of the u.s. special operations command. we will talk to him at 8:00 p.m. eastern here on c-span. >> this week, representative mary bono mack talks about the theft of millions of consumers' personal data through computer hacking into sony's playstation network, and what she would like to see government do to protect consumers. >> congresswoman mary bono mack, one of your key questions yesterday at the sony-a brief hearing was, why weren't sony customers told us earlier? are you satisfied with the answer that sunny provided? >> not yet. for me as a policymaker and the consumer, i think the consumer always should be alerted first and foremost with any data reach like this because only they know what data might have been exposed. if sony would have come forward and testified at the hearing, we could have got a lot of answers

that would have been very helpful. frustrated, concerned, we will follow this and see if there is a legitimate reason or if they were creating greater jeopardy for consumers. at the fact that sony provided written answers, was that satisfactory? if you get asked to testify at a hearing by congress, chances are you are going to come, correct? >> well, you would hope. i can understand their concern that they would be scrutinized very heavily and be asked some appointed, tough questions. there are still more questions to come out of the answers that they provided to us that we will continue to pursue. again, recognizing that sony has some speculation about what happened and they are contending that they are victims here. there is a two-tiered victimization process here.

there are 100 million consumers who are potential victims here. the well worded letter was quite detailed, but it still presents a lot more questions than answers critics the chairman of the board of directors of sony usa said i hope you can appreciate the extraordinary nature of the events the company was facing, brought on by criminal hacker is activity was needed immediately more easily accessible. i believe that after you review all the facts, you will agree that the company has been acting in good faith to release reliable information in accordance with its legal and ethical responsibilities to is valued customers. the you agree that the company has been acting in good faith? >> on their behalf, -- remember the way in which sony notify their customers was bought a blog post.

only the consumer -- something as simple as the same password for everything. a lot of people might feel safer because sony let them know immediately. the very long worded letter -- when sony says they were protecting the consumers, the consumer might want to know. all i am saying is the policymakers -- should they do their best to notify, rather than zoe being the one to decide how they would protect the consumers.

>> mary bono-mack is our guest. also joining us, a tech and telecom writer for the national journal. >> what type of notification should they have made, instead of just a blog post requiring users to seek the information themselves? >> it seems that they could have let people know a little bit sooner. others will contend there is a time line that they need to allow law enforcement to come in and for them to do their part of the analysis on what exactly happened. it also have to ask yourself, by giving them a link the time period, did put more people in harm's way? i can speak to the voices of the consumer who are saying wait a minute, i have a right to know as soon as possible as well.

not too many people would spend the time if they are not logging on or gaming to go into a block posed, but if you get an e-mail, chances are you would get the email in a much more timely manner and then you can make the decision. they might say i east use the same password for everything, and then they could spend the rest of the day changing all their passwords. >> this data breach is just one in a string of data breaches in recent years, including last month, one by epsilon which is a major provider of e-mail services for numerous companies. this is not a new issue. why do you think congress has not acted yet?

>> it is a growing issue. when you think back to 2005 or a handful of years ago, the data breeches were smaller and sometimes they involved hardware. there was a case of hard drives going missing from nuclear laboratories. these are somewhat silent crimes for many people. even as a lawmaker, you do not hear about this until it is too late. nobody knows how awful it is to have your personal identification hijacked and used for devious purposes and to let has happened. in the sony case, these zero hundred million records being out there in potentially breached, they will be a lot more actively engaged in the issue. >> are consumers adequately about raged? people are still handing over

personal data to these companies. the you think consumers just have not gotten worked up enough about it? >> it goes to the whole internet experience. we believe that when we are asked for our information, there is reasonable protection in place. is getting to the point when you hit the enter key, and crossing fingers at the same time, that is not a good enough policy. we want to believe that the people who are asking for our information take great links to safeguard it. i don't think consumers are going to be outraged until it has actually happened to them. these crimes can appear along down the road. what is worse, they can compile. people might think the credit card i used on sony might be compromised, but other data that might have might have been hacked. it contains a pretty -- a pretty full picture of who you are

elsewhere. >> are you considering -- what kind of legislation are you considering when it comes to data breaches? how do you approach it? >> there have been a number of efforts in congress. there is a bipartisan effort. bobby rush has been a leader on it. we want to continue to build on the work that has been done. it is always better not to reinvent the wheel, but you can take advantage of other people's work and move the ball forward. it is a matter of finding the fine lines to protect the consumer and enable enhanced e commerce. we want to make sure we are doing our best to protect consumers but not get in the way of e commerce. >> could you foresee federal requirements for e commerce

committees -- for companies such as sony? >> many would argue that it will simplify things to have one set of rules to play by rather than a patchwork the wait at least 40 states are doing it. some would say the states should still have the ability to do more if the federal government does not do enough, but that would be the approach. >> is your approach a bipartisan approach? >> there is directed bipartisanship on it. it would be my goal to get through the republican house and the democratic senate. i anticipate a very good bipartisan product recall >> the

bill that was introduced last year would require an adequate level of security and notification of a data breach. based on a hearing yesterday, is there is anything you would tweak our any concrete ideas that need to be added to that bill at this point? >> there were some great comments out of the hearing yesterday. i think from all accounts the hearing was a good one. the questions that came up, not having been on the front line of negotiations before, but some of the questions people are asking now are new since that bill. g o tracking, for example. yesterday there was testimony brought up about g o tracking -- geotracking. it goes back to the question of how carefully can you craft this legislation?

