>> i am an attorney in washington, d.c. what actions are you taking to ensure that data collection under fisa is revealed to the >> the fisa statute itself requires the disclosure of information and certain types of proceedings, particularly criminal proceedings. where it is to be used in a criminal prosecution, there is an obligation to disclose that. >> matt has it right. it might be worth noting that between 2008 and about a week ago, the government never gave notice to any criminal

defendant, even though it now appears that faa fisa amendment acts were used in criminal prosecutions. there was a great story about this by charlie savage about the fact that the solicitor general, when he argued to the supreme court, represented to the court that fisa amendments act requires removal defendants to receive notice when the government is prosecuting them on the basis of evidence derived from the fisa amendments act. it turns out not to have been the justice department's policy. their policy was to deny defendants notice, even in circumstances in which they were entitled to it under the statute and constitution. they have changed that policy,

which is a good. >> it seems there is a disconnect between the justice department and some of the security agencies about what has to be released and what can be done to ensure what you have said. that data needs to be revealed to the defense. >> i do not think there is a disconnect between the department of justice and the intelligence agencies. the department of justice makes the decision as to what is disclosed and what is not disclosed. there was never a case in which evidence -- we are talking about only fisa amendment acts. there has never been a case in which evidence obtained from the fisa amendment acts -- the department of justice has made determination of when they are going to notify.

that is their call. it is up to the department of justice. >> does the department of justice have to work with the agencies in determining what data was used in the prosecution? >> they know. it is their prosecution. >> marc, did you want to comment? >> there was a description of the use of fisa evidence in investigations. i just want to put in -- to push

that. is my recollection correct? he was saying there were circumstances where the government did not want the defense counsel to have access to fisa derived information and there were procedures within the act to provide affidavits to the courts in support of the type of information that had been obtained to establish whatever legal standard was necessary to go forward. is that correct? >> there is a difference between the issue of providing notice and what happens after that. it is true throughout fisa there are materials that are provided to the court that are not necessarily provided to defense counsel. that is correct. >> there will be circumstances where there is evidence that is

not available to defense counsel? >> it is a difference between provision of notice and what happens after that. there have been circumstances where there is information about that evidence that is not provided to the defense counsel. >> i do not think there has been any criminal prosecution since 1978 in which criminal defendants have obtained access to the underlying affidavits and warrants that were underlying the fisa surveillance. this is routine in foreign intelligence prosecution. defendants do not have access to the information that would allow them to challenge the constitutionality of the surveillance that is being used to prosecute them. >> thank you. another question? >> this is probably for mostly matt and bob. in documents released last night, they revealed there were

some oversteps, including 200 analysts from cia who were given access to reports derived from some of this information that should have been walled off. how have you changed that process? we have read these older court cases that have been released piecemeal, in which nsa turns itself in for violations. has it gone any faster from flash to bang in detection of a problem and reporting it to the fisa court? if you're trying to win back the public's trust, can you show me that you are getting better at policing yourselves under these laws? >> as a result of the compliance matters that have been released,

the nsa revamped their approach to compliance. they put in a director of compliance, they have a staff of 300 people who are devoted to policing compliance. i think the nsa has made substantial procedural improvements. they're in the process of hiring a privacy officer. the answer is yes. i think they are doing better. are they perfect? no. you have a system that is run by human beings, they're going to make mistakes. you have stuff that is technologically complicated. everybody has computers and every other day you get a notice from some program that says an update is available, please download the update. every time a communications provider updates its processes, it may have an impact on how the nsa's lawful collection is impacted.

having been a nsa, this is something that has happened over time. the nsa has improved its structure. there is now i compliance officer who was responsible for the compliance programs. the complexity of the landscape and over the course of the last 30 or 40 years, what nsa does post-9/11 has touched on the domestic side of communications. it has been a challenge. having worked at nsa, it is hard for us to find conscientious and

rulebound workforce. i have a lot of confident in their abilities. >> if the rule says you can collect everything, it's hard to violate them. it is remarkable how many violations there have been given how broadly rules are. it is important to keep both of these questions in mind. not just are they complying with the rules but what are the rules and are those the right ones? >> just -- to take a step back i think we're in the middle phase of a three phase warm. the first phase of fisa reform was a period of secrecy where people like me said the fisa courts were rubberstamped. i was wrong. from the disclosures, i understand there is pushed back

and a dialogue. we have the publication. we are learning more. we're learning about how the court interprets legal opinions. this is a middle phase. there has to be a third phase. we have to be able to act on the information that has been made public, that we are now debating, to put in place the reforms that are necessary. this comes back to laura's work and the purpose of these meetings. your question is a middle phase question -- what do you think about what happened? it is interesting. more interesting is going to be what happens next. >> next question? sir. >> hi. commander paul walker. i am a jag with the navy. the statements regarding the

vast chasm -- i want to address that and turn it to a question that might set up your next panel regarding the future. and the last 35 or 40 years, smith comes right after a year of fisa being passed. this vast chasm you refer to has been expanded through judicial interpretation cases coming before the courts. the third party doctrine is not limited to just business records and informants. as someone who has clerked at the district court level, i do not find the statements judges are would not look at that and analyze that opinion to be fairly credible. i think that any judge will be doing that.

i think you have a fairly settled case law where many courts have said mandatory courts have said in addition that there's no reasonable expectation of privacy in those materials, and we give that up all the time intentionally because of what the court has said. i would ask, though, that in light of jones where at least one member of the supreme court has called into question, you know, the feasibility of maintaining that position on the reasonable expectation of privacy, where do you think, jemele and mark, that the court might this jurisprudence in the future? >> well, first -- >> we know where we'd like them to take it but where do you

think they will take it? >> well, i disagree, i don't they smith v maryland controls this case. i think that was a narrow -- it was a narrow-targeted surveils of a person can't suspected of a crime with primitive technology. we're talking about something very different now. i will i think there's room -- how the value 2008 -- the idea that smith controls this case, i don't -- to use your word, i you don't find that credible. >> but i think that's an overstatement, too. i mean smith and -- there is no case out there in which the supreme court has said dragnet surveils remoting you reaccidentalibling this is well, i mean, we can debate that for a long time, but let

me just go to the second part of your question about jones. you know at least one justice in jones. i would say five justices not just judge sotomayor but alito's view that there is a new threat to privacy presented by the aggregation of all this information that we make available to the public in some sense. or third parties and i think there's five justices in jones who are basically saying that the mere fact that you release or surrender your information to somebody else or even the mere fact that you surrender your information to the public doesn't mean that the government can aggregate all that information, analyze it without worrying the fourth amendment will be implicated at all.

those five will justices endorse that and that the fourth amendment is not indifferent to that kind of analysis. what that means for the fourth amendment to have been implemented by that is still i think an open question and something i think the lower courts are going to have to deal with and a question i think we will have to deal with in this case. because the constitutional question here is whether the government -- i know bob doesn't like the world but dragnet analysis in this even if the kind of narrow surveils -- >> so i think it's important to note that even if you assume that the -- in jones is in fact going to be the law, what jones was talking about was a very different situation here jones was a situation -- what was different in jones according to the justices is whether you were collecting so much information about a single person that that person's

reasonable expectation of privacy may have been invaded but we're talking about here a situation where you're collecting an information about lots of different people but in terms of the fourth amendment law, the question is as to each of them has their expectation of arrive cri been violated? and i think it's a very different propist decision to say my expectation of privacy has been invaded because information about jameel and other people in this room has been collected. the fact of the matter is every case since smith v maryland including last week a case in california directly talking about the section 215 program and the contents of a criminal case has held that there's no reasonable expectation of privacy held in this. that's not to say there's no privacy interest and as i said that's why we have restrictions on this.

