescribes certain requirements be placed in privacy policies, it may not require the companies to follow them or enforcement mechanisms to require the companies to follow those guidelines. >> it's my understanding under the draft bill, an ought he o maker will receive protection from civil penalties simply by providing nhtsa with required items in the draft, such as whether or not the automaker collects, uses and shares data and whether the consumer has any choice in the collection or use. it will not matter how a given company chooses to address those items, though. so as i read section 301, they can submit the policy, violate

the policy and still be protected from ftc enforcement that means that a car maker can make prom sises, break those prom ses and have no consequences. is that your understanding of how this is set up under the draft legislation? >> that is our understanding and a real concern. >> do you think it, if we have a situation where a car company claims to have expansive privacy policies to protect consumer data and then violates those policies, isn't that an unfair and deceptive practice? >> yes. and that is something that they would strip the bill over. >> i have concerns about the anti-hacking provision. we can all agree that we would like to prevent bad actors from

accessing our car systems, some observers have expressed concerns about allowing white-hat hackers who hack into vehicle systems to draw attention to vulnerabilities. in the past six months alone, these types of researchers drew headlines by exposing vulnerabilities in a jeep by controlling it remotely via the internet. we heard from small repair shops that they think they could be precluded from accessing important information that could be needed to effectively repair cars. non-auto dealers repair up to 80% of cars not under warranty. do you have anything from your expertise, could you envision a scenario where information could be siloed so that repair shops could get enough information to repair cars but not fiddle with, say, emergency brakes? >> so let me be clear. we agree that there should be civil penalties for malicious

hackers. but we are concerned that this bill would disincentivize legitimate security researchers who responsibly contact companies, suggest that they fix those vulnerabilities to help consumers. so we brief that the bill would create an impediment to that. on the auto repair, i would defer on that issue. >> you mentioned this a little bit. can you express the importance of those researchers to your data security work? >> it's very important. often it's the white hat hackers and security researchers that are bringing these problems to the i a tension of both the car manufacturers pan regulators like the ftc. >> and do you have any way to make that distinction between white hat and black hat so to speak? >> i think that's something that will require very careful drafting and look forward to getting back with the committee on that. >> thank you, mr. chairman.

okay. let's stay with this regulation issue. the and one of our concerns is dual regulation, because, as you all may or may not be aware, we have kind of grappled with this, and ms. mithal, i know that you are with privacy and the internet space with the fcc trying to get in on top of the ftc jurisdiction. and that has caused a tremendous amount of confusion. let me go right where mr. kennedy was and let's talk about the way you've got a manufacturer that can get the safe harbor and then avoid that section five enforcement if the manufacturer is meeting those requirements that are listed. now, nhtsa already handles the issue of privacy and the automotive space. and so what we want to do is

avoid this confusion and this dual regulation. so, is the ftc going to honor the recognition that the, that nhtsa has this lead, and are they going to honor the safe harbor provision and act in good faith when they are reviewing these manufacturer's privacy policies and making certain that they meet those requirements? >> so, if i could make two points in response to your question. first, the concern is that the safe harbor is too broad in many respects. one example is that the privacy policy requirements only apply to vehicle data collected from owners, renters or lessees, so for example if a manufacturer makes a misrepresentation on shoppers about how they're collecting shoppers' data, that wouldn't be covered by the privacy policy. we are concerned about the

breadth of the safe harbor. we work very well with nhtsa. and we support the goal of avoiding overlapping. but at the same time they have dive focuses. for example, nhtsa does recalls, and we defer to their expertise in car safety issues. at the same time, we have the ability to get equitable relief against companies that don't maintain privacy and security of consumers in the form of, for example, implementing a security program, getting outside audits. in some cases redress. we think that both agencies bring particular expertise to bear and can bring different remedies to the issue. >> and you are committed to making certain that we draw the lines here so we don't end up with the dual regulation or with confusion. >> exactly. >> much of what exists. you all have borne the brunt of this, if you will. >> yes. >> and consumers have been quite confused about the reach of the

fcc and the ftc, and is it diminishing your jurisdiction. so as we rook at this issue and knowing that cars are going to be more interconnected, not less, more computerized, not less, that you're going to have more data, and people are going to say, what are you doing with the data? how do you turn that into usable information? then this is something that should be cleaned up and handled appropriately. on the front end. i want to come to you for a couple things. how is nhtsa addressing data collection practices of automakers and others in the automotive space. what kind of formal guidance are you giving? have you laid that out? and what do you intend to do? because we all mow you can't be technology specific if you will. you're going to have to umbrella this, so speak for just a