you don't want to create unintended consequences. a lot of things make you pause and think and consider the consequences of all of this legislation. >> de think it should move on its own or be part of a broader policy? i know there has been a senate bill introduced. >> i would like to see the move separately. a lot of the issues are different, yet they sound similar. it can get complicated and confusing to talk about it when you realize privacy and protection -- data breach we are talking about with sony is a little different than the other privacy issues. they both have far reaching consequences if you do not consider them carefully. it does not mean they cannot be joined together, and whatever

you have to do, you have to do. the issues are somewhat different and is good to look at them in a different light. >> you brought up geotracking where it comes to an apple. is there a big brother quality in private companies having that kind of information? >> there can be, and to meet its back to is the consumer aware of where this is happening, and do they have the option to opt in or out? geotracking gives everyone a yuck factor. you can understand the physical harm when you think of tracking. so many of the things we do and

the convenience is we have today are because of geotracking. when my daughter got her first car, i cannot imagine not having a device were you could just push go home. >> our guest is representative mary bono mack. she is the chairwoman of the energy and commerce subcommittee on commerce, many veteran, and trade. we are talking about the data security breach hearing that was held this week in her subcommittee. >> getting back to the tracking issue, do you have overall concerns about internet tracking as you go from place to place on the web in order to target ads? do you think that is something

that should be regulated? the have any thoughts on proposals for do not track? should that be left to the private sector to innovate on? >> that is a great question. i am looking at it very closely and trying to separate good practices from bad and protect the consumer to make sure there online experience is a good one and that the data being collected on them is something they know and understand and can participate in. i know that quite it a few different industries are looking at this to make sure they are not overstepping their bounds or recognizing that if they do, congress is going to come in. right now is asking the questions and then letting people understand and congress understand that there is a difference between the advertising and the targeting that goes on and the collection of data.

the data that is collected is interesting, and it changes. with the targeted advertising, the questions are many and the issues are complicated. yes, we are definitely looking at it. >> report was released in december. do you favor congress passing privacy protections? >> we are looking at it and deciding whether congress needs to act or not. >> the year from your constituents on the issue of online privacy? >> he would be surprised. there is the other side of it, how our constituency is really moving to the internet. they love the fact that i am on

twitter and facebook and the fact that they can interact with us that way. we are hearing more and more from our constituents this way. by that nature, those folks that are on the internet are more likely to comment on that. i am not really hearing a lot from my constituents on the greater whole. greg and i are great friends and have been seated together on the energy and commerce committee for many years. we will gladly recognize the boundaries of the subcommittees and the jurisdictions and work together to the greatest of our ability without any problem or any scenes between the two subcommittees.

my subcommittee has jurisdiction over the federal trade commission. the issues would break down along those lines. >> epsilon was also invited to yesterday's hearing but they did not show up, nor did they provide written answers. is that correct? >> we do have a letter from epsilon. >> were you satisfied with what epsilon had to say? >> a lot of this is somewhat them protecting themselves, and i understand that. i am not satisfied, because we do not really have the answers of how we move forward to make sure this does not happen again. it basically becomes an impediment or barrier that prevents people from getting on line, whether shopping or surfing the web or whatever their purposes are. i am not satisfied, because i think the answers or important. epsilon and sony are victims, but we need the answers beyond

that on tracking and holding their feet to the fire. in their letter and the response to the congress, the things they have figured out since the bridge or common sense, greater encryption. the things i have talked about putting into place, one would think they should have done a long time ago, especially regarding 100 million customers. you would think these basic items that would have done it long ago. the testimony about moving us forward in a way that makes us safer. >> one of the things i noticed in the sony letter, not everyone's credit card was active or they got hold of everyone's credit card. sometimes the date of birth and other personal information is more dangerous than a credit card.

