do you believe that it's even possible for the congress to historic balance, way that the senate presidentin to the himselfarry reid almost protecting the president at the the in of the power of the? >> let's answer that question. >> two or three things, question. i think it can be restored. and i think return to regular is 90% of it. i think senate rules are very important. i hope they go back to the 60 confirmations.n just to give you an example, that's a huge transfer of power executive branch, to go from 50 -- from 60 to 51. harry reid ended up getting all

nominations, nlrb or of those, if you're president and you are liberal left, so you want the nlrbt somebody in that happens to be on the payroll forbor's the last 20 years, you know, you probably couldn't bet him senate orrepublican even if the democrats controlled with 55 or something, probably couldn't. so you're going to have to get somebody more mainstream. got 51, full speed ahead. so you can put in somebody the e.p.a. or so on, because you can get your people in. figured that who ever won the election should be given great latitude on putting and so on.ople but in some cases where you have this administration put aretivists and people who really far to the left, you a 60 vote threshold would

have stopped that and it would stopped a bunch of nominees in the past couple days. mentioned robert byrd, he and i both testified before the against changing the threshold from 60 to a majority. of newhole bunch democrat senators who have been in the smalt for a year or two oh, we got to change these rules. and i thought you don't understand the institution, and having 60 makes the senate be more bipartisan. if you have 51, you have the can railroad anybody you want. you have to have 60, very seldom have 60.er side democrats had it for about a year, that's all, and that's about it. have to go way back l.b.j. over 60.re anybody had so if you have to have 60, that means you are to reach out to the other party. you be more bipartisan. and it makes your nominees be thee not quite aso much on

fringe. so i think that restoration of rule of 60 not just for a goodions would be thing, and regular order would difference.the and i will tell you, this election is going to do that. to be, you're going to see the senate functional. said, well congress hasn't, and i love the senate, i house, but in the the house's plus, john boehner, they have done regular order, committee allowed chairman to mark up their bills. hadsenate, we haven't regular order and in many cases on rae big bills harry reid or leadership took the bill away from the finance committee and see we're going to rewrite it. that's what they did on obamacare. they had a bipartisan vote

coming out of the committee, olympia snow voted for and it input, lots of amendments, took that bill said we've bot 60, we don't need any republicans, and basically rewrote the bill in the leader's didn't allow any amendments on it. so no republican voted for it, house senate, none of them had any input on it. didn't get that, if you get to and you win, you have a little ownership. it,re kind of invested in you've helped shape it. you don't get to have any input, ticked. i wouldn't want nobody the senate if i couldn't offer amendments, and in the last five years people, you know, there was people that ran for election for re-election this year. been in office in the senate for an years, never offered amendment on the floor of the senate. wow. hundredsnow how many of amendments i was involved in, hundreds.the

and so i just, i can't imagine and not the senate having the opportunity to do amendments. it's surreal. and so abnormal, so out of normal. but that's going to change. i will tell you right now the democrats might like it, havese they're going to more votes that they get to ther than they ever had in last six years. so it's going to be a big change, and i'll bet you you'll some real positive things come out of it. i think you'll see a return to camaraderie. the senate has always had a specialcamaraderie, a admiration and work that goes well beyond partisanship and a lot of that was just hasn't happened. think it's going to restore, and i hope and pray it does. great place to serve and to work and maybe some theou have worked in

senate. it hopefully will have a real i think its better days and i'm excited about that. time for one more question. >> thank you very much. listening to what you're saying and you began the comment roosevelt32 franklin came to power, and since then the executive has usurped the congressional. yet you spent the last hour attackingobama, obama, attacking obama. is he the gilly party? what happened to the other 75 that he was not in office? is that when the senate gave up and congress gave up its power? i fine this such a one-sided the obamagainst administration. he's taken -- he can't be tobl one who changed

so radically in that period. and the second one, let me ask we sawator, of course, franklin roosevelt elected four times and we put term limits on it. why aren't there term limits on max bacchus ihim had lunch with in beijing served i think six terms. served four terms. why aren't there term limits on the senate? terms on the house, maybe five terms, and change the culture. >> i could answer either of those. i'll answer the second one since it's directed to me. be, we have would three branches of government. only the executive branch has aftertion and that was f.d.r. was elected four times, so we limit the president to two terms. would be fine with me if we limited the other two branches, just the two, not legislative branch, but also the judicial brand, with some

limitation. not sure, i don't think eight years, which is the limitation on the executive be 12 or something for the legislative branch and the judicial branch. you do it though you have to do it the way the executive branch was limited, has to be constitutional. and some people do it unilaterally. futurerage colleagues or colleagues not to do it basicallyly because that's ceding the field to some people who are just there forever. and usually the ones who take out in two years, some of them are very good members and free more conservative enterprise tilt and some people to redistribute your wealth and they can stay there for a long, long time. wanted to be, if it's tostitutional it will apply everybody and then i think you could have a limit on the other

to be healthy. >> on the first, actually, the my talk was very much on congressional delegation opposed to presidential usurpation. say that over the years presidents have been more or aggressive about doing things where they didn't have power.ry thislin roosevelt, i think was i don't know if it was right before or right after pearl was clear war was coming and he wanted to have some national industrial war related price wage controls. and in one of his talks he said i want congress to pass authority for a national production wage price controls, and if they don't i'm going to by myself. and i'm going to do it out of my

prerogative as the repository of the confidence of the american people. on behalf be doing it of the people and when we no longer need these powers i will it back to the people. he was amazing, you know, beyond that president obama said. so you can find examples of this. in general i would say in the past 30 years the major impetus has been congressional delegation, if you look at the creation of one after another, immenseith discretionary power, that's really new, far beyond anything the newpened during deal. things have changed recently. the change actually to the end of the bush administration during the crisis of 2008. the administration did things far beyond anything in a president. formede administration an alliance with the federal reserve board, and made

defact to appropriationings, hundreds of billions of dollars and congress said i didn't know they could do that. big deal.s a pretty and then president obama, i moreve, has been much o --h i tant in his union exorbitant. obamacare and several of the appointments in immigration. obamacare think the decisions are the most amazing, and some examples i gave, managing the bankruptcy, just stepping in and saying here's to allocate the assets in bankruptcy. inversions. never seen anything like that before. so i just beyond, you know, i've got my political views on these at its, but looking institutionally, i think it's too soon to say whether the

is a blipnistration or a trend. i really don't know. heart of hearts i think it's a blip, but i'm sort of continuum frome 2007 to today. >> i would break it up into a pieces.f i think obviously f.d.r., of had world war ii, i would think if you go back, i sorted when reagan started you had reagan and bush and clinton and bush. the republicans in that group were pretty assertive of presidential authority when it international. but not so on domestic. think all, including president clinton, had a much greater respect for congress. to the white house when was president a lot. i went to the white house a lot when both bushes were president, i mean a lot. i went to the white house more those terms than