but for fourth amendment purposes this is not protected, whatever may be the case in the future. >> i mean, you've asked a great question, and it is sort of the looming question as you move into the substantive realm of the future of the fourth amendment, i have not doubt that when the supreme court reaches smith v maryland there will be a different result. and you see the shadow majority in jones which is the concurrence of sotomayor and alito opinion but you also see in it in the dog smith case where she actually tries toe fwridge reasonable expectation of deprive cri doctrine with the -- i think the court is anticipating that there will in fact be a change. i worked on the amendments to the wiretap act back in 1986, we were well aware of the smith decision and the plates the pin

register and trap and plates to overturn smith v maryland so it's actually odd to me 25 years late tore see this tangible records provision with fisa being used effectively to run what congress thought it had addressed in 1986, but here's my point to pull a couple key issues together i think in our modern digital age and knowing the value this information does have to the government and the conduct of surveils, a wiretap act the almost upside down. we protect the content of communications for historical reasons. we give the transactional data associated with communications minimal -- but the content is not as easily processed. it doesn't show the timing and consequence of events which in

a digital world is much more revealing. but i think we as a society through the courts as well will need to confront the fact that it's actually the digital data that poses a greater privacy risk than the underlying data. >> thank you. so we have reached the end of our time here. i would like to give each panelist one opportunity to say one more thought before we leave the panel if there's anything that hasn't come up that they have not addressed, we'll start with jameel. >> think i have said whatever i want to say but maybe i can respond to what he said. [laughter] >> i would take this back from my perspective to an operational side. when i was in law school in my first year, it's always better

in a to make up the law than to look up the law which i thought was an inspiring thing to say to law students but it's a dubious less on the those of us on the he practical side now. and sour job so protect the country. that's what we do at here so we need take full advantage of the legal authorities that are in place to do that. and and it's very useful and i applaud georgetown and you, laura and it's very thoughtful to have marc and you here to an tor you think about where we are going. but in the meantime we in the government need take advantage of these authorities as they exist, and we need to have some

certainty about that. that's what i'm concerned about right now in a word it's an unstable place and marc and jameele brought this up. some may be hesitant to take it to the line. so i look forward to the time where we have the full faith and trust in the american people in these racketivities and we can go about the business of protecting the country. >> thank you. bob? >> i think that what i would to suggest we need to consider is what's the best way of one hand to get the intelligence community, the information it needs to protect people and on the other hand to protect privacy and kivel liberties together because the history of intelligence over time is a pendulum swinging over -- why didn't you do more to protect us and what? but we're swinging towards the latter side of it and it's going to swing back. there's one model that would say the way to achieve these

sbothe by putting very strict limbalations on what the intelligence community can collect and say you never get to look that the information. there's another model which i think we have applied so far which is allow the intelligence community a broader look at the expectations and then appropriate oversight to ensure they comply with those. neither system is perfect and neither is a way of acquiring information nor protecting privacy but i think those are the two competing models that we have to balance in terms of what the proper way to go forward is. >> thank you. marc? >> i'm just going to close with a big picture comment and also express real gratitude and respect for bob and your role because it's a whole different world to be responsible for outcomes and i do understand that. but at the same time let me

tell you what really concerns me. i think there are institutional dynamics and powerful tech in a logical changes that are her -- technological changes that are driving us toward certain outcomes. where mass surveils becomes al fact where decision making is increasingly scrutinized and the logical decision sincere made secret. and i think if we don't take this moment based on the information we have obtained to put in place some robust safe guards and structural reforms, what might evolve over the next couple of decades will really be quite scarey. and to give you just a little flavor of this, what we do over at epic, we're trying to understand, for example, why do certain people get pulled aside for secondary screenings at bag check? why are some not?

there are reasons but largely kept secret and applied to a large number of people under counterterrorism there's a. that logic can expand just like logic's logic in 215 that having a lot of data in place when you need it justifies what you need before an investigation gets under way and we need to prevent ending up at that point. >> thank you. [applause] >> here is some more about the

nsa surveillance program. here is an article by "the new york times." that is democratic senator ron wyden pushing for laws that would limit the data collection programs. it would bring more transparency to intelligence gathering. there may be an opportunity for these members to attach their provisions to the annual pentagon policy measure, which will be considered in the sent -- in the senate. would createndment exclusion requirements, including public reports on the frequency of cell phone tracking and how many times the nsa itself violates its privacy walls and safeguards. and more on information gathering. this week on newsmakers, the with armedry budget an services committee chair wrap --

chair are presented of mac thornberry. >> now with what wiki leaks has will any of those allies ever again cooperate with -- united states the echo >> the united states? >> i don't know, if i were them you would have to wonder about it. we have very limited resources. key factor in our success has been working with others and cooperating and coordinating our efforts. anythingthink that they send to us is going to be leaked out in some ways. they're going to cooperate less. >> another consequence that might come from the revelation of the surveillance programs is the white house fairly

considering the nsa director keith alexander. corks it comes from one of those questions where i think you should not have a knee-jerk reaction. you should think about the nsa, cyberp between command, and the leadership of both of those entities. in last year's defense bill we required a study of these issues and what that relationship would be. at the pros and cons of separating them out, we have not gotten the results of that study yet. are not just about responding to the last week's deadlines. they have major consequences for our ability to protect our people from also to threats.

as the reason i think we should do it in a deliberate way, looking at the pros and cons with cool best judgment. >> you can watch more of our interview tomorrow at 10 a.m. and 6 p.m. on c-span. after newsmakers, the awards ceremony for this year's presidential medal of freedom winners. 16 people were honored, including bill clinton. we will have that here tomorrow at 10:35 a.m. eastern time. >> i thought it was fun to have a little view of history of a time in america that was not instructional. it was a bit more anecdotal and a little bit more archaeological, meaning random. photosbunches of weird and then the captions explaining

them. i had a vision of high school students loving history if they flipped through it. >> from the world of cable to that of author, sunday night at eight. >> next on the hearing from creation and regulation of digital currencies, which allows people to exchange good and services without using real money. this portion is about an hour. >> i'm going to ask you to find your seats. it looks like we have our witnesses lined up. we thank you for joining us today. let me take a moment to introduce each member of this

panel. witnesses as my notes here say. the presidentis and chief executive officer for the national center for missing and exploited children. he also serves as cochair of the digital economy task force, which focuses on the benefits and risks surrounding the digital economy. murck from the general counsel of that coin foundation. foundation.n his expertise extends across the legal and regulatory issues regarding the use of virtual

economies and alternative payment systems. he is also an international investigative journalist. is jeremy alness the founder and ceo of circle internet financial, promoting mainstream adoption of virtual currencies. he also serves as founder and video one of the largest platforms online in the united states. our final witness is jerry bri to, senior research fellow at george mason university.

he also serves as an adjunct professor of law at tort ration university -- at george mason university. copyright and the regulatory process. welcome to each of you. your entire testimony will be made part of the record. i said to the first group, you're welcome to summarize it if you would like. try to keep your comments to about seven minutes. i will have to train you in. -- terrain you in. >> thank you, chairman. a digitalunched economy task force with thomson reuters, the global media information company. that was created as a result of a conference we brought together in june with private sector leaders and government officials to look at this larger problem. the task force that is working on this issue today includes the bitcoin foundation, the gates

foundation, the brookings institution, the cato institute, law enforcement leaders from around the world, and many others. our goal is to bring people together and work toward a reasonable balance -- reasonable, balanced, and effective solutions while addressing the economy's misuse. will issue its final report in february. let me begin by saying we are enthusiastic about the potential of virtual currencies and the digital economy for social goods, particularly in bringing about financial inclusion for the 2.5 billion adults on the planet today without access to banks, credit cards, and the mainstream financial system. however, as you pointed out today, there are risks. our merry concern is the migration of child pornography, child sexual exploitation, trafficking, and other criminal enterprises to this new economy.

