he has been implementing this policy ever since. this discussion and these meetings, and the resolve will come with his announcement as part of the implementation process. >> and how worried is the white house about the greek crisis, and the implications for the american economy. >> we are monitoring this regularly, and we have a head wind in terms of the global economy, and the domestic economy. we are monitoring the situation closely, and we are in regular communication with the european counterparts. we have the capacity to deal with this, and this within our capacity to deal with this. so far, greece has made progress but it is important for the greek government to carry on their fiscal measures and

reforms. this is as we have a discussion with the international monetary fund. >> anthony weiner is expected to resign. will you get the focus back on jobs? >> the president expressed his opinion that made it clear that this is not an issue he is focused on, as he has much more significant priorities. i don't have much more to add to this. >> has the president spoken about this in the coming days? it is said that the democrats now on the economy, is this true? >> we are all working together in washington to devise policy, to improve the economic situation. and what the congressman was referring to is that the turnaround that we have seen,

the change in directions was reflected on the fact that we were losing 700,000 jobs when the president was sworn in, and six months we have gained 1 million jobs and in 17 months, -- this reflects a change in direction. the fact that we were contracting severely with the economy by 6.4%. we have grown for seven straight quarters. we believe that the actions that we have taken in early 2009, some of them were very controversial. but they have been helping to change the direction, this does not mean an arrival at a destination. we are not where we want to be in terms of the economy or job creation.

he spends so much of his time devoted to discussing the economy with his advisers and talking to outside people about their ideas, including his jobs and the competitiveness council. this is for their ideas to continue to grow the economy and create jobs. >> in the six years since president obama came to washington, there are other politicians who have undergone scandal. i can only understand that obama said that someone should resign, or that he would need to resign, was congressman anthony weiner, who had not broken any laws. why would the president choose to speak on this issue and not take on rangel or vitters? >> he was asked about it. he was not looking to comment on the situation.

as he made clear on the follow- up that was asked. this is not something that he has had the luxury to focus on. i think he made it clear that he agreed that the behavior he exhibited was inappropriate, that he had embarrassed himself and obviously, his family. he was asked a question and he had responded. he did not say anything beyond that in response to the question. >> how does he feel about david vitter and his behavior? >> republicans have been attacking president obama, about being out of touch with the economic problems of americans. he told the unemployed americans that they are not speed bumps,

and mitch mcconnell said that he was joking about the stimulus, the jobs and the competitive council in north carolina. this is not as shovel ready as they instigated -- so it did you have a response to this charge? >> i think that this is obvious that the president is focused on the economy, that he takes this enormously seriously. he takes it seriously, the issues that americans have to deal with as we emerge from the worst recession that we have seen in our lifetime. one reason that he asked his office -- for the letter of the day for him, from the 40,000 that were addressed to him every day, is because he wanted them to, in their own words, read

about what americans are going through. when he initially this practice back in the early part of the administration, this was part of an economic free fall. he feels is very keenly and this is the primary focus of his administration and his waking hours. what he can do and what we can do as an administration, and what we can do as americans and democrats together to continue to grow the economy, and continue the positive progress that we have made and continue to create jobs. >> obama was under 50% for the first time that we could remember if people last people -- people were asked if he understood the problems of people like them. >> what he does every day is focus on his job, and what he can do to help the american people.

opinion polls say a lot of different things. the reality is that when you are worried about losing your job, or you are worried about losing your house or the mortgages under water, this anxiety is real and understandable and it affects how you view your own prospects, and how you review the overall the economy, and how you view the leaders in washington. with this president believes is that he came is he came here for reason, the help america change the direction of the country, and to specifically, given circumstances, the dire circumstances, to reverse the catastrophic economic collapse that was unfolding as he moved in. that work continues. we have changed direction.

the economy is growing. we have created jobs. that work continues. this recession caused loss of 8 million jobs. 8 million americans lost their jobs in this recession. there is no other task that he has been more dedicated to than digging us -- or climbing out of this whole. the work continues, and that is why he says we are not done, we are a long way from done. that is why we need to make the right decision, that we do these things, these important things in ways that further our potential for economic growth, increase the potential for creating jobs, that does not in any way reverse the progress we have made. >> could you please respond to

berliner's remarks on libya remarks on boehner's today on libya? >> you have the 30-plus pages we provided the congress. there is a substantial amount of material here in response to the questions that congress has asked, and we disagree. we think the u.s. forces are playing a supporting role in a multi-national coalition, legitimized by the u. n. security council resolution. as we made clear, we believe u.s. forces are not engaged in the kind of activities envisioned in the war powers resolution.

the presence of u.s. ground troops. let me reiterate -- not a single u.s. ground troops in libya now or ever. u.s. casualties -- they also lack. u.s. casualties were a severe threat -- our conclusion, that these constrained and limited operations to not amount to hostilities under the war powers resolution is consistent with the war powers resolution to interpretation put out by administrations and the political parties to the enactment of the statute in 1973. obviously, as a lawyer, you know there is a long history of legal debate about the war powers resolution. we do not expect every person to agree with this. we believe it is accurate and sound legal analysis. >> was the president personally

involved in formulating what you just read? >> he worked with the white house counsel and his team and as a constitutional lawyer himself, he owns this document. >> it is his vision, or ultimately? >> correct. >> maynard has -- boehner has called for the president to make a speech to the american people. >> there are no plans to give a speech on libya. >> boehner suggested that the power of the purse, that congress could cut off funding. >> we do not think that it is helpful for congress to send mixed messages, because the vast majority of members of the congress and the administration believe the mission undertaken by this broad coalition by nato

and other allies, to enforce u.n. security council resolution 1973 has been important. it has saved thousands of lives and has helped create space for the libyan opposition to organize itself, and it has helped put pressure on gaddafi to see the writing on the wall. even those who have concerns, members of congress, they would acknowledge the importance of continuing that mission, and it is something that the majority of congress supports. >> yesterday you were asked if the president believes personally in the war powers resolution. >> let me make clear what we are not say. what we are saying is our current actions in libya in this mission do not fall under the worst powers resolution, because they do not meet that my

threshold of hostilities. what this reasoning is not saying is not addressing the constitutionality of the war powers resolution. it is a limited assessment based on what we are doing and libya and how it relates to the war powers resolution. it is not an overall analysis the likes of which we have seen much of over the past many years since the resolution became law. >> on libya, the attorneys advising gates said the branch, did it always agree that this has been within the president's authority? , there was a robust debate. that led the president to his view, that the war powers resolution's 60-day termination does not apply here. it would be impossible to have a discussion about the war powers resolution in a room of lawyers

and not have there be a robust debate, because it is a highly debated and debatable resolution. i do not think that is surprising at all. i hope that answers your question. >> definition of hostilities, if a foreign country were lobbing missiles at a u.s. city, is that hostility? >> i will not address that fear as to how it relates to our participation in a multinational coalition in libya, are limited role in that coalition, and the activities that we are engaged in. i am not -- not because i am not i lawyer, i am not one to get into that discussion. certainly not surprising. he was identified prior to the successful mission as al qaeda's

number2. it is neither surprising nor does it support -- nor does it change fundamental facts, that al qaeda's ideologies is bankrupt. peaceful movement for change are the future of the region, and al qaeda is the past. that was true before osama bin laden it is true today. >> any plans to send a thunder buster? >> i have no comment. >> [unintelligible] >> are you saying he is mating -- elucidating or hallucinating? >> are you aware of the legislative dynamic on capitol hill, you can go ahead and do a resolution, it will not go

anywhere in the senate? >> will continue to consult with congress, continue to answer congress'question . we have made our legal reasoning clear. i did not anticipate further legal analysis on this issue from us. i anticipate continued consultations with congress about the mission, and stepping back to some that i have not mentioned today, we support a resolution similar to the one tabled by senators kerry and mccain and others. >> you did not specifically endorse the vice president's the deadline of july 1? that something concrete put forward. do you agree with the president

that that is a vile that line? -- a viable deadline? >> i endorse what the vice president said. >> yesterday at the picnic, the pool cameras, video of the speaker, well known to be a smoker. i assume the president is still abstaining from tobacco smoking? [unintelligible] >> i do not know about the venue. i am sure the president will be a fine host. i do not foresee a problem. >> what is the reaction to the

ethanol vote? >> we oppose the full repeal of that subsidy, but we are focused on a broad strategy including increasing domestic development of oil and gas, but also aggressive development of alternative fuels and improving our efficiency. as part of our strategy we would like to see reform that would reduce costs in terms of the subsidy in question, but we did not support the full repeal. >> what is the venue for the saturday golf game? >> i did. we're not going to put it out. my lips are sealed. >> this did not come up with your speaker chat yesterday?

>> i consider him a friend and and join a conversation. >> the legal arguments in the libyan document yesterday, are those the same legal arguments that justice will use in answering the lawsuit filed yesterday by members of congress >> i do not want to prescribe how lawyers -- actions that might take, but the legal reasoning would before the survey would be a foundation -- before yesterday's would be a foundation for our response. >> well the president have any special briefing? >> he will have a briefing on it. he did get as part of his overall briefing, a paper on

greece. >> any update on the government reorganization plans? >> yes, i have something on that. the president called for a free organization of the government in the state of the union address because he believes that government should be the tool to meet the needs of the 21st century. this set of recommendations as part of an overall effort to streamline government, cut waste and duplication, cree effectiveness so we can create a system that will help americans and businesses compete. the analysis was submitted to the president on june 9 as directed. the president will review the recommendations submitted to him over the summer and discuss them with his team, and when he completes his review, he will make a public statement. >> the review is not expected until fall?

>> the submission of recommendations was made on june 9 as directed by the president. the president will review it over the summer, so sometime within the post-review. , i am sure he will make a public statement about the recommendations. >> what is the road map to in the meeting today on a hill with a vice president and july 1? >> i anticipate more meetings. i do not have announced -- i do not have an announcement on when the meetings will take place. we continue to look to intensify the process. we have been on specific about the progress that has been made deliberately, but consistent in describing what has transpired as cars, not just us, but other participants. we believe they have made

important progress in those negotiations, and are optimistic about the prospect of an agreement. >> what is the rationale for waking a day to acknowledge that? >> i was asked yesterday, it had not happened. >> you stress this is not part of all souls -- wholesale change of strategy. do you plant to downplay this? >> what i think happened is i say, most folks here reported on that unique and current -- and on president oppresses the president initiated and oversaw and 2009. i did not want people to expect a repeat of that unprecedented

process. that is all. i am not trying to downplay it. we it is significant he is doing what he said he would do, to some degree of skepticism back when he announced this policy. the inclusion of the july 2011 date as the beginning of the drawdown of the search for says he was sending into afghanistan was viewed by some as not serious. it was deadly serious. the president is doing exactly what he said he would do. he is implementing that policy that he put in place in december of 2009. that strategy has met with significant success, and he is reviewing the situation and will make an announcement soon as he said about the pace and the slope of the drop down that will begin next month. >> i have asked several times today if the president still

intends to have a formal speech that will include the particulars of the immediate drawdown. >> we never suggested he would make a formal speech. we have not decided on the v enue or the format, but he will address it. i am confident of that. i do not have an announcement about a venue. >> what was the petraeus meeting about? >> not every meeting was on the president's schedule. >> the national security council meeting? >> the weekly meetings with the secretary, secretary gates, clinton, but now all meetings that he has are. this was an additional meeting and we did not put it on the schedule, and when asked, i

answered the fact that he did have this meeting. >> what happens now on libya? you say the president disagrees with congress. you say you are not going to give any more legal assessment the contras. what happens? >> the important thing is not who wins. it is about -- we are continuing the mission. continue to consult with congress. we continue to answer questions when they have that. we have provided the analysis that was sent yesterday to congress. the process moves forward. as i answered in response to a question, we endorse a vote on the resolution put forward by

the bipartisan group , and we continue. the important thing is we understand what is happening in libya, that progress we have made, the fact that the president has done what he said he would do, to some degree of skepticism and even served by people i am looking at now, that he would do what he said he would do, at the military take the lead in this operation in the initial days because of our unique capabilities, and within days the u.s. would step back and other partners would take the lead in this mission. that is what happened. it has been true ever since. he said there would not be u.s. ground forces in libya. he meant what he said. he said our mission there is described by and of the by the united nations security council resolution 1973, and he meant what he said.

