as resilience as possible with all of the river water that is out there right now, but everything we are seeing shows as the levees are in good shape. we only own about 10% of the levees in this country. it is all hodgepodge of different owners in different states are different conditions. host: do you control them? guest: no, we do not. if they're not in our system, no, we do not. there are a lot of locally- owned levies. they are owned privately by cities or counties. it is a huge network. for people to be able to put the levees up to the standards we would use, in some places that is pretty difficult. that is a lot of work and resources. it is not part of the federal system. again, the corps of engineers and only owns 10% of the levees

in this country. host: contingency operations director of army corps of engineers. thank you for talking to our viewers. we are out of time. we will be back tomorrow at 7:00 with more of your phone calls. up next the senate judiciary committee on privacy of mobile technology. taking a look at the technology in your smart phones to be able to track users come a daily movement, and location. that is up next. . .. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011]

[no audio] >> this hearing will come to order. it is my pleasure to welcome all of you to the first hearing the the senate judiciary subcommittee on privacy, technology, and all along. i am sorry that everyone was not able to get into the room -- into the hearing room but we are streaming live on c-span.

thank cspan for that. i would like to turn it over to chairman leahy and thank you, sir, for creating this subcommittee and giving me the opportunity to lead it. the chairman has a long track record on protecting privacy and i am honored to join him in this effort. determined -- >> thank you senator franken. i want to commend you for holding what is a very timely hearing on the privacy implications mobile devices. there was the first hearing before the subcommittee on privacy, technology and the law. i think senator frank and for his dedicated leadership on consumer privacy issues as

chairman of the subcommittee and i think dr. coburn for his commitment to such issues, too. i appreciate the both of them working together on this. throughout the three decades i have been in the senate, i have worked to safeguard the privacy rights of all americans, assuring that our federal privacy laws accomplish this goal but the same time addressing the needs of law enforcement and america's vital technology industries. that has been one of my highest priorities as chairman of the senate judiciary committee. that is why i decided to establish this new privacy subcommittee and was delighted when senator frank and said he would be willing to be the chairman. to update the technology privacy bill. the digital age can do wonderful things for all of us. at the same time, american

consumers and businesses faced threats to privacy like no time before. they have the exposure of new technologies, says -- social networking sites, smart phones and other mobile applications, there are many benefits to consumers. there are new risks to their privacy, as well. like many americans and certainly in vermont where we cherish our privacy, i am deeply concerned about the recent report that the couple iphone, google and roy cohn and other mobile applications may be collecting, storing, and transferring user locations. the sensitive location information may be maintained in an un and corrected format making the information vulnerable to cypress leaves. cyber thieves. this can be a very valuable

thing for the industry to sell information to various industries for advertising purposes. of course, they are charging the consumer for the use of the telephones and will make money off of that. when i raise that point, they said they can make them aware of products that might be in the location they go. i said great, we like to get a whole more unsolicited ads. it is more of a one-way street, i think. a recent survey found that 38% of american smart phone users identified privacy as the number one concern when using mobile applications. they have good reason to be concerned critical election, use, storage of location and other sensitive personal information has serious

implications regarding privacy rights. this provides a good opportunity for us to talk about this and examine these pressing privacy issues and learn more about it. i am pleased that representatives from the department of justice and the federal trade commission are here. i am also pleased that representatives from google and apple are here to address these issues. i welcome the bipartisan support of the committee to examine this important privacy issue. i look forward to productive discussion and senator frank and, senator coburn, i thank you both. >> thank you again, mr. chairman, for this opportunity i want to express my pleasure working with the ranking member

of this committee, senator coburn. thank you for your friendship and for working on these critical issues. before we turn to the business of today's hearing, i want to take a moment to explain where it think this -- what if the subcommittee is about and where we are heading. the subcommittee is about addressing a fundamental shift that we have seen in the last 40 or 50 years in who has our information and what they are doing with it. when i was growing up and people talk about protecting privacy, they talk about protecting it from the government. they talked about are unreasonable searches and seizures and about keeping the government out of our families and bedrooms. they talked about the government trying to keep tabs on the books i read and the rallies i attend. we still have to protect ourselves from government abuses and that is a big part of the digital privacy debate. we also have relationships with large corporations that are

obtaining and storing increasingly large amounts of our information. we have seen the growth of this whole other sphere of private entities whose entire purpose is to collect and aggregate information about each of us. we are familiar with some of these entities, the average person is not remotely aware of most of them. two months ago, it to stop 100 people on the street and ask them if you've ever heard of epsilon, 100 of them wouldn't have said now. i had. when people started getting e- mails telling them that your information has been compromised, you bet they wanted to know who epsilon was. the existence of this business model is not a bad thing. usually it is a great thing. i love that i can use the google maps for free, no less. the same for my application on

my ipad that tells me the weather. i think there is a balance we need to strike. this means we are beginning to change the way we think about privacy to account for the massive shift of our personal information into the hands of the private sector. the fourth amendment does not apply to corporations, the freedom of information act does not apply to silicon valley. while businesses may do a lot of things better than the government, the government is directly accountable to the american people. let me put it this way -- if it came out that the dmv was creating a detailed file on every single trip you take in the past year, do you think that you could go one single week without entering a question from a reporter? this is hardly a new trend. 25 years ago, a senator named patrick leahy wrote and passed a

law called the electronic communications privacy act which talked a lot about government but which also contained commercial disclosure provisions. in 1996,, congress passed a law about the privacy of medical records and we passed a law protecting children's privacy and we passed a law protecting financial records. we have some protections here and there but we are not even close to protecting all of the information that we need to. i believe that consumers have a fundamental right to know what that is being collected about them. i also believe they have a right to decide whether they want to share that information and with whom i want to share it and when. i think we have those rights for all of our personal information. my goal for the subcommittee is to help members understand the benefits and privacy

implications of new technology, to educate the public, to raise awareness, and if necessary, to legislate and make sure that our privacy protections are keeping up with our technology. today in this hearing, we are looking at a specific kind of very sensitive information that i don't think we are doing enough to protect. that is data from mobile devices, smart phones, tablets, and sell's. this technology gives us incredible benefits. let me repeat that. this technology gives us incredible benefit. it allows parents to see their kids that wish them good night even when they are halfway around the world. it allows it lost driver to get directions and allows emergency responders to locate a crash victim in a matter of seconds. the same information that allows those responders to locate us when we are in trouble is not necessarily information all of

us want to share all the time with the entire world. and yet, reports suggest the information on our mobile devices is not being protected in the way it should be. in december, an investigation by the wall street journal listed 101 popular applications for iphone and android smart phones and found that 47 of those applications transmitted the smart phone location to third- party companies. most of them did this without their user's consent. three weeks ago, security research is discovered that iphone and ipad running the latest apple operating system were gathering information about user locations up to 100 times per day and during that information on the phone or tablet and copying it to every computer that the device is sunced to. both iphone and other devices

were collecting location information from user phones and send it back to apple and google even when people were not using location applications. in each of these cases, most users had no idea what was happening and in many of these cases, once users learned about it, they had no way to stop it. these breaches of privacy can have real consequences for real people. the justice depart and report based on 2006 data shows that each year, over 26,000 adults are stocked -- stalked through the use of gps devices. that was when there was 1/3 as many smart phones as there is today. when i sent a letter to apple to ask the company about its logging of user locations, the first group to reach out to my office was the minnesota

coalition of battered women. they asked how can we help. basie case after case where a stalker or an abusive spouse has used technology and mobile phones the stock or harass their victims. it is not just talking. the hearing today will show that it is a range of arms that can come from privacy breaches. there's also the simple fact that americans want stronger protections for disinformation. as i've started to look into these issues in greater depth, i realize their federal laws that do for little to protect this information. prosecutors bring cases under the federal anti-hijacking law make their case but mobil -- but most mobile applications don't have privacy policies. some are universally dismissed before being read. once the maker of a mobile

application, a company like apple or google or even your wireless company get your location information, in many cases, under current federal law, these companies are free to disclose your location information and other sensitive information to almost anyone they please without letting you know. then the company's share your information with and sell it to others. without letting you know. this is a problem. this is a serious problem. i think that is something the american people should be aware of. i think it is a problem we should be looking at. before i turn it over to the distinguished ranking member, i want to be clear that the answer to this problem is not ending location-based services. no one up here wants to stop apple or google from producing the products or doing the incredible things that you do. i thank you for testifying. you guys are brilliant.

and people of the were brilliant, they think the people that founded and ran your companies. today is about trying to find a balance between all of those wonderful benefits and the public's right to privacy. i, for one, think that is doable. i will now turn the floor over to my friend, the ranking member, senator coburn, for his opening remarks. >> thank you mr. chairman. whether the application on your telephone sounds may be hearings of all the hearings to attend -- >> that would be frightening. >> thank-you to all the witnesses who are here today. transparency and what we do in government and outside government when it is not fiduciary and when it is not proprietary is important for the american people. as is the issue of privacy. rather than making a decision on

what needs to change, we need more information and knowledge in terms of those of us on the legislative side before we come to conclusions about what should or needs to be done. i am looking forward to the witness's testimony and i will shorten this up. i would like to hear from our witnesses. >> i think we will begin our first panel now. i want to introduce them. we have to jessica rich. she is deputy director of the bureau of consumer protection at the federal trade commission. she has served as assistant director in the federal trade commission paused bureau of consumer protection since 1998. she is in the area of identity and privacy correction.

to serve as legal adviser to the bureau of consumer protection and received her law degree from new york university and her undergraduate degree from harvard. jason one scene is the deputy director -- deputy assistant attorney general for the criminal division of the u.s. department of justice. before joining the criminal division, he served as the chief of the violent crime section in the u.s. attorney's office for the district of maryland. he was also an assistant u.s. attorney in the u.s. attorney's office for the southern district of new york. mr. weinstein attended princeton university and george washington university law school. i understand your wife is very pregnant and you may have to leave. [laughter] during your testimony or during other testimony. as chairman, that will be fine.