mr. mcconnell has been in the last six years, i probably torment the white house more in one year than he went the last six years much he's only been invited to the white house three or four times in six years. week. to go like every so there was much greater dialogue, there was much greater institution from president clinton and both president bushes and ronald reagan. and bush and cheney, they were very assertive on international authority. so, and then the one thing that chris mentioned and that was the bailout that was right presidenty end of bush's term, and that was also crisis.the war there was, i remember being was never one that

wanted to have the government or fed or the treasury secretary to such unlimited powers. but i was also worried whether able tohe bank would be cash checks. the bank across the street. that, you know, it was and, actually that was 09, that was after i had retired. but i do remember, i know son said here's a blank piece of paper, i want this authority, and congress did rewrite it. he still ended up getting a lot of authority. scary time. was a that was, we had already seen stock market, nasdaq went from 5,000 to 1,000. crash, you you had a things happening in a short period of time and people were worried, are we going to

thata financial collapse we have never seen in most of lifetimes. >> we're going to have to wrap it up at this point. ournt to thank both of panelists for an absolutely fascinating discussion. [applause] s sum it up by saying the new congress in offers an opportunity not just to pass legislation but also to restore some of the a constitutional congress. i hope that in this discussion people had a chance to review it on c-span, and some of our legislators will have a realize they've got a road map and a way to go forward with it. thanks very much and thanks for coming. >> good job.

[captions copyright national cable satellite corp. 2014] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] >> next, a forum on how new affecting the internet. after that c-span's interviews with michigan congressman dave congressmanifornia buck mckeon, who are both retiring. >> on the next "washington u.s.a. today white house reporter gregory korte obama's useesident of presidential memoranda, he'll talk about the legal power it it's beenhow often used by the obama administration. michael calhoun of the center lending willle talk about pay day lending and regulation of the industry. some of theook at changes that are expected to

occur at the u.s. postal american postal workers us.n president joins we'll also take your phone calms and look for your comments on facebook and twitter, beginning at 7:00 a.m. eastern on c-span. >> this week on q and a, author editor katie.com perceives asat she on hi pockry ski of liberals the -- >> it goes back to like i said for this book came from 2012d. n. c. convention when they were showing that and portraying him as a women's rights champion when he left a young woman to drown in car. and if he had not gone back for nine hours and tried to save his behind, she would have probably survived.

entire video do an at a convention claiming to be preaching and fighting about the women, and dplor file someone like that while not including that part of his life video about his women's rights record. at 8:00 eastern and pacific, and to mark 10 and a we're airing one program from each year december 22 at 7:00 p.m. eastern. actort at 9:30 on c-span, se rogen discussing politics and liz winstead. sunday evening, author and town pavlich.editor katie at 10:00,2, tonight

words, he tv's after argues that the top universitieses are missing the mark in education and that learn how told think critically, be creative and have a goal in life beyond the material. morning just before 11:00, book tv visit lafayette, lafayette, indiana. to interview civil of the city's literary site.r american history tv today at 6:00 p.m. eastern on the civil war, a historian talks about the irish american soldier role inclayburn and his the battle of franklin. a 1974 investigative piece by san francisco's kron tv on brutalityy of police in neighboring oakland. find our complete schedule at know what, and let us you think about the programs you're watching. us, e-mail us, or send us a

tweet. join the c-span conversation, like us on facebook, follow us on twitter. the center for strategic and international studies recently held a discussion on the intersection of smart technology and the internet. hearing from speakers from amazon, toyota, and the national institute of standards and technology. they outlined where the is going. the opportunities, and the security risks. this is about an hour and 35 minutes. >> my name is jim lewis, i'll be moderating this event, which is entitlessed enable l the interest of things. so we have a strong panel.

the reasons we're doing this project here at csis is in thinking about what should we be looking at. and we realized probably last year that the internet is radically, as new technologist and new software change how people will interact with it, and how machines will interagent with each other, how machines.eract with so the internet is going to be very different in a few years. it's already on the path to that. the internet of things is part of that. you always get some number when go to these events, there's or 50 billion or something. there are already more devices than people on the internet, it about twice as many devices as of theire population world. so there will be profound social, political and economic effects, and with a we've been thinking about, the panel will

know, a sets, you of problems. first problem for us is how do we extract the full economic from this change. this is something that i've been about since i first learned to unwillingly to program a computer, which is wow, this software stuff, it could really make things easier. we get the full economic benefit. second, how do we not get in the and that'svation always a big temptation. if you think back to the start of the internet we didn't it, we didn't have a lot of rules, we kind of let things happen in large part where the didn't know market was going to take us. it gives a little more credit to did it in having foresight than is really fair, but you don want to make assumptions about what are the things people and companies will to use and then regulate based on that. that would be call the european error. another problem is what do we do

data.ll the we already know that there's dealdata than people can with, there are technologies to deal with that data to make use aggregation is an important part of the internet business model. how the internet things and the it generate fits into that is something we'll have to think about, right. things my initial thinking on this is all data sos not have the same value, sometimes you see privacy schemes that say anything anerated by a machine that personowns is also a of -- i don't really care if you know pressures aretire or something, and you can really get yourself into some fun knots. i've been asking european officials if my refridge later uses cookies, will it have to notify me. and their answer has been yes. think careful my about how we treat data. one size does not fit all.

of scienceit fiction, the panel doesn't have to talk about this but in weking down the road how are going to interface with things. likes it that we will, i to see where you have the jack the back of your head, that's probably not going to happen. probably be will somewhere powerful something like siri, a vocal command, but may not be, we don't know. so looking down the road, we have a lot of issues before us, even more issues we have a lot of opportunity. so that's kind of why we're this. let me introduce the panel in them.der i have matt shoal is in the computer science division, he promotes security practices. we're very grateful that he's speak. to hillary kane, at toyota, has

how for about two years. before that was on the hill, did a lot with the committee on science, space and technology for the staff director committee on technology. really some interesting things to say about what toyota is doing. smar cars are one of the things. iterations of i'm looking forward to your remarks. solutioningshief architect, worldwide public sector amazon web services, it's title. he's the, he lead the people who atnk about the solutions amazon we use, he's an evangelist, he does architecture. for both government and private sector customers. so mark, thank you for coming. jeff green, the director of government affairs seniorth america, and policy counsel?

thought my title was bad. but jeff, many of us know jeff his time on the hill, but todid escape and go sponsor, which is the of this project, so we're brettful to them. backgroundout of a with security and cyber security. i think some of our panelists able to speak a little bit, i don't know if it matt or stack hashat the end been doing recently. so i've talked about as much as should. why don't we just go down the row and have each of the panelists talk, and then we'll open it up for questions. matt, do you want to start? >> thanks, jim. so my name is matt shoal, i'm from the national institute of standards and technology, a technology agency under the u.s. commerce. of we are one of the many both u.s.