this mission continues to be successful and saves thousands of lives, preventing what was likely to be a massacre in benghazi. we have worked hard to free up funds that have been frozen, regime funds, so the opposition can use those funds for assistance. we believe the libyan people will have the opportunity to decide their political future. >> the president will not budge on his current military policy? >> i cannot improve upon the substantial report we sent to congress yesterday. we continue our supporting role in that mission. >> the legal justification -- the report says that the mission will call us about $700

million and by september it will be around $1.1 billion. how do you justify that with the american people? >> it is justified clearly in terms of why the united states is participating in the mission in the form he has dark forces participating in it. the money you mentioned is coming from existing funds. there is no request for a supplemental, and it is money that would have been spent on other things like training missions that are being fulfilled by the actual missions being performed, so this is not new money. we believe it continues to be in the u.s. interest to participate in this mission in a limited manner we are participating in it because it isn't our interests with in this multinational coalition to

continue to protect civilians, continue to enforce an embargo, to give the opposition time and space it needs to organize. >> you will be operating in the same capacity by september? >> i cannot predict the future. a lot depends on what is happening on the ground. nato recently extended its mission for 90 days, and we are participants in that mission. we anticipate what libya will look like in september -- i'm not prepared to do. [unintelligible] i think the president made the decision about the level of our participation based on a number of factors are carting -- regarding serving our best national security interest.

one thing that is true is the limited nature of our participation has reduced the cost of it. more importantly in terms of that success, the multinational nature of the mission has insured this has not been such -- something that the united states loans, that is a broad coalition, including arab partners, that are responsible for this that decided to take this action, and we believe doing it in that way enhances the prospects of a positive outcome for libya. >> april? >> two questions. one on the economy. last week the labor department came out with a report on the recovery and the labor secretary said the president and the vice president -- what's the next step as the black labor force has been hurting for decades in this country? >> no question. this is a matter of significant

concern to this administration. as is the overall situation with employment. unemployment is too high. we are working every day to bring it down, to make sure that americans who are looking for jobs, minorities and nonminorities who are looking for jobs, can finds them. there is no higher priority here. and we are working hard to address overall our economic growth and our job creation. >> also, on the other question, the president wants to keep calm waters between the branches. why doesn't he just have a conversation and say, look, this is what we're intendsing? why didn't he do that to congress? >> the president has consulted with congress on this. members of his team have consulted regularly with congress on libya. again, this is now somewhat

stale, so the number of engagements is higher. but more than 40 occasions this administration has engaged with congress on libya both in closed and open session, larger and smaller meetings and in direct consultations, and we will continue to do that. the president has had that discussion and members of his team have had this discussion with congress. >> on more than 40 occasions prior to the action? >> no, no, since the action and including prior to it. but within the context of the action. >> what i'm saying is why, in efforts to stay above the fray and to keep peace, why doesn't he just go to congress and say, look, this is what i'm thinking about doing? >> well, he did. as you know, he had leaders down here before the mission began, first of all. second of all, the president's goal us not to keep the peace and stay above the fray. that is not the mission of his presidency. he saw an urgent need that needed to be addressed, an imminent massacre, a unique set

of circumstances and was willing to take,. a significant resolution passed by the u.n. security council and those factors combined led the president to believe that the action he took was the right action to take, and he consulted with congress about it. yes, sir. >> twice you said that congress shouldn't send mixed messages on libya. why not? >> well, because i think it is important that -- first of all, i think congress shares our goals broadly, our goals in libya. it's important to make it clear to gaddafi and others that that unity in terms of the shared goals exists. we are not in any way suggesting that congress shouldn't express its opinion or have these discussions, and we are in these consultations regularly. but i think that it's just a broad point that we share these goals. we have consulted regularly. we've answered these questions. we understand there are concerns and we continue to

answer those concerns. >> i'm not questioning congress's right to ask questions, but what's the mixed messages? >> i think they are sending more than one message about how they view libya, about whether our goals are the right ones and how we achieve them. but, again, i don't want to suggest -- and i'm not -- that they are not well within their rights to express concern or objections and raise questions. >> i wanted to ask sam, and i wanted to ask you if you noted that josh beckett had a masterful performance yesterday. a one-hitter with 97 pitches. a shutout. >> am i supposed to -- >> that's all. i just wanted to make sure -- i thought maybe they were playing this afternoon. i saw your head down, i thought maybe -- >> no. can i ask a question? >> yes, sir. >> before you refer me to the department of justice, the senator sent a letter to the

white house yesterday expressing disapproval with the lack of action on gun policies in this administration. i'm wondering what the reaction is from the white house, and how do you push back against the notion that nothing has been done on guns when the record shows that nothing has been done on guns? >> can i refer you to the justice department? [laughter] >> no, you cannot. >> i'm not aware of the letter, so i don't have a reaction to it, sam. i think you know the president did have an op-ed about gun policy in the wake of the terrible shooting in arizona. i don't have an update for you on the actions that we've taken. >> can i email you the letter and get a reaction later perhaps? >> you are welcome to do that. john christopher. >> last night you said john osborn endorsed a plan to

separate retail banking in response to the global financial crisis. since the u.s. is part of the same global financial marketplace, does this administration believe this may affect competition between the u.s. and the u.k. in the financial services market? >> that's a kind of question that i think the treasury department is best suited to answer, so i refer you to the treasury department, especially on the second part. overall i think it's important for us to note that as countries around the globe have dealt with the crisis that occurred in 2008, the financial sector crises and the recession that ensued, obviously every country is different and the way they deal with it is different. president of the president's leadership, we took very significant action to pass financial reforms, financial sector reforms and we continue to implement those. but, again, each country addresses these issues differently.

>> i have a question on job creation. could you talk a little bit about how it works and how is it that private sector -- where the government -- will the government provide anything? >> i believe it is a private-sector issue. why don't you come up to me. the way this job works on monday be i could have told you so many things about that. my bandwidth being limited. but you're correct, it is a private-sector initiative. we are looking for ways -- actions the government can take, actions the private sector can take. this is an all-hands-on-deck

situation since the moment we came to the white house. so the president was very encouraged by the jobs council meeting and the ideas that were generated there. two dozen ideas, many of them very promising, he thinks, and that was just one of them. george? >> you just mentioned your personal friendship with the speaker. in this week of golf games and picnics, you talk about the values -- >> i have no plans to play golf with anyone. >> talk about the value of building personal relationships between the president and leaders from the other party in congress. >> i think he and i have addressed this before. he feels that it is a very useful thing to do. and i know the vice president, whom i also work for and worked more directly for in the past, feels very strongly about this, too. that part of what's happened in washington has been that the normal human interactions you have with people that you might

disagree with on policy have become far and fewer between, and that that's not particularly helpful for constructive dialogue. we have big issues, and the nature that we need to solve and the nature of our system is that, for better or worse, and we think for better, because we think it's an awfully good system, the american system, it requires bipartisan cooperation to get anything significant done. that is almost always the case. and it is certainly the case when you have one party in the white house and the other party in control of one or both houses of congress. so these kinds of meetings, this kind of communication are, i think, very helpful. they don't necessarily produce tangible progress on legislation, but they do produce the potential for a better atmosphere in the room when important things are discussed and negotiated. so that's why the president has encouraged the kinds of

encounters he's had with speaker boehner, for an example, as well as democrats. why he asked conferences and caucuses of each house to come to the white house earlier this year and why he invited the speaker to play golf this weekend. >> does it make it easier for him to cut through staff and just pick up the phone and call somebody like the speaker for -- >> yeah, no question, no question. thanks very much. i know you guys got somewhere to go at 2:00, right? [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011] >> c-span has launched a new easy to navigate website for politics and the 2012 presidential race, with the latest c-span events from the campaign trail, bio

information, twitter feeds and facebook updates from political reporters. visit us at c-span.org/campaign2012. >> presidential candidate newt gingrich will speak at the republican leadership conference getting underway in new orleans. our live coverage of the three-day conference begins at 7:30 p.m. eastern time this evening here on c-span. >> blackberry users, now you can access our programming any time with the c-span radio app, with four audio streams of our programming, public affairs, nonfiction books and american history all commercial-free. you can also listen to our signature interview programs each week and it's all available around the clock wherever you are. download it free from blackberry app world. >> pentagon leaders said today that u.s. must keep working to salvage its relationship with

pakistan in order to preserve security in the region and protect against possible proliferation of that country's nuclear weapons. these comments, during a news conference by defense secretary robert gates and joint chiefs chairman admiral mike muscle epi, this is reportedly secretary gates' final press briefing before stepping down june 30. it's about 30 minutes. >> i begin this afternoon with a brief personnel announcement. we thought about the lectern and i would announce that i was firing myself. i have recommended to the president that he nominate admiral jonathan greenert to become the next chief of naval operations. he's the current vice c.n.o. of the navy who has various budget responsibilities. following two decades as a submariner, he commanledsed the searchth fleet in the pacific

and later fleet forces command. the admiral, if nominated and confirmed, would succeed admiral gary roughhead, who will retire this fall. at the appropriate time later on, the leadership will have the opportunity to pay a full tribute to rad mirl roughhead's nearly four decades of service and his leadership at the helm of the navy for the past four years. i very much enjoyed working with gary and have greatly valued his counsel and wisdom on both navy issues and broader strategic matters. that's my only news today, but since this will be my final press conference as secretary of defense, i would actually like to take this opportunity to say a few words to the pentagon press corps. and don't worry, it's all good. [laughter] these past few weeks have truly been the long goodbye, particularly for the traveling press, so i'll keep it short. even though i had held senior jobs in the u.s. government and was president of a major

university, before becoming secretary of defense i had never had sustained and regular "on the record" interaction with the news media. when i first took office i worried that relations between the pentagon, the military and the press, while always difficult, were mostly characterized by mutual suspicion and resentment. i made ate point when speaking to military officers from cadets to generals to remind them that a vigorous, inquisitive and even skeptical press was a critically important guarantor of freedom under the constitution and not to be treated as the enemy. i gained even more of an appreciation for the important accountability role of the press early in my tenure, when newspaper reports exposed two glaring bureaucratic shortcomings in the outpatient treatment of wounded warriors at walter reed and purchasing life-saving mh-wraps for troops

downrange. responding to both of these critical issues which only came to my attention through the media became my top priority and two of my earliest and most significant management decisions. over the past 4 1/2 years i've not always liked what i read, and like anyone else in government, i hate leaks, maybe more than most. but i have great respect for your role as a watchdog on behalf of the american people and as a means for me to learn of problems that the building was not telling me about. i know we don't always make it easy to do your jobs here, gaining timely and usable information out of the bureaucracy and their gatekeepers is always a challenge, a challenge that i shared with you on occasion. so thanks again for your professionalism, tough questions, and hard work. i'll close by saying a few words about the man seated next to me, admiral mullen and his vice chairman, hoes cartwright. chairman mullen has spent four years as the military's most senior officer. every day of it in a time of

war. he played an instrumental role in developing and executing our new strategy in afghanistan where we are now seeing substantial progress. beyond the wars mike's focus has been on people, in particular, his concern about the stress on the ground forces and their families. our men and women in uniform could have no better or more effective advocate and they will undoubtedly be sorry to see him go when he has his well-deserved retirement. serving alongside admiral mullen has been general hoss cartwright, an outstanding chairman of the joint chiefs, bringing his strategic brilliance. his skills have made him a transformational leader in the military and an instrumental figure in the complex decisions of the past few years. i consider both general cartwright and admiral mullen as friends and it's been a true privilege to work alongside them for nearly four years. our country owes them a great debt for their years of service

and i'll always be in debt to their extraordinary leadership. mike? >> the only thing i'd like to add is with respect to the nomination, the recommendation for admiral john greenert, i've known him for a long time. he's an exceptional officer. and if confirmed will be, i believe, an exceptional c.n.o. he has wonderful operational experience, fleet experience, he's terrific with people and he has extensive experience in the money world, which is now facing all of us. so i strongly concur with the secretary's recommendation in that regard. >> let me start by saying that we appreciate the fact that you kept to your promise to appear regularly in this room to take questions over your 4 1/2 years. >> actually, i was a little joking about that in the situation room yesterday. several of the other commenting that we've made it very difficult for them.