and we believe it is happening for three primary reasons. the first is anonymity. the second is that this is again economy that the lungs to no is an economy that belongs to no nation. complyeve most countries to existing currencies at exchange level, the point of which virtual currencies are traded for dollars, euros, pounds, or yen. over the past year i have consulted with law enforcement and financial experts around the world about this issue. they advise, as it relates to that childncern, pornography is currently being usingd and disseminated virtual currencies for payment. it is aten to add that

lower threshold of volume then drugs and other criminal goods. however they call the use of these technologies for child pornography significant because they principally involved the actual producers of the content, who are producing the content using virtual currencies for payment. in august, the owner of freedom hosting, which the fbi called the largest facilitator of child photography on the planet, was arrested. freedom hosting maintains servers for a number of the deep web child per novelty sites -- child pornography sites. it digital except currency for payment. law enforcement -- all of them accepted digital currency for payment.

bitcoin, all the transactions are visible and transparent. the challenge for law enforcement is to go from that transaction to an actual person. challenge that we have learned in our consultations with global law- enforcement today is growing internet anonymity. read, there isne a secret internet for drug dealers, assassins, and pedophiles. silkincludes sites like road, but it also includes sites for the purchases of weapons, assassins, and child pornography. what i hear most from law enforcement today is frustration. the primary investigative technique -- i have been told --

law enforcement is using to investigate these offer -- infiltrate these operations is infiltrations. -- to investigate these operations is infiltration. reststhere are some way -- some arrests, most of the arrests are those who use the technology improperly and leave a trail. anonymousect to a non- ip address. even the silk road involved in offender who made a series of mistakes that made it possible to bem to be -- for him identified. my concern is with the existence of law-enforcement tools, we are not catching those most sophisticated or high-rise commercial invest -- high-rise criminal and that -- criminal offenders.

we hope to learn from the techniques that were utilized by law enforcement to penetrate freedom hosting. future, the pace of innovation will quicken. there will be new technologies and the intensity of the effort to achieve total internet anonymity will increase. do.ask what can congress i think there are four things. first you can ensure that existing law and regulation, focusing on the point in which virtual currencies are being exchanged for conventional currencies, are used. secondly, you can press for global cooperation. flowal economy funds locally, network to network, not nation to nation. this is a problem the u.s. government cannot solve alone. thirdly, you can ensure that the response of government to this butile, emerging, high risk

high reward area is not so true colony in -- but not so draconian -- addressyou can help us the core challenge, internet anonymity. for all its importance in protecting political dissidents, journalists, and others, we are very concerned that an environment not be allowed to which child exploiters and traffickers can operate with no risk unless they make a mistake. ago, then secretary of state hillary clinton said, on the one hand anonymity protects the exploitation of children. on the other hand, anonymity protects the free expression of opposition to her for self -- to repressive governments.

she said we should air on the side of openness wall recognizing there are going to be exceptions. that is the challenge, to determine how anonymous the internet can be from the perspective of government. internethat absolute anonymity is a prescription for catastrophe. >> thank you. mr. murck, welcome. flex good. i am pleased to have the -- >> good afternoon. i am pleased to have the opportunity to speak with you today. i am a founding member of the bitcoin foundation. i have been and execute if and legal business owner for a number of digital currencies. the bitcoin foundation is a ofber driven nonprofit

business and individuals contributing to the overall bitcoin ecosystem. our membership is comprised of many of the top entrepreneurs and technologists working to make bitcoin a success. is to promote, protect, and standardize the use of distributed for use currencies. and free used currencies. there is no bitcoin company that manages or controls the software or its operation. the software is maintained by a community who volunteer open- source software volunteers -- who volunteer open-source software engineers. most basic level, bitcoin is an internet protocol. it is e-mail for money. operates a protocol decentralized store of value and opens a transparent payment network that is secure, efficient, and low-cost. the bitcoin network can operate without any third party

intermediaries and is a highly innovative global financial system unto itself. in the near future the but coin -- the bitcoin protocol will facilitate the advance payment and additional nonfinancial services, like identity verification and property management. open heart is a tory systems like bitcoin will produce many economic and social benefits. this can reduce -- and private a safe score of wealth, in addition to global transaction networks, that cannot be corrupted or used for those that seek to exploit or harm others. financial exclusion is a u.s. problem. it is not a problem for the global south. there is a rising tide of under banked people in our borders.

access to financial services directly correlates to increases in dignity, liberty, and self- determination. bitcoin can help people move trapped in a cash they stood -- cash-based global economy to digital economy. ise any technology, there the potential of abuse for the system. the law enforcement community methods to develop new to investigate the network. this does not mean it will be any harder for the misuse of the bitcoin network than existing financial systems. as we have heard, in bitcoin's short history, law enforcement and regulatory agencies have had a string of successes already. rather than labor over the headlines about the misuses of misuses ofthe bitcoin, we should be adapting investigative techniques to

increase digital and open network world. bitcoin network safe is all of our responsibility. efforts are underway to prevent abuse. are you, mr. chairman, we looking beyond the silk road. when the alleged operator of that black market website was arrested, a long and sustained rally on the price of bitcoin occurred. decentralized currencies like --t point -- like bitcoin the transaction ledger allows bad actors to shroud their activity. decentralized systems of open ledgers are inherently transparent and may prove too difficult for use in any large- scale activity. address law enforcement concerns, we must bear in mind because of this open and transparent architecture we need to consider the privacy of law- abiding individuals. out, it coin's

public ledger system, may be so revealing that the larger problem with bitcoin is not anonymity for criminals but the abiding people- have maintaining their own privacy. but coin is not some magical cloaking device that simply allows criminals free reign. the unique coin pose and unsolvable threat of law enforcement and regulatory communities. the use of bitcoin is not regulated. in fact, bitcoin service -- iders for these potential competitors, be they angst, financial service companies, it coin also represents an opportunity for them to start innovating again. these institutions have a deep understanding of the controls and risk management necessary to safely handle the bitcoin transactions and secure consumer bitcoin accounts. instead of what we have seen is a chilling effect through the banking industry as bitcoin

companies try to gain bank accounts. the united states has a strong interest in maintaining its place as a global leader in developing cutting edge technologies and spreading individual freedom or liberty around the world. economy is a symbol of good growth. applying consistent rules and regulations that encourage technological experimentation is critical to a vibrant entrepreneurial community. this community's work is -- forbly helpful for to the digital economy in general. as one member of the bitcoin foundation put it so sustainably, if you give us clear rules we will follow them and fill jobs. development of clear rules appears to be happening faster

at the federal level than at the safely -- then at the state- level level. we encouraged by leadership in states like california and georgia. we believe a healthy and respectful dialogue between key stakeholders will help ensure the substantial benefits of the digital economy are mets will mitigate many of the risks. in particular we would like to thank simpson for opening up the dialogue with the bitcoin community and demonstrating leadership on this issue both at the federal and state level. -- it coin count foundation continues to open its dialogue and thanks the committee for being able to participate. >> thank you for hearing my testimony this afternoon. allaire, and imy am the founder and ceo of circle financial -- circle internet financial. i have been building internet

software platforms and online services companies for 20 years, having founded and lead -- having founded and helped to lead many global companies and hundreds of thousands businesses globally. i'm here to testify because i believe digital currency represents one of the most important technical and economic innovations of our time. specifically, digital currency introduces advancements in electronic payments and money itssfers, potentially ariely lowering costs for businesses around the world, decreasing fraud risk for consumers, increasing consumer privacy, and expanding the market for consumer financial products on a worldwide basis. earlyechnology moves from adopters. it is critical that federal and state governments understand how bitcoin fits into existing regulatory guidelines and how to apply them to digital currencies. the should uphold consumer ensure that-

criminals and bad actors find it increasingly difficult to utilize these platforms and to provide contacts -- context clarity to digital currency. it is clear over the past 20 years the internet has been at the center of global economic innovation. havethat open platforms transformed media, software, education, commerce, and retail. for a friday of reasons, the technology and business models on finance have been insulated from similar transformations. (form approach on digital currencies, specifically bitcoin, provides an opportunity for the same level of innovation and advancement it forms a currency, trade, payments that we have seen on others. specifically our payment system is inefficient and very much