moment, before we run out of time. speak to that. >> and i can just very quickly tell you, some of those are already very clearly outlined. things like the electronic data recorders. there are privacy concerns there. they don't collect anything about the drivers. so that is already fairly clear. that's a communications issue. now what we are talking about are a lot of new arias because our cars are computers. and you've highlighted something very important. it's going to require increased collaboration between our agencies for us to be able to apply our expertise so we make sure we protect people. and when there are malicious attempts to go after that data we have ways to keep people protected. >> appreciate that. and we know that the data collection practices from the automakers and others in the industry can be used to provide some increased safety protocols. and i think consumers are interested in that, but they want to guard their privacy, and they want to make certain that the data that is there is useful

information. it is utilized in an appropriate way. yield back. >> the gentle lady yields back. the chair recognizes the gentleman from north carolina, mr. butterfield, five minutes for questioning. >> let me thank the two witnesses for your testimony. i've been watching you interm t intermittintermit intermittantly on television, and both of you look very good on television. i would like to talk about my concerns about the bill. and congresswoman capps. the companion legislation passed the senate with bipartisan support as part of the senate's highway bill and is supported by the rental car industry. many of them are here today. consumer organizations and general motors and honda and others. it would ensure that rental car companies fix recalled vehicles in their fleets before renting or selling them.

and so, let pme ask you, mr. administrator. some opponents have said that rental car companies should be allowed to rent or sell unrepaired, defective, recalled cars unless the manufacturer has specifically issued a do-not-drive warning. is there any federal standard for when a do-not-drive warning must be issued? >> thank you for pointing that out, because that do-not-drive is issued by the manufacturer, not nhtsa. so they're determining whether or not the criteria would be to allow that in a rental or used car. so that happens extremely rarely. >> state again for the record, who decides when such a warning is issued? >> the manufacturer who has the defect that's been created in the vehicle is the one who determines the do-not-drive. >> can you give us some examples of defects where do-not-drive warning was not issued by the

manufacturer? for example, has any manufacturer issued a do-not-drive warning for takata air bags? >> that would be the ex. an am i would give, given that that is the largest recall in the united states, there is no do-not-drive recall on the takata air bags. >> thank you. that's what i needed to get into the record. >> chair recognizes the gentleman from houston, texas, mr. olson for five minutes. >> thank the chair, welcome dr. rosekind and mrs. mithal. when i started driving in 1978, vehicle safety depended upon turning wrenches and sockets. and now it's all about keyboards and electronics. my first question is for you,

dr. rosekind. in nhtsa's view, should cyber security weaknesses be treated the same way as traditional safety defects? if so, what federal motor safety standards is nhtsa using to make that determination. if not, how is nhtsa addressing cyber security weaknesses in vehicles? >> there are actually a few questions in there, and i'll try to go to the core. you're right, things have changed dramatically. and the secretary and nhtsa are really excited about seeing technology innovations accelerate our work in safety. but cyber security is one of the areas that's going to take a collaboration across government, manufacturers and others who understand seeker security to figure out what needs to get done. we have all kinds of tools from rule making to all kinds of voluntary efforts that manufacturers want to do. so we have to absolutely

acknowledge that information sharing and analysis center or ice act was created by the auto makers to make sure they could get together and share information, a critical element. i keep pointing out that can you ask for all the regulation you want, but in cyber security, nimble and flexible is critical. by the time it comes out, it's probably two versions too late of what's going to get done. we have to identify new tools to deal with this going into the future. >> is this using the nist framework? >> that's one source. but we've been in contact with a fuel range. d.o.d., homeland security. darpa, including private technology companies, of course, that have done protection for our mobile phones and other elements. so we're in contact with a full range of trying to learn from them and how we can apply it to cyber security in the auto industry. >> by data collection, section