[laughter] ms. rich? >> let me turn the microphone. that would help. i am deputy director of the federal trade commission's bureau of consumer protection. i appreciate this opportunity to present -- present the commission's view on privacy. we are a consumer privacy agency and a -- an important component. the commission has employed a variety of strategies to protect consumer privacy including law- enforcement, regulation, outreach to consumers, and businesses, and policy initiatives. on telephones, e-mail, and on the internet, we are committed

to protecting privacy in the rapidly growing mobile arena. to ensure the commission staff has a practical ability to engage in law enforcement's and inform policy development in the mobile space, the commission has hired technologist to work as ftc staff. the agency has cleared a mobile laboratory with numerous smart phone decides -- devices on various platforms and carriers as well as software and other equipment to collect and preserve evidence. commission staff have explored the key mobile consumer protection issues to workshops and reports. what is clear from our work is that the rapid growth of mobile products and services creates many opportunities for consumers and also raises serious privacy concerns. these stem from the always on, always with you personal nature of mobile devices, the invisible collection and sharing of devices with multiple parties, the ability to attract consumers including children and teens to their precise location, and the

difficulty of providing meaningful disclosures and choices about data collection on the small screen. law enforcement is critical to our consumer protection mission. the ftc's primary law enforcement tool, the ftc act, prohibits unfair or deceptive practices. this law applies regardless of whether a company is marketing offline, through your desktop or telephone, or using a mobile device. we described four recent ftc cases brought under the ftc act that addressed practices in the mobile torino. two of these cases against two of the largest players in the mobile ecosystem, google and twitter, highlight the efforts to challenge deceptive claims that undermine consumer choices about how their information is shared. with google, the commission alleged the company deceived consumers by using information collected from g-mail users to

populate a new social network agoogle buzz. the proposed settlement contained strong information including independent audits that protect the privacy of all google customers. in twitter, the commission charged serious lapses in the company's data security that allowed packers to a takeover twitter accounts and in excess to private tweets as well as their non-public poll numbers. the commission's order protecting data that twitter collects through mobile devices and requires independent audits of their practices for 20 years. if the accompany violets this order, the commission may obtain civil penalties of $16,000 per violation. similarly, the commission obtained a temporary restraining order against the defendant allegedly sent 5 million

unsolicited text messages to the mobile phones of u.s. consumers. in the reverb case, a public- relations company planted endorsements of gaming applications. public lawion's enforcement presence and a mobile r reid is still at relatively early stage. we are moving forward rapidly and devoting resources to keep pace with developing technologies. commission staff of a number of mobile investigations in the pipeline including investigations related to children's privacy. i anticipate that many of these investigations will be completed in the next few months and any complaints or public statements will be posted on our website, ftc.gov. while the mobile i read that presents new methods of data collection and technologies, many of the privacy concerns built on the ones the ftc has

been dealing with for 40 years. it is all about insuring that consumers understand and can control data collection and shared and that their dad does not fall into the wrong hands. the ftc has the authority and experience and strong commitment to tackle these issues. the commission is committed to protecting consumer privacy and a mobile sphere through law enforcement and by working with industry and consumer groups to develop solutions that protect consumers while allowing innovation. i am happy to answer any questions. >> mr. wine stain -- >> i s the baby to stay put until after 11:30 which will probably be the last time he listens to anything i say. good morning. i thank you for the opportunity to be here today. we have witnessed over the last decade an explosion of mobile computing technology from laptops and cell phones to tell -- too tablets and smart phones.

people are using these things more extensively than ever before. weaken bank and shop and conduct business and socialize remotely with our friends almost anywhere. the world is almost literally at our fingertips. in ways that we don't often think about, what we say and write and do with these mobile devices can be open to the world. as the use of the devices grows, these devices are increasingly tempting targets for identity these and other criminals. as these devices increase our connectivity, they also pose potential threats to our safety and privacy. those threats fall into three different categories -- the first one is posed by the cyber- criminals. they seek to misuse the information stored or generated by our mobile devices. from around the corner or around the globe, people work every day to access the computer systems and mobile devices of government

agencies, universities, banks, merchant, credit-card companies to steal personal information or intellectual property and perpetrate bridges that lead tens of millions of americans at risk of identity theft. some of these cyber criminal seek to in fact the computers in our homes and businesses with malicious codes. they can capture every keystroke or mouse click or credit card number. smart phones and tablets are mobile computers. the line between mobile devices and personal computers is shrinking every day. these devices provided other computing platform for cyber criminals to target for infection. americans using computers and mobile devices suffer from a pervasive invasion of their privacy almost every single time they turn on their computer.

we want to protect the privacy of americans and prosecute criminals that threaten and violate the privacy. we have had a number of major enforcement successes including the operation in connecticut which successfully disrupted the botnet which affected millions of computers worldwide. as we store more and more personal information, we should expect that they will be increasingly targeted by criminals. it is critical but law enforcement has the necessary tools to investigate and prosecute those crimes which are crimes against the privacy of all americans. the second category of threats to our privacy comes from the collection of personal information by the providers themselves. these situations may or may not be inappropriate for criminal investigation. it depends on the circumstances. some may be best addressed regulatory action. we must carefully consider the clarity and scope of privacy

policies and other user agreements that govern the relationship between providers and their customers. the third category of threats comes from criminals who use mobile devices to facilitate all sorts of their own crimes from traditional cyber crimes to violent crimes. as technology evolves, it is critical that law enforcement be able to keep pace. law enforcement must be able to get the data it needs to investigate and prosecute these crimes and identify the perpetrators. this kind of identification is already a challenge. data critical to investigation has too often been deleted by providers before laura enforcement can obtain it. that challenge is greater in cases involving mobile devices. we increasingly encounter suspects to use their smart thousand tablets as the way

computer, many wireless providers do not maintain the records necessary to trace an ip smarts back to a user's on. that is the necessary link in the investigative chain that leads to prosecution of a suspect. thank you for the opportunity to discuss some of the challenges of the department sees on verizon. the department works every day to protect the privacy of users of computers and mobile devices. we look forward to continuing to work with the congress and i look forward to your questions. >> in the ftc's december 2010 privacy report, the commission states that certain kinds of information is so sensitive that before any of this data is collected, used, or shared, companies should seek a expres'' affirmative consent with a customer. you identify four categories of data that are this sensitive,

information about children, financial information, medical information, and precise geo- location data. why does the ftc think that before a company gets her share slip your location information they should go out of their way to get your consent? >> we identified those four categories because misuse of the kind of data can have growth consequences for consumers. in the case of location data, as you mentioned and your colleagues mentioned, it can lead -- but falls into the wrong hands, it can be used for st alking. teens and children's have mobile devices and we are talking about teen and children information and their location. location cannot just tell you where a person is that a particular time. it is collected overtime and you

can also know what church somebody has gone to, what political meeting they have gone to, when and where they walked to and from school. that is sensitive data that require special protection. >> thank you. let me ask you a related question -- when i use my smart phone, many people can and do get a hold of my location, my wireless company, companies like apple and google as well as the mobile apps that i have on my phone. my understanding is that in a variety of cases under current federal law, each of those entities may be free to disclose my location to almost anyone that they please. without my knowing it or my consent. is that right? >> that is right, mr. chairman. the statute that you made reference to the chairman leahy

wrote 20 years ago provided in those instances where it covers the provider. it places a great deal of restrictions on the ability of providers to share that information with the government but virtually no legal restriction on their ability to share that with other third parties. there may be specific type of restrictions if you talk about data other than location like health care data that may be covered by other privacy laws. there is no legal restriction on location data. if the company is not considered to be an electronic provider, there is no restriction at all the company is free to share it with whoever they want. >> one of the defining features of the mobile market is that you have many different entities, app developers' and others who are amassing a large amount of information about users. outside of any assurances that they make to their customers or

the requirements of financial records or loss, to the companies in this area have to meet certain data security standards? what is to prevent them from getting hacked? >> i am not aware of any legal requirement that a company in your possession of your personal data whether the location or financial data, that they secure that data in any particular way. that is essentially a decision made by the company based on its own business practices. one of the arguments that too often here when we talk about data retention, because there is no requirement that the retain this for any length of time and that impacts our ability to solve crimes -- when we talk to industry and privacy groups about the need for data retention for some reasonable period of time, to make sure that law enforcement can get the

data it needs to protect privacy, you often hear that if companies are required by law to store the data for some length of time, it will put them at greater risk of being hacked. that is an open question whether if there was a requirement for data retention and if it is appropriate to propose some requirements. >> thank you. before i turn to the ranking member, i want to introduce a few key pieces of testimony into the record. i want to introduce to my testimony -- i want to introduce a joint testimony from the coalition for battered women in minnesota and the national debt work -- network for the center for victims of crime. this testimony lays out law enforcement can use technology to find stalkers and cites cases of 12 minnesota women who were

stalked through their smart phons. these are extreme cases but there is no doubt that this technology creates clear benefits and privacy threats. we need to be very careful in this space. i'd like to turn it over to the ranking member, senator coburn. >> thank you, mr. chairman. i hope after you all testified that you will hang around and listen to the second panel. in congress, we talk past each other many times. when we are observing us back talking past each other, we learn something if we are an outside observer. when we hear both sides of this today, my hope is that what it will accentuate the ability to solve the problems in front of us. i want to tag your testimony. i have a question for both of you.

both of you have demonstrated that under certain laws that we have on the books today, you can do a lot in terms of addressing these privacy issues. my question for you is, in your opinion, what else do you need in terms of statutes to facilitate your ability to protect the privacy of individuals in this country without diminishing the benefits that we are seeing from this technology? >> the commission has taken a position on legislation in this area. in the report the senator frank and preferred -- referred to, we discussed some key protections we think should be applied in industry, not -- across industry including mobil that we believe would protect privacy while also allowing innovation to continue.

that is basically companies should have privacy by design, meaning at the very early stages of developing their product and services, they need to give privacy serious thought so that they develop those products and services in a way that maximizes safety to consumer data. that means not collecting more data than is needed and not returning it from lumber that is needed, providing security for it, making sure it is accurate. if those things are implemented early, and can be done in a way that still permit innovation and still permits the business to function. >> can you do that through regulation now? >> we have used section 5 of the ftc act which addresses of unfair practices to bring companies under that circumstance that don't do certain things. the second piece is to streamline easy to use choices

for consumers. that would be making it easy and important on mobile devices where we have seen -- we don't see privacy policies. when we do, it may take 100 clicks to get through the terms of service to find that. we have encouraged the use of icons and ways to make it easier for consumers to exercise choice about things like sharing data with third parties. >> like riding in plain english? >> yes, the third piece is greater transparency overall. if you do have privacy policies, they should be written in a simple wasa they are easy to compare. potentially, a consumer should be able to access the data that companies have on them.