tilt upon system processes that predate the internet. result in higher costs for consumers and economic interaction. systems have excluded in norman spaces of consumers who have remain under combination of ubiquitous internet connected mobile devices and digital currency presents an tremendous opportunity to expand on a worldwide basis. payments and money transfers are still operating in the pre- internet era. today we can communicate to almost anyone in the world, including video format at no cost. with instant access to an enormous amount of the world's knowledge, also effectively at no cost. we have access to more media than imagined possible. to send money between friends and family, whether across the table or across the planet takes days and cost a significant amount in transaction fees. to accept payments merchants

must bear significant fraud risks. not to mention the widely perceived high cost of transaction fees. what a re-specifically doing about this? we are building online services for consumers and businesses to -- welie -- to easily use intended to enable them to purchase, store, send, receive, and make payments using bitcoin. for businesses we are providing tools to help them except digital currency payments. toare fully committed applying all laws and regulations and establishing comprehensive risk protocols. we are developing our platforms to provide high levels of security for users and providing industry leading approaches to -- moneyidentity

laundering, regulatory advisors, and experts. first of all, as it has been made clear from earlier testimony, i want to emphasize that u.s. regulators and law enforcement are justifiably focused on the potential use of digital currencies to finance criminal activities, including terrorism. the appropriate requirement that bitcoin operators implement bank provisions is also a risk that the government doesn't support innovative companies gaining access to u.s. banking institutions am a which would drive companies offshore and overseas. another risk is businesses adoption of digital currency would be hampered without clarification from the irs on income generated from sales nominated in digital currency.

without clear guidance on consumer protections, consumers and businesses can be defrauded through inadequate systems and risk management procedures around customer funds. another risk is that the united states falls behind on this critical emerging economic innovation. regulatory uncertainty can hold americans back. indeed, a bitcoin exchange in china has become the largest single trading exchange in the world, followed by exchanges in japan and europe. uphold and support our history of america and technical innovation and entrepreneurship in in terms of u.s. regulation, it appears to me that federal and state regulators have ample statutory authority to adopt regulations to take enforcement actions and to protect in -- and to protect and enforcement

actions have been constructive. we stand ready to assist him in their ongoing efforts to adapt regulatory tools to new digital currencies. i believe we are at the internet of another let transformations, this time in our global financial system. there is a real opportunity to foster that economic change while simultaneously putting into place safeguards that only government can enable. that concludes my prepared testimony. >> thank you, that was very helpful. we are delighted to hear you. >> thank you for having me here today. discuss virtual currencies in general. ofis it coin that has some the interested in this topic. online virtual currencies are nothing new. they have existed for decades from world of warcraft to facebook credits. these are all examples.

what is it about it coin and other currencies that make them unique? it is safe to save -- safe to say it is a remarkable achievement. it has decentralized part of that sentence. in 2009,the invention online currency or payment systems had been managed by central authority. with her it was facebook issuing facebook credits or paypal ensuring that that transaction between its customers were reconciled. by solving a long-standing conundrum in computer science, bitcoin makes possible transactions online that are person-to-person without the need of an intermediary between them. this presents potential benefits for consumers in the economy, as well as challenges to law enforcement. because there is no central

authority, there are little to no fees associated with those transactions. it coin is not a proprietary platform but instead an open network, entrepreneurs need to know permission to experiment or innovate new products and services. on the flipside, law enforcement has long relied on financial intermediaries to help detect, prevent, and investigate illegal actions. it coin transactions can have known intermediaries and because they are not tied to identities, it is not surprising we have seen bitcoin employed interest -- employed in transactions. it is also not difficult to imagine how the technology can be applied in money laundering. 3-d printing can be used to lifesaving medical

devices. the challenge for policymakers is to address the risks posed by emerging technologies while doing no harm to the innovative potential of that technology. cases, where emerging technologies pose risks, they're already regulations of general applicability that address many of those risks without the need for laws targeted at the specific technology. this is the case of bitcoin. -- merchantsions that accept the clients will often use bitcoin payment processors. there is a fast-growing ecosystem of start up exchanges and escrow services. these are subject to money transmitters, including state licensing and registration , including customer suspicious

activity reporting requirements. at one point serious criminals are more likely to accuse a centralized -- likely to use he centralized currency run by amid -- run by an intermediary rather than the centralized currency like bitcoin. while the online black market still grow to, bitcoin's estimated to generate more than $202 million in drug sales, the centralized digital currency is believed to have moderate more than $6 billion related to credit card fraud, identity theft, computer hacking, and child property. bitcoin was the payment system for criminals online and was designed and managed by creators . we are making sure he can reap the bitcoin's potential and allowing it to develop and make sure that entrepreneurial

innovators can easily comply with existing regulations. alternative, promulgating special regulations for digital currencies or otherwise making it more costly to operate in this space can have two unintended consequences. might mean feeding the network for ongoing -- and second, the united states could lose its head start and big regularthe next industry if it establishes a regulatory regime that handles it coin in other countries, like china and germany, looks for ways to develop regulatory frameworks for bitcoin. regulatory law enforcement agencies seek to apply existing laws to bitcoin, they will face the challenge that bitcoin is not a company with an easily identifiable executive. instead it is an open-source project and community. the bitcoin foundation is

essential to that community but it does not encompass the whole community. as new guidelines and procedures are developed. -- are developed, policymakers should listen to the public to ensure that they benefit from a wide range of perspectives. thank you for your time, and i look forward to your questions. thank you very much for joining us today and for that testimony. if you were here during the testimony of the first panel, you heard me indicate that one of the things i like to do when addressing an issue like this around which there is not a great deal of consensus is to use these hearings this opportunity to see if we can develop some. i felt we made some progress with the first panel. i am hopeful that we can do that -- replicate that with this second panel of witnesses. toward that goal, let me just ask you to reflect on what you've heard from your colleagues on this panel. just tell me and the staff

members that are here, whoever is watching on television here in the capital or outside the capital -- where do you see the agreement among the four of you? the perspectives you share with us, the opinion to share with us, what do you think is the general agreement? second question, do you think there is not agreement, and natalie go about recognizing -- reconciling that lack of agreement if we can? >> senator carper, i think there is raw-based agreement about the potential of the digital economy and virtual currencies. i think there is absolute agreement that there is enormous potential for good, and this is an emerging technology that needs to be protected. i also think there is clear agreement that we can't just ignore the misuse and that the

economy anddigital virtual currencies jeopardizes the viability of virtual currencies in the longer run. so i don't think there is disagreement at all on those points. -- i alsotes to areas do not think there is disagreement on the need for basic regulation using the existing tools. the application of aml, the application of money translator laws at the exchange level, know your customer, those kinds of permissions. i think maybe the greatest challenge -- the greatest area that we have to grapple with is how do we enforce the enforcement techniques to deal with the issues while preserving , and thetial long-term

fact that this truly is a global phenomenon? -- the something that guidance on this was just issued in march of this year. director jeskeat talked about, their guidance on this issue was just issued this summer, i think in july. so my sense is that most of the moneyis not applying transmitter laws, is not applying any money laundering principles. i think the question of how we get from here to there regarding an area that there is not great knowledge and understanding about is really the issue that the four of us would have to grapple with. >> thank you. if youestion, mr. murck would. what you see as excessive, agreement, where do you see a lack of back, and had we go about reconciling that lack of consensus? partwill take the second first. i do not know that we've heard a lot of disagreement or anything

that we would generally disagree with from this panel or even really from the first panel. i was heartened by that. correct,hat ernie is that as we move forward, i think an open dialogue is good so that as disagreements to crop up, and they likely will, we can address them quickly and in a safe and sane way. as to where we have agreement, i think what i heard from the other panelists is there is a real need to create on rants into the traditional financial system. that by creating those on rants, especially here in the u.s., you help to protect the system from abuse. the biggest obstacle for that happening today is not from regulation or from law enforcement -- it is from the ability of businesses in a space to get bank accounts and to be integrated into the banking system. there is currently a chill in the banking system and the banking industry that is preventing businesses from hitting just simple -- even