[laughter] >> mr. secretary, on the u.s.-pakistani relationship, which some say has sunk to a low ebb, i wonder whether you have any regrets about the way the relationship has been handled and whether you see on the horizon anything that will stop this downward spiral, and for admiral mullen, a similar subject. you have developed, of course, a personal relationship with the general. are you concerned that he may be headed out the door? and what would be the meaning for the military cooperation in pakistan if he were no longer in the picture? >> first of all, i would say that the long history of the u.s.-pakistani relationship has had itsens and flows. they have regarded over the decades that we have abandoned them on at least four occasions

, two wars with india, when the soviets left afghanistan, and then after the enforcement of the pressler amendment. so it's a relationship both sides have had to work on. and it is complicated. but as i said yesterday in the hearing and as i've said often before, we need each other, and we need each other more than just in the context of afghanistan. pakistan is an important player in terms of regional stability and in terms of central asia. so my view is that this is a relationship where we just need to keep working at it. >> is there something that can come up in the near future that can change the direction of the relationship? >> just as theens have come in surprising ways, i suppose that

the things that would cause an uptick are hard to predict right now. but the key is to keep the lines of communication literally, i mean, between our government open and to continue communicating with each other as openly and honestly as we can. >> from my perspective nothing has changed in terment of the critical tee of the relationship, which is one of the reasons that i worked so hard. and certainly i have a very strong personal relationship with the general, and i consider him a friend. but it's not just the personal relationship, because i have a very strong professional relationship. nor is mine the only relationship in our military-to-military relationship between the two countries. and the -- what he's going through right now, what the pakistani military is going through right now is

considerable introspection. that makes a lot of sense to me. they've got some questions. and in the end -- and i know the general well enough to know what he cares about the most is not himself. what he cares about the most is his institution and leaders throughout the world and certainly in this case. we share that with him. i think we need to give it a little time and a little space as they go through this introspection. i would agree with what the secretary said. as opportunities come up and we hit some very difficult times, i think there will be opportunities for the relationship to improve. certainly the challenges aren't going to go away. the reason isn't going to go away. as i said yesterday on capitol hill, i believe we have to be very careful now in terms of the relationship and, you know, were it to break or were we to walk away, i think it's a

matter of time before the region is that much more dangerous and there would be a huge pull for us to have to return to protect our national interests. >> and more admiral mullen, too, following up yesterday on your testimony and some of the questions asked by some of the senators yesterday, what specifically would be the threat if the u.s. were to cut off funding and close relations with the pakistanis? and can the u.s. strategy in afghanistan succeed without pakistan? >> well, first of all, i would say that the -- that our strategy is succeeding and pakistan is playing a contribute tore role to that. -- contributory role to that. it is important to remember that they have 140,000 troops on that border, that at a minimum, we're stirring things up.

they cleared south what here stan, but even their presence and maneuvering creates uncertainty. there is some indication that al qaeda is worried that because of the way we went after bin laden, their suspicion is that pakistanis may have been involved in it and are worried that the pakistanis mabee tray them as well. -- may betray them as well. there is clearly the lines of communication through pakistan are critical for our operations in afghanistan. so i think all of these things are important and then just in terms of regional stability, there is the reality that pakistan is a country that has a number of nuclear weapons. and, again, keeping those lines of communication open, it seems to me, is very important. >> i would just re-emphasize the last points. it's a country with an awful lot of terrorists on that

border. obviously the link that we've got with -- in the afghanistan-pakistan campaign, if you will, which is what it's been for me since the beginning -- it's not about one country or another, it's about the region. and those things that i fear in the future, it's the proliferation of that technology and it's the opportunity and the potential that it could fall into the hands of terrorists, many of whom are alive and well and seek that in that region. and that's of great interest, i think, to our country and certainly to the rest of the world. >> i'd like to ask both of you your reaction to the fact that zahra herey has now been elevate -- ayman al-zawahiri now has been elevated to the top position. >> i'm not sure anyone should

aspire to that, but i think he will face some challenges. bin laden has been the leader of al qaeda basically since its inception. in that particular context he had peculiar charisma that i think zawahiri does not have. i think he was much more operationally engaged than we have the sense zawahiri has been. i've read that there is some suspicion within al qaeda of zawahiri because he's egyptian. so i think, first of all, i think we should be mindful that this announcement by al qaeda reminds us that despite having suffered a huge loss with the killing of bin laden and a number of others, al qaeda seeks to perpetuate itself, seeks to find replacements for those who have been killed, and

remains committed to the agenda that bin laden put before them. so i think he's got some challenges, but i think it's a reminder that they are still out there, and we still need to keep after it. >> david, it's not a surprise that, from my perspective, that he's moved into that position. he and his organization still threaten us. and as we did both seek to capture and kill and succeed in killing bin laden, we certainly will do the same thing with zawahiri. >> take the several weeks it took to name him as evidence of logistical problems, or of some dispute within al qaeda over who should succeed? >> i don't take it either way. i think they're working their way through ta process, and that's how they made the decision.

>> it's probably tough to count votes when you're in a cave. [laughter] >> in the last couple of weeks there's been growing signs of antiwar, anti-afghanistan sentiment from both parties, from votes in congress, concerned about the costs of the war. in the last few weeks -- and also, i've noticed that you still sell more in afghanistan after all this time. has this frustrated you any more recent sflee what do you say as far as what you expect the country is going to feel or the leadership in this town that you're leaving behind is going to feel pressing on? >> one of the interesting challenges about this job has been the responsibility of waging two wars, neither of which i had anything to do with starting. and certainly i saw in 2010 and 2008 how unpopular -- what we were doing in iraq was, how

unpopular the surge was. i had to cancel a trip in 2010 because it looked like republican support was crumbling and that we might end up with congressional action to stop the surge. so for me it is the reality that, as a historian -- and i like to remind people of this -- with the exception of the first couple of years of world war ii, there has never been a popular war in the united states in our whole history. they've all been controversial. and in each case it has required the leadership of the president, whether it was president truman in korea, president wilson, world war have i, president johnson initially in vietnam and

certainly president bush -- first president bush with the gulf war. peel forget that when the president said he was going to reverse saddam's invasion of kuwait it was 15% public support. so this unhappiness and certainly the war weariness after a decade is -- rests helpful on all of us -- heavily on all of us, i think. and the key is, how do we complete our mission, as we have largely done in iraq, in a way that protects american national security interests in the american people and contributes to stability? i think most people would say we've been largely successful in that respect in iraq. i think we're on a path to do that in afghanistan. the costs of the wars is huge, but it is declining. the costs of these wars will go

down between fy-11 and fy-12 from $40 billion, from $160 to less than $120 billion. there's every reason to believe that between fy-12 and fy-13 there will be another significant reduction. of course, with the lisbon agreement, the size of our forces left in afghanistan in december 2014 would be a small fraction of what they are today. so i think i understand the inpatience, i understand the concern and especially in hard economic times, we also have to think about the long-term interest, security interests of the country. and that's where i come out on this. >> i would like to ask you about the current situation in chile.

do you still think placing sanctions on the team is appropriate and do you think having humanitarian intervention similar to what you have done in libya could be an option? >> again, i think we have certain overarching principles and values that apply everywhere but we have to take the situation in each individual country one at a time. i have seen the libyan intervention, started with a resolution from the arab lead, involved a resolution by the g.c.c. and ultimately u.n. security council resolution. i see no apt tight with any of that with respect to syria. in terms of sanctions and so on, that really is more in the secretary of state's lane. but i think if there is to be

some pressure on syria to stop the kind of killing that we've seen, it would have to come through some kind of sanctions like that. >> a couple years ago when you were asked the shortest question ever asked at a congressional hearing about iraq, whether at that point in your opinion we were winning in iraq, as you begin to wind down, i would like to ask you about that question in afghanistan. you mentioned fundamentals. but right now do you believe we're winning in afghanistan? >> i have learned one thing in 4 1/2 years and one of them is try to stay away from loaded words like winning and losing. what i will say is i believe we are being successful in implementing the president's strategy and i believe that are military operations are being successful in denying the taliban control of populated areas, degrading their

capabilities and improving the capability of afghan security forces. those are three of the tasks the president laid out in december 2009 and i think the -- the other was reversing the momentum of the taliban. in all four of those places, we are succeeding. >> the senator has expressed concern and members of the oklahoma national guard expressed concern about 800 members two of units as part of the 45th were reassigned at the last moment. they were supposed to head to afghanistan. they're now going to kuwait to help with iraq. these are trainers that were going to go to afghanistan. first, why were they assigned? can you enshire the american people the draw-down hasn't already begun? >> the recommendation came in from both general petraeus and general mathis specifically with

respect to their general arrival time, if you will, beyond the first of july. they were in final training, headed to afghanistan. the relleding came in, in light of the fact that we were going to start withdrawing troops this summer, that we would have to make a decision, that they were in a good position to milwaukee a decision on whether or not they should be arerted. with respect to where general petraeus was, he then made a recommendation, general madison endorsed that and it was one and quite frankly a decision here in the end diverted the units in a timely way. not get them headed in one direction and then have to

rehead them in another direction. based on the overall plan to draw down some number of troops, even though the draw-down hasn't started because the decision hasn't been made. but certainly with the expectation there would be some troops that have come out, the decision hasn't been made and that given that they would be a part of that. >> if the draw down hasn't started with 800 troops with the drawdown in mind being diverted? >> i think it's actually pretty separate forward. the president said we will begin drawing down our forces based in july of 2011, based on the conditions on the ground, as general petraeus is looking across afghanistan and beginning to identify different options that these two units are units

that would probably be on that list and so we took the decision here as the chairman has just said to divert them so we didn't end up putting them someplace and pulling them right back out again. so the decision was made here aware clearly of the president's direction of what would begin in july. but, frankly, to look out for the interests of those troops. you spent a lot of time yesterday explaining the process you would assess the $400 billion goal. but since that was assessed by the president, is that too big of a number, atop of the money through 2016 you're planning to reduce, no matter how you get there, can you take $400 billion of a reduction and not seriously degrade national security or overall is it a minor cut when you look at the 12-year plan? >> well, i don't think it's a

minor cut. and i think it's important to remember, we didn't start this yesterday. the decisions that we took to cap or cut 30-some programs in april of 2009 as i said at a.d.i. essentially took a lot of low-hanging fruit and a lot of people would say more valuable stuff as well. but the total value of those programs have been built to completion, about $330 billion. now, we said at the time some of those cuts were going to have to go back and do other kinds of programs. one of the cuts is a presidential helicopter. we still have to do that. one was a bomber. we have a new bomber program. it's not a net cut of 330 but it would have been. we then did $178 billion worth

of efficiencies and $100 billion reinvested by the services, $78 billion for the top line. and halfway through the fiscal year fy-11, our budget was cut $20 billion. so it's not like we're starting from scratch on this. this department has been dealing with these issues for at least the last two years. the question you ask is actually the question to be answered by the comprehensive review. if you look at the different options that are available, once you take into account the things that i talked about yesterday, more efficiency, marginal programs and capabilities and tackling some of the politically sensitive issues, you're left with force structure. and so what are the options in terms of getting to that number? we're also mindful there are numbers out there that are bigger than that. so and some of them substantially bigger.