we believe, if implemented, those protections would achieve much greater protection to consumers while allowing innovation. >> do you have the ability to implement that now under the ftc? >> those are policies some of which can be implemented under the ftc act but others are forward-looking. >> would you mind submitting to the committee which are which so that can guide us in addressing where we might need to go? >> yes. >> thank you. >> there are four or five things that we think congress should consider. the reason they are not all specific to mobile devices is it is important that the threats that you see in terms of cyber crime on mobile devices are just new variations on old problems. when someone put malware on your

computer, that as a threat. we need to be able to fight cyber crime generally. there are a number of further fixes to the computer fraud and abuse act. we believe these are appropriate and would strengthen penalties and deterrence and make sure there are significant consequences for cyber crime. those we anticipate will be part of the cyber security package which is imminent. that is being measured in terms of days instead of weeks. cyber-stalking statute requires that the victim and the defendant actually need to be in different states and that hampers our ability to use that statute. cyber stalkers are people who

harass and are frequently write down the street. the third is data retention. we think there are undoubtedly a reasonable period of time that congress can require providers to retain data that allows them to solve crimes. the fourth is that a breach reporting. -- the fourth is that a breach reporting. -- the fourth data breach reporting. there is no comprehensive federal legal requirement. the fifth is that among the data that is not maintained or retained is data that will allow us to trace back an ip address that a criminal used.

this is something we encourage 2 -- congress to consider. there are no legal -- there are significant legal restrictions to share data with law enforcement. there are no restrictions on providers' ability to share that information with a third party. we think congress may wish to consider whether we strike that balance between privacy between consumers and those they are engaged in commerce with. >> thank you. >> mentionecpa. -- you mentioned ecpa because i will be introducing a bill very shortly to update the electronic

privacy communication act. , epca., i don't that applies to the devices now and can beacon -- it can be bad for consumers or law enforcement perso. this only. -- concerns providers. if global or apple or other -- it google or apple or other application providers generate information for my smart fun, it might fall into either definition. that would mean the government can simply of 10 locations and other sensitive information collected without obtaining a search warrant. i mentioned this earlier when i

spoke but they might be able to do it without. does it apply to the providers of mobile applications, and if not, what changes should we make? >> that would be the same answer if you ask me about verizon or google or apple. as companies provided border range of services, a company may be considered a provider of electronic communications service for one service it provides, remote communications for another. the company like verizon is clearly on the hope for its communications services. apple might be an rcs and googled might be for google documents. and willapp -- a mobile at a

provider could be defined differently. >> do we have a gap? should we address this is new legislation? >> as all these companies expand the range of services they provide, there will be gaps. there will be more traditional companies that do not fall into one of a few categories. i don't have a particular proposal but we would be happy to work with you to explore where the gaps are. >> is this something where law enforcement can come in and get this information without law enforcement to >> ta i a compans not covered, we can get a subpoena for the legal process. in most instances. > you mentioned epsilons/onyn/y

and the breaches friday in what is there. on three occasions, the judicial committee favorably reported about davis the privacy. it was establishing national standards for notifying consumers about data breaches involving their personal information. we're trying to get congress to get this passed. if there has been a data breach cover your information is there, you would not have to rely on the good graces of a company that screwed up allowing the data briefed but they would have to -- they would be required to notify you. how important is for your department and other law enforcement agencies to be notified of data security breaches so they can look at

whether it affects our criminal laws and national security? m will asks. rich a similar question. >> it is vital. we find out about it too late, the trail may have gone cold. there are 47 state laws that govern breach reported that only a few of them require the victim to notify law enforcement. some of our biggest hacking and identity theft cases were made possible because we got early reporting from the victim companies and the got cooperation throughout the investigation. that was critical to follow the trail and find the packers. -- find the packers. -- a h find aackers.

-- the hackers. we think that that a breach reporting is vital to our ability to do our jobs and we anticipate that there will be a data bridge proposal contained. >> ms. rich? >> the ftc has long supported legislation to require dow average notification and data security. would play complementary role to the department of justice in that they pursue hackers, the militias "to get the data, but our perspective is it is extremely important to shore up the protections of those companies that have the sensitive data. there will always be criminals but it is important that companies secure themselves so they are not easy targets. we believe legislation requiring notification and security is vital. >> thank you.

we thank you for holding this hearing. i think it is extremely important. i will go off for some budget meetings in >> senator boren and paul. -- sen enterblumernthal. -- senator blumerthal. >> thank you providing the leadership. i want to thank our witnesses for being here and also apple and google and the consultants we have in this profoundly important hearing. whatever kind of challenging questions we may ask, i hope that we are all on the same side of this cause. what we face right now is literally a wild west so far as

the internet is concerned. we can debate the technicalities but the ftc statute that prohibits unfair practices simply does not provide the kind of targeted enforcement opportunity that i think is absolutely necessary. i know the department of justice will be seeking additional authority which is absolutely necessary. this one area pertains to young people, children, which we have not discussed so far today. that obviously raises discreet and powerfully important issues. do you think the president's statute sufficiently protect young people, children who are 13 and under, when we are talking about marketing, location information, other kinds of privacy issues it? >> we have a very strong bloc,

the children's online privacy protection act. this applies to children 12 and under. we are reviewing that we have not reached a result. we want to see if it is keeping up with technology. we have not reached the end of that. in a workshop we had on that, there was a fair amount of agreement from industry and consumer groups that that statute is of this and the flexible to cover a lot of mobile technology and activity across the the board of >> do you agree mr. weinstein. >> i have two little kids and my little kid is better with my by phone that i am. it is terrifying to think about what kind of on-line threats will be out there by the time he is old enough to be using an iphone.

as we move into this space, it is important that any legal changes we make be technology- neutral. epca has been able to be flexible over 25 years. anything that the congress can do to protect kids in particular in this space is a worthy effort. >> m me asks. rich, -- let me ask ms. rich, in addition to the requirement the senator leahy is supporting that there be notification and i strongly support the requirement which is a basic fundamental protection -- shouldn't there be some requirement that companies design and safeguard this

information when they structure these systems? also shouldn't they have liability if they failed to safeguard that information? that is so we provide incentives for companies to do the right thing. >> absolutely. using section 5, 34 companies had cases brought against them in the last five or six companies that failed to secure data and we believe it is vital to hold companies accountable for that. >> what about a private position? >> we have not taken a position on that. >> we had testimony from dr. john savage of brown university who said to us that computer industry insiders have solutions to many cyber-security problems but the incentives to adopt a more week primarily because security is expensive and there is no requirement they be

adopted until disaster strikes. >> the commission has actually taken a position on data security. we strongly support data security and legislation. that includes civil penalties. >> thank you. my time is expired. >> senator white house. >> thank you. both of you have had a chance to look into the dark side of the internet, the underbelly of the internet. you are also people who use it and have families that use it. you both have the experience of the regular american dealing with the internet having a certain measure of confidence in it. you have a heightened awareness

based on your professional obligations. based on that, how well informed do you believe the average american is about the dangers and hazards that are out there on the internet? is this significant in terms of things as simple as willingness to download protective badges and be up to date would soft technology to protect yourself? can you quantify a little bit about how well-informed the average american is about these risks? >> we believe consumers really have no idea of the lawyers of sharing that goes on behind the scenes. for example, many consumers may like the location services and

they may want to share their location information in order to obtain them. they don't realize that their location data and the device may be flowing to service providers, to advertisers, to all sorts of other parties in the chain. we believe that is why when certain high-profile security breaches happen, companies like epsilon was shocked because they had no idea their data was there. >> with the large population we are talking about, i think there'll be great variation. the vast majority of people are not as informed as they should be. it comes out of the heightened awareness that the apple and a global media frenzy has created.

-- andy google media frenzy has created. these may not be criminal enforcement matters. everybody has to be more vigilant. there has to be steps taken that there are user agreements that are more transparent. >> earlier in your answer, you basically set up the traditional dichotomy between a legitimate communication or application and something that is infected m withlaware and is lware and is probably a law enforcement issue. this may be something that a subscriber would want. they may want a location application that shows when you are near a fast food restaurant. that might be something that

somebody would want. it also might be something that somebody might not want. howell cattle. at all. if you load an application, you know you are loading one dimension of the application. you don't know what else is being attached onto that. what should the ftc be doing by way of disclosure requirements to make sure that when you load an application, whoever puts that on the menu for people to choose has fully disclosed that all the elements are in bed and it is not just a trojan horse to attract with that particular thing when its real purpose is to find out information about you to sell to individuals? where are you in terms of getting that transaction? >> it is challenging.

because of the nature of the small screen. the ftc has called on industry to develop simplified disclosures that are embedded. when you download the app, they have to tell you that there and then, not and some privacy policy that would take you 100 screens to download and look at. i think there needs to be serious work done to improve the interaction between these companies and consumers. we don't think if it is necessary to share for the business model, not necessary to share with other companies, each not be happening. we have seen when sometimes sharing is necessary for the business model, they pull the information off the whole device

and share it with third parties. >> the trojan horse analogy for some apps is a fair one. >> yes. >> thank you. thank you, senator whitehouse. you were just talking about the screen and signing off on privacy agreements. you emphasize the ftc possibility to protect consumers against sensitive trade practices. they have to click and agree to a software license agreement. that tells users they can withdraw the concern to apple's collection of information and any time by turning off the

location services button on their phones. i will add a copy of that agreement to the record. as it turns out, turning off the switch to not stop the collection of location information by apple. my question, is that the deceptive trade practice? >> i cannot comment on specific company's practice. if a statement is made by a company, it is a deceptive practice. if there is a misleading statement and some sort disclaimer in fine print, that could be a deceptive practice. there is a lot we can do under our authority to challenge the types of practices you are talking about. i am not going to comment on specific company. >> i have one comment. i think we need to be careful on

this side of security. we spend $64 billion a year on i.t. in the federal government. we spend tens of billions of dollars in security and we are breached daily. we should not be requesting a standard that we cannot live up to in the government. the concern is an accurate one. to say somebody is liable to a breach of their security when we all know that almost every system in the world can be breached today, we need to be careful with how far we carry that. >> can i address that? we agree there is no such thing as perfect security. many of the types of practices that would prevent breaches are things like not collecting more data than you need. >> i agree.