simple checking accounts. there are stories that if you have the word bitcoin anywhere near your name or documentation, you will immediately -- your application will be immediately placed in the circular file. so i think there is a need to withinsome leadership the banking industry to make sure that these companies are on board it into the traditional system where some of the protections are in place already , and the illicit activity can be dissected and rooted out. >> good, thank you. mr. allaire. >> i would like to echo some of the other panelists' comme nts. i think there is consensus that many of the regulatory frameworks are sufficient and appliedpride -- being appropriate. i think the open nature of this

technology, this development, use, oversight is a very positive framework. i do think that there is some tension around the question of the balance between anonymity and privacy and whether there are us that are required -- whether there are new laws that are required to address that in some way. i think -- you know, eyes i stated in my comments, we are very focused within our business on having very deep levels of identity verifications, so we've view that as critical. there are others who do not have the same kind of regulatory regimes, and are there other things we need to be thinking about, other tools for law enforcement they can address some of those issues? i think that arena needs additional and careful consideration. >> thank you. mr. brito? >> there certainly is rod

consensus and i was very -- broad consensus and i was very happy to hear the first panel. where there is agreement, i was very interested in listening to the gentleman from the secret service who said that in fact it is centralize currencies that pose the greatest risks as far as money laundering and other illicit uses, and a d centralize currently like bitcoin, because of their nature, was not a greater concern. to pick a point of disagreement, ms. ski sort of -- you take issue that u.s. businesses might move overseas seeking a better regulatory environment, i think her suggestion was that if somebody leaves the u.s. seeking lack of regulatory treatment, they will find it. it will catch up to them. i think the danger is not that

somebody who is trying to locate an illicit business is going to use the u.s. the dangerous entrepreneurs looking to buy do not find it regulatory environment that is amenable here. that is something we do not want. >> ok, to i. i want -- to white-haired i want to go back to mr. alan, i think -- ok, to white-haired i want to elect mr. allen. i will probably ask mr. allaire to leadoff and respond to this question, but the issue or guidance earlier this year, i think back in the spring, stated that the virtual currency exchanges and administrators would need to register as a money service business and apply for money transmitter licenses in the 48th states that require

such licenses. i want to ask you just to focus on this for a little bit. of you have already alluded to this guidance. you to give me again your thoughts on the guidance. the approache that is a good fit for virtual currency exchanges or other version -- other virtual currency? mr. allaire, i am told that your company has registered and apply for money transfer licenses in several states. maybe if you could offer the first response. >> sure. business that is going andandle consumer funds manage those it is going to interact with the banking system should be compliant with the rules that have been set forth through the bank secrecy act to protect consumers and ensure

that that actors are not able to operate. in general, we very much think that these are appropriate think the, and i digital currency business is -- from an entrepreneurial perspective, may be different from other internet businesses. to lessen build a photo sharing app and put it on the web to get one billion users. i do not think it's appropriate that two guys should be able to build a financial services business and operate that without a sufficient investment to protect consumers and protect society. to beelieve the parties higher for financial services businesses in the u.s., and that it is not realistic, which i think some in the entrepreneur community would like to see regulation, which does not require that level of compliance. i do not think that is realistic. company anded the stock capital to build this company, we understood that the bar was higher, and we raised a sufficient capital to be able to

launch our product and service in a compliant manner and hire the professionals and staff and put in place systems, protections that were critical. we think it is appropriate. there are challenges with how money transmissions licenses are granted in the u.s., the broad number of states, the divergent approaches that each state might take. i do think that creates complexity and could be argued to be an unnecessary regulatory burden, but that if the system that we have and that if the system that we are pursuing and operating within. >> good. thank you. mr. allen, do you want to chime in? >> yes. just briefly, i agree totally. the guidance is focused that the exchange level. it does not apply to users, only to those -- it is an application of basic money transmitter law. i think it is an appropriate use of the law, existing law, and i a reasonable

approach. i agree with him the one of the challenges is creating consistency and uniformity because of our federal system and the fact could be 50 different approaches, but that is not unique to this issue. >> to white-haired mr. -- thank you. mr. murck? money 50 state transmitter license regime has come up. i do think that states have an interest in protecting their consumers. at the same time, it is a bit burdensome, and it hasn't slowed down roberts in the u.s. i do not know what the answer to that question is. eu,ow any you -- in the they of reciprocity, and if you obtain a license in one country, you can have it is another as well. perhaps it is a from work that would work here, but that would be less -- best left to the legislative ranch.

small point regarding the guidance. i think it is great clear as it applies to exchanges into administrators of a virtual currencies -- i think it is less clear when it applies to users, for example. if the guidance says that you are not required to register -- if you are acquiring, say goodsn, in order to buy or services, let's say for example that my mother is from spain, recently i helped her and itsey back on, cost 5%. what if i were biting bitcoin -- buying bitcoin to remit money overseas? covered.ot i think the guidance could have a further explanation, and i think if any further litigation were to be put to public comments, they would i think get all the wrinkles out.

>> thank you. to the vice you if i could, mr. i understand your organization, the international center for missing and exploited children, is one of the forerunners in bringing together private and public stakeholders to talk about virtual currencies . if you would, first, who was involved in your working group and why did you form? >> mr. chairman, we formed it we had several years ago a very positive experience in bringing together financial industry leaders around the fact that the mainstream financial system, the mainstream payment system, credit cards were being used for the purchase and distribution of chopper not her feet. -- child photography. -- pornography. i called the credit car companies and said how is this possible. they said show for us where the merchant may get, where the account resides -- this is an

illegal use of the payment system, we can stop the payment that should on the account. so we brought together coalitions in north america, europe, and asia and had enormous positive impact. there was a dramatic decline, but as i began to talk to law enforcement and other leaders around the world, what we determined with that we did not end it, we just move it. and we were seeing evidence of a migration of these kinds of the legal operations into this new economy. in an effort to simply understand it better and to determine if it was a problem to use that same model, to bring leaders together, private sector leaders together to try to develop shared, common sense solutions, that is why we joined with thomson reuters to create this task force, and it includes the bitcoin foundation, it

includes the gates foundation, the brookings institution, cato institute, vital voices, a human rights group, it includes multiple law enforcement groups and resources. the intent was to bring people together, better understand the problem, and search for common ground. that has been our process. >> let me just wallow it up. hugh partly answered this question, but i want to ask it anyway to her to share with me what you have been able to learn from the dialogue you facilitated, especially as it pertains to the exploitation of children around the world. we have really learned a lot in a short time toured one of the challenges is most of the evidence is anecdotal because relatively few cases are being made. in terms of the absence of

investigative techniques to probe these kinds of things. thatnk we have learned there is broad-based interest in searching for and finding reasonable solutions that work. wasave learned -- as pointed out earlier -- that the digital economy is far broader than bitcoin, so the issues we're focusing on are not just bitcoin, but for example 22 million users today of russia's web money. we talked about liberty reserve in the case that was made there moneybillion in illegal laundering. we are discovering it is a complex issue, but i think it is one that is addressable. i think the most encouraging itng to me is i now believe is addressable using many of the tools and laws that we already have in place. one of the biggest challenges for policymakers is simply to increase the level of awareness

so that countries around the world will begin to use the tools they already have. >> that is part of the reason we're having this hearing. so good. i was talking to a fellow who goes to the same church we do who is in the auto business and sells a lot of cars in our state. he was talking about the work of the consumer finance protection bureau, establish a couple of years ago hopefully to look out for the interest of consumers throughout this country in a lot of different ways. but i want to focus a little bit on consumers if we could. virtualeen told that currencies pose a number of questions as to their use by consumers. i have maybe two questions, but

the first is -- maybe we should go up the panel, mr. brito, we will start with you. give us some of your thoughts on whether version -- whether virtual currencies have sufficient protections elton to them for consumers. do virtual currencies raise any additional new issues for consumer protection? do we need to do anything to better protect consumers from fraud or protect consumer privacy is as a result of these virtual currencies? think it is still trying to find its way. as a result of these folks that are at this point participating in this economy really have to try hard to participate in it, so these are not your average consumers just yet jumping into this space. at this point, i think it gives