4109a would prohibit the rental of a vehicle by a rental company if there is an open recall. i have a few questions regarding data collection attributed to this policy change in the highway bill. how many lives does nhtsa think will be save if every vehicle is grounded by rental companies as required by section 4109a of the grow america act? >> and i will get you that analysis as part of our technical assistance in supporting your efforts here. we will get you that analysis for both used as well as rental cars. >> how about injuries. how many injuries did nhtsa estimate would be prevented if rental car part in section 4109a is enacted? >> we'll provide that for you. >> and ms. mithal, how many security cases has the ftc

brought against car companies in the last five years? any idea? >> we've not brought any connected carca cases. i believe all the principles that the cases stand for apply equally to connected cars. >> so zero for cars so far. >> yes. >> what is the commission's expertise with respect to the security of critical safety systems in vehicles? are there differences in how critical safety systems in vehicl vehicles should be treated compared to other critical infrastructures? >> our focus has been on process. so all of our 55 cases stand for the lesson that companies need to implement processes up front to make sure that protect against security violations. so, for example, companies, including car companies need to hire people responsible for security. they need to conduct risk assessments, oversee their service providers, keep abreast of technologies surrounding them

and emerging technologies that affect their areas, and that's very consistent within this seeker security framework approach. >> dr. rosekind, mentioned be very nimble. because it changes like that. and we have to keep up with these changes. i yield back my fend. >> the gentleman yields back. >> thank you, mr. chairman for holding this hearing and granting my request to participate. the draft legislation before us is, it touches on many issues, and i want to continue to explore a topic brought up by my colleague, well, actually the two last questioners, mr. butterfield and in particular the critical issue that has been omitted from the draft, rental car safety. in 2004, two young sisters, rachel and jaclyn houk were killed when their rented chrysler pt cruiser caught fire and crashed. the sisters were returning home after visiting their parents

just outside my district in ojai, california and had no idea that the car they were driving was subject to a safety recall. that had not been fixed nor acknowledged before the rental company gave them this car. despite receiving the safety recall notice a month before renting them the car, the rental company failed to get the free safety repairs done. while federal law prohibits car dealers from selling new cars subject to recall, there's no law to stop rental companies from renting out dangerous recalled cars. this is a clear safety oversight and one that can and must be fixed, and that's why as has been acknowledged, i introduced bipartisan legislation, hr 2198 with walter jones, ms. schakowsky, mr. butterfield to close this loophole. our colleagues would fix the law. the bill is strongly supported by general motors, honda and

others. it did pass the senate as part of the drive akt and change.org, the petition started by their mother has been signed by thousands of consumers across the country. it is not mentioned in the legislation we're proposing today. i know nhtsa has been working to address this issue. does nhtsa support legislation to prohibit the rental of recalled vehicles? >> yes. >> opponents of the bill erroneously claim that the legislation would not improve consumer safety. given nhtsa support for banning of recalled rental vehicles i think it's clear that you perhaps disagree with this assessment. would you briefly elaborate, thank you. >> new, used or rental vehicles should be remedied before they're on the road. >> thank you. despite the broad support behind

hr 2198, the auto manufacturer and dealer groups are fighting against this common sense effort. under pressure, the alliance of ought/manufacturers has instead proposed a potentially very harmful alternative that only requires them to disclose that it's under recall before renting it out. despite the fact that such notices represent only a tiny fraction of safety recalls. administrator rosekind, last year nhtsa provided a letter. would you elaborate on why nhtsa believes this would fail to protect rental consumers? >> i will repeat to be clear. new, used, rental, if it has a defect, it should be off the road. and, as we were discussing, the do-not-drive is determined by

the manufacturer of the defect, not nhtsa, and it's very clear. >> thank you for underscoring it. some opponents have said that the recall is frivolous. does nhtsa issue frivolous recalls? aren't all recalls due to safety risk? >> yes. and we have a specific investigation process to determine those defects. >> thank you, and i will yield back my time. but before doing so, i askew nan muss consent to enter into the record a november 2014 letter to nhtsa and senator mccaskill. and i yield back the balance of my time. >> the gentlemen lady yields back. seeing no other members present for questions, i ask the ranking member if she would like a

second question or redirect. >> thank you. thank the witnesses. >> let me, dr. rosekind, i just wanted to make sure that we offer, once again, the concept of people checking their vehicle identification numbers against the database that you provide and perhaps you could just detail how someone would do that if they wanted to check. >> chairman burgess, every time i appear before you, you graciously make sure that we provide information for consumers to do something about recalls. i can't thank you enough for that. because i don't think we are ever done getting the information out. people can go to safer car.gov and look up their vehicle identification number. if they find something, they have to act on it. call their dealer, get it fixed. >> if like me, they don't know