so i think it's our responsibility to lay before the president and the congress what the consequences are of cuts at different levels and what changes have to be made in strategy and what the implications are in terms of capabilities. that's what we're going to do. that work will be done i think a lot of it is well under way and i think it will be done later this summer and in a position to inform the final budget decisions and the president was quite clear when he and i discussed this, and he was clear in his public announcement, in his speech, that no specific budget decisions would be made with respect to the $400 billion until we have looked at and completed this review. >> so you're probably talking two or three more? >> can we push together for a moment and talk about how disruptive the violence there has been to our efforts to counterterrorism? i believe training has been

suspended, the counterterrorist forces just what that disruption has been. if you could talk about the connections between al qaeda in yemen. >> yemen's been a focus area for us for several years now. and in great part because of the al qaeda branch that's there in q.a.p., which is a deadly, deadly and in fact a homeland security threat to us and have been effective so far. we work hard to provide the training support the yemeni government has asked of us. and at the same time -- and develop a relationship which actually got to be pretty strong. clearly with the turmoil that

the country is in right now, that training has been impacted, and we are as i think everybody is, watching how this plays out while at the same time still focused very much on al qaeda, on this group of al qaeda not just leaders but that's in the country there. i worry about a great deal it's continuing to grow and become more viral over time. so i certainly would say it's gotten in the way of the training with what's going on there, yemeni forces are very focused on their own country right now. but we continue to be committed like that and we're watching very carefully how this comes out. >> on yemen and pakistan, on

yemen can the united states disperse no aid to yemen given everything going on in the country, uncertainty about its direction? in pakistan have you committed warning to or will you to islamabad that reducing the training mission might also have an impact on the amount of military aid the country might provide? i provided no warning what soffer specifically and then to pakistan in that regard, obviously we had discussions recently our visit with secretary clinton. and with respect you mean physically or legally? >> yemen. >> whether we can physically do it? >> there is a aid program that

has been interrupted by the current chaos in that country and we'll get on the down side of that chaos to look at what the next steps will be. >> thank you all very much. >> the 2011 republican leadership conference is getting under way in new orleans. live coverage of this three-day event begins with a speech by presidential al qaedaing in -- candidate newt gingrich in about an hour and 15 minutes from now at 7:30 eastern time here on c-span. >> c-span launched a new easy-to-read website for the presidential race, with the latest from the campaign trail,

bio information from the candidates, twitter updates from reporters and links to c-span media partners in the primary caucus states. visit us at c-span.org/campaign 2012. >> companies use consumer information have been breached by hackers could face penalties from the federal trade commission in a new data security bill proposed by congresswoman mary bono-mac. a house committee held a hering on the legislation that establishes national standards for data security and notification of a breach. this part of the hearing is an hour, 50 minutes. >> good morning. the meeting will come to order. today online hackers and thieves are giving new references on

crime. and like from the movie "network" we're mad as hell nont going to take any more. the chair now recognizes herself for an opening statement. sophisticated cyber attacks are increasingly becoming the greatest threat to the future of the electronic commerce here, in the u.s. and around the world thafments why congress must take immediate steps to better protect the personal online information of american consumers. it's time for us to declare war on identity theft and online fraud. the secure and fortified electronic data act, which establishes uniformed national standards for data security and data breach notification is our opening shot. the safe data act builds on legislation passed in 2009 but never acted upon the senate. it's an upgraded 2.0 version of data security legislation encompassing many of the lessons learned in the aftermath of

massive data breaches at sony and he salon, which put more than 100 million consumer accounts at risks and those are the ones we know about. subcommittee chairman, protection from identity theft and online fraud is one of my top priorities. just last week citigroup, which has the world's largest financial services network, revealed the security breach in which hackers obtained personal information from hundreds of thousands of accounts. according to law enforcement officials, hackers are able to gain access to customer names, account numbers and contact information such as e-mail addresses. yesterday wlerned an internal website operated by the oakridge nuclear weapons plant was victimized by a cyber attack and earlier this week the same group which claimed responsibility on fox, pbs and sony hack the senate's public websites. in recent years carefully orchestrated cyber attacks

intended to obtain personal information about consumers, especially when it comes to their credit cards, has become one of the fastest growing enterprises here in the united states an cross the world. the f.t.c. estimates nearly 9 million americans fall victim to identity theft every year, costing consumers and businesses billions of dollars annually and the problem is only getting worse as these online attacks increase in frequency, sophistication and boldness. as i have emphasized throughout our previous hearings, e-commerce is part of our growing economy. we should take steps to embrace and protect it and that starts with robust cyber kurt. most importantly consumers have a right to know when personal information is compromised and companies and organizations have an overriding responsibility to promptly alert them. to that end, safe data act first requires companies and other entities that hold personal information to establish and maintain policies to perfect vept unauthorized acquisition of

the data. it requires notification of law enforcement within 48 hours after discovery of a breach unless 26s an accident or inadvertant or unlikely to result in harm. it requires companies and other entities to begin notifying consumers 48 hours after taking steps to prevent further breaches in determining who has to be notified. the state data act gives the f.t.c. authority over nonprofits for purposes of this act only. the authorizations possess a tremendous amount of consumer information and they have been subjected to numerous breaches in the past. at the same time we want to work with those affects as well as with the f.t.c. to make sure any new regulation are not burden 1078 for small businesses, especially during these difficult economic times. in addition we are granting authorities to write rules to take nookt the size and nature of the date yabbing held online. clearly there's differences between information brokers and local retail businesses and

rules should reflect those differences. the proposed legislation also requires all covered businesses to establish a data minimumization plan providing for the elimination of consumers personal data that is no longer necessary for business purposes or for other legal obligations. and finally the safe data act preempts similar state laws to create uniform national standards for data security and data breach notification. we learned during our recent hearings consumer notification is hamper bid the fact companies must ever first determine their obligations under 47 state regimes. this will greatly benefit consumers, businesses and the u.s. economy. given the growing performance of e-commerce and everything we do, we can no longer sit back and do nothing. and at this point from the gentlemen -- to inform people with have an overflow room in 2123 for those standing who

prefer to be sitting. again, 2123 is the overflow room. at this point i would like to recognize the gentleman from california, mr. waxman, for his opening statement. >> thank you, madam chairman. i have said this at our previous hearing and i want to repeat it today. it's something all of us should care about. last year there were over 597 data breach that's affected over 12.3 billion records. they passed with bipartisan support, a data security bill introduced by representative rush. our bill passed the house in december 2009 but the senate never took it up so it was not completed. the bill we're considering today is based on our bipartisan house bill from the last congress. 2 t contains important provisions to require companies to secure consumer's personal

data and notify them in the case of breaches? and i thank chairman mack for using last year's bill as a starting point. there are new profession that's strengthen the last bill. in fact the draft contains a potentially valuable new provision requiring companies to that have plans to minimize personal data they retain on individuals. unfortunately, there are some changes in the bill that i fear weaken the bill rather than strengthen them it. this is a mistake and one i hope we can fix as we consider this legislation. let me raise some of the concerns i have. under this legislation before, somebody would still not have to notify its customers about its recent security breach. how much t did not restore the integrity of the data system for at least 43 days after sony discovered the breach and it

still has not fully assessed the nature and scope of its breach. notice is not required to the f.t.c. and consumers under the draft until those steps have been completed. that's far too long. it does little good to notify consumers after the identities have already been stolen and make them wait such a long period of time. this bill deletes key divisions on information brokers, which are company that's aggregate personal data about individuals and make a profit selling that personal information. it adds unnecessary burden to the federal rule making process, making it more difficult difficult making it more personal. there's significant ambiguity regarding the scope or personal information the company is required to protect. under this legislation, companies, including an aggregator of data, are skelted

from the requirements to safeguard personal information any time that same data can be found in various local county government buildings. first of all, this creates an unfield playing field and for retailers than for nonbank financial institutions. there's no reason why financial institutions should be subject to smaller penalties for violation for retailers. so i look at it not a balanced bill overall. it gives businesses too many protection and consumers not much. it protects strong state laws and replaces them with a weak federal one. i hope these deficiencies in the bill could be fixed and i want to work with the chair and other members of this committee to pass as effective a bill as possible and i'm looking forward to the promised stakeholder

process. today's hearing will give us a chance to get further information about what a bill should and should not have in diets tails. we have a chance to pass meaningful legislation that actually can make a positive effect on everyone and we shouldn't pass up this opportunity. i look forward to working with you, madam chair. >> i thank the gentleman. the chair recognizes mr. sterns for two minutes. >> thank you, madam chairman. and thank you very much for calling this hearing. obviously as pointed out by yourself and ranking member, mr. waxman, this is very important that we try to get a bipartisan support for this. when i was chairman of the subcommittee, i introduced the data act in 2005, six years ago, established to protect unauthorized access to consumer data. this bill was co-sponsored by both sides when we marked it up, it was reported out of the full committee by unanimous consent. obviously, i would have preferred we started with my bill, which has i think a

bipartisan support product of a broad understanding of the security issues back in 2005. now we're working with possibly a slightly different focus bill, which could be good, that addresses the recent breach that's occurred both in sony and epsilon. i think we have to be concerned not that we overreact based on those two cases. in 2006 and 2009, there was bipartisan support for the data act i had. now we debate the safe data act, bill i'm concerned has some very good points but also perhaps may go too far in some area areas. i work with the subcommittee chair leader toim prove the bill to pass as a bipartisan support like we've done in the past. so committee and full house has an opportunity to vote on this so i look forward to the debate.

thank you, madam chair. >> thank you. the floor recognizes mr. olsen for one minute. >> i thank the chair for her tenacious leadership in bringing forth this draft bill. i think there's strong agreement we need to move forward with federal data security legislation. support for federal legislation has been bipartisan. my colleague from florida, mr. sterns, put forth a data security bill in the 109th congress which mr. rush introduced in 110th and 111th congresses. now our chairwoman has put forth a bill in the 112th congress. i appreciate all of the efforts to help move us forward on this important issue and i hope we can arrive at a truly bipartisan, balanced bill that protects consumers without putting unnecessary burdens on companies or hindering important use of datia. we look forward to continuing our discussion today and hope to be able to flesh out issue that's have been raised in testimony. i thank the chair and yield back my time.