>> basic. to fall on center coburn -- to --low up on center coburn's senator coburn's operation, there is a duty of care and it can impose reasonable measures that common-sense or technology would provide the means to do. why not some ability to ordinary consumers impose the federal law that would impose accountability for a standard of care that is available under modern technology with the kinds of reasonable approach, sensible responsibility? >> we agree with you. it is reasonable security.

it is having a good process of that excess this -- that assesses risks. >> when not require a remedy in the case of a breach where that kind of accountability is imposed -- insurance, credit freezes, so that what is increasingly becoming standard practice would be imposed on all companies? >> we think that is important both to address what is happening to consumers and to provide effective deterrence. >> i'm trying to stay in my lane. i will make a general observation. there is no perfect system. cyber security requires multilayered approach.

it requires laws that bridges be reported. it requires providers to take as much of an effort -- make as much of an effort as they can to protect the system. some of the proposals that will be in this package you will be receiving address that issue. it requires better work by everybody involved. >> we look forward to the package the package you'll be receiving hopefully in a short time. >> thank you, senator. i want to thank ms. rich and mr. weinstein. we now proceed to the second panel of this hearing. i will introduce our panel as they are making their transition to the table to move things along. maybe i will -- there seems to

be low chaos -- a little chaos. we will take a moment of pause to think about the first panel and all of the issues that were raised and thoughts that were expressed.

all right. i like to introduce the second panel witnesses. i want to thank you all for being here. ashkan soltani is a technology researcher and consultant specializing in consumer security on the internet. he has more than 15 years of experience as a technical consultant to internet companies. he worked as the technical consultant from the series investigating additional privacy issues. he has a master's degree from the university of california at berkeley.

justin brookman was the chief of the internet bureau of the new york attorney general's office. under his leadership, the internet ordure is one of the most active groups working on internet issues. he received his jd on the new york university school of law in 1998. tribble is the "bud vice president of software at apple. was the chief technology officer for the sun-netscape alliance. he earned a b.a. in physics and an m.d. and phd from the

university of washington in seattle. alan davidson is the director of public policy for the americas at google. he was a computer scientist working at booz allen and hamilton were helped design information systems for nasa's space station freedom. he has a degree in mathematics and computer science and another and a jd from last year also -- yale law school. jonathan zuck spent 15 years as a professional software developer and an i.t. developer.

he holds a master's in international relations from the school of advanced international studies at johns hopkins university. i want to thank you all for being here today. please give your opening statements. we'll start from my left and you're right -- your right, mr. ashkan soltani. >> thank you for the opportunity to testify today. my name is ashkan soltani. specializes in privacy and security on the internet. mobile devices today are complicated machines. mobile devices introduced unique privacy challenges. consumers carry their phones and tablets with them wherever they

go. location can be determined using a number of technologies, including gps and other network- based things. -- resulting if you imagine a historical trail of whereabouts, it would be easy to deduce where you work and where you play. this reveals how you spend your time. there were recent stories about mobile devices in collecting sensitive data. with the exception of gps, the process by which year location can be exposed. at&t and verizon and apple and

google and even the provider used to deliver information about your whereabouts. smartphones send location information quietly in the background to apple and google's servers. the background collection happens automatically unless you are made aware of the practice and elect to turn it off. most smartphones keep a copy of historical location information directly on the device. apple's iphone would retain an apartment block -- log of your history for about a year. there is no way to disable it. many mobile smartphone

platforms allow third parties to develop platforms for the the vice. this includes games -- platforms for the device. if a user opens a popular restaurant app, downstream advertising could learn about that. this information is not limited to just location. many of these apps would have access to phone numbers. many disclosure can be too

confusing for the average consumer to understand. things that are privacy conscious consumers would care about. some apps lack privacy applications. consumers need to increase transparency into who was collecting information about them and why. software developers need to provide consumers with ce.ningful choi andce only in and of art that fosters trust will consumers be allowed to take a vantage. i think the committee for inviting me here today to testify. >> to wait -- thank you.

mr. brookman. >> there cannot be a more timely topic than the issue of mobil privacy. consumers are enthusiastically embracing mobile devices. they make our lives better. many of the same privacy issues that frustrated consumers are heights since in the mobile environment. -- are heightened in the mobile environment. precise geo-location. the tools consumers have are weaker than they are on the web. i have been invited to discuss the existing laws and whether the framework has provided adequate. the short answer is no.

there are a few specific laws that govern a relatively small sets of consumer information. i think it is fair to say there is a patchwork of laws that make apply to the margins. mobile devices -- the consumer paid -- carriers were required to get permission to share or sell information around traditional dumb phones. a cell carrier has branched out. the treatment of customer information is unregulated. these rules never applied to the players in the modern app world.

the mobile data ecosystem has expanded and rules at one point covered everything and in no longer offers protection in the mobile space. some statutes also apply. they did not protect consumers appear. one would be the electronic consumer privacy act. it does have some protection from certain companies from disclosing certain aspects. this was written in 1986. the law could be interpreted to cover some apps but not all. the law does not match up well the mobile privacy issues, not consistently. if it did apply, without additional rules, companies

could bury permissions in terms of service agreements that consumers would be unlikely to read. and have tried to apply criminal statutes. the u.s. attorney from new jersey was investigating certain apps for transmitting certain information without disclosure. i think it is probably not the ideal approach because of the broad criminal statute designed to combat hacking. i'm not like it when a company's share my information. i don't think people should necessarily go to jail for it. the ftc has had some important

cases in this area, but the bar is a very low. companies cannot lot about how they are treating your data. some companies responded by not releasing any data and all. the easiest way for a company to get in trouble is by making a concrete statement about what they are doing. a small percentage offer any privacy policies whatsoever. it is not possible for people to figure out how -- we have petitioned for a baseline privacy law that requires companies to say what they are doing with data, and to tell companies to get rid of it when they are done.

we believe that in hansard -- this type of information -- we should err on the side of user privacy. thank you very much and i look forward to your questions. >> thank you, mr. brookman. your testimony's will be made part of the record. mr. tribble. >> good morning. my name is bud tribble. thank you for the opportunity to further explain apple's approach to mobile privacy. i would like to use my time to emphasize a few key points. apple is deeply committed to protecting the privacy of all of our customers. we have adopted a single privacy for all four -- a single

privacy policy for all our products. we do not share personally identifiable information with third parties without our customers' consent. there have to be specific -- apple does not track users location. apple has never done so. our customers want and expect it mobile devices to be able to quickly determine their current locations for specific activities such as shopping are funding the nearest restaurant. calculate a phones location using gps satellite can take up to several moments. iphone can do this quickly.

to accomplish this goal, couple maintains a secure crowd source database containing information with known applications to wifi hot spots that apple collects from millions of devices. during this collection process, and apple device does not transmit to apple any data that is nuclear -- that is uniquely identified with that device or customer. by design, apple gives customers control over collection and use of location -- there is a master switch into the operating system that makes it easy to opt out entirely of location-based services. users switches the switched off. the device will not collect or transmit location information. apple does not allow any

application to receive device location of information without first receiving the users consent. the dialog box is mandatory. customers may change their mind and opt out of any time by simple on off switch. parents can use controls to password protect and prevent access by their children to location services. apple remains committed to responding promptly and globally to all privacy concerns that may arise. there has been a considerable attention given to the manner in which our devices store and use a subset of apple's kraut source database. the purpose is to allow the device to more quickly determine the user's location. these concerns are addressed in detail in my written testimony. i want you to predict i want to reassure route that apple is never tracking in individuals

location from the information residing in that cache. the location of wifi hot spots and cell towers surrounding the iphones location. iphone che was not been corrected -- was not encrypted. we were investigating the cache and found a bug that could be updated even when the switch had been turned off. this bug was fixed and other issues have been address in our latest software audit released last week.

in our next release, the information stored in the device's cache will be encrypted. apple will give the users control over their information. we believe our products do so in a simple elegance way. we share the concern about the misuse of data and appreciate this opportunity to explain our approach. >> thank you, mr. tribble. >> thank you. my name is alan davidson and i am the director of public policy for a cool in north and south america. thank you for this opportunity to testify. mobile devices are now reduced routinely by tens of millions of

americans and creates enormous benefits for our society. those services will not be used and they cannot succeed without consumer trust. uilt.trust must be bille we have made our mobile location services opt in only. google focuses on privacy protection throughout the life cycle of a product, starting with the initial design. this design was discussed at the last panel. we use information where we provide value to our user. we apply the principles of security. we're sensitive when it comes to location information. as a start, all locations sharing for google services is opt in. when i first took might enjoy a phone -- my enjoy the phone --

android phone out of the box -- if the user does not choose to turn it on or dozen going to the settings and later, the phone will not send any information back to google's location service. if they opt in, location data is and on a modest and is not traceable to a specific user or a device. users can later changed their mind and turn it off. require every third-party applications to notify users that it will be accessing information before the user installs the app. we believe this approach is essential for location services.

highly transparent information for users about what is being collected. opt in choice before the location information is collected. our hope is this becomes the standard for the broader industry. we're doing all this because of our belief in the importance of location-based services. many of you are experiencing the benefits of these services. fighting the closest gas station on your car -- finding the closest gas station underscore gps.ur car's we have only scratched the surface of what is possible. google is working for the national center for missing and exploited children to broadcast amber alerts.

mobile services may soon be able to tell people in the path of a tornado in the event of a hurricane. these promising new services will not develop without consumer trust. strong practices i have described our star. there are subtle privacy issues that require the attention of government. as a start, we support the idea of comprehensive privacy information to protect consumers online and offline. a critical area for congress and for this committee is the issue of access -- government access to users sensitive information. we live now under a 25-year-old law. most americans don't understand data stored on-line does not receive the fourth amendment protection

. nor do users know the details location information collected can be obtained without a warrant. gould is a founding member of a group of companies seeking to update these lawless -- google is a founding member of a group of companies seeking to update these laws. we look forward to working with you to build consumer trust. thank you. >> mr. zuck. >> my name is jonathan zuck. i am the president for the association for competitive technology. as a representative of more than 3000 small and medium-sized i.t. companies, and a spokesman for the people that write applications for these devices

-- the science of -- this is known best where we're able to recognize an entire face and neck just see it as two eyes, a nose and a mouth. the face of mobile computing is the applications. these showcase the more than hundreds of thousands of applications that are available for these devices. they allow you to find out where you are, to find services and products that are close to. these are exciting and dynamic applications that had been made available and users are using them today. there are unique opportunities for mainstream business as well. you can receive an ad from a

business based on their location. this is at a much more cost than the big box stores are able to afford. this dynamic market is projected to be the size of $30 billion by 2015. application developers are enjoying a kind of renaissance and are often -- these applications are made to dominate by small businesses. over 85% of them are made by small businesses. and not just in silicon valley. the next time you drop one of your famous maps, over 77% come from outside of california, including tulsa, oklahoma. this is a national phenomenon.

we have an opportunity to meet l doublingent pasqual's goad of exports. when approaching the issue of data privacy in a holistic matter, i think it is imperative to remember there's a whole lot of data. focus on a new kind of data collection is to cut off our nose to spite our face. to focus on a particular type of data collection would necessarily discriminate against the small businesses that are responsible for some much economic growth in the mobile sector, while leaving larger players were largely untouched. there are laws in place to address consumer concerns.

there are vehicles in place to address transgressions. even the use of antitrust has been used to deal of privacy issues. i did not agree with all of the recommendations made by the center for democracy and technology. any approaches to privacy technology should focus on the data itself and how it is used and answer the general questions and not focus on a particular technology platform. there is legitimate concern among american consumers about their privacy. a number of americans are concerned about their privacy. one of the ongoing frustrations is people find themselves doing the time without having done the crime. it is as though there is a big company news like the sunny playstation debacle and google