>> that is a very important question. even sony cannot say whether or not credit card numbers were taken, but all of those other questions, is not too hard to paint a picture of a person in their entirety by gathering data. every bit of data about repaints a greater picture of you. the security questions that are asked about you now, when they say what school did you go to, what was the name of your first pet. you are creating more of a database about you that is out there. the questions are very good and very valid. there is a children's toys that you can get, 20 questions. you think of something in your head, whatever is a, like a bread box. it will identify it every time. when i think about our on-line safety, how many questions the need to have out there in

cyberspace before you have created a real person and a real identity. whatever is you want to do, get a passport or whatever. >> have had constituents contact you and say my identity has been breached and i need your help? >> yes. >> what is the process like for you as a congresswoman? >> my case workers do their best in every congressional office -- in every congressional office you have case workers to help with all of this as far as the interface with the federal government. it is a nightmare for people and the amounts of time and effort that is spent for people to clean up their identity or their credit history or whatever happens to them. it can be countless hours. it is quite a hassle. it can take a long time to clear up these things once they are

negative. >> as we move further and further into cloud computing, how does that play a rule -- our role in security? >> the question came up yesterday in the hearing and the sec contended that wherever the server is located does not change a thing. cloud computing is a great thing, and we can kick around what it means basically to be a cloud. it is like a server rican store all of your data and all of your files. a server where you can store all appear dead end. -- where you can store all of your data and all of your files. >> when you sign on with any of these guys, there is an

agreement, whether cloud base or not. i think the questions are pretty much the same. >> what should companies do to make customers whole when a date average has happened? should they offer credit monitoring? what do they need to do? what is their responsibility besides just letting you know that it happened. >> i think the company that had the breach occurred should do everything they possibly can to make sure the consumer does not have anything negative happen to them. credit reports, credit checks, trying to be helpful in that regard. hopefully they will have some case workers where they can help take some of the burden of of people in man hours. the people who are working 40 or 600 work weeks, and now they have to try to clean up the

mess. >> did you learn anything from the secret service yesterday? >> of course. what is interesting, the different jurisdictions aspects of the level of involvement, and to recognize that this is one area of cybersecurity that is important, but it really can go on to a matter of national security, and to recognize all the layers and entities that are involved, and trying to get those answers from secret service i think was the most helpful for us. not that i clearly understood what he was saying about when you talk to one and then the other. you can tell there are a lot of very capable and very good people who are focused on this

issue, and the secret service clearly made that known. >> of the criminal side, or the penalty strong enough right now as they exist for hackers, and if they are from out of this country, what do we do? >> i do not know if i have that answer. it is a worldwide issue, and the hackers are often times out of our country. i think it is something that we should explore to deter people from just being hackers. sometimes these folks are just doing it for the militias side of it because they can receive for the malicious side of it because they can. there have to be deterrence and they have to be tough and severe because it is happening more and more. >> what do you think of sony's argument because -- that this

happened because they were challenging illegal copyright laws? >> sony has intimated that might be why anonymous has done this. they can speculate that but they have not proven it yet. they are saying they are the victim. it is important to remember that there is someone out there who has decided to target them. there are two sides to this. sony is contending that it was this group that is going after them because they had a loss to based on property protection. -- had a lawsuit based on property protection. they have just to prove that point. >> de anticipate more hearings,

and do you think sony or epsilon will show up? can you compel them? >> we could if we wanted it, but at this point, sony and epsilon have not indicated that they would not cooperate further. i believe that they would come. it is my intention to stay on top of that issue and stay engaged and be focused on. neither of them have said absolutely not. >> the u.s. does not have a single agency in charge of data protection, like europe. is it time? >> i don't know, and i would defer some of that to a judiciary committee or even homeland security. the issues are buried and they are different. just by that nature, -- the issues are of varied and they

are different. i have not delve into it enough to know, but recognizing when you look at some of the cyber attacks elsewhere in the world, they were not necessarily based on what the sony breach was based upon, but sometimes they are actually security related. i think he would keep those severed just by that nature. >> another issue i know you have been active on its internet governance. you expressed concern about the united nations wanting to take over some functions of managing the internet. can you talk about with your interest is, how you got interested in that issue and what your concerns are? >> i think that we as americans right now must take satisfaction in watching the -- as people around the world start expressing their voices and pleading for democracy. so often we are hearing is coming because of their efforts

on twitter and facebook. i think it is in our best interest that we continue to support the internet as a ground up based platform where the people are the voices. i have a pure of the united nations being a regulatory body that has the right to say anything about the internet. what are resolution was doing was expressing that the united nations should not be involved in regulating the internet. >> representative mary bono mack is in her eighth term in congress. she represents the palm springs area of california, and she is the chairman of the energy and commerce subcommittee on commerce, manufacturing, and trade. thank you for being on "the communicators." >> you can now access our programming any time with the c- span radio iphone app.

you can also listen to our signature interview programs each week, available around the clock were ever you are. the release of president barack obama's birth certificate has not stopped by a court case challenging the president citizenship status. the ninth circuit court of appeals in pasadena, california heard a case questioning whether barack obama was born in the united states and is eligible to serve as president. a former vice presidential candidate in 2008 and former presidential candidate alan keyes or two of the lead plaintiffs. a lower court dismissed the case, ruling that the court is not the proper case to challenge the president's election. this is about 50 minutes. >> you may proceed. >> you may proceed. >> if i