>> i thank the gentleman. >> i thank the gentleman. apologize for being late. allky say is don't try going tunen station at 10:00 on a wednesday morning. madam chairwoman, thank you for holding this hearing on the electronic data act. this bill includes some of the same provisions we saw in hr-2221, which passed the house and 111th congress. however this, draft also removed key, consumer protection division that's wecken the bill and make it less effective. americans embrace of technology serve as impetus for rapid online services and businesses. i can buy a car without ever seing it in person. pay my bills from one website and i do it monthly and i can even have all of my data reside in a cloud so it's accessible from absolutely anywhere. in order for e-commerce to work, there must be data exchange between customer businesses,

including names, addresses, social security numbers, dates of birth and so on. the ability to conduct business is an amazing convenience no one i know can do without. but the failure of some of these businesses to protect their own network infrastructure and information demanded of their customers has led to an open small but not insignificant group of criminals to exploit and profit from the data these companies hold. even those with strong security systems in place must be vigilant and adaptable to new threats. during the 109th congress and subsequent congresses, members of this commithy worked in a bipartisan fashion to develop the data accountability and trust act to address the issue of data security. in the last congress my friend and former chairman of the subcommittee, mr. rush, introduced the data bill, which ultimately passed the house but the senate failed tookt. that bill included special requirements for information

brokers, including requiring brokers to submit security policies to the f.t.c. and requiring annual audit of broker security practice as among other things. striking those key provisions from the rules weaken protections it is supposed to provide. further, draft bill defines personal information to exclude information that is publicly available. in doing so the bill gives the green light to data aggravaters to continue business as usual without being required to have any safeguards in place to protect the data. madam chairman, with over 2500 data breaches having occurred since 2005, it's clear the serious work of protecting consumer data is something that has taken a back seat in congress for too long. a federal standard is important. i say that again. a federal standard is important. the safe data act is a start.

i'm sorry we're not starting with the text that passed the house in the last congress. over the next few weeks, madam chairman, i hope you will work with me and my staff to strengthen this draft bill. together we can ensure consumer protections while allowing businesses flexibility to adapt their policies and procedures in today's rapidly evolving information age. thank you for having this hearing. i thank the commissioner for her presence today. and i think i might reserve my time. i'm old the gentle lady from illinois is coming. she is not here. i yield back. >> i just want to remind and enforce to the pam we intend having a full and bipartisan product to the best of our ability and that will be our goal. now i would like to turn our focus to the witness table. we have two panels today. on the first panel, we are honored to have honorable edith

ramirez, commissioner at the f.t.c. thank you very much for being here today. you will be recognized five minutes to summarize your statement. i'm sure you're familiar with the time clock when the light turns yellow, you have one minute to start you close. at this point we're happy to recognize you for your five-minute statement. >> good morning. >> please remember to turn your microphone on. >> good morning. chairman bono mack, ranging memberses butterfield and waxman and members of the subcommittee. i'm edith ramirez, commissioner of the federal trade commission. i appreciate the opportunity to present the commission's testimony on data security and i want to thank you, chairman bono mack and the committee for your leadership on this important issue. before i continue, i would like to know my written testimony represents the views of the federaltration commission but my oral remarks and response to questions are my own and may not reflect the view of the commission as a whole or other commissioners.

as the nation's consumer protection a. the f.t.c. is committed to protecting consumer privacy prone moating dwrate security fleist sector. if companies do not protect the personal information they collect and store, information could fall into the wrong hands, resulting in fraud and other harm and consumers can lose confidence in the marketplace. although data security has recently been in the news, this is not a new priority for the f.t.c. to the contrary, for the decade, the they have undertaken substantial efforts to promote data security through line enforcement, education, policy and recommendations to congress to enact legislation in this area. since 2001, the f.t.c. brought 34 cases charging businesses failed to appropriately protect personal information. this includes a settlement announced today against a large pay rool processor. the clients upload employee sensitive information, including

social security numbers and bank account numbers, which are stored on their network. the f.t.c. complaint charged they did not maintain reasonable safeguards to protect the employee information. as a result, a hacker was able to gain access to it. the f.t.c.'s oshed requires seridian to implement a comprehensive security program and obtain audits 20 years. the commission also promotes better data security for consumer business education. for example, on the consumer education front, we sponsor onguard online, a website to educate consumers about basic computer security. since its launch in 2005there, have been over 14 million unique visits to on guard online and its spanish counterpart. we also conduct outreach to businesses, especially small businesses to provide practical advice about data security. the commission also engages in policy initiatives to promote data security. last december f.t.c. staff

issued a preliminary report proposing a new framework to improve consumer privacy and data protection. among other things the report advocates privacy by design, which includes several principles essential to data security. first company noes matter what their size should employ reasonable, physical, technical and administrative safeguards to protect information about consumers. second, companies should collect only that information for which they have a legitimate business need. third, businesses should retain data only as long as necessary to fulfill the business purpose for which it was collected and should promptly and securely dispose of data they no longer need. as to legislation, commission generally supports federal legislation similar to your draft proposal that would impose data security standards on companies and require companies in appropriate circumstances to notify consumers when there's a security breach. aren't security practices are notable and if a breach occurs, appropriate circumstances can

mitigate harm. such as i.d. theft. for instance, in the case of a breach of members, notified consumers can request fraud alerts be placed on their credit files, obtain copies of their credit report and scrutinize their monthly account statements. the commission leads your draft legislation include civil penalty authorities to deter violations, a.p.a. authority for rule making and jurisdiction over nonprofit entities for data security purposes. i would also like to know both your draft legislation and commission staff recently privacy report underscored the performance of data minimization to send data security practices. the f.t.c. looks forward to working with the committee as it moves forward on the safe data act. thank you, again, for inviting me to be here and your leadership on these important issues. i'm pleased to answer any of your questions. >> thank you very much. the chair now recognizes herself for five minutes for questioning. first question i have, you state the commission's support for prompt notice to consumers.

i think it's the crux of what we're all about here. what do you consider prompt? do you think the consumer notification requirement in the legislation is quick enough? >> i believe that notification needs to be provided as soon as practicable. i do have some concerns about the provision relating to notification in the draft bill. let me highlight two key concerns. my first concern is the bill requires there be a risk assessment performed and at the conclusion a company is obligated to provide notification to consumers and f.t.c. 48 hours -- within 48 hours following that. my concern is the requirement -- there's no deadline in which to complete a risk assessment and thraffer could take an indefinite amount of time. without their being some type of limits on that, i think it places consumers at significant

risk. another concern we have is there's also no time limit that's placed in connection with law enforcement, that can also be open-ended deadline that could delay prompt notification to consumers and, again, there ought to be some form of a cutoff period to ensure consumers received appropriate notification within an appropriate amount of time so they can take steps to mitigate any tharm may result from a data breach. i would also like to emphasize providing prompt notice to the f.t.c. is also very critical and in our view, notice to the f.t.c. should be provided at the same time it's provided to other law enforcement agencies. >> thank you. the f.t.c. has experienced with the implementation of the safeguard rule for financial institutions under its jurisdiction, the f.t.c. provided a comprehensive guidance for entities to understand how they could comply with the rule. do those guidelines provide a

significant education of the rules for data security? the f.t.c. would write yint section two of this legislation? >> i think they provide good guidance to companies. in addition to the written -- to particular enforcement matters and con sent orders, the commission makes public, the commission provided many, many different resources online to companies so they can take appropriate measures to protect consumer information. >> so security requirements of the draft legislation, does the f.t.c. have a latitude to write rules to take into account the different types of entities, level of sophistication and amount of information they hold? >> it does. we appreciate that authority being provided to the f.t.c. there are probably rules detailing those. >> do you envision writing different rules to the address, that a one side fits all approach is not appropriate? >> during the rule making process we would be seeking input from stakeholders and rules in light of the input we

receive that would be appropriate to protect consume are information. >> so standards for information brokers and small nonprofits, for example. >> we believe companies, no matter what the size, need to provide solid and good data security measures. at the same time, standards the f.t.c. employees in its enforcement work is a reasonableness standard so we do take intoing the size of the company, nature of the information that's been placed at risk and other factor that's may weigh in on that calculus. >> since we first started this process six years ago, 46 state laws have emerged. nearly every one of them, including california v. exemptions from the definitions of personal information, for information made publicly available by the government. in some cases information made public by the media. the exemption included in this draft is confined to information made public slable by the government. have you seen any problems unlawful activity associated with publicly available information

>> yes. we have concerned about there being an exemption for all public information. the difficulty is these days there are data brokers that collect information that in the past one would have to go to very significant measures to collect. you would have to go to the courthouse, you could collect information through meerns but data aggregators then aggregate this information and when the information which may very well be public is then collected, gathered and aggravated, it could then pose very unique privacy challenges. so we have concerns about their not being a mechanism to address issues relating to that. >> you said privacy challenges. you mean security challenges? >> security challenges. >> thank you. all right. i yield back five seconds of my time and chair recognizes mr. butter feeveled for five minutes. >> thank you very much. thank you, commissioner. the republican discussion draft makes a change from hr-2221 to

the definition of personal information. that seems like a simple and minor change but it actually is not t excludes public record information from the definition of personal information. given that technology has made access to an aggregation of numerous type of records very cheap and easy, consequences of this change are quite significant. before it became cheap and yies to store vast amounts of this information in one place, no one thought about going out and checking these records tofment see these records you had to, as you said a moment ago, go from town hall to town hall or courthouse to courthouse or look at them one at a time. now millions and millions of records regarding millions of our constituents are being kept on service, usually belonging to information brokers. if you're a criminal wanting to do harm to lots of people in one swoop, republican discussion draft will be an advantage to you. this collection and aggregation in one place has changed the value of this information.

and its acceptability to criminal misuse and it concerns me that this draft bill leaves this information unprotected. because of the change to the definition of personal information to exclude public record information, there's no longer an obligation to provide any protection at all for this information. have i said it correctly, commissioner, or have i misspoken? >> we agree with that concern, yes. >> do you believe just because information could have been collected elsewhere, a covered person should be relieved of the obligation to protect this information when they collect and aggregate the information in one place and make it more valuable and potentially more dangerous? please help me with that. >> i believe that information even if it's public information f. it's personal information of the consumer, that information ought to be protected and there ought to be appropriate data security measures in place to protect it. all right. take your attention to notification. you go believe notification to

consumers should also be required for breaches involving this kind of information? >> yes. >> the republican discussion draft, like hr-2221 before it, provides the f.t.c. with the ability to modify definition of personal information. only information that is within the meaning of that term is covered by the bill's data security and breach notification requirements. but unlike 2221, the discussion draft seems to set up an overly burdensome and unclear process for modifying that definition. if the f.t.c. wanted to change the definition for purposes of data security or notification sections, it would have to find, among other things, modification would not unreasonablely impede internet or other technical information or otherwise adversely effect interstate commerce, end of quote. do you believe this language harding impediments to innovation provides the f.t.c. with which of a clear standard

with which to determine whether a modification is appropriate? >> i do have concerns about the standards that are imposed. in addition to the limitation on changes to the definition that could impede innovation as you mentioned. it also requires the commission only make a change when there's a technological change at issue and that's in connection with the data security piece of proposed bill. so that does raise concerns because we feel there are issues with the definition of personal information. it's too narrow and we would not be able to address those concerns. >> what would you do? how would you make that determination? if you were called upon to do so? >> again, we would want to work with the committee on establishing appropriate limitation. let me articulate a couple concerns we have with personal information. in addition to the public records exemption. two things.