-- like the sony playstation debacleand one with -- tobac and the one with google. this impacts small businesses larger than -- more than our larger brethren. the true irony is that if google brought this to our doorstep, they are immune to most of the consequences. who is most likely to be affected by a lot that affects the transfer of what to third parties? a small business or a huge part beckham by the third-party -- or a huge business that can buy the third party?

look at the issue of privacy in a holistic manner. thank you and i look forward to your questions. >> thank you, mr. zuck, and thank you all for your thoughtful testimony. mr. tribble, last month i asked out why they were building a comprehensive location database on iphones and ipads and storing it on people's computers when a sink -- when they synched up. this is what steve jobs said to the press. "we sell hot spots, but they can be over 100 miles away from where you are. those cannot tell you anything about your location." in a written statement issued that same week, apple explained

that this very same data will "help your i've fallen rapidly and accurately calculate its location -- help your iphone rapidly and accurately calculate its location." apple said. steve jobs set the same week that is not saying anything about your location. mr. tribble, it doesn't appear to me that both of these statements could be true at the same time. does this data -- you're anticipating my question. does this data indicate anything about your location or doesn't it? >> the data that is stored in the database is the location of as many wifi hotspots and cell

phone towers as we can have. that data does not actually contain in our databases any customer information at all. it is completely anonymous. it is only about the cell phone towers and the wifi hot spots. however, when a portion of the database is downloaded onto your phone, your phone also knows which hotspots and sell phone towers it can receive right now. the combination of the database of where those towers and the hot spots + your phone and knowing which ones they can receive right now is how the phone figures out where it is without the gps. >> mr. soltani, consumer is are hearing this a lot from apple and google. think it is confusing. apple basically said a file has

location but it is not your location. when it settling cannot that both iphones and enjoyed -- android sending information to apple and go, they are saying that we're getting information but it is not your location. whose location is that? is it accurate? kennedy tie back to individual users -- can it be tied back to individual users? >> in any case in the location does dinner refers to is the location of the device or somewhere near it. this can be up to one under miles away in some rural areas. it's actually much closer,

about 100 feet. if you refer to figure 3 in my testimony, you can see an example of this location as identified by one of these databases. i took my location based on gps and location based on the strongest ally phone -- wifi signal. the dog on the left refers to my location as determined -- the dot on the left refers to my vacation as determined by gps. it is about 20 feet from where i was sitting on the bench. i would consider that my location. there are time stamped that describe and they can be used to trace a trail about you.

this data it contains identifiers. the gel men from -- the gentleman from -- he was claiming that i.p. addresses are necessary to identify criminals. it is difficult to call this stuff anonymous. making those claims is not sincere. >> basically if you have -- this location in your illustration, you see you're in the hart building. let me ask mr. brookman the same question i asked mr. weinstein. my wireless company is like

apple and google and the mobile apps i have on my phone all can and to get my location or something very close to it. understanding is that in a variety of cases under current law, each may be free to disclose my location to almost anyone they want to without my knowing it and without my consent. is that right? can they do that? >> that is correct. it is a default law in this country. the only thing you cannot do is what you promised not to do with that data. some like apple and google said if you give that location, we promised not to share with an advertising partner. otherwise, i think for most

players, it would be very hard to make the legal requirement not to share data. >> thank you. mr. trimble, my time is running out. your company's one the biggest app markets in the world. there of restores requires that apps have a privacy policy. would your companies pooling to commit to requiring apps in your stores to the clear understandable privacy policy? this would by no means the fix everything. it would be a simple first step and would show your commitment on this issue. mr. davidson. >> it is a great question.

we have tried to maximize the openness of our platforms at google. we have relied on a permission's based model and google so that before an application can get access to information, they have to ask permission of the user. you are asking about the next step. i will take that issue back to our leadership. i think it is a good suggestion for us to think about. >> mr. tribble. >> we require contractually third-party app developers to comply -- to have noticed if they are going to do anything with the vice information. if you want to become an apple developer, signed an agreement that says you will do that. does not require a privacy policy.

probably a privacy policy in this general area is not enough. what we need to do -- people may not read a privacy policy -- is put things in the user interface than a clear what is happening with their information. apple thinks this way. when an application is using your location data, we put a low purple i can write up next to the battery, to let the user know that. the act should say that, to -- the app should say that, too. we have an arrow to show it the app has been used in the past 24 hours. feedback to the user about what is happening with their

information. >> thank you. yes no, mr. soltani. is it true that there is no mechanism for iphones to notify users that their applications can disclose their information to whomever they want? >> it is true. >> to live. -- thank you. >> i have a meeting. i will be back in. >> senator the menthol -- senator blumenthal. >> thank you. i wanted to focus on the area of trust that mr. davidson race, which think goes to the core of much of what you do with the consent -- that mr. davis and raised -- that mr. davidson

raised. the goal of building a wireless network maps. apple and google are engaged in that business activity, are you not? >> yes. >> i want to ask some questions about the global wi-spy experience, scanner, debacle. google intercepted and collected bits of user information payload data -- e- mails, passwords, browsing history, and other personal information while driving around and taking pictures of people's homes on the streets. the company first denied that it was collecting this information,

did not? >> we did not know that we were. >> then it denied it was collected it intentionally. is that true? >> i think we still believe we are not collecting it intentionally. >> in fact, this personal data and the interception and the downloading of this personal data is contemplated by a patent application that is been submitted by google to the u.s. patent office and internationally, it doesn't -- does it not? >> i'm not familiar with the patent applications. >> i think you have been provided a copy. maybe you can have a look at it. do you recognized the document?

>> i have not seen this document before. >> are you familiar with the goal that it describes of in fact pinpointing the locations of wireless rotors to construct a wireless network map by intercepting and downloading the payload data in precisely the way that google denies having done? >> i am not familiar with that aspect of this or really anything relating back to the patterson content. >> are you aware that this process may have been used in the street view program to collect private confidential information and use it to construct the wireless network? >> i would be surprised.

we're trying to be clear about the fact that it was not our policy to collect this information. i think we have been very specific about the fact that we never used that information. people at the company were quite surprised and embarrassed to find out that we have been collecting it. this was a mistake and we do not intend to collect this information and we have tried very hard to work with regulators to make sure we are now doing the responsible thing. we have not used it. we're trying to figure out what to do with it. >> why would the company then submit a patent application for the process that it denies having used? >> i cannot speak to the specifics of this patent. we were not aware that this was a topic for today's hearing.

we submit patent applications for many, many different things. often they're fairly speculative. we probably do hundreds of patents applications a year. certainly scores. it would not be surprising that in this area would be looking at innovative ways to provide location-based services. it was a mistake. we never intended to collect payload information. >> the payload information would be extremely valuable in constructing this wireless network map, what did not -- would it not? >> what is most important is having the identification of a hot spot and a location, which is what we were collecting. that is what we used to collect this data base, as others have. it is not obvious that smaltz

the bits of a few seconds that whatever happens to be broadcast -- to do not obvious wouldmall snippets necessarily be that the label. >> would be valuable in your opinion to have that kind of payload data in constructing a wireless network maps? --i'm not sure how valuable i'm not sure how valuable it would be. we don't collect data or use that in our mechanisms for geo- locating. checked with the engineering crew. they said they are not sure how you would do that. problem have not seen the patents.

cannot specifically answer your question. >> let me ask if you have any opinion about whether payload debt would be useful in strengthening the location network or map? >> i am not a technologist. here is a wireless access point and it is send the information out tech to launch of a. i don't believe the content of that communication with the bible at all -- would be valuable at all. >> think the small differentiation that you're referring to is whether the head information -- a question of whether that is payload data. goal -- google collects information about the hot spot. would feel that is not payload

data. that remains determined by others. >> what are the plans google has to use or dispose of the information that has been downloaded or collected? >> we are in active conversation with many regulators in connecticut and regulators around the world. some of them have asked us to destroy the data, and we have done so. our intent is to answer all the questions from any regulator who has an issue -- an interest in this folly. >> you agree that collection of this data at violet's privacy rights? it may be legal? >> our position was it was not illegal. it was not our intent, either. it is not how we expect to

operate our services. >> if it was not illegal, don't you agree it should be? >> this raises a complicated question. what the obligations are about people in hearing them. it is a complicated question. i think we have to be careful about it. the law regulates the use of that information. we have no intention to use it. >> i will have additional questions. my time has expired. i appreciate your indulgence. unlike these patents to be made a part of the record -- i would like these pans to be made a part of the record. >> the ranking member. >> how do enforce the record --

how do you know they are keeping their word? how do you know they are not tracking? >> apple curates the apps in our store. in the appleare apps store. we examine apps. we don't look at the source code. we run them and examine them before we put them into the apps store. sottorey're in the apse storps , we audit them.

we do do random audits and examine the network traffic to see if is respecting the privacy of our customers. if we find an issue for that means or through public information, a blog, or a very active committee of app users, we will investigate. if we find a violation of the terms, we will contact during the investigation about and hopefully get them to fix it. if not, the application will be removed from the store within 24 hours, and we do that. the developers are highly incentive to stay in the app

store. believe they correct and often that correction false, making sure they pop up a notice panel telling the customers what they are doing. >> we have taken a slightly different approach and a google --at google. we choose not to try to be a gate keeper. that is striking a balance. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011]

the speaker pro tempore: the chair will now recognize members from lists submitted by the majority and minority leaders for morning hour debate. the chair will alternate recognition between the parties, with each party limited to one hour and each member other than the majority and minority leaders and minority whip limited to five minutes each. but in no event shall debate continue beyond 1:50 p.m. the chair now recognizes the gentleman from virginia, mr. connolly, for five minutes. mr. connolly: thank you, mr. speaker. one year after the deepwater horizon oil spill, americans are paying record gas prices. in northern virginia gas that used to cost $3 per gallon now

costs $4. the gas price hike is a result of instability in the middle east and possible oil speculation and is a reminder of our dangerous dependence on foreign oil. sadly our republican colleagues are not advancing legislation to help our hard-pressed consumers. their plan would line the pockets of big oil which saw its profits skyrocket 30% with those rise in oil prices. fortunately there are positive steps we can take to promote energy independence here in america. to protect consumers. improve vehicle efficiency. boost production of domestic renewable energy, and convert oil industry tax breaks into gas price relief for our consumers. america owns 1.5% of the world's oil but consumes 22.5%. so we can't drill our way to energy independence. the only way to end our dependence on foreign oil and reduce gas prices by improving automobile efficiency and developing new sources of clean

domestic energy. energy independence is going to depend on reducing our oil consumption and shifting to domestic forms of energy like wind, solar, biofuels, and gas. energy independence will save consumers money and protect us from the instability of the middle east. at the end of 2010 congress extended tax credits for biofuels and production for wind and solar energy. these tax credits indincreased wind energy production by nearly 43% in just two years. so extending them is an important step to increase the supply of domestic energy. under the authority of the clean air act, president obama and auto makers recently announced an agreement to improve the efficientcy of automobiles by 30% by 2016. this agreement will save consumers $3,000 for each car purchased i five years from now. here's another way of looking at it. if you could save 30% at the pump, better fuel efficiency would more than offset the

reason spike in gas prices. unfortunately, oil companies and their allies here in congress are trying to roll back much of this progress. republican speaker boehner forced through legislation which would repeal much of the clean air act. hurting american consumers and undermining our national security. last week the leadership in the house passed legislation to short circuit safety rules for oil production off america's coast, increasing the likelihood of another deepwater horizon catastrophe. their legislation would also allow oil exploration that would impede naval operations off the chesapeake bay in virginia. this week they now want to attempt to pass a bill allowing for more oil drilling even if it interferes with military bases or endangers coastal economies. i do not support reckless efforts to allow unex-- unregulated oil drilling which endangers coastal economies and national security.