government organizations and organizations kind of worldwide that are conducting research development and looking at technological needs that need to be developed, standardized in order to fully realize some of the points that jim talked about the internet of things, the economic benefits, fostering innovation and an understanding the knowledge that we need from these large data sets that will be generated from things.rnet of as a technology organization, the united states focused on standards, measures, metrics and the technologies that are needed allow for this to occur. agency under the u.s. department of commerce, so we thereally focused on economics and the innovation and assists can be used to and spurn new growth and u.s. industries. in thevery interested standardization requirements as well as the underlying measures,

needs that are needed mere. so when we hook at the internet things from our at itctive, we look wholisticly through the entire architecture of it. now there's a lot of work and we're in this standard now. going on right where we've got both laser vhs, blue rays, dvd's being develop at the same time. going to take some while before this standardization ofnd allowing full scope interopera billity and interface settles out. meantime our role is to work with u.s. industry in those standards bodies and advance those interests where we can in --er to act sell accelerate the use. we look from the low level all

top end.o the these are devices at their heart sensors. usually system on chip size sensors, very small, light weight, very inexpensive. usually hardware based. and the interfaces and the ownership, as jim mentioned, will probably come at the virtualization stack or the application interface where the data can be gathered from. from those small sensors, what the calibration requirements needed for these censors, and that can vary wildly. your nest thermostat probably need a different error rate than going to anthat are aluminum manufacturing for temperature control. then what are the calibration need on these systems on chips, bethat good decisions with made on the data that's rearrived from them. data standardhe to transmit those, as well as

fromata being generated the physical environments. then from the system on the from the sensor, that's generating data off the physical world, there's a need to transmit that data so these sensors will most likely be wireless in some aspect. the data neat to get off the to an an littic --ine analytic engine. that will drive knowledge and us to make policy from the data that's beg generated. very fancy way of saying my fridge will tell me peanutbutter, if i told it i care about peanutbutter. beanse i have a peanutbutter policy. 'based on that policy i will be sensor, which derives data from that physical infrastructure, and that will derive an action, which will be me buying more peanutbutter.

very simplistic example. but this can explode out into scalether use cases which for efficiencies, economies, understanding, conservation of resources, there's many different areas where this is being used to great advantage, of the areas under preventive maintenance. i was on an airplane this from huntville, alabama. my aircraft and my air frame has multiple sensors on it. deriving physical data off that frame, everything from oil pressure, oil temperature, all beingration, pumped into a back end cloud so that rather than waiting for scheduled quarterly meetings on the aircraft, if something start place, the of airplane manufacturers can ground it and conduct effective maintenance and do it with the that --e base all the way to smart

agriculture. where we can apply water or to thede or fertilizer spot plant, rather than applying overall. reduces pollution, much cheaper overall and yields greater yield. so those are some examples of how we look at it. we have concerns about system on chip design, how do these things fail. data, what thehe and standards. what are the security requirements that are needed stack, what are the machine to machine identity needed,ents that are how do you control them. do we have enough pipe to move around? data and then how do we apply errortanding of the conditions when you do those analytics. awe things that we're interested in as a science and technology agency, looking

standards,ures, the hopefully to apply to allow for application in many areas and quite frankly in we haven't even imagined yet. so that's my five minutes. matt.nk you, one of the things we're hoping to come back to is what but were the industrial internet things which will be an productivity. of probably don't need this microphone because i have a very loud voice, so i'll try to not it, and if i'm making anyone deaf raise your note of it.l make so there is no question that going to be part of this internet things as we move forward. the thing i struggle with and wanted to start right now formlking about what that's going to take. because this internet of things

there, and as out it applies in the vehicle space there's questions of what that means. i'll give you some examples. internet ofve things in the vehicle and the context of the multimedia are now becoming common in vehicles. have that scream so you can access the -- the screen so you can abscess from it.net you can make a dinner an internet that's interface in your vehicle. i personally don't think of that as the internet of things. that as a new mobile platform, same thing as your smart phone, it's just nowle in your vehicle. but some people think of that as the internet things because it a thing,ternet in right. then you can have, and i'm being serious here. because we talk about the policy locations, they're very different for that versus some forms of internet for

things. an airplanext of and vehicle, sensors that are monitoring what's going on on to detecte, troying issues that need to be addressed information being transferred to somebody who can do something about something that's happening in the vehicle. that's your industrial internet type idea. you've got internet of things in the context of vehicle to vehicle communication, and infrastructure communication, which we are just now on the cusp of seeing. is technology that's her been deployed elsewhere in the beingbut is now close to in the united states. and and primarily going to be avoidance, the ability of vehicles to be able to detect a possible collision to avoidd take action it. the idea here is more than people a year in the united states alone lose their lives in car accidents, which is humungous amount of people.

it's equivalent to two jumbo jets went falling out of the sky, every week, right. dyingof people that are every year in car accidents. not we're finding is we're able to make the sort of gains we want to milk in that area by addressing what happens to a vehicle when a crash occurs. going to make gains is preventing that crash altogether. so this vehicle to vehicle and vehicle to infrastructure communication is going to enable that. toyota's vision is that eventually that sort of communication capability will be augmented or supplemented with auto makes in a vehicle so that will not on sense that a collision threat is occurring but actually the car itself will action to avoid it. so it's a combination of the based collision avoidance technologies you're seeing now with increased auto with this --d

a 360-degree on the vehicle and prevent those altogether. i wanted to draw this distinction because for that see thategory i don't as internet of things. for the second category, the detecting problems in the system i do see as the things. and there are a variety, i know this going to get into later, a variety of policy issues that are implicated. i'm not going to talk so much that first category which i'm saying is not internet of things in terms of the policy issues. we see a lot more concerns about privacy in that space than we ten to see in the other areas. do have growing questions and concerns about privacy, of drivers and thinkers, people seem to greatery have a entitlement to privacy in their

do when itan they comes to their smart phone. ofs sort of an extension their home. it's very weird. but it's there, it's real. it, we feel it, consumers tell us the car is a special place. growinge obviously cyber security concerns. those tend to be with that communicatione mation.e auto so there's the ability for car andto hack boo the overtake the operation of your vehicle to tell it to brek or ton, youdden left could have bad things happen. also i unique -- a unique issue now with liability. uniqueseem to think it's to the concept of smar cars, but i would argue it unique to automation in general, when you have systems making decisions

rather than a person, who is responsible if something goes wrong. so in the context of a self car, if the car brakes when it's not supposed to or accelerates when it's not supposed to act sell expert something bad happens, who responsible for that. so there are questions around that. of concernsot a lot space.regulatory slow, but the is department of transportation is generally slow on where the headed there. are some who would argue that there regulation. i think everyone would think that was great at toyota or any company, but the reality is the auto industry is never going to be unregulated. so that same ten day send will environment this and if that's the case we need the department of transportation to be moving quicker.