first, we believe the financial -- that the provision focuses solely on financial related information and doesn't take into account for instance other naffings would be sense toiv a consumer. for instance, health information that would not otherwise be protected under hipaa would not be covered by the language in the draft bill so that would be a concern we would not be able to address through the rule making that's provided in the draft bill. >> what about the language that speaks to impeding innovation? i don't know how you define that. >> that would be a difficult standard to apply so arguably rules by the commission could be challenged by parties arguing the change in definition could impede the growth to make other arguments. it would place an undue burden, we believe, on the commission. >> thank you. i yield back. >> i thank the gentleman for pointing out the few bracketed

points in the legislation we specifically bracketed them because we have questions in the draft. i appreciate the opportunity to raise that. the chair recognizes mr. sterns for five minutes. >> thank you, madam chair. one thing i thought was clear, the exemptions we had in 2005 and bill that passed in the rush haven't changed. i want to ask, have the federal exemptions that have not changed so any criticism brought from that side because of that, they haven't changed at all? >> yes, sir, that is correct. >> ok. commissioner ramirez, in the bill you're aware the federal trade commission has the authority to change the very fundamental definition of personally identifiable information. so this gives you this broad latitude.

i think a lot of us air little concerned about. do you think there's an opportunity the federal trade commission under any circumstances would trigger the need to alter, update, change the basic definition how it's currently drafted in the bill now because we have this definition people understand in the bill yet you have the authority to change it. under what circumstances would you change it and perhaps you could explain what would cause it? >> one circumstance that could arise, from could be changes in technology that could require additional information. >> but is it personal, identifiable information pretty much neutral because it represents an understanding of the privacy of the individual? >> i think the precise scope maybe hard to define but what the commission is absolutely willing to work with committee to come up with a definition that would meet everyone and sat

fice everyone's concerns. the current definition we believe is to narrow. we also believe the rule making that's provided is too limited. i will say that rule making process the commission employs is a process by which we do seek input from stakeholders and we believe through that rule making process, we would be able to address any need for change. at the same time taking into account any concerns that you and others may have congressman. >> i think if i was in industry, i would be concerned that the government, conference is turning over this power to you and you might make these changes without comment period. there might be changes that would affect a business to make it much more difficult. let me go on to my second question. in the bill they added data, minimumization provisions. this is something new in my bill and also it's new from the rush

bill. how do you see this provision playing out for members or people who don't understand, this is basically forcing industry to get rid of information that perhaps they would like to keep. it's not a decision they make. it's a mandated mandate, that is included in the bill as i understand it. so the question is, how do you see this provision playing out? what what role, do you believe, if any, the f.t.c. should have in ensuring companies are complying? you have the mandate. companies may not agree. if they don't do it, how are you going to check it and how are you going to make them comply? >> what the commission advocates is companies that retain information that they have a legitimate business need to retain. >> who determine that's? >> and they -- >> whormes that? zi think we apply a reasonable standardness -- >> kind of standard?

>> reasonableness standard that the f.t.c. employed throughout the course of its enforcement in this arena. >> so this reasonable standard in your mind has been pretty much established at the f.t.c. so everybody in industry would understand today what it is? >> i'm saying it would be a standard applied, reasonableness standard and it's an issue they need to be flushed out. the commission is willing to work with the committee in order to do that. any rule making that does take place would entame a comment period -- absolutely entail a comment period. i believe the f.t.c. has a very solid track record in terms of its rule making. i think the standards of the f.t.c. is one of reasonableness, taking into account the nature of the information, how sensitive it is, potential risks to consumers. so it would be a reasonable standard that would be applied. >> do you think that the congress should set the broad outline for this data

minimumization provision and not give it any authority to the f.t.c. or do you think you need that authority to make that decision? >> i think it would be appropriate to give authority and flexibility to the f.t.c. to provide additional requirements ho to you effect wait those requirement -- effect waite those requirements. >> the time has expired. the chair recognizes mr. waxman for five minutes. >> thank you, madam chair. looking at the draft bill i have some questions so we can get your input on it. as i look at the draft bill, there's a notice that must be given to the federal trade commission and consumers whether there's been a electronic data breach. but it's only required after the covered person, the people who -- company who has the identifying information has does certain things in connection with the breach, the coverage person must, one, assess the nature and scope pft breach,

make sense. take steps to prevent unauthorized disclosure and three, restore integrity of the data system. those clearly are the priorities for the company itself. after they've done all of that, the be covered person must determine the risk to the consumer and after they reach your conclusion within 48 hours, you're supposed to get the notice to the f.t.c. and consumer. but there's no limit in the draft bill for how long the person can take to complete steps one, two and three. there's no limit a demap knows about a breach could take a year, maybe five years, and within 48 hours of that provide notice to the federal trade commission and consumers. the bill from the last congress included an outer limit of 60 days from the discovery of the breach.

to provide notice of the breach. that outer limit has been dropped from the discussion draft. if we were to include an outer limit, how long should that limit be in your opinion? >> in my view and commission views that the time for notification should be as soon as practically possible, that may differ depending on circumstances, i believe 60 daze should be at most an outer limit. again, our view is the sooner, the better, the sooner notice is provided, the sooner to take appropriate steps to protect and mitigate any harm that may result from a breach. i don't believe there's a particular number i can give you sitting here today because it may depend on the circumstances, nature of the breach, size of the company, but would i say that 68 would be at most an outer limit.

>> 60 days without an outer limit but as soon as practicable -- >> yes. >> -- information ought to go to the consumer that their identity has been compromised. >> that's correct. >> security leaked. thank you for that. the discussion draft provides an exemption from the bill's dwrate security requirements for entities that are subject to data security requirements under different bills. graham leech bliley or health insurance portability and accountability act or any -- for any activities governed by the g.l.b. and hipaa. this is a departure from last year's bill. last year's bill set with compliance with these two other statues meant you were in compliance with the requirements of this legislation as it was drafted, provided that the requirements of l.g.b. and hipaa were similar or greater than those required under last year's

bill. language was not phrased as exemption for entities, subject to f.t.c. jurisdiction but rather an alternative means of compliance. it's unclear to me whether under the draft bill, the federal trade commission maintains the ability to enforce any data security requirements against those entities or if it safeguards and other laws must immediate or exceed those of the discussion draft. do you believe this exemption could potentially limit the federal trade commission's enforcement abilities with respect to entities subject to the other two statues -- other two stat -- statutes and your explaining of that? >> i believe this essentially creates a gap in authority because it does exempt entities that are subject to f.t.c. jurisdiction from having breach notification requirements, which are not required under

graham-mitch-bliley. that is a concern. >> do you believe this exemption could potentially lead to a disparity in the security requirements for nonbank financial institutions and everyone else under the f.t.c.? >> i do. >> what's your understanding of the effect of the phrase any activities governed by the g.l.b. or hipaa on the scope of this exemption? what is graham-leach-bliley is that the f.t.c. data rule or is that market something >> again, that activity-based exemption, it's a little bit unclear exactly how broadly it might be interpreted but i think the key point is it does create disparity between the obligations of certain financial institutions so that it is the concern about the authority provided. >> thank you. madam chair, i just want to point this out as an area we

need to work together it -- to make sure there's no ambiguity or poor drafting that would undermine what we're trying to accomplish. >> i thank the gentleman very much. i agree with his questioning and agree with his assessment about where we can fortify the bill and i look forward to working with you on that. the chair is happy to recognize mr. olson for five minutes. >> i thank the chair. commissioner ramirez, welcome. thank you for your time today. as you know, safe data act would require to begin to notify as promptly as possible -- and that's a quote -- individuals whose personal information was acquired or assessed in a breach following an assessment, and notification should be based on risk of harm. not just on the fact a breach had occurred. otherwise, we may find ourselves in a situation where consumers are flooded with notices by companies to become desensitized and may not take action to

protect themselves when there's a real risk due to a significant breach where personal, identifiable information was stolen and identity theft could occur. as currently drafted, this legislation standing for risk is, quote, reasonable risk of harm. in response, my colleague congressman sterns' questions, you said that is the standard the f.t.c. supports. do you think consumers would be better served in the long run if the standard was changed to, quote, significant risk of harm, end quote. what in your opinion is a difference between reasonable risk of harm and significant risk of harm? >> i don't think consumers would be better served if the standard were to be elevated to a significant risk. i think the kai objective as i understand it of the draft bill is to ensure that consumers are appropriately protected if there is a breach and my concern would be that by imposing a higher

standard, that key objective would be undermined. so i think it's appropriate to apply reasonableness standard but my fear is by using the word significant, it might just be a standard that might be too high and that it would risk undermining the ability of consumers to take effective steps to protect themselves if there is a tpwhreach security. >> and one more question, a couple more, does the commissioner see the concerns about dangers of >> in my view, the greater danger is that consumers not been provided adequate notice to protect themselves against the data reaches. i don't believe it is a serious issue. of a more concerned about providing adequate protection if the standard were to be elevated.

>> and there is some balance their between over notification. >> i believe that accommodates that. >> why does the ftc feels so strongly about the authority of a nonprofit universities or data security breaches? >> the issue is that regardless of the particular entity, if it does have a personal information about a consumer, that is regardless of whether the entity is a non-profit or a for-profit entity. provide adequate protection. >> i am hearing concerns from the nonprofit sector about this provision and i would like to work with the chairman to resolve these concerns about come. i yield back my time.

>> the chair recognizes mr. gonzales for 5 minutes. >> to my colleagues the work done this the last years, that we continue down this road and haven't been successful yet, we pass things out of the house. thank you for his leadership, i remember way back when we used to say, don't collect it if you can't protect it. i think we are still saying that. we haven't had the safeguards, we haven't had the review, what have we had? more breeches. i would like to think that if we had something in place, we would not have the occurrences that have transpired recently. thank you for being here today.

my question is going to go to information brokers and i want to compare his past efforts with the present effort and hopefully we can improve what we have in the initial draft. >> it had a lot as it related to information brokers. i want to give your opinion as to whether any new version of legislation should maybe also included some of these responsibilities, that information brokers should be charged with. we had accuracy access, dispute resolution access and provisions. i will be a bit more specific on some things that i believe in this early date, the draft would not include. i will ask whether you think it be important that we include these particular provisions. required information brokers assessment -- to submit a

security policy. is that a good adn. >> security brokers need to be covered under any inappropriate legislation. just as any other entity would be. they ought to be covered. >> permitted the ftc to conduct an audit or require each broker to conduct an audit of the security practices >> the security measures that apply to other entities acquire eat -- apply equally to data brokers because any entity that collects, and gathers, or uses of personal information, they have to be security measures. >> maybe more so, as opposed to someone else that relative to their own commercial transaction may require certain information needs to be

protected. we're talking about information brokers. their existence is to do what? >> all entities that gather information, it creates a potential risk of harm when there is data. we don't want to draw distinctions. if an entity collects and uses consumer information, and ought to be appropriate data security measures. >> was the reason it was in 2221. i have about a minute and a half. the required the ftc to establish measures facilitating the investigation of breaches. would that be important? the practice of obtaining of the nation from false representation. i yield back. >> the chair recognizes --