regulators some time to learn more about the technology, more about what the industry players are doing to address these -- ands, and flaherty whether the existing concerns are enough. as far as opportunities, what is interesting about, especially due to centralize digital currencies, if they provide a new choice for consumers. usey, if you want to electronic payments, you are probably going to use a credit card or paypal, and that comes with fees, sometimes high fees. those fees are important because they provide things like insurance. -- your identity is stolen or something you received is not what you ordered, you can always have a charge reversed. centralized digital currencies are like cash which means there's nothing to reverse, but they are without

fees. they are insured and morris puts it or not insured and less expensive. >> ok, thank you. mr. allaire. >> i think there are many issues around consumer adoption of digital currency. i will touch on a couple of them. we are of the mind that bitcoin as a digital currency offers a great potential to lower the fraud risk that consumers and merchants face on a day-to-day basis when we conduct payments. when we go into a restaurant and give our credit card out or we enter that information online, we are effectively giving out the keys to our bank account to every counterparty that we interact with. it should not be a surprise that we have seen dramatic growth in the amount of identity theft and specifically financial information, rather financial information being stolen and sold on black markets and used for nefarious reasons. protocols like bitcoin reduce that risk because the keys to

your bank account, the keys to your money are never transmitted . that is one of the brilliant aspects of the design of this is absurd there is a potential to lower the financial fraud and consumer transactions and increase consumer privacy as a result. i think those are really key benefits, but there are risks clearly for consumers to think one risk, and this is one that we take very seriously as we look at this, is increasingly because of ease of use, consumers that want to take advantage of things like bitcoin are using online services that essentially host their bitcoin on servers or on the internet. itself, thebitcoin mechanism by which funds can be used is based on keys that we then in turn would store, there is a real risk around the security of funds. we have seen occurrences just in the past weeks of start ups who did not have appropriate levels of security around those funds

where those funds were effectively stolen. i think there is really critical requirements around the safeguarding of funds, the custodian ship of the keys, and best practices and methods to deploy that. the key issues that these cf. be made take a look at. i think the flipside is what i fraud, you dohant not get the product, you got the wrong product, somebody inappropriately used the account, i think there are methods to addressing that within the technology of bitcoin today, and improving and updating bitcoin. mechanisms to provide refunds to consumers, provided transparency around what you are paying for, and there are mechanisms that are not well understood generally but will become available where funds can be held in escrow until a product has been delivered to a consumer. there are ways to address the

merchant fraud risk. i think you can see industry participants pushing forward on that in the coming months and years. >> ok, thank you. mr. murck? >> thank you for the question. there are consumer issues in the currency space. i will reserve my comments to bitcoin. when you look at bitcoin especially, we have not even release version 0.9 yet, so we are not even on version 1.0. it is still a sperm until it should be considered a high-risk environment for consumers and investments at the moment. ast is changing over time service layers are being built on top of the bitcoin protocol to make it safer for consumers to move in. the service layers or technological. referred to as programmable money, so you can build an layers of escrow and disproved -- and dispute

mediation right into your payment structure, which is a very interesting concept as most of the laws that exist for consumer protection in the payment space were built around traditional methods were those were not possible. so potentially you do not need as much regulation on a consumer side in the long-term to the midterm as the system grows up. in the short term, consumers should be aware that this is a high-risk environment, and that potentially it is not quite ready for mass consumer adoption today. that time is coming, but it is not here yet. thank you. mr. allen. >> the other panelists are the experts. i can say that we met with bankers and industry leaders, and they view as i think the panelists do ritual currencies as akin to cash, so there is no fdic, there is not that level of

protection, so i think it has to be viewed as high-risk, and i think the point that the other panelists made about the fact that consumer protections are part of a work in progress were certainly something that we'd to be very much aware of. >> ok. hearing istion, the asking members of our staff to tell me a little bit where did bitcoin come from? who are the creators? i am told that the protocol was developed either by maybe a programmer or by a group of programmers that go by the name toshi nakamoto? is that correct? ok. with all of the money and attention that has been given to bitcoin, it just seems strange to me that this individual or this group would choose to remain anonymous.

what do we know about this person, what do we know about this group? doesn't matter that his or her or their identity remains a mystery? who wants to go first? >> i will go ahead and feel that one for everybody. [laughter] the --i nock amato is -- toshi nakamoto is the one who released into the community. this person or group of people have left the scene, as it were, at least half of the code base from the original code has already been rewritten while i think everybody is grateful for that incredible contribution, at who theynt in time,

are is largely irrelevant going forward. i think that was intentional and possibly why a pseudonym was chosen in a first place. >> does anybody want to add to that, please? brito? >> i just want to address that it is a little strange that bitcoin -- we do not know who the creator is, and so that often conjures up the idea that there is some risk your -- >> you do not think it is al gore, do you? [laughter] >> you know, he has never denied iterative -- denied it. the key thing to recognize is bitcoin is open-source. it is open for anybody to look at, and in fact many smart programmers have looked at it and have given it the seal of approval. said, more than half of the code base has been written by others at this point.

i'm pretty confident that the software is what it says. >> all right. we are just about to start voting. up.ink we will wrap it i just want to say i love to quote albert einstein, not all my colleagues do, but he says memorable things. in adversity lies opportunity. god knows there is plenty of adversity with respect to these virtual currencies that we have talked about. it is not just potential or possible -- it is real. we need to be not just mindful of that, but we need to make sure that we contain it and a lemonade it where we can turn -- can. i only know one quote attributed to mrs. einstein, and i find it sort of relates to my efforts to try to get my head around this whole issue of virtual currencies and bitcoin.

mrs. einstein, who was brilliant in her own right, was once asked if she understood her husband's fury of relativity, and she allegedly responded -- i understand the words but not the sentences. i understand the words but not the sentences. ton i first started understand what this was all about, i sort of felt like mrs. einstein. i understand the words but not the sentences. with the help of our first panel and all of you on the second panel, and with the help of my staff and a lot of other folks at of come by to brief us, i'm starting to understand more than just the words, but a few of the sentences, too. and that is why we wanted to hold the hearing today to better understand what is going on here, the pitfalls that come from this technology, but also the potential value for society

to consumers, to businesses. thoughtid earlier i today was about the working of information, very thoughtful, and it is also encouraging -- it was encouraging. i find that has been true here with this panel as well. so for that, we thank you. whoehalf of my colleagues are not here who are flying in from all over the country in order to make this 5:30 vote, they do not know i am thanking you, but i will thank you, and someday they will thank me for thanking you, i hope. but there is a shared response ability in trying to figure out how to make this work so that we minimize the bad and maximize the good. with that, i think i will wrap it up here, and i am going to

just note that the hearing record will remain open for 15 days, that is until december 3 for questions for the record. i suspect we will have a few peer it you may have a few from nature and you will receive those questions, i just ask that you respond to them probably. again, two hours that, especially john collins, i wanted to thank our staffs both majority and minority staff, and for you and for our first panel for joining us today, and for the work that you have done helping to enlighten us a bid on the subject. with that, we are adjourned, and thank you so much. [captions copyright national cable satellite corp. 2013] [captioning performed by national captioning institute] >> in just a moment, we will take a look at concerns about security with the healthcare.gov website, but for some tweets from members of congress. today is national adoption day, sean patrick smith maloney says of a guy to three adopted children, i hope folks will consider giving adopted

child the gift they deserve today -- a home. and tweets relating to the republican tom, cotton says hope to see you in hot springs that my obamacare thanh -- townhall. and texas senator tom cruise -- texas senator ted cruz says obamacare was fundamentally flawed from the start. i think we need a full repeal. what about you? c-span chat.ag mauro on the "washington journal," we will look at the health care law with george policy, then immigration with michael barone, the author of "shaping our nation you." and the health insurance exchanges under the affordable care act, how they differ from the ones created in massachusetts seven years ago under then governor mitt romney. we will be joined by jon