havell stop there, i latest more to say, but i can say it answering questions later. >> i'm mark ryland, i work for amazon. you have on the one hand, generating devices tons of data that people have not managed before. these other hand you have powerful new platforms where you rent stonl by the hour or giga bite. so not surprisingly when you startups like nest doing them, people sensor type applicationings on what you'llices, often see accompanying that is

the use of cloud computing, so raises some issues around alittics.an a couple trend that we see. first i'm going to challenge a assumption that mobile platforms are not the same. i think there's a continuum there. i think all of you right now are essentially sensors for some if you useor example are for your mapping, you in their network which is feeding back into their environment. there's interesting government and policy implicationings of oft, foashes in the city proposed an people which --on it happens that thousands of in one placestled in the road all the time, every

time you pass over that place, there. a giant pothole so not only do they know exactly how many citizens are affected theyt moles and how bad are, now they can prioritize street repair, and those of you boston know this is very important. it a citizen sensor model. becomes an extension of what the government need to accomplish its task. the -- way from itre's a company called move which is a private vendor that's working with city governments to create theld sort of model around public transportation. they have hundreds, dozennings large cities and other community have integrated their bus and train platforms with the it application, so not only can the user get a better service from the public transit the public transit

officials can get constant feedback about what's going on system. own so there's an interesting transition now from the mobile these internet of things scenarios. all thisre acquiring data one of the things that's going on at the same time, about bigays talk data. but one of the characteristics that's fair to say that's new in data is that people are storing things when they don't know whether it's useful or not to store them. could be one property of big data if you will. we didn'tt we never, want to waste the money on data that we didn't see any immediate use for. don't have that at tie. commerciale of concerns any more is storage is so darn cheap, let's just store everything. it may turn out that the data we're storing has really powerful properties and capabilities, but then what we turn ourselves into is data scientists, we explore data, we look for core rests, we

hope there's causation behind those and we very much changes how you think about data and how you approach data. and internet things is very much playing into that, allowing you store this data for three months, then let's run a two-week project to see if val new the data and if there is we'll augment our use if there isn't we'll throw it away. and we're not going to buy a ton do this dataent to exploration model. so that's another correlation seeing. and the fining them i want to the security theme. first of all i like the old, actually two more things, security and standards. together. or can go together. front, the theme that i want to bring up there is to rethinkhaving about how they conceive of

the old modelsse just don't work. you can't think of the network inside my fire wall, there everything is good and safe. you can't think that way. this network, everything is connected to everything, so how we think inut secure will have to be terms of protocols, application security, all the kind of thin that traditionally we cannot think about so much now that will be pushed into the is a theme that has already ariz then the mobile world and will become more important in the internet things world. finally on the standards front, for been in this industry 20 some years and i've been through the various standards, i used to work for microsoft, so through some standards wars. the whole tenor of the industry is very different right now. will be some disagreement about should we do one.protocol or that littics -- data an

alittics. very different model than the traditional years ago when have to choose like that was notecture interoperable with others. systems more powerful had use tls for secure transactions. of out there and the differences between the different approaches will take -- i don't think we're going to have a big standard war like we might have seen 15 or 20 years ago. so i'll pause there and look forward to the conversation. >> this is a crucial point in

some ways, then we'll go to jeff. be when you wanted to deal with a massive amount of big you needed a really powerful computer and it was rae expensive. then along came interest companies who said we have thousands of little computers, stitch them together and make them jointly run very fast operations. of it as ak computing framework which horizontally distribute work across commodity computers in a network and enables you to do that would cost millions of dollars to buy a computer now of can do for hundred dollars. >> i will confess i do miss my dec10. >> thanks to everyone for coming today. jeff green with symantec, although today i will be speaking for at least my initial comment about some work that i as part of the n stack which

is the president's national telecommunicationings advisory committee. ofa presidential committee presidential appointees, been '82.d since typically senior execs of information technology companies. then they have their designees on thea lot of the work day-to-day. this is run out in out much nstac and the way the operates is by doing studies and the president.to this past november it approved two reports, one of which was an of things report, and i cochaired the staff working developed that. so that was about a year's worth of work, began in october of '13 a scoping effort, followed up by an eight-month study and period. throughout that process we met with dozens of subject matter some field had trips, a lot of interesting

debates. so it was a long process leading up to the report. what i'm going to do today is give a summary what was we found and what some of our were.endationings i'm not going to read from the report with one exception, i there's one passage that summarizes, and this is only 50 pains which for a government effort is pretty good, but there's one summary reallythink captures where the report came out. and i'll read that piece. small and rapidly closing window to ensure that way thatopted in a maximizes cuter and minimizes risk. the country fails to do so it the be coping with consequences for generations. there's a lot going on in the and one of the key points i think it tries to drive in if you go into the report, is that there's a lot of opportunity, and the report as a sky ise read falling this is a bad thing there. are a lot of good things that are going to come out of this. but beyond that if you look at

the word choice, it makes clear that there is no perfect security. so it talks about maximizing security and minimizing risk and wet should be our goal, can't set unreasonable targets. then there's the short time ofme, we're in the mid i.o.t. adoption, it's not something that's coming other the horizon. the report puts the window of that time frame between two to influences i.o.t. adoption processes significantly. getting quentses of it -- the consequences of getting it wrong will be with us for decade. significant, are some are not. if your wi-fi tooth brush is not a big deal. if the water system is penetrated or compromised, or system, that's a bigger problem. findings,s of our key these are all in the doc, it by no means everything that the in it.had but the first finding is that i.o.t. is here now, it is here and citizens use to government use in defense.

and disaster response, in management.on it is being used today. it is in the industry, in faultcturing, in detection, in ordering processes. i.o.t. devices, sensors, they've been around for a long time and they weren't always called i.o.t., so one thing to is not a flipthis a switch, you know, the internet. live for the public on a certain date. been a gradual evolution and its name is being applied to things that have been while.for a next the cyber security newicationings, bombings of end points, some of -- points. of new end i've read about future happy that have wi-fi and sensors in them. we have things that move in the real world and you have devices, whether old that cannot

host security on board or new ones that aren't being built and aren't going to have the compute power or the processing or battery power to run it. you're going to have unseen and unknown connections and devices talkave tok devices, making connections without any human impact and have devices taking action. so if you go to matt's peanutbutter policy, he talk his fridge telling him he should go buy peanutbutter much alert theidge may local supermarket that he need peanut butt irand then a machine put it on a truck and he won't be involved in that decision. the amazon drone will deliver it. >> all these things are happening without human interaction. faster thanase much a human could act. another finding was the line between consumer and industrial is disappearing. a the past you, no one had home powered generation system.

but now you can buy an in aweial control system literally ao, it's soup to nuts industrial control system. can you take it home and play very very cool. but you're seeing industrial printing,her ways, 3d autonomous system. but we're going to see the reverse and that's where you get risk.y hobbyists will start building things, they're going to find interest systems, some intentional, some not, that are empoweringo or even critical systems and if that happens all the vulnerabilities were inherent in this device are going to be imported critical systems of the country. i.o. tment is also a con verge of information and operational technology, it was oren described as a conflict collision between the two. you have very different approaches to sign are security those two disciplines.

in the operational technology world you're talking about life machinery that lasts decade, you're not swapping out power generation plants or water systems. at years.e looking o.t. worries about physical security guards. and in terms of reliability, the holy grail much i.t. used to be nines which still allows you time to update your can't take down a party pump to update or patch the latest, you know, patch tuesday, you can't take down the party pump that's feeding the washington area, so makes it hard to align the needs of i.t. and o. dispvment that craps that potential at verdict --ys or people arersaries that people looking to use. structuresernment are inadequate.