>> your concern for the exemption of publicly available information, it has increased the value of that information. and you give me an example of what you're thinking of? >> and they gather information about consumers, for instance, in connection with advertising in particular, the wall street journal has identified a number of companies that do this, it is a specific concern to the commission who have the information may be publicly available, given that is not aggregated and can be accessed much more easily, it raises significant concerns. >> what kind of information are you concerned about? tell me what it is that is

publicly available that you're concerned about. the hands of these people that you think are going to do harm. >> that may be family members that reside in the house, and combined with other information, it could lead to security concerns. >> i want to come back to something. he was talking about the definition in the draft of legitimate business purposes. if i understood your testimony correctly, you want to retain the authority to define that? and there'll be a reasonable the standard? cautioned that is correct. >> forgive me for my skepticism. when the federal government says don't worry, we will be reasonable, it causes alarms go off. >> in many of these data and

reach cases, we find that information has been maintained for very lengthy times when the company had no reason to maintain that information. i personally believe that companies need to take greater care in insuring that the consumer information that they maintain is needed. and if it is no longer needed, they should dispose of that information safely otherwise it increases the potential for harm should there be a breach. >> they had no real current use for it, but the thought there had been valued and that information 20 years from now. they might be able to use that information, but they can't touch what they thought the value of that was. a legitimate business person, i think there is value there. i obtained that information lawfully and i now possessed it.

i think there may be a good unlawful use for that information sometime down the road. would you consider that hot a legitimate business purpose of indicating that information? >> i would be concerned that there are many companies that make that statement. my concern is that it is at odds with the desire to have adequate security. the more that you keep information and the greater danger it creates. i'm not going to sit here and say it can only be after five years. at a denny's to be inappropriate assessment. what we do advocate and i personally believe companies need to take a better look at their practices to ensure that they minimize the possible risks and harm to consumers. >> i am simply speaking on their desire to hold onto this thing as their property.

this thing that they have paid for and worked for, engaged in the must capable security process you can imagine. all they want to do is hold on to their property. there is some risk that the ftc will come and say, sorry, not legitimate. >> the standard to be applied is reasonableness. i personally believe the company's need to take a stronger look and asked the question, how do we truly need this information and not just use the concept of we made needed down the line. in asking important questions about whether that information is entirely needed. >> our focus is on information. i highlighted one case today, security numbers were being retained for times that were no longer needed.

there was no need to maintain those. >> be me in your mind as opposed to the company's mine. >> of the company had no reason to maintain the security numbers. there was a risk of harm to consumers. >> on the chair is pleased to recognize and the chair of the committee for 5 minutes. >> i will be asking yes and no questions. i would appreciate your cooperation because time is short. the draft legislation pending, except entities that must comply with the act. the federal trade commission's rule to implement privacy requirements is known as a safeguard rules. is that correct? >> yes. dodge doesn't require the

covered entity under the jurisdiction of notifying a consumer of a bid of reach within a certain time? >> null. >> entity regulated that is discovered but not the draft bill is under and the statutory or regulatory obligation to notify of the data reach within a time certain? gosh yes. >> we should consider removing the draft of the bills as well as to include the backstop notification in the interest of improving consumer protection. to modify the definition, the term personal information, according to the administrative procedure act. i am worried that the bill imposes vague conditions to be

satisfied before it can commence. the effect will be that the commission may never amend the definition of personal information. has the commission examined this matter? and if so, does the commission share my opinion on the matter? >> we have concerns about the ability to modify the definition of personal information. >> i would request that the commission said that comments for the record. i understand the draft bill does not treat data brokers any different from other entities for personal information? this is a change, which, by the way, passed the house overwhelmingly. the bill does not contain

provisions to allow reasonable access to information hot date of brokers who collect information about them. is that correct? >> yes. >> should they be more subject to stringent data security and notification requirements the other entities that collect and store personal information? >> in my view, yes. >> would you submit an application that you might be inappropriate. >> yes. he >> is there a statutory right for reasonable access the data brokers collect about them? >> in my view, yes. >> i believe it is the only way that you say they will have a right to that access? >> in my view, yes.

>> higher appreciate your work on the bill so far. as my questions have indicated, there are parts of the bill that can be improved. i can work with you and am ready to assist you in order to report a bipartisan consensus bill that offers the best protection possible. i would observe just quickly, they have substantial experience in the protection of personal privacy, data collectors and things of that kind. >> yes. >> i think you for the courtesy and the yield back the balance of my time that constitutes 37 seconds. >> i think the gentleman very much and recognize mr. guthrie for 5 minutes. >> this is a serious issue that

we have to address. it looks like there will be significant work to do this in a way that will be bipartisan. i didn't really think about this, but i learned in the state legislature, we have to be as clear as we can. we see laws written 56 years ago, they are doing interpretations by agencies that were never intended. you want to be careful that we know each other, but we think what will happen down the road. they said, well, we're trying to solve certain needs. when you look at words like reasonable, we are thinking.

if you would talk about the differences in the cost of complying, the level of security for consumers, we have to give the be security they can with business having knowledge of what they will do. just a difference in reasonable and significant risk. >> the concern that i had was using the word significant would elevate the standard and the result would be that it would undermine protection to the consumer. the ftc has implied a reasonableness standard. a really does depend on the particular circumstance, which elects to take into account the nature of the information, the costs that may be involved. i've believed taking a flexible approach allows us to fashion the right balance between costs

that would be imposed on businesses as well as making sure that we have robust protection for consumers. allow to highlight the keys to the agency. have related to very basic and fundamental failures in data security. these have not been close calls. of that provides insurance. >> the questions are not usually the obvious. it is some area, that is why it ends up in court. social security numbers had no need for them. the expense of labor each cost the company, i would not one that information long. i will yield back after one more thing. he talked about the time for notification.

and did you say what you thought was reasonable for that? >> our view is that notification as soon as was practically feasible, the circumstances may change. in other situations, there may be any for a company to take more time to provide notification. and there ought to be an outer limit. our view is that the sooner, the better. that allows consumers to take appropriate steps to mitigate potential harm. i think it is important to preserve flexibility because it may differ depending on facts and circumstances. >> there was one testimony, trying to figure out what happened. i would want to know as soon as those words are practical.

that is absolutely right. i love for the working with the chairwoman. >> for not being a lawyer, you play one well on tv. the chair is happy to recognize her him for five minutes. >> let me just say a that this committee has a history of working in a bipartisan basis and the house did pass out a chart 21, the brush bill that i was a co-sponsor of. and, you know, we worked very closely together. as been going on since 2005 and we're still hopeful we'll be able to craft a bill. i feel confident the will be able to craft a bill and in some respects, the draft is even better.

we need to focus on where those differences are. let me ask a couple of questions. the republican discussion draft includes language that i am concerned could have a narrowing of fact that we don't totally understand. >> the draft application for the security and notification requirements engaged in interstate commerce related to the commercial activity. liket's take a company amazon that as in the business of selling books. and then the process, it generally collects your full name, address, credit card number, and security code. but what if they also asked you for your social security number? i of they need that to sell a book and if they did ask that before, it would probably not to

be to sell you that book. within the meaning of personal and affirmation or an ip address. i know this is a fairly technical point, you may not have an answer right now. but do you know how the ftc would interpret and implement this phrase related to that commercial activity? >> i think we would interpret is with our jurisdiction over entities that engage in interstate commerce. i think it would be relatively broadly interpreted. the scope of the definition is an area where we're happy to work with the committee to ensure that we assist in coming up with a suitable definition that the concerns have been articulated today. >> i worry that it is ambiguous language and we may want to work with you and work with the committee to tighten that up.

>> would be pleased to work with you on that language. >> from the last congress, the republican discussion draft, the safety that required notice to the consumers, only if the covered person has determined if the breach represents a reasonable risk of identity theft, fraud, or other unlawful conduct. i of the others have asked this, but do you believe this trigger for notification based on reasonable risk is appropriate? >> i do, i think it is the standard of reasonable risk that is appropriate flexibility to accommodate the need to protect consumers as well as the need to predict -- to take into account any burdens on businesses. >> it is the fault of a covered person to figure out if the

trigger has for notification of the ftc and consumers has been met. the believe it is appropriate for the covered person to make the ultimate appropriation or determination. and notice that it is required. and who should make that determination? >> that is a serious concern that we have. we believe they ought to be notified at the same time as other law enforcement agencies so we can determine if there ought to be notification that may differ from the termination by the company. >> in the few seconds i have, it requires the as to law enforcement, consumers in the event of the data reached involving electronic records. there is no requirement for

notice in the event of a data reached involving paper records. the believe the scope of the notification requirement should be expanded to include data breaches involving paper records. >> they could also pose serious concerns and risk to consumers. >> i was going to give christmas presents, and gives would be valued at a time. the chair is happy to recognize mr. harper for 5 minutes. >> thank you for being here and giving us your insights. if i could just talk a little bit more about reasonable rest or significant risk, your of indicated that you support the reasonable risk standard. how do you define that reasonable risk? what do you see that being?

>> the information at issue will potentially be misused to harm consumers and there ought to be of present and that there would be notification. i do want to highlight that the agency has done significant work in this arena. and our enforcement actions in consent orders a think can elaborate more fully on the situations were we have found where action was necessary given a think denny's to be flexibility, i think reasonable us accomplishes that. dodge the commission has done significant work verses reasonable work. >> we have great experience in the area. >> how will we vary with significant? if the standard with significant risk, how and to view that

different? >> is a flexible concept, and i don't have any magic words. in my mind, the key is, how do we best protect consumers? if that is the name of the legislation, however leave that we ought to err in favor of protecting consumers have given the incidents of identity theft. it continues to be a significant concern. we received the most complaints relating to identity theft that any other complaint. that has been in the last decade. >> reasonable would be in the eye of the beholder. that is how we define this. >> there are objective standards, a concept that as well defined in many different areas.

i think it is one that can be employed in a way that would address concerns. it maintains appropriate flexibility and allows a balance for potentially competing interests. >> there will be the discussion between reasonable and significant risks. as you know, and the practice of law, some people have a preponderance of the evidence. it is also clear and convincing. there is the back-and-forth between reasonable and significant, wanting to protect consumers. i appreciate your input on that. as we look at the notification of when the ftc should be notified, you believe they should be notified at the same time as law enforcement? >> i do.

>> what is the optimal time for that notification. and >> hot don't remember if the bill was specific on that point. >> when we look at that specific time limit, this is a great concern, as you have stated. the did -- is something that everybody is concerned about. tell me why you believe that the ftc should be notified prior to the consumers. >> i think it is important that the ftc be provided so it can take appropriate action if necessary. in addition, i think waiting for the outcome of the company to engage in its own risk

assessment, a situation where the company may include the notification want to be necessary to consumers, they have a different view of that and it provides a different level of assurance. >> believe that this legislation that will address the current and evolving environment with respect to cut computing? the use think that this legislation appropriately addresses the current and evolving environment with respect to cloud computing? >> again, it is the wave of the future, but the security measures ought to apply as they do to other methods of storage. >> of the chair recognizes dr. cassidy for 5 minutes. >> examples of health information that is not covered, can you give me those?

>> let me give you an example from one of the matters that the sec had built. the matter of the vault the release of information about individuals that have used prozac. that only covers particular entities. a non-covered entity. >> i am trying to understand this. you have two sets of data, one with unique identifiers and the other that is gained from publicly accessible affirmation that you have a similar concern even though it may not have a unique had been to fire? >>? comes to public record, are concerned is that once you compile a formation, it might have been very difficult to collect. it can raise very serious concerns.