last week i introduced amendments to these oil drilling bills. one would strike the anti-safety language and add a provision to repeal $37 billion in oil company tax look holes. the amendment would remitt this money to american drivers. -- remitt this money to american drivers. my amendment would give $185 to every licensed driver in america, reducing the 3r50eus of gasoline by 27 cents a gallon. the other amendment was written to protect national security simply required the commander in chief in consultation with the secretary of defense surt phi before we -- surt phi before we drill for oil off the coast of virginia they certify it does not hamper national security and naval operations. i was shocked -- this the leadership didn't pass this. i'm introducing stand-alone legislation to assist consumers. the gas price relief act will

terminate tax loopholes for oil companies while rebating savings to our hard-pressed commuters throughout america. there are many positive steps, mr. speaker, we can take to reduce our dependence on foreign oil. steps that will include clean energy, renewable energy, and efficiency in our vehicles. that's the path we need to take if we are going to reduce our reliance on foreign oil and achieve genuine energy independence. with that i yield back. the speaker pro tempore: the gentleman yields back. >> also a debate on the bill on hatity relief efforts. live coverage on the house when members return here on c-span.

we are going back to the senate judiciary committee hearing on protecting mobile prifecy. the committee hearing from the second panel, most of whom are industry executives. >> within what controls, and i think we asked the question we have to be focusing on and it's complicated by the fact that some of these things you want and you're choosing them, some of it rides along with that, i don't know how effective you are -- program that allows you to check in and out. things it has access to, in terms of the real life consumer. what does a 14-year-old loading an app know about these choices. how informed is that choice? i'm not sure that's a boundary i'm personally comfortable with. you could change your mind later in the apple system if you saw something was going wrong.

can you change your mind in yours? >> absolutely. if i mention -- you can easily go back and change. >> you get prompted to? >> well, you can remove the application very easily. you can also change your settings in terms of -- for example the use of the location services. >> you have to be aware of it. >> absolutely. >> and you are not aware somebody is selling your location information to somebody are you not interested in having it, you're not getting a second bite at that apple. >> this is a tremendously important area about the need to educate our consumers and users better because we believe you're right. a lot of users don't understand all this. we have tried to make it very simple. and we have tried to strike the right balance. we don't say openness at all costs. what we have said is we are trying to maximize -- we are trying to increase openness. we tried to create a very open platform. it is a different approach.

it's not no holds bar. we take certain -- we do have a content policy for our market. but i think the question is where is the appropriate way -- who are the appropriate actors to go after? we don't go after trucking companies because they happen to carry faulty goods. we go after the manufacturers of those goods. i would just say we are trying to strike the right balance. we often need to really educate consumers. that's why a hearing like this is honestly so important because it does shed a lot of light even as we try to give people information. >> you do if the company knew what it was carrying. google's in a better position to know what is being carried as a professional company that specializes, has a vast resource than a 17-year-old who has been told by his friend this is a cool app to load. i don't think that's a comfortable analogy either for you to rely on.

if somebody wants to take control of your computer and slave it to their bot net, they will try a lot of different ways to do it. and many of the ways in which they try this stuff will involve broadcast to thousands of people. most people are careful enough to know better than to open the attachment or whatever. they are getting more sophisticated and they are starting to add more personal data. it's getting harder and harder to sort that out, but ordinarily you could have a success rate but only one in 1,000. and still be a pretty successful propagator of bot net. so it seems to me that there are some things for which even a very high failure rate is still not good. so even if 999 of 1,000 of your

customers say i don't want to do that, if somebody is putting these apps up not for the facial purpose, for the stated purpose, but because they loaded a bunch of other stuff behind it, that they want to use for an ulterior motive, a trojan horse, you take it for one reason, but that's not why they are doing business with you, that's the way to get into the door and your computer and taking economic advantage of your information. it seems to me there's some line that we want to draw that is an absolute line that says even if you -- you really shouldn't be in a position where you're agreeing to this with as little information as you have. in the same way you try to protect people from having their computeers slaved to botnet by spam emails, so again i think we need to consider a little bit more sort of what our model is

going to be here and work off of that. and all i can say is that i have not yet heard a model here today that is convincing to me that it adequately protects both the internet itself and the privacy entrance. we talked about prifecy, but frankly it isn't just privacy that is that's anish shue. once somebody is in your computer with an application there are a lot of other ways they cause mischief and it could be outright malware, something ultimately illegal not something that is immediately unwelcomed. i want to just thank chairman franken for having this hearing. i think it's been very interesting, very significant. i think it's an issue where we got a lot of work to do ahead of us. i want to appreciate the participation of all of you. we all bring different perfect specsives to this. i don't think anybody's perspective is yet ideal. but together working hard on this i think that we can get

something accomplished that will make the internet safer. and make people less vulnerable as consumers to abuse, and make sure that it's clearer that you're getting what you paid for or what you load up when you choose to take on these applications. much appreciation to the chairman for his leadership on this. >> thanks, senator whitehouse, i apologize, i had to step out for a minute. the meeting was on minnesota flooding. senator schumer has stepped in. recognize you. >> first let me thank you, mr. chairman, for having this very important hearing. there are so many different types of issues and questions that have come up because we are in this brave new world. where information is available much more freely and that creates new privacy concerns. and creating the balance is one

of the most important things we can do with the -- at the beginning of this century. so i look forward to your leadership and the leadership of senator coburn as we try to balance the important benefits. i'm so glad you have stepped into this place. i always tell people, the senate has so many different vacuums that somebody who is interested can sort of step into and this is a classic example. thanks for your leadership. there are a lot of these areas. apple and google have come here and i thank you both for that. i want to ask about a slightly different aspect of balancing technology with public safety and that is the smart phone applications that enable drunk driving. as you know several weeks ago a number of my colleagues and i, senators udall, lautenberg,

reid, and i wrote letters to your company calling the attention to the dangerous apps being sold in your app stores and asking you to take immediate -- to immediately remove them. don't have to go how bad drunk driving is in our country. i read those newspaper articles at prom time and christmastime of parents just looking so forlorn. they have lost a kid to drunk driving. anyway, the d.u.i.'s that were popping up in stores were terrifying because they undermine drunk driving checkpoints. the apps they have names like buzzed and fuzz alert, and they are intended to notify drivers in real time when they approach

police drunk driving checkpoints. there's only one purpose to these, we know what that is. and that is to allow drivers to avoid the checkpoints and avoid detection. people often think twice about drunk driving, driving while drinking because they know they could get stopped with all the consequences. and these apps enable them not to. we brought these to the attention ofry,, m. they pulled the app down. i was disappointed that google and apple haven't done the same and i'd like to ask you how you can justify to sell apps that put the public at serious risk. i know you agree with me that drunk driving is a terrible hazard, right? and i know that each of your companies has different reasons for not removing these apps so i'd like to discuss them with you separately. first, mr. davidson, tell me your reasoning.

>> we have a polsoin our application market, on our platform where we do try to maintain openness. of applications and maximize it and we do have a set of content policies regarding our android marketplace. although we need to evaluate each application separately, applications that share information about va -- so bright checkpoints are not a violation of our polcy. >> would you allow an app that provided specific directions on how to cook methamphetamines? that doesn't exbliss itly violate your -- explicitly violate the terms of your service explicitly but generates a public safety hazard. >> it would be fairly fact specific. we do look at these things

specifically. i think applications that are unlawful or that directly related to unlawful activities. i think we do take those now. but we do have a fairly open policy about what we allow. >> no one's disputing fairly open. that's the motto of google and you're a company that has paid the price in a certain sense for those beliefs. everyone respects the company. but my view is even under your present terms prohibiting illegal behavior, this app would fit. but why wouldn't you then change the app to include this at least specifically so it doesn't -- i know if you have to draft generallyized language might be trouble, but why wouldn't you do that? >> again i think we have a set of content policies we try to keep them broad, and i will just say, you raise what we think is

an extremely important question. it's a question that we are actively discussing internally. i will take this back and your concern back to our leadership. >> if you don't believe under your current rules that this would be prohibited, you would look at specifically at least narrowly for trying to eliminate this app. you agree it's a terrible thing. >> mr. dribble, tell me why you haven't. different reasoning. that's why i'm doing it separately. >> senator, i share your thoughts on drunk driving. as a physician who has worked in an emergency room, i have seen firsthand the the tragedy that can come about due to drunk driving. we are in complete and utter agreement on that. and apple in this case is

carefully examining the situation. one of the things we found is that some of these applications are actually publishing data on when and where the check points are that are published by the police departments. >> not in the same -- >> in some cases the police department actually plushes when and where they are going to have -- publishes when and where they are going to have a checkpoint. not all do that. and there are different theories -- >> how many police departments do that? >> i see a map, san francisco, 9th and garery, we'll have a checkpoint tomorrow night on the web. >> do they publishes all of them? >> i don't know. so we are looking into this. we think it's a very serious issue. >> it's sort of a weak read, i think. i would bet to you that i don't

know of a police department that in real time would publish where all the checkpoints would be. it would make no sense. do they publish it on their website? >> as you know they often publish in general they are doing it. that means that they believe that these checkpoints provide a deterrent effect. and that wider publicity -- i'm just saying we are in the process of looking into it. we think it's very serious. we definitely have a policy that we will not allow apps to encourage illegal activity. and -- >> apple has pulled bad apps before. >> absolutely. >> you both went even about tasteless jokes. this is worse than that,

wouldn't you say? >> i would say that in some cases the -- it's difficult to decide what the intent of these apps, but if they intend to encourage people to break the law, then our policy is to pull them off the store. >> i would suggest that you look at just keeping that policy as is, it's a little different situation than mr. davidson, would you find that the intent of these apps is to encourage people. >> will i take that back. >> i know my time is up. i apologize. and i would encourage you to make a distinction between a police department that says, well, we usually have checkpoint at 9th and geary and an app that just talks about where the new checkpoints where and in real time. and you say they publish it two days later. >> i understand that distinction. i agree.