fasterogy always moves than policy, but the report concluded that in this case the than itidening more normally does. it reflected by the fact that reason national documents the.ecurity don't mention recommendations, we broke them into two groups, or the report broke it into two groups. there are some immediate recommendationings, and some near term. was perceived to be long-term because this is happening so far s fast in which the immediate term, the first is that, i think matt with ao come up definition -- in a good way. to come up the definition for the u.s. government, and i should say something about these recommendationings. the reports go to the president

and the recommendations have to presidential at a level and number two actionable for the president. direct not going to be -- so the government can determine how it's going to use i.o.t. that look, start coming up with contingency plans for managing the inevitable threats that will be spread around through them. short-term recommendation is a government wide task force to plan u.s. government strategy for dealing with i.o.t., identify gap in andtices and technologies update awareness and training both internal to the government and any public efforts that we there.ing out someone who buys a fit bit

doesn't think about the has,ctions that devoice it's probably not -- i got one in my pocket, i see here. there is some security connecting to my phone, there's want. much as some would but people need to be aware of the data that's being passed around. and also send and encourage i.o.t.a to development specific programs. in the near term, convene a public-private partnership to on i.o.t. deployment guidelines, manage related cyber implicationings, the two structures that were mentioned in the report are first the process used to development this arms security csiswork and second is the cyber to the president on security. but those two were called out as processes that they thought worked well. develop updates.

what do we do with national security da taxer we need to prioritize that so it doesn't get lost. finally nstac recommends that that --ident ensure trainingbout constantly because it important. the problem is greater in the i.o.t. because there aren't really programs or many programs dedicated at that aspect of it. that is emphasized. with that, i'll be happy to take questions on that. >> thank you, jeff. i have a lot of questions, so i'll start. and i'm going to start with one that comes from a story hillary telling me a while ago. which is that there are cars, if story correctly, in japan where they have the ability to see around the and i misstated that

intentionally. because that's how i heard it think ofsn't true. so a blind conner and the car will know in advance what is on the side of that blind corner. i thought that's really cool. turns out it's not an on board sensor on the car. the sensors built into infrastructure on the other side that are communicating with the down,d saying hey slow there's something. so let me start with that you, andfor all of hillary maybe you want to go first. what are the essential infrastructures we're going to me to invest in as we move ahead and people talk about smart smart airplanes. par. do withly has to respect strum management -- spectrum management. to start.py what you said is correct. so at toyota we have a really interesting vantage point are headquartered,

our global headquarters are in toan, so we've been able experience what's been happening in japan versus what's been happening here in the united states. which is nothing, basically. but japan, the japanese government years ago decided that they were going to commit to thees and support buildout of intelligent in 2009 is when companies like toyota began to deploy these vehicle infrastructures detecting those sorts of things. challenging merges, when you know you're driving down the highway and there's a merge and then everyone is braking, being able to communicate to your car there's cars there it's going to be challenging so slow down or speed up. another example. you know how you drive into a tunnel and you're cruising along and then you turn a bend

and cars are stopped. and brake lights everywhere. you're slamming on the brakes. these technologies would tell you there's stopped traffic 100 feet ahead. those are sorts of examples. from a marketing standpoint and commercialization it makes a lot more sense to start with vehicle to infrastructure than vehicle to vehicle communication. i'm an early adopter of the technology. i drive my car off the lot. it can talk to other cars, infrastructure, i drive off the lot and there's maybe two cars that my car can talk to. not very valuable. but if there's infrastructure out there i get an immediate benefit. i drive off and i'm getting information that nobody else on the road is getting. but so we started with this in japan. we are going to start with v to v in the united states most likely. as a result my thought pick up

will be slightly slower because you're not getting much when you drive off the lot. all this is to say that the united states needs to get its use in order on this nrnlt infrastructure piece. we're seeing some collaborative work in michigan between the federal government and state department of transportation and the university of michigan and we need to start replicating that and other parts of the country so we can realize the benefits of this technology here. >> so i would start with we need to think about the security of it from multiple angles not just on the device itself but you need some type of system that is looking at that data and doing a common sense check. because if it tells me that there is stop traffic but i have other sensors telling me cars are moving something

doesn't add up. as we are designing we need to think about not just how they can be used or we expect them to be used. we need to think about any way they could be used. the example somewhat analogous i was at a conference and the gentleman was showing how he had spoofed the system for ships. ships tell each other where they are and they're equipped with it. and this guy bought about 3,000 worth of equipment and he didn't go fully live but if he had gone live every ship in the region would have thought that there was a large ship sitting in the middle of manhattan. a neat example. but if someone gets out in the open water you can create a lot of havoc so we need to understand that once we build something like this we may have certain intent but in the end it's a dumb box with sensors and act waitors and people with use it any way they want.

i think history tells us that when -- a lot of these problems can be addressed with the government eep couragement of open technology and of course industry buy-in. nist has done a very good job with smart grid work that they've done enabling a lot of vendors and power companies and all the stake holders to get together sort of jointly defined road map and so forth. those are very worth while. but in the meantime there was a lot of infrastructure now for example city of houston is one of our customers they have more than 400,000 power sensors taking 32 measures a day

billions of records accumulating the power useage. and they didn't have to build new infrastructure to deploy that. they had to deploy new meters but not fundamental new connectivity and so forth. there's a lot of opportunity with the infrastructure that exists in an open market of good government guidance and input to solve a lot of these problems. smart infrastructure is one of these cases that we think holds a lot of promise. and one of the ones we've been working on for quite some time which initially the government got in which asked nist to perform a convening role in industry working with people at the department of energy to incentivize the use of a smart electric grid. it really was talking about the same concept of sensors, machine to machine

communication, dynamic allocation based on policy in order to allow for a more efficient, more effective, more resilient electric grid for the nation. that's one example of an infrastructure. but a lot of this needs to be looked at in context of the entire system in itself. nsf in the last couple of weeks released the smart city's challenge where they are looking at cities to participate with nsf, to look at this entire kind of environmental look at instrumentation and sensors within a city. so that we don't run across if we are doing point infrastructure deployments spectrum management issues, for example. or data collision issues. not only that, but as mark mentioned what are the sensors that are currently deployed that are potentially doing other things for other use cases that could be repurposed into new knowledge sets and bases? so the look around the corner

sensors could potentially also be traffic congestion sensors that could tell you when traffic is lightest. and that goes back into the smart city design saying when do i bring in my big trucks to resupply? i could have data to see when that affects it the most. and make decisions under resources, energy, goods and services to the greatest effect and efficiencies that are possible. this needs to be looked at in a large mechanism to avoid potential conflicts and leverage existing systems. >> i mentioned the ways. it's a mobile ap that you run and use as mapping software but the unique capability is that it's uploading your speed and distance as your vehicle moves

to the system and thrsh creating crowd source but very accurate data. so there's another bottom up solution which is if you get enough people essentially on a voluntary basis willing to contribute into these systems now i do have realtime data about traffic jams. maybe not to the granularity of slow down roont this corner but eevep there driving to d.c. all the time i know for sure whether there's a quarter mile ahead whether it's going to be that bottleneck between i-66 and 267. it's right there. i feel very confident when i see all the little red lights and the slow crawling icons on my screeb that something is going on. i guess that's not a good example since it's always there. anyway, so it may be that the creativity of people working in open markets and the fact that consumers can benefit from these technologies will enable scenarios that don't require a