>> what are those concerns? a >> deck repairs that are all of this data about mortgages being sold in washington d.c.. dodge they may have information that could be given to a paid a lender because it may reveal income level. that information can be used by a lender or someone that aims to engage in some kind of fraudulent activity. >> a palin there is not inherently fraudulent. >> it can be used by persons that might want to miss use that information. >> i am nervous about limiting access to publicly available information. and always seems like we should have a bias towards openness

knowing that those -- why should we not have a bias if it has not been used by fraudulent and if it is publicly available otherwise? dawson the key is to ensure that appropriate measures have been a. he have the ability with these segregators that have gathered a treasure trove of information, previously might not have been easily accessible. >> i understand that issue. what i don't know is a danger that you see with that. >> of the danger can be is that it is misused for a number of reasons. >> oliver mission can be misused. i am just trying to understand. >> of the fundamental point is that the information used to be protected and if there has been a breach, the consumer ought to

be notified. i think there ought to be additional requirements were consumer have access. >> i am struggling. give me a specific example so i can understand. i am not challenging you, i'm trying to understand where the aggregate had data that did not include credit-card numbers, security cut. it is like the congressman from that ruse that has three kids. >> information relating to income is information that might be gathered or ascertained through publicly available and affirmation. >> what i saw all of these catalogs, i saw that they looked at my senses track and they said he is on a pretty good census tract at a started getting an incredible number of catalogs. are we going to restrict the ability for someone to know the

census tract of live-in? >> you can provide access rights. >> that is a separate issue. the access rights i gather, there is used in that. what is the inherent damage? >> we would simply wanted to be adequate security measures to protect the information and we would want there to be notification to the consumer inappropriate circumstance. in light of potential information, additional requirement such as access would be one way. i'm not advocating the limitation. >> at the risk of losing my christmas presents, if you have one with credit card numbers, military identification numbers, it clearly should be in its own. >> the others seemed to be mature.

the other seems inherently less hot, i don't know, onerous with regard to the protective measures taken because it doesn't have the same import. >> my apologies if i haven't been able to fully articulate the potential risks we see. >> we thank the gentleman. >> [unintelligible] we have had to make these breaches more difficult to perpetuate and it will be close to whole as possible. when the piece back together

their personal lives, the accountability at trust act that i reintroduced along with the congressman, is essentially the same billhook the was passed out of this committee in december of 2009 in the one hundred eleventh congress. the bill passed out of the house and was referred to congress. what i was chair of the subcommittee, 958 has since been shape. it was on line with technologies emerging formats. these technologies and formats improved to make a new and exciting business revenue models viable.

it is important and i am going to maintain technologically neutral so that we don't speak -- and the nations of the business models and the realities involved. [unintelligible] and madam commissioner, and only have a few minutes, so i will ask you a few myths. if i could get a yes or no answer, it would help me. if i don't get to ask the question, i have some that i refer to you in writing. interstate commerce may be required under federal laws to protect individual's personal information by securing and protecting it from proper access? >> yes.

>> and if they maintain that personal data, should be required to establish and implement security policies and procedures? >> yes. >> should the ftc be authorized to prescribe what those hot to be? >> yes. since it includes an individual 's first name for initial and last name or address or phone number in combination in the one or more of the following. an individual or social security number? >> i believe that would be too narrow a definition. though.

>> a driver's license number. >> node. >> military identification number. >> know. >> a financial account number? >> note. >> a credit card number. >> know. >> or any password needed to assess the account? >> no. should information brokers be required to submit policies to the ftc? >> yes. >> should they established procedures that consumers may follow to review, and if necessary, dispute how their personal data? >> in my view, yes. >> you have been very kind and helpful. i yield back the balance of my time.

>> thank you for being here with us today. i want to say with this personally identified information, it gets to kind of the crux of the matter when you talk to our constituents and you look at how they have reacted to what has transpired with the sony breach and the amount of time that was required to inform people. you can go back as far as the tjx breach and the amount of time and the inconvenience that was caused to individuals there. what we have to do, and our goal should be to define this legislation -- >> we are leaving the last few minutes of this to go live to new orleans.

former house speaker newt gingrich is among the speakers at the first day of the 2011 republican leadership conference. you're watching live coverage on c-span. >> please about your heads. we're grateful to be here tonight. thank you for allowing us to live in a country where we are free and can gather at events such as this. we ask for your protection of all the men and 11 who are in harm's way today. the guide and comfort them. we asked you bless those in attendance. we recognize that the country is in need. we are in need of you. we pray that the leaders cq in everything they do. >> ladies and and gentlemen,

we're pleased to present mr. anthony turns of the irish tenors will sing the national anthem with tonight is dedicated to the late president ronald reagan. [applause] >> [singing national anthem]

[applause] >> ladies and uncommon, please welcome the president of

advertising. [applause] >> can you hear me? first thing i want to ask you all, do you have a mobile phone? i want you to pull it out and turn it on. please do. and i am always talking about new technology today. and with that, there is no greater technology that a mobile phone. in the fourth quarter of last year, 112 million smart phones shipped in america. that is more smart phones and televisions and computers combined. and because of the migration of what is happening to mobile communications, the company has been involved in something towards the 2012 election on two

fronts. technology and moral conservatives. we call this effort the moral conservative the engagement. the reason why the freedom fund was picked, one of the people that already made a large donation says that's a long name. can we just call at the freedom fund? you are giving me enough money to call it whatever you want. i just turned it off. that is better. everybody is going to be talking to you about two things. what we need to do in the 2000 elections and why we need to engage. both of them can be summed up in two words. barack obama. you can applaud that what if you want. in the wall street journal, there was a great ". i like to call it a fame.

he has made it worse. can you repeat after me? he has made it worse. anytime you ask about it, you have to forward to the theme that he has made it worse. one of our speakers announced he wasn't running for president earlier this year. the wall street journal was quoted in an editorial saying that social conservatives can be faced with voting their consciences or supporting someone they think can win. the ideals set of choices. this is a lie. i shut it off again. is that still on or off? there we go. i keep pressing the wrong button. here i am talking about technology and i am addressing the wrong button.

i am glad i am providing the comic relief tonight. and this is good. we have -- but we are conservative, we have a good sense of humor. the next speaker coming out, he runs citizens united. they have the courage to fight for freedom of speech. another speaker is one of the leaders in the fight for our ability with free-speech. i did not touch it. there we go. they came out in the supreme court and allows us to do things that we have not been able to do for the last several decades. we council against upholding a law that restricts political speech in certain media's or certain speakers. you can't regulate free-speech based on technology. the reason why i had you love your mobile phone, there hasn't

been a communications tool that has been this effective in the history of media. 90% of text messages are seen within three minutes. a 99% within 24 hours. i don't care how much media you buy, you can't reach 90% of your friends in three minutes. this is an analysis of where things are going and where you have a choice to be. marketing is shifting from home base processes to person basis media processes. the first time in history, we can target a person, where you are 24 hours a day, seven days lead harry huge glut of innovative technologies over the phone, but can you get e-mail addresses? i am providing new testament

females appear in in the old testament, and got lived in the temple and you have to go there and worship him. in the new testament, god lives in your heart. that is called your mobile phone. i don't have internet access here, but every mobile phone in america as a publicly listed, including yours. with an average of 90 listings on google. if you have a smart phone, and do it. go to school and you will find out publicly listed your fun is. the only that, on certain website, we can target within 154 feet of where you have made most of your phone calls. this is a wonderful tool, but you're using it all the time. and technology is on the other

side, we are behind it. are we are not behind, we are ahead. this is a graphic of -- that number is decrease in 4% a year. we have 350 mobile phones. the number is increased 7%. this is an example of what my company has done. i am promoting a cause right now. whether you are an activist philanthropist and you want some organization that you support to get involved, you are a potential participant in the freedom fund.

what we're trying to do is create an infrastructure with opportunity at the utility. now i am going ddt some examples. in the 2010 election, four of my clients with independent expenditure committees and businesses, we did these females text immobile. we sent 200,000 of these to liberals and moderates and alerts. we have failed to create jobs in southwest virginia. the phone number was a hot link. 97% were delivered in three minutes.

for two weeks, you could not get through. it was distributed over the district. we were employed by independent expenditure efforts to put a radio commercial on a mobile phone by directing it to a phone number. i don't know how many of you have used google voice. you can communicate with people and you can put the sixty second advertisement such as this when you dial the number. [inaudible]

that message was sent to 20,000 targeted mobile phones and was caught the 80,000 times. all within a 72-hour period. this is part of the ranking committee. this is that what american idol

in the district and several of them responded. you don't have to be in your home to get this message. it comes to you. this is a message it caused chaos in the other side camp. they meant to encourage people on a saturday to get out and vote. it worked. he won 52% to 48% in the first time anybody's history. he said that in louisiana is republican. what is the freedom fund? we are employing new

technologies in a land mine that were to identify 100 million conservative voters in the 2012 election. we can do that. i've systems that make 3.5 million phone calls a day. 48 million e-mail text messages a day. our job is to identify babies people that are rome marriage, pro-life, pro-gone, and anti- tax. 50 percent of those people vote and a presidential elections of 13% of america will decide who is the next president of the united states. how to find 10% that are pro- life, pro marriage, and pro-gun. it doesn't matter what barack obama does try to turn out voters, we will turn out new ones. the bottom line is, we don't have the hope for moral

conservative candidates, we can empower them. i talked about the citizens united case. in the freedom fund, you can solicit donations, remain anonymous, and disclosed, and give unlimited amounts. if you are doing well in new orleans and you know you should -- we can keep your anonymous and undisclosed. if we asked commercial questions, you can get a tax deduction because you're getting -- you are doing market research. that is the power of the conservative supreme court. these statistics are things i want to point out to you. please click on the icon so people can see how that works. >> do you intend to vote in the presidential election? >> yes.

>> be think others believe you to be conservative? >> yes. >> should you consider yourself to be a conservative? >> yes. i do consider yourself to be a moral conservative? >> yes. >> what i wanted to point out is that 62% of the people on the lan lan network and 57% considered themselves to be moral conservatives. 79% said the fiscal conservatives. there also fiscal conservatives. not all fiscal conservatives are social sciences -- social conservatives. but all social conservatives are fiscal conservatives. it we need their represent them. pro-life, pro marriage, pro-gun, anti tax conservatives. it is an automated system that understands what you can say.

if we got a hispanic response, it will go in spanish. barack obama has what? made it worse. when i hear that louder? his allies made things worse. how have control of the technology. this is something that is controlled by conservatives and available for conservatives in this cycle. we need to act now to make them change their campaign plan. with your opponents react, what would barack obama do if there is an e-mail sent to all 30 million california homes to new york city homes? it said, do you agree with barack obama that israel should give up half of its territorial land? call this number to ask why. it is the white house switchboard.

make them send their money now. barack obama is going to have had $60 million at the end of this month that he has raised. we can spend a dollar and make them spend $1,000. texas, california, florida, and new york. they're the largest media markets in america and 80% of all political contributions come out of those states. if we can turn out those people there, we will cut off the funding base. shape the image of what barack obama is. if you can deliver a message, how do they respond? register and the conservatives said that regardless of what they do, it doesn't matter. we are budgeting $3 million between now and january, we are 1 planned $5 million there after