kingsdale. is live at journal" 7:00 a.m. eastern every day here on c-span. and commercergy subcommittee heard testimony about healthcare.gov from an i.t. official with the centers for medicare and medicaid sentences -- services. the hearing ran about 2.5 hours. >> good morning. i convened this hearing to talk about healthcare.gov. americans want to know the answers to two simple questions -- is my information secure if i use healthcare.gov, why should i believe the administration that it is the echo it has been nearly 50 years since the launch of healthcare.gov, and the website is not function at an acceptable level. this is in spite the numerous problems and assurances the

public was given by the administration leading up to and over several months leading up to the launch of the website. this committee heard directly from secretaries to bilious -- lius,ecretary sebei tavener, and cohen that they would be ready by october 1. those projections were not just limited to the website. we've also been routinely promised the website with a thin that americans -- was safe and that americans information was secure. tavener toles testing was to begin in october of last year and testing was to compete -- to be completed by tober of this year. -- by august of this year. we learned that was on the case. in the to and testing is not possible in the website is not completed. today, we hope to hear from our awareness about how much of the website remains rebuilt. if the first part of healthcare.gov have been this problematic, we are obviously concerned about parts that are

constructed under current pressures and time constraints. the witnesses for our first panel today is mr. henry chao, the deputy chief officer for the center of medicaid and medicare services. we want to thank you for coming in a testifying today. we can only imagine how tressel the last two months of a welcome -- how stressful the last two months have been for you, so welcome. the american people were promised they functioning website as easy as buying a tv on amazon and what guy was a train wreck. the reason trust may be so difficult to regain is that new information showing that this wreck was entirely foreseeable. e-mails showing as early as july of this year, mr. chao was worried that the company primarily as possible for the website, cgi, was "crash at take off." to april ofmarch this year, top administration

issues were well aware that healthcare.gov was far of schedule and testing of the website would be limited. we also learned that healthcare.gov was only launched after the administrator tavener signed an authority to operate, which included a memo warning her that a full security control assessment was not yet construed -- not yet completed. this memo makes it clear that those at the highest level of new that there were security again whilet yet this document was being signed in private. officials were promising that in only a few days, the american people would be able to use a perfectly functioning website. a few weeks ago, secretary se thats told this community standards were in place and people should expect privacy. we hope to hear what those are. of second panel feature some the contractors who were responsible for the security of healthcare.gov, and i thank them

for test fine today. i'm disappointed that one of the companies for security, verizon, chose not to testify today. we will certainly be following so they areon accountable. today's hearing is not just about the website -- websites can be fixed there it would cannot be fixes the damage that could be done for the american people if their personal data is compromised. right now, healthcare.gov screens to those who are trying to break into the system if you like my health care info, maybe you can steal it. but i now recognize for an opening statements, mr. get from colorado. -- ms. degette. >> we must make sure that the data is secure. everybody is agreed on that. the american people must know that their data is protected when they go on the site to find quality, affordable insurance plans for themselves and their

families. this is critical. however, my fear is that today's hearing is less about the facts of the security of healthcare.gov and more about political points and undermining the aca. doubt, no one could disagree there are troubling problems with the rollout of the exchanges. firstweeks ago, our hearing was held on the inexcusable fact that healthcare.gov seems to be broken since it was first launched. three weeks later while improving, it is clearly not up to speed. as i've said before, the exchanges need to be fixed, and they need to be fixed fast so that the american people can quality affordable insurance plans open to them. we will have another hearing after the november 30th deadline to see out there working. my fear about this hearing today though is that it will not enlighten the american public but instead raise unjustified fears about security piling on of of the other issues. obviously as i said we need to

make sure that the data on healthcare.gov is secure, but we should not create smoke if there is no fire, so before we begin, i want to give the american people some peace of mind based on the facts that we know about security of healthcare.gov. first, and critically. no american has provide any personal health information to healthcare.gov or two insurers in order to qualify for health coverage and subsidies. to make sure about this, i made sure to go on exchange myself yesterday, and that is because the aca bans discrimination based on existing health condition. before the aca became law, americans finding coverage under the individual insurance market i develop page after page of personal health information to apply for insurance. no longer thanks to the affordable care act americans do not have to turn over any rise in health insurance to get coverage. second, while no websites in of

the government or in the private sector is 100% secure unfortunately, there is a complex and detailed set of were -- of rules that hhs must follow to make sure the data on healthcare.gov insecure. i am looking forward to hearing from you, mr. chao, about these security issues today. record of has a long maintaining personal information about medicare, medicaid, social security, and many areas and has never had a significant leak of information. hhs must comply with the federal information security management act and national is a dude of standards and technology guidelines to protect information systems and the data collected or maintained by healthcare.gov. like all federal agencies, hhs ,s required to develop document, and implement an agencywide security program shared to date, our committee's investigation has found that cms has complied with every important security rule and

guide line. they hired a small army of contractors to make sure the website is secure. they are going to talk to us about it today. the memo, mr. chairman, that we talked about at our last hearing -- that identifies some security concerns primarily a lack of end to end testing on healthcare.gov. it also outlined mitigation plan, when we learned that the agency was followed to mitigate security risks. so i want to hear from the contractors, and from you, mr. chao, if in fact these findings are being heated. unfortunately, mr. chairman, i have to raise one more issue in my remaining minutes, and that is this committee's greatest generation of partisanship investigation. apparently, the committee's last thursday received a memo from cms. the majority on this committee did not share this memo with the minority on this committee until yesterday. quentin only just after they

leave this -- coincidently just after they leaked this memo to the "washington post." if you saw the front page today, you saw a big story, and mr. chairman, you were quoted in a story talking about concerns about the readiness of the exchange based on this memo. i know that it's not the topic of this hearing today, but i have got to say it is not in each edition of the committee to conduct investigations that way. when a majority receives this memo, it should have permitted italy -- it should have immediately provided it to all of the members. we are all just as concerned about making these exchanges work. to that end, mr. waxman and i have written a letter expressing our displeasure, and we would like to enter that into the record at this time, mr. chairman. >> that if i get i will look forward to talking with more about these procedures. part of a couple hundred thousand pages of documents that we are going through, but we will be glad to review that with you. i certainly respect my

colleague. quite certainly you were able to give it in time for the "washington post" and for today's hearing. >> i now recognize mr. upton for five minutes. >> thank you, mr. chairman. for month, administration what it does have assured us that the limitation of the presidents health care law was on track, their words. and that healthcare.gov would be ready for the october 1 launch. but why not give the straight story to the congress and the public because that on april 18, secretary sebelius testified in this very room we have the federal hub on track and on time. i can tell you we are on track. those are her words. but we now know that the secretary's testimony did not match what was happening behind the scenes. two weeks before she testified before this committee, secretary at an april present 4 meeting where experts identified significant threats and risks launching the site on

october 1. the administration was on track for disaster, but stubbornly they stayed the course, repeating their claims at this was all well and on track right until the launch on october 1. even after they launched, administration officials insisted that the volume was primarily the cold right when they in fact -- the culprits when they knew otherwise. the oversight of the health care lies not just about a website. it is about whether the public can trust and rely on this health care system that the administration has been building for over three years and spending hundreds of billions -- hundreds of millions of dollars. hasfailure of this website significant consequences for all americans. one important question is whether individuals will be able to enroll and entertained come -- covered by january 1 shared security is another critical concern. how can the public trust a hastily thrown together system in which eating a deadline was more important for the administration then conducting complete into and testing -- end

to end testing? henry chao, deputy chief of cnet, is here to answer those questions. -- of cms. mr. chao, i do understand you are a career employee and have been a cms for years. murphy has indicated that the last few months of not been particularly easy. last month -- last march, you were one of the first to publicly offer a glimpse of the true indication when he candidly remarked about the website and said let's just make sure it is not a third world experience. documents to this committee paint a clear picture that officials knew in fact before month before the october 1 date about delays and problems with the website develop shared mr. chao, -- development. have beenyou

responsible for healthcare.gov, but i can imagine many matters were out of your control. can you explain to us today why the administration felt confident in the security of healthcare.gov when the system went live on october 1? we're also joined by three companies that were awarded contracts by cms to provide security services for the federal exchange. these companies are here also today to answer questions about their roles. i know the subjects of security residents certain sensitivities, and i'm glad they may be accept our invitation to testify and inform us how healthcare.gov works or does not. one thing we have learned -- there are countless contractors involved in building this website, and responsibilities are very divided. i know,conflict system, but we would like to know how the delays and rushed to the implementation have affected or comp located the ability to perform the security work for the website. i yield the balance of my time to dr. burks.