heavy weight approach. >> one distinction i want to make. i want to note that in terms of what i was talking about the infrastructure piece of this that's less stopped traffic in the tunnel, less to know that there's congestion. we can know that from wayings or navigation system that can tell us. from a collision mitigation standpoint though we need to know exactly where that car is stopped. in order for your vehicle to -- i want to make sure that we're t going to be using this for collision avoidance any time soon. >> no. >> i don't anticipate that. >> i'm going to cheat and ask a second question. guest: jeff said this and it's something i've been thinking about because it comes up in the larger issue of critical infrastructure protection. and that is how do you manage what we would call the refresh cycle? so critical infrastructure, the refresh cycle is about 20 years. so there's still a few places

that are using windows wr89. as a hacker you want to thank them for that. how do you deal with the refresh cycle? cars. the average car is about 10 or 11 years. 12 yeerings. so if we had the perfect smart car today it would not be fully deployed until really about 2027. how do we deal with the refresh cycle? do we just let the nation ral cycle take its path? how do we deal with patching, updates? this will be an incremental process at best. do we want to try to accelerate it? >> so if we look at this granularly where these are chip based very light weight sensors, very inexpensive, very low power, low band withwidth, low cpu, you just look at it from the sensor aspect, the

refresh occurs above at the virtualization stack and at the api stack and then the sensor itself is as much as possible just a hardware based sensing device. the other mechanism is rather than refresh or redeploy it's just ignore. is where if you do -- if you have a decent eye denty management system to identify the sensor and the data coming from the sensor instead of refreshing or pulling it, you just turn off that data or you don't allow that data into your analytic stack and then if you eed to you redeploy. >> the tech nolingses have learned i think over the last few years certainly when you're building new systems making updates frequent easy painless is in critical part of building a highly reliable robust system. the idea of agility and infrastructure is a key part of

what's going on. again, use the mobile phone example. the aps are completely containerized. that's the problem with your pc. try moving it to another pc. it's absolutely impossible. you have to move everything. mobile phone people have learned by then. it literally deleets every single element of that ap because it's containerized. the operating system knows how to get rid of it. it's a hot topic for those following the it industry. ubiquitous refresh and deployment. so amazon.com does more than 100 million software deployments every year. thousands and thousands of deployment as day in realtime. the system never goes down. one user may hit refresh if they happen to hit a low balance or a server that's being rebooted they get refreshed and functioning ap. that's the way modern software is developed. if we're smart and the industry

building new things, the legacy infrastructure is a different question. but if i'm building even a very lightweight piece of hardware with minimal piece of software i'm going to have the main system application and i'm going to have the updator and the two are completely independent. the updator ig sick nal to reload the device and the device does its normal function. but the two will be there so i can remotely upgrade the devices. i can going forward we have -- i think going forward, legacy is going to be an issue but i think it's a very good point that we can ignore data from sensors we know are not up to date or have been hacked or something like that so that's there are sluthses even to that problem. -- solutions to that problem. >> i would say in terms of how are we going to roll things out quickly if we have this refresh

cycle the thing that is are going to come out quickly is whether aps or devices that can jump on to an existing platform which is taking advantage of sensors that are deployed were never intended to be used for hat purpose. from a security standpoint, the back end anlithics are going to be essential definitely for the legacy but also for the future. you're going to need some type of system that is watching to see does this data make sense? is this device acting in a way that i expect it to or should it be communicating right now? it's going to have to talk to the older systems and find a way to machine learning and also provide feedback. on the new devices we need to find a way to, definitely get the authentication in there as matt was talking about to find out what's the old new yorker cartoon on the internet?

no one knows you're a dog. on the internet you can claim to be a sensor but we have to make sure they are what they claim to be. and then multiple other ways you need to secure them but that's going to depend pont the use. the wifi tooth brush -- i'm not making that up. i thought about buying it. my wife wouldn't let me. but probably not a lot of security there but other devices it's going to have to be situational. >> so all in all do you think we have a particular challenge in the vehicle space youse mentioned people tend to hang on to their cars obaverage 12 years which is a very long time. so it will undoubtedly take a fair amount of time for us to realize sort of the full potential of this vehicle network. there are ways to accelerate that. there are conversations going on about after market devices that can be plugged on to a vehicle to make it part of the

network before while it's still on the road. one of the things i think is interesting that i want to throw out it's resulting -- i'm not going to get into details we're sort of embroiled in a spectrum battle in this space. one of the argument that is we've heard from the other side the folks who are interested in accessing the spectrum that's been set aside for the vehicle system is that it's going to take a long time for this network to come to be and there are ways that this spectrum can be used right now in a more tangible way. and i find that argument always to be a little bit funny because if everything we did was about the potential today and not about the potential of ten years from now, we would be sort of stagnant. so anyway, it's a recognition that is going to take a long time in the vehicle space. there's no doubt about it but it does not mean that it's not

worth doing. >> for a while the working title was on the internet no one knows you're a refrigerator but nobody seemed to like that. do we have -- go ahead. can we get a microphone up to some of the questions? thank you. >> excellent panel. thanks again for these excellent programs. esterday at breakfast a nerc official basically capitulated when dealing with the security issues saying there's very little that we can do in our space if we don't have a revolutionary technological solution. and that really juxtaposes security against application efficiency and what have you. it was mirrored in a comment by the second largest world supplier of generators who basically said that securities on the risk side of our ledger and it's really not going to do much unless it's on our income side. so could i get comments from

the panel with regard to those wo perspectives? >> matt seems ready to roll. >> pardon me. i'm leaping out of my seat. so i think we're seeing a business shift occurring mostly because of recent events where there's becoming a stark realization that security is a business issue. and that businesses who function looking at business risks that they do be it coupler risk, supplier risk, financial risk, also need to integrate cyber security risk into that business risk stack as they look across this whole issue of risk holes scli rather than dealing with cyber security off to the side. that way cyber security risk for businesses will be looked at in the context of the business and in the economics of it. we don't do security for security's sake unless you're a company and security is your

business. you do security to support your business. and i believe that is becoming more and more realized where people are understanding that security and business are not in conflict but rather that security supports business. revolutionary technologies for security would be wonderful. but more often than not it's the sit down thoughtful risk management decisions and sound standardized application the hard gruntwork of the guys that used to be in the back server room that are now more out trolling with your customers that really provide you with some of the best bang for your buck on security. so we can all sit around and wait for that revolutionary silver bullet or we can sit down think about our assets, our threats, conduct integrated risk management and make some good sound risk decisions that support our businesses.