>> so you, too, apple will take a serious look at this. >> yes. if both you folks could get pea an answer two weeks from now as to what -- is that too soon? >> certainly give you a progress report. >> how about a month from now as to what your internal examination has come up with. i thank you. i thank my colleague for indulging me in an extra two minutes. thanks. >> i was actually saying we were going to go to a second round. now that you were two minutes over. i would never do that distinguished senator from new york. i'm going to indulge my prerogative as the chair and go to a second round. mr. dribble, when you download an app on android, or on android machine, it tells you that the -- that if that app will access

your location, your calendar, your contact list, and you get a chance to opt out of those, the iphone only asks you if you want to share your location with an app, nothing else. don't you think it would be helpful for apple to inform consumers if an app will be able to get information from their calendars or address books? what more can apple do to inform consumers of the information that an app can access, do you think? >> the app, as i mentioned, we need to require the app provider them selves to give notice and get consent from the consumer before they do that. different from google in most cases we do not provide or

attempt to provide technical means in all cases to prevent the app from getting at any and all information. in fact, we think that would be very difficult. however, specifically in the case of location we do make sure that every single time an application or for the first time an application asks to get access to that user's location, it pops up, that dialogue box that says this app would like to use your location, yes or no. i would say that two things there, one is our priority in this case has been on -- especially since the nature of location and to provide technical measures or attempt to on the phone to provide that notice every single time when the app first asks. in the case of other information which may also be personal

information, but maybe not to the same extent as where am i right now, we require the app to give notice and get consent from the user but we do not have a technical means to require that. and if we -- not that we would want to, we think that's difficult and especially difficult because when you start to do that for every little piece of information, the screen that the user is confronted with in terms of yes, no, yes, no, yes, no potentially becomes very long and complex. >> google has a screen that contains the number of those. and it seems to work for you guys, right? yes. >> you enforce your own rules for apps, when were you in my office yesterday, thank you for

coming, i actually asked you this question, how many apps have you removed from your apps store because they shared information with thirds parties without users' consent? 's mentioned to senator coburn, our first is not to put them there in the first place. if we find out, we investigate, we work with the developer to get them to give proper notice, and we tell them at some point if we find them violating, you are going to be off in 24 hours. in fact, i think all of the applications to date or the application centers to date have fixed their applications rather than get yanked from the app store. >> the answer to my question is,

zero? >> zero. >> thank you. let me ask you a different question, of all the things you have seen what is the most serious privacy threat that mobile devices pose today? >> thank you for your question. the biggest takeway is consumers are repeatedly surprised by the information that apps and platforms are accessing. consumers have trust in their computers and found that other devices look at great dial of personal information. and to a degree these platforms are not taking adequate steps to make this clear to consumers, that others have access to this information. i think that's a problem. we have talked about the apps where certain app might need access to your location information, you said no. i don't think consumers would know whether apps would have certain types of location or

not. make that clear. and -- it's kind of it sounds like the providers of these platforms are surprised as well that they are collecting information. in one case they were surprised they were collecting wifi information. in the apple episode, they were surprised they responded they were collecting this information for year. we need improved transparency on -- of this stuff. and in order to do that we need to clear definitions of what things like opt in means. for example. check box being checked by default you have to you can check that, is that kind opt in or opt out? >> sound like an opt out to me. >> clear definition of what location is. if it gets you within 20 feet s. that your location? most importantly, clear definitions of what third parties and first parties mean. >> could you describe the results of the "wall street

journal's" investigation into mobile apps? specifically can you describe the information that apps are getting from users and sharing with their parties. you said they are surprised the average user has any idea this is happening? >> i don't think consumers know apps would access things like your location information or information stored on your device. >> address book. >> your contact. another case where facebook, you would install the facebook act and it would synchronize your entire address book to a facebook server. people are surprised by that. i don't think people realize the data that's held on the phone versus the data transmitted to websites. even more transmitted to downstream apps companies and other entities that are not even the website that builds the app. i think ultimately this might be an issue with regards to -- incentives are mixed.

we have apple and google are software proviresd. they are also advisors and make apps. in the example where the truck was driving and making problematic products, i think in this case, we have the same companies that are -- the truck and the products, it's weird to figure out what the incentives should be for them to do the right thing and make intelligent defaults. i think we have seen the defaults fall in the favor of what is in their best interest. >> thank you. thank you all. senator blue men tall. >> -- blue men tall. >> thank you, mr. chairman. i want to thank all of you again for being here and very, very useful contribution to this hearing. by way of brief footnote to your conversation, dr. dribble, earlier with senator shoer, --

shoe mer, you may or may not be aware, but sometimes police departments actually publicize checkpoints so that drunk drivers will go to alternate roots--alternative roots where they do not publicize checkpoints. so there may be more strategy than you may be aware in some of the law enforcement practices that are involved here. i welcome both you and mr. davidson's willingness to come back to senator shoe mer -- schumer with your response. i also want to welcome and commend google's response on the notice issue in case of breaches which i think is a very important source of support for notice legislation and would ask dr. dribble, i don't think i saw -- dr. dribble i don't think i saw in your testimony, i may have looked at any reference for

requirement for notice 234 case of breaches of confidentiality. would apple likewise support that kind of legislation? >> i actually don't -- i'm not the policy person. what i'll say is that in general we think it's extremely important that information kept on our servers stay secure. we do a lot to make sure that that's the case. and we think that if -- i personally think if customers are at risk from information, important information that's leaked from servers, i, for example, as a consumer would like to know. fortunately apple has not--it's not that. here, if that were to happen i think that would be something that consumers would want to know about. >> with would it be apple's

practice to notify consumers in case of breach as soon as possible? >> i believe we are subject to at least various state laws along those lines. breach notification. and although it's not my area of the company, i certainly believe that -- i know we would comply with that and notify in case of a breach. >> again i will be submitting questions that i'm hoping that all witnesses will respond to. and we are late into this hearing, but i would be very interested in knowing and we welcome your response here if can you do it briefly what additional measures you would suggest. as you may have heard earlier we asked the panel before yours about requiring security measures, privacy by design so to speak, as well as remedies such as credit freezes, credit monitoring in case of breaches

to prevent such breaches. and would welcome any comments from the panel. or not. whichever you prefer. >> fortunately i testified on this issue last week. i've done a little thinking about it. from a consumer perspective there's pretty strong legal regime in place to require the practices. the f.c.c. has brought 30-some odd cases where -- adequately secured data. for data breach notification, 46 and 47 states have versions in place. the legal regime right now also has strong protections in place. the things we would probably look for are, one, more authorities at the f.c.c., greater capacity to bring more cases. penalty authority especially as well. the f.t.c. does not have the ability to give civil penalties for violations of the act. i think that there are a stronger stick, i think you

would see bert practices. also i think we'd like to see other fair information practices put into law. one idea we keep bringing up is this idea of data minimumization. you have data sitting on your servers. you don't need it anymore, get rid of it. both the sony and other case it seems they were holding old data they didn't need. sony had two dozen data basings with credit card numbers they weren't using. keeping email addresses of people who had previously opted out. i personally got emails from companies i got opted out. by the way your data was preached. putting into law protections for stronger f.t.c. authority would be valuable. >> did sony have in place adequate safeguards? >> i'm not a technology gist, there have been a lot of press

reports indicating that there are things they should have done better. their servers were not attached to the latest security software. they were holding old data in it. their pass word verification system probably should have been stronger. probably not the best person to testify to that. it seems to me, it seemed inadequate. but there are definitely strong security minds and space to criticize what they have done. >> in fact they acknowledge that much better, stronger safeguards should be in place going forward, whether that's an implicit acknowledgement of the inadequacy briefly we can't ask them because they are not here today. certainly they are going to upgrade or at least a promised upgrade their safeguards. >> yes. they have said they are going to put better protections in prote. there were maybe a greater

consequences to data security breaches such as f.t.c. penalty authority, hopefully companies would think about more in advance than trying to abend pend security and privacy after the fact. >> i have a bunch of other questions which will i ask the witnesses and won't deand you to ask now but thank you very much. >> thank you, senator. the hearing and record will be held open for a week. in closing i want to thank my friend, the ranking member, i want to thank all of you who testified today. thank you all. as i said at the beginning of this hearing i think the people have a right to know who is getting their information and right to decide how that information is shared and used. after having heard today's testimony i still have serious doubts that those rights are being respected in law or in practice. we need to think seriously about

how to address this problem. we need to address this problem now. mobile devices are only going to become more and more popular. they'll soon be the predominant way that people access the internet. so this is an urgent issue that we'll be dealing with. we will hold the record as i said open for a week for submission of questions. and this hearing is now adjourned. [captions copyright national cable satellite corp. 2011] [captioning performed by national captioning institute]

>> u.s. house is in recess right now. they'll return at 2:00 p.m. eastern for general speeches and

back at 4:00 p.m. to deal with a bill on offshore drilling permits which members worked on last week. and a bill dealing with haiti relief efforts. live coverage when the house gavels back in here on c-span. president obama will deliver a speech today on u.s. immigration policy. at the national memorial park in el paso, texas. for the past several weeks the president has been meeting at the white house with hispanic and latino groups in an effort to increase public support for congress to pass immigration reform legislation. we'll have those remarks at 3:30 eastern on c-span3. later a live booktv stream from an event at the new seem here in washington. the authors of the book do more than give. we'll look at the imgract foundations, truckees, and wealthy donors have on social, and environmental changes around the globe. that will be streamed live online at booktv.org.

the military senior commander in eastern afghanistan today said insurgent activity has not increased in this area since the death of osama bin laden. major general john campbell also said border cooperation with pakistan is at an all-time high over the last two months. he speaks with reporters for about 45 minutes. >> we'll get started. good morning to those here at the pentagon and good evening in afplgt i'd like to welcome back to the pentagon briefing room to the pentagon briefing room army makor general john campbell, commanding general regional command east. general campbell assumed his duties in afghanistan in june of last year. he previously spoke with us in this format in october and he joins us again today from bag ram airfield.