>> i think the chairman for recognition and i want to thank our witnesses for being here today. pretty broad agreement the implementation of the affordable care act has been problematic and rather than getting better, it may be getting worse. we have low enrollment numbers. the website is so bad that it is -- it has required the ,ppointment of a glitch czar broken promises for the president just for starters. these break the surface of the deeper issues that are at hand for not just the law love for the american people that must live under the law. mr. chao, you, probably prior to anyone else, founded the alarm, and i know you are tired of hearing it, but i will tell you once again your comment that you were just trying to prevent the website from becoming a third world experience. i admire your ability to see tell thehorizon and problems before they come up and hit you in the windchill, but also you recommended that it was

safe to launch the website on october 1. what happened in those six months that led to yourself and others in the administration to believe that the law was in fact . ready not only did the services fail to establish basic auction rally, but healthcare.gov's flaws continue to pose a threat to the security of americans personal data. when i went to healthcare.gov this will -- this morning, it was still not functional. actuallyebsite can tell me about the plans that are available in my area. we know it was possible to do this. we are all wondering why it was not. thank you, mr. chairman. i will yield back. >> i now recognize the ranking member of the committee, mr. waxman. mr. chairman. the last six weeks have been difficult for supporters of the affordable care act. the troubled rollout of the

website prevented many of our constituents from signing up for the affordable, high-quality coverage for which they now qualify, and it has been relentlessly exploited for political gain by republican opponents of the law. it was interesting to hear the phrase in the two republican statements, maybe in all of them, they do not want a third world website. third tell you what is world. third world in this country is when we leave millions of people unable to get insurance because they have pre-existing medical conditions or they cannot afford it. -- no otherrial industrial country allows such a thing to happen, but that is what republicans who oppose this law would have us do. i think we're turning the corner on the website. ientsiday, jeff ze announced two key metrics of improvement. it seems to me these are all

very good signs that the website is getting better. additional improvements are still needed, but healthcare.gov means more and more people will be signing up for coverage at that website becomes more usable. isant to tell you what happening in california. in the first month, 35,000 people enrolled in the exchange. over and 70,000 qualified for medicaid. state officials say the pace of enrollment is increasing except the first 12 days of november, in rome and from the first month almost double. i know we are looking today at the issue of data security on healthcare.gov. is an important issue. we should begin by acknowledging that the aca represents an enormous step forward for privacy because when people apply for insurance coverage, the law bans them from being asked the questions about their underwriting, about their medical conditions, about the privacy of things that effect because it is not

necessary to ask those questions. they will not be denied insurance because of those problems. there is some information that people will be asked for when they sign up, and way to ensure that this information is protected. this question comes up repeatedly, came up repeatedly when secretary sebelius was before us. she told us the department is facing a hyper wordy of the security of the website and the higher security standards are in information ont healthcare.gov. i hope this hearing will be serious. i fear that some of my republican colleagues may exaggerate security concerns to stoke public fear into exaggerate it so that they can dissuade people from even signing up.

this is exactly what the subcommittee did when they investigation into nonprofit community organizations serving the health care navigators. they were harassing beast people in order to prevent them from helping people learn what is available to them. mr. chairman, we learned that you have been withholding important investigative documents, leaking them to the press before even providing them to the democratic members and staff. i think you a letter this morning describing why this is a violation of the committee's precedent. the committee way has traditionally operated, and it raises concern about whether these earrings are becoming another partisan attempt to weaken the affordable care act. the committee should not go down that road. we should be using our oversight improve the affordable care act, not to sabotage it or to discourage americans from .igning up for quality care

i want to yield the balance of my time, mr. chairman. chairman, and i'm pleased to be heard. i am pleased that my supervision ost"he "washington p is in effect i can find out what my republican colleagues have lead to the media. we clearly have a violation of the practices of this committee in the investigations it has done. i speak as a member who has read more investigations than anybody in this room, including probably more than all of them put together. breach in the leadership to make information available to the committee at the same time they make it to the press. i find that difficult, but worse than that, i find it intolerable that this committee is running around fishing for trouble were not exist. i feel a little bit like the old man who came home and looked

under the bed to find out if somebody was there, hoping in fact that there would be. unfortunately, there is not. i see no evidence of any any evidence of ms. behavior with regards to the information. isbehaviour. how to make this committee work and see to it that we make the what's work and see to it that we register the american so that we can cease being a third world nation both with regard to have the congress runs and how the health care in this country works. we are down around the thirst world -- third world nation in the way that we take care of the health of our people. it will give you a shock. >> the gentleman's time is expired. thank you for a much feared we would like to introduce the witness on our first panel for today's hearing. henry chao has served since january 2011 as the deputy chief

executive officer and deck to be director of information services at the centers for medicare and medicaid services. some of his prior roles include the chief officer at the insurance oversight and chief technology officer for cms and elsewhere. you are aware, mr. chao, that the committee is holding an investigative hearing and have a practice of taking testimony under oath. do you have any objection to taking testimony under oath? the witness indicates no caps on are the roles of the house and the rules of the committee, you are entitled to be advised by counsel. do you desire to be advised by counsel during your testimony today? he indicates no. raise your right hand, i will swear you in. >> do you swear your testimony you're about to give us the truth, the whole truth, nothing but the truth. thank you. you are now under oath and subject to penalties set forth by the united states code. you may now give a five minute

summary of your written statement or to make sure your microphone is on and pulling close you. thank you, mr. chao. >> thank you for inviting me to testify about the security of the federally facilitated marketplace. the security and protection of personal financial information is a top priority for cms, which for decades has protected the personal information of the more than 100 million americans enrolled in medicare, medicaid, and the children's health insurance program. personal of information in cms programs is a monumental responsibility. everyday, cms and rolls new medicare benefit serious, -- enrolls new medicare beneficiaries, pays clients. say as you see the spirits is to build the federally controlled market place a consumer should fill confident and trusting with their personal information. cms follows federal law,

government wide security processes and standard business practices to ensure stringent security and privacy and protection. protections are not singular in nature, rather the marketplace is protected by an extensive set of security layers. first and foremost, the application, the online application is developed with secure code. second, the application infrastructure isn't specifically and logically protected by our hosting provider. third, the application is protected through an internet defense shield in order to protect unauthorized access to any personal data. finally, central -- several indices provide written into provide several indices direct and indirect monitoring that the mets are reporting to key stakeholders with respect to security and privacy. this includes the department of health and human services.

we also worked in conjunction cert, community emergency response team. each of these groups have varying roles to ensure operational, management, and technical controls are implemented in successfully working. the federally facilitated marketplace is protected by the high standards demanded of federal information systems, including regulations and standards prescribed by the and directives promulgated by the office of management and budget cms the marketplace i.d. systems and the hub to reduce possible vulnerabilities and increase efficiency. a large number of connections can cause security vulnerabilities. the hub allows one highly secured connection between highly partake did -- highly protected databases instead of hundreds of connections that would have been established as

part of how the normal business -- youes in present-day know, how government connects organizations with each other to conduct business. additionally, cms design the marketplace to limit the amount of personal data stored and protects personal information and limits access to password , zonedion technologies architecture with firewalls , and dothe zones various other security controls to monitor locking and prevent unauthorized access to our systems. cms protects the federal marketplace through intensive and stringent security testing. while the marketplace has had performance issues that could have been addressed through more comprehensive