so that's kind of my soap box that i will get off now. >> when i first started working on this issue back on the hill in 2009 time frame the mantra we heard was we have to pay attention. c suite doesn't care about cyber security and irk that is an old talking point now for the reasons mapt talked about. to some degree it's still going to be on the expense side but there is a lot more attention at the high level of corporations that is enabling. we're not there yet but there's been a significant shift. so i think you are seeing companies view it as in the same way that you lock the door on your ware house so no one walks in and steals your goods. you need to lock the virtual door too and we're getting more to a world where those things are equated as opposed to cyber security and being something. yeah we'll deal if we have a

few extra dollars. so i think we're getting there slowly. >> let me ask kind of a mean question but i will ask it any how. where do we need to regulate first? what's number one on the hit parade for regulation? is it privacy? is it something else? where do we need to regulate first? >> stump them with this one. back. >> i don't think it's privacy. i don't know some folks may be aware of this but just a couple of weeks ago in recognition of sort of where the automobile is headed and growing concerns about privacy, the auto industry got together over the last year and two weeks ago we unveiled some -- a self-regulatory code of conduct to try to calm some of the growing i would characaterize it as his tearia around what may happen in the vehicle space and put some restrictions

pretty meaningful restrictions i would argue on our use of vehicle data, things like we will not use it to market to you. we will not share it with third parties without your consent. things like that in an effort to address some of the concerns. so i think a self-regulatory approach is probably more appropriate there. the problem i was mentioning earlier for the vehicle space is cars are so heavily regulated we can't do anything without getting nhtsa to bless it. and it's certainly going to be the case with the new vehicles and so we've got a couple of rule makings that are pending or not even yet started at nhtsa one around autonomous vehicles, self-driving cars. i don't think nhtsa has much of a clue where to begin. these are hard issues and hard questions but the time is now to start that process. and also there's a pending rule making that's just started on

mandating this vehicle to vehicle communication capability and all future vehicles. and that is wrathor slow going -- rather slow going as well. a lot of folks are interested in those being done more quickly. >> ok. >> jeff do you want to say anything about where the report came out on this? >> the report did not come out at all in favor or discuss really regulations. it was talks in terms of voluntary effort within the government and then the public private effort to come up with deployment guidelines. i think the biggest reason and it's written in the report is that we are so early in iot that we can't yet define it. and if we come up with too strict a structure around it we're going to limit the innovation of it and potentially the security of it, too. that's why this idea of getting

the public private together and trying to drive the awareness of it, in general i think we need to look at existing regulators rather than new ones and make sure they get what they're doing in the cyber rem, smart it's nist or be about it and make sure we're not limiting deployment of new technologies. i think you have to look to what's going on currently before looking at the outside. >> thank you. there seems to be more emphasis that maybe next year the federal government will start to invest more in infrastructure. do you think it's possible that they could be convinced to devote a good bit of that infrastructure spending on iot related things which my judgment would be much more efficient both from a capital

deployment energy deployment and environment impacts than building more roads, more airports, more harbors, more rail roads just use the ones we have more efficiently which the iot allows you to do? could you comment on that? >> so i mean, i'm going to kind of take it down a stack to where i operate in the technology space. it might not be an either/or but rather if we are going to invest in new infrastructure, the new infrastructure should look at how it can use iot for smart sustainable infrastructure that then can allow for a longer life cycle on the infrastructure, allow for more economic use of the nfrastructure and to allow for easier and more economic maintenance of the

infrastructure. so rather than pouring concrete or putting up a bridge let's instrument it at the same time so that the new highway is already set up for that infrastructure to vehicle communication. it's already put in a band withconversations are already looked at those types of things. so you don't necessarily have to send out the bridge inspector every year but rather the bridge will tell you send me an inspector type of thing. so i think we will have a spectrum of deploys iot into existing infrastructure to understand it better and deploying iot into new so we will understand it better as we go foreflt >> an easy way to accelerate that is for congress to think about building it into any legislation or funding for infrastructure. and so that -- if you're trying to think how you would jump start the process it would be to make this a requirement for infrastructure spending. i don't know if that's going to happen. i wouldn't take any bets. we had a question there in the

middle. o ahead. >> i know that the technology -- that they're using international standards. overseas innovation than i see here. >> one thing -- i don't have a direct answer. i would say that one of the findings that i didn't discuss whether port is that standards regulations that are going to make any devices we have in the u.s. not function

with the rest of the world. we need to thing about this as a global. thags one of the findings that where current governance structures are inadequate because they are too vull canized. >> toyota being a global company we always have an interest in anything that we're doing. we don't want to have to modify a cash for sale in the u.s. different than a car we would sell in japan. so international standards are paramount. s in nist stands for standards. so the international standards are essential and extraordinarily helpful for both innovation and global competitiveness in open markets. so i would concur with that. >> did you want to touch on this at all? i'm not going to let you off the hook. it might be data localization is the standard. >> yes it's a great thing.

i would say that the internet the itf standards have been a really good example of how -- quick running code the way to approach standards often is through proof of concept implementation. and i think we've seen that over the years that that is the case. and now that's more ofing into the open source world where people will provide not only the standards but implementation and people have business models that allow them to give it away so you can see quickly developing very useful new technologies that come about through the agreements essentially to not only write down protocols and data specks but distribute code that people can reuse. so i'm very optimistic. and very international we have regions deployed all over the lobe and keep our statuses identical and use the same standards for everything from things like multifact ral

authentication standards, rc 6238. we use these things and they're global in nature and that's the big part of the success of these fast developing markets. >> we'll work our way through. >> something you said excited people. >> this question may be a little bit out of the scope but i'm thinking, i'm wondering particularly in some of your companies or in your report if these sensors include mikes and web cams or something similar to that or even if it's data to date for the national security stuff we see going on most of the commercial targets have been telecome companies or social networks, the googles the facebooks. have you been talking or on the

regulatory side talking about when you're going to get subpoenaed or government hacking? i want to ask about consumer choice and control but let's keep it to government right now because now the internet of things is going to have all this data the government might want not just telecom and googles and facebooks. >> so this is something that the industry auto industries were working on those self-regulatory privacy principles one of the things that we grappled with where we came out is we have all committed not to share information with law enforcement in the absence of a warrent. so we tried to be as aggressive and we felt we could be and needed to be for our consumers on that front. but in the vehicle space it's particularly we're finding growing interest from law enforcement in location information type, wadgetting to

know where somebody is. -- wanting to know where somebody is. >> from a technology perspective i will agree with you, microphones, web cams, speakers, cameras, g.p.s. sensors are all sensors that are taking the physical world and generating data from it and then potentially from that sensor putting it back into a back-end cloud. by the way just described your phone if you think about it which is a sensor platform. so kind of what you high lighted is at a large level is what are the security requirements that we should think about in order to not just assure the integrity and the authenticity of the data that's being generated but to work on the confidentiality of that data as well? what are those requirements? what are the standards that are needed to ensure that? an encryption that can be used in these devices, low power low

band withlow cpu through the security protocols and the ecurity and analytics as well. >> we have plenty of questions. o ahead, please. >> as you start looking machine to machine systems where you don't have humans in the loop and we have such wonderful threats of cyber and time denials and everything that goes on, can we look at standards or mechanisms and processes that allow us to continue to operate? i envision a stage where my toyota won't go in the tunnel because it doesn't know. all right? so what i don't want to do is have the same circumstance i have when i go to the grocery store and the power goes out and i can't buy anything because nobody knows how to use a calculator. how do you keep from