next week general campbell will transition responsibility from regional command east to the first cavalier division's army major general daniel allen. he'll make opening comments and take your questions. with that, sir, i turn it over to you. >> thanks, dave. i'm at a disadvantage because i can't see anybody out there. aim note sure who is out there. i'm sure i have talked to many of you over the course of the year or seen you in the pentagon. thanks for the opportunity to speak to you tonight. speak to you tonight. i think it's customary to have a written statement at the end to go over your accomplishments over the past year. i don't want to do that. do i have some cards to talk about security developments, information ops. i won't go through those. i would rather getway to your questions and answers. it's been a very, very exciting here for regional command east. we have been honored to serve with our afghan partners for the past year. i don't want to bring three points, transitional authority.

as dave talked about next week we'll turn over to the first cavalier division a very good friend of mine, major general dan allen. he's over here now. our legacy is how well we set up the unit who comes in behind us. that's what we are trying to do here. staff officers have been working together over the last year. there's been several leaders reconsequence here by both dan and his staff personnel, commanders. you are most vulnerable when you transition, but i believe we mitigated that risk because of the great cooperation we have had between both the first cavalier division and the 101st airborne division. airborne division. just like the 82nd when we transitioned with them a year ago. again the army does these transitions of authority at every level. we have been doing them for many, many years. i think we got this down well. i we'll comfortable to talk about that transfer authority. couldn't have picked a finer officer than dan. i'd like to talk about realignment of forces. we have been doing that over the last year. getting the inputs right. there's been a lot of talk about

coming out of the valley. what am here to tell you we did not come out of the valley. we realigned forces. over about a 10-month period we looked hard at what general petraeus talks about, getting the inputs right. across the battle space we have been getting inputs right. moving around afghan forces where they needed to be. where we needed them. we added additional battalions. additional police. we do think we have a pretty good set now and we have the right structure, right afghan forces, coalition forces, right leadership and strategy. we have seen great progress every single day. some days are very frustrating. two steps forward, one step back it is progress. we are very proud of our coalition partners and afghan partners. we have been realigning some forces over the course of the year. we have over 130-plus cops. we have transferred some of those to the afghans recently.

we have closed some and plused up some. that's a continual process every commander as they come in continues to do throughout his tenure here in afghanistan. so we continue to do that. we feel good about the step that we are going to turn over to both the first cavalier division and afghan partners here. a little bit about the spring campaign season. we have been at it about the march time frame. the wintertime frame the off tempo continued to be high here in regional command east. we stayed after it. the number of caches we have been able to take off the battlefield, munitions, i.e.d.'s is well over double what it was the same period last year. we think we have changed the dynamics of the battlefield by doing that. as the insurgents have tried to come back and do their own spring campaign. they announced in late april, said on our about first of may they would come at us hard. we have not seen an upparticular -- uptick in regional command east. about the 30 days prior to one may, the number of insurgent

initiated attacks was between 25 to 30 per month. that number after 1 may has continued to be the same. but we have noticed as continue to go on as they have made that pledge about 1 may and spring offensive, is that they would try to reduce civilian casualties. they have done the opposite of that. on the first of may they killed seven afghan civilians and wounded 345. vicious attacks against women and children. 90% of the civilian casualties are caused by the insurgents in regional command east. we have our own spring campaign that work hand in hand. very proud of how they have continued to uptick their planning and integration with the coalition forces. we have several operations that are ongoing at this point in time. very aggressive out there. going after the enemy. i think that has made a difference on what the enemy tries to do and come back with their own spring campaign which they have not seen. going back to that piece where

the insurgent casualties on the first of may, that was done by a 12-year-old boy, suicide bomber. coming out of pakistan. and strapped on some explosives, walked into the marketplace and killed many of the civilians i talked about. so on the spring campaign i have been asked a lot about the difference of the spling have they come on harder, have they changed since the death of bin laden after the first of may, my answer is no. we have not seen that increase. we have heard talk about it, but the coalition forces in our afghan security partners are prepared for that and vell good about the set we have now. the last thing i would like to talk about here at the beginning is our cooperation, our coordination with our afghan security partners. everything we have done over the past year has shoulder to showed with both the army, police and afghan border police. we have worked at that hard. i think we can really see the results over the past year. we kneel very good about where the afghan forces are. still a lot of work to be done.

we do think we are headed in a much better afghan security force than we had a year ago. that really is a lot of great work by the coalition partners but also the afghans themselves. they stepped up and we feel gooed about the future of afghan. -- afghanistan. i talked to many of you throughout the year but i welcome your questions. thank you for the opportunity to speak to you here tonight to talk a little about about this. i stand by for your questions. >> mr. burns. >> mr. burns, a.p. picking up on your point about not having seen any uptick in taliban attacks lately. we had a story today quoting a police chief as saying there was a rather large-scale taliban attack on police. wonder if you have details on that? if i may add a second question, as you finish up your year there and prepare to transition out, what is your view on whether there's room for a drawdown of u.s. troops either in your

region, either the summer or later this year? >> thanks. appreciate both those questions. the first one, the attack on a check point, i have seen the report also. i just got off the phone with my tack 1 which is located in gamberry. they have police there, army there, joint tach. they just got off the phone with that same provincial police chief. he had reported about 400 insurgents attack as checkpoint. he is not at that location. we are talking about what do they need? we have never seen the whole year i have been here 400 insurgents mass. i would welcome if we could get 400 insurgents to mass. we have to go back and tell us what he's been saying, get better information. the latest he had 24r was three

wounded afghan national police. they believe they killed or wounded about 10 insurgents. we asked them if that he needed ammunition. they did not need that at this point in time. he is a long distance away. he's about 20 miles to the north of this particular checkpoint. it is not a district center there. was talk a district center had been run over. we have moved udge manned ariel aircraft in that -- unmanned aerial aircraft in that have a sinity. the mountainous terrain is tough. with the weather comes in and out. we are trying to get full motion videos so we can see what's going on up there. the initial reports right now is that checkpoint is still intact. they are still working there. there was an attack, still sketchy on the details. we do not have any coalition forces. up in that mart -- part. it is hard to get back and forth. there are hundreds and thousands

of isolated small valleys there. again communication is tough. i feel very good with our tact that they are getting at least phone calls in. it was not as hectic or the 400 insurgents he talked about. just number that same area, last year when we took over we had to send in coalition forces thrup for a period of time. the 82nd did that before us. we tried to move that toward an afghan solution. over the last year the afghans have picked that up. they have taken control there. there is also reports daily about insurgents, we had an assessment team there the other day, they have afghan border police, national police up there. we resupplied them with ammunition. it was not taken over. there were hundreds of insurgens up there like we heard last week. a lot of this really, when you

get up there, we really got to understand the insurgens have a pretty good information ops campaign. we are going to take that with a grain of salt. at the same time we want to make sure we are providing the support we have for afghan parters when they need t we can't be everywhere. hopefully that gets to your question. on the grawdown piece. that's a decision for the president, for general petraeus. as i look around regional command east, i'm very thankful for the forces that we have. in regional command east right now. we didn't get our last brigade until the end of august. they came in the august time frame. they continue to do great things where they are. but we are just now being able to see the effect of having the coalition surge over the last several months. again when we took over in december, fall time frame, got jets in the background there, we are still getting the inputs right. we do think we have those right

now. we got to let this counterinsurgency, our operations here to take effect. it will take time. again we have real life forces. taken them out of place where is they are static. where they are not aguy guile -- agile, and take them to other forces, so we can deny sanctuary to insurgents in the battlefield. we feel very good about what we are able to do. as far as forces coming out, i'll leave that to our headquarters. have not discussed that with them. >> general campbell, jim miklaszewski with nbc. with the death of osama bin laden, there is a growing chorus of voices here in washington. some on political political that say -- capitol hill that say, well, his death should allow the u.s. withdraw large numbers of troops from afghanistan. and essentially end the u.s.

participation in that war. now, do you believe that? if so, why? if it's not the case, why not? >> thanks, jim, for the question. bin laden certainly the leader of al qaeda, certainly important man of that organization, but one man does not make this war on terrorism. in the short-term we have not seen a big impact on his death here. there has been a lot of talk about revenge about coming at both the coalition and afghan forces here. we have not seen that here since the first of may since they talked about that. but again i don't think that one person makes the war on terror here. they'll find somebody to replace him. they are going to have some issues i think without bin laden there based on fundraising and the ability to have his charisma to bring in funds, that kind of thing, to recruit. but again there are multiple

insurgent groups that afghanistan and the coalition forces are going and trying to neutralize here. i don't think the war's over. i don't think the loss of bin laden will cause us to change our strategy. >> general, tom, "new york times." thanks for your time today. thanks for your time today. this question follows on that. which is whether the death of bin laden might in way push forward an effort at reconciliation. you talked to us before we shouldn't think as one insurgency. clearly these groups have different relationships with each other and al qaeda central either literally or ideologically. is there a chance to divide these groups and bring them to the enable for negotiations? -- table for negotiations? >> thanks, tom. good to hear from you. i think that's a great question. i think there's great

possibilities here. we talked about about reintegrate being a game changer. we are seeing it in regional command east in the last 60 days. the governors are picking this up. you have informal and formal modes of reintegration. we are seeing more of the informal where the governors are picking up. people are coming to the governors, governors of the 14 different provinces we have. so we feel very good about reintegration in the future. we got to continue to work hard and educate through the ministries on what we can do on reintegration. i think because of bin laden anti-death of bin laden this great potential that there will be many people out there that will could want to come back in and have that opportunity. and have that opportunity. they look at and understand, they have seen videos of bin laden sitting in a small room looking at a tv, pictures of himself up there. kind of alone. desperate. not this big leader that they thought that he was. he's sitting in pakistan.

many of the other insurgen groups we deal w. the leadership stays in pakistan. they don't share the same hardships. i think the insurgents are going to say, why am i doing this? i think there's great potential for many of the insurgents to say i want to reintegrate. remember what president karzai and afghanistan has said, if they denounce al qaeda, they pledge their allegiance to afghanistan, throw down their arms, that afghanistan will take them back. they understand there has to be a political solution to this fight here. i think this gives us a great opportunity. i think president karzai and the afghans look at it that way as well. i hope it does. the afghan people deserve this opportunity to live a better life and reintegration will go a long way. >> we when we spoke to you last time you were talking about your cooperation with pakistani 11th corps. i'm wondering if there was a

change in that since the mission to kill bin laden. are the pakistanis starting to cooperate on taking down the network at least along the border region? >> thanks for the question. i think the last, we have been working the border piece since day one. we have been working the reelingship with the 11th corps. the frontiere scouts. i have gone to -- frontier scouts. i have gone to pakistan several times. times. i think at the tactic aol cooperation level that cooperation over the last two months is the best we have seen it. battalion to battalion, brigade to brigade, opening those lines of communication has helped all across the 450-plus miles of border, regional command shares with pakistan. i think it's gotten really well. after the