overautomatic iot to the point where it becomes our enemy? >> this is something i think the auto industry is struggling with right now and where at least toyota has landed on this issue is for the foreseeable future we are going to adopt an airplane model. and by that i mean we all get on airplanes and we probably are all aware maybe we're not that those things are generally taking off flying and landing. but you still have to two pilots in that cockpit just in case. right? and for us for the foreseeable future we're envisioning that kind of model in the vehicle that there will always be an operator in the operator seat or the driver's seat who can take over manual operation of the vehicle should a -- car encounter a situation that it doesn't know how to handle or whether any sort of those environments. so we get dinged a lot about that from an innovation

standpoint this doesn't sound innovative that you can't sleep in the back seeth or drop your kids off at day care while you finish your morning cup of coffee and i get that but from a reality standpoint this is unchartered territory and we want to make sure we get it right and there will be growing pains. this doesn't happen, not perfection overnight. and to address those growing pains we're going with the airplane pilot mode for a while. >> jeff kind of talked about this is kind of a merger between it and ot systems something they do better is ot systems look at users as part of the system design whereas it we're very good at trying to isolate or get rid of users. so when we look at these type of iot systems that are having these kinetic physical feedback loops so it's not just generating data but it's going to then use that in a policy to

make a decision sent back to some act waitor to change the physical environment, the concept now is what is the failure settings of these devices? how do they fail? how do they fail safe? what is the esillyensy model? i think mark was talking about the old security concept of the perimeter. we could spend a whole session on whether or not it was even valid to begin with. but instead, how do these things operate under compromise or operate in degraded mode safely and with a manner that does not have a negative kinetic impact? >> the resilience point i was going to make is in the report speaking as shep green i would say we need to start having our developers asking the right question. and the first question is can we connect it? the question is should we connect it? and if yes then we need to look

at does it need security? if yes what level of security? and then how do we put it in? but i think we need to start with the should we connect it? it's a little bit of the wild wild west right now. i was at a conference last spring and had a show floor and some of the stuff lilingtly cardboard boxes and duct tape it was very cool but it felt like early 90's internet web pages which was really neat but i don't think we're asking all the right questions right now. >> i'll just chime in and say good engineering discipline should always require about how things operate in degraded mode and i lose that connection to my home server what do i do now and so certainly that's got to be a key part of the design principles for these systems. what occasional connection disconnected operations all these have got to be key to designing reliable and robust

systems. >> i think the handoff from the machine to the human operator will be one of the biggest challenges for a lot of the devices and also the fail safe when the machine fails and when the operator fails which we can almost always comment what do you do? so those will be sort of the unchartered problems for this. > thank you. you were addressing a bit some of the hardware and software reliability issues. there are also user education example cars. i have a new car, not a toyota but it's still a good car. with a company that says innovate genetic sites i would say that also puzzles sometimes because there are so many complexities. i finally figured out how to

use voice recognition and it was not coming up with the right stuff. you also have a problem with drivers distracted drivers distracted walkers. so how do we educate drivers on what have become much more complex vehicles? how do we educate the mechanics quho are fixing them? and how do we keep drivers engaged so that if the machine runs into a situation where it can prevent the accident we still have a safe car to drive and hopefully avoid or minimize the accident? >> so yes to all of that. i can tell you that i don't think there is an auto company out there and toyota include whod is not spending a lot of money trying to get those answers correct. there are challenges with how you're sharing this information, how the vehicle is communicating information to drivers and you don't want to do that in a way that is distracting. there are issues about the handoff between the machine and the vehicle when the car encounters something that it needs the driver to step in and

help with. these are not easy answers to come up with. i can tell you though ultimately with the driver distraction thing a lot of the technology will probably help counter distraction. you know, for example, so i've got a new lexus with all the bells and whistles for all the advanced collision systems on it. and i've noticed how much that car saved my rear end when -- i try not to be a distracted driver but i have kids and kids are like really distracting when they're in the back seat. and that car has saved me multiple times when i'm dealing with kids in the back seat and i take my eye off the road for a second and then the car beeps at me and starts braking because i'm about to rear ebbed somebody. so we think of this in some ways as a way to address driver distraction or overcome driver distraction. one element of it. >> do you want to tell people

your license plate number? >> but i'm ok because i have the precollision all the mate system so i won't crash into you. >> a lot of these problems are problems we've lived through before the dawn of the cigarette. we don't want to be too car correct rick but in the early 90's there's an issue called busy cockpit for military aircraft you had too many screens and too many little numbers so how do you simplify the cockpit so the pilot could do what he was supposed to do and not manage the aircraft? we had one more. >> quick interdiction my daughter lives in new york and she says a popular ap in manhattan that uses the video camera of your phone to show you the sidewalk just ahead of you so as you walk down the road -- the street -- >> i couldn't believe it but he's completely serious. >> good afternoon.

question for the panel the entire panel. in terms of the slow adoption of technology, that's going to be a concern we're developing a program in fact we'll be working with nist in part of the global challenge. but the slow adoption of technology you're talking about the refresh rate of vehicles, that's getting to be a longer period. you're talking about the policy issues relative to citizens and their concern about privacy. that then also falls over to communities that are concerned about the cloud and the security of the cloud. what's the answer or is there an easy answer to the question how do they become -- it's a long complex project? >> i think that's one of the challenges that the smart cities challenge. is trying to look at what are the barriers that currently exist? what are the economics?

what are the instrumentation and deployment issues? what are the life cycle issues that need to be addressed to fully realize the potential. what are the needed future skill sets and jobs and education types that need to be set up for this? i'm looking for a crypt ogfer, psychologist, data scientists. you know there's not a lot of them out there. but these are the type of future skill sets that we need. what is the future iot repairman look like? you no -- know. so there's potential for a large infrastructure shift to occur at a much larger level than just deploying a set of sensors and then looking at the data topographies. >> i've got to say something since you brought up the security of the cloud. like any system you can misuse a cloud form but i will argue and many of my customers will come in here and tell you they

can move systems in a large scale highly automated platform than they could ever build for themselves when they were doing 100 or 1,000 setters. we're operating an internet scale. we reach out to customers and tell them there's something going on. when we hire a security expert the amount of servers who their skills impact is way larger factor of scale than when you hire that same security expert. so the use of these very large scale systems -- so this isn't so much a commercial plug as industry plug. i'm plugging the idea of utility computing as a new way of doing computing. we really believe that security experts within the go main or application or organization or agency can focus on a much smaller set of the problem and they can write completely automated tools because everything is an ati.

this is programmable infrastructure. so there's no more people racking and stacking and where someone comes in and cross connects the eithernet jack just to see if something -- that can't happen in highly scaled automated systems. so in general i think we're going to get more secure systems when you use large scale computing platforms. again you can misconfigure and misuse them so there's still responsibility on the users to not configure them improperly but the actual base infrastructure itself this is a big win and the analytics that you get from that data. so we're seeing patterns and doing analytics on very large scale patterns not visible to individual users. and that goes to the safety of the entire community. so i think cloud is not the security issue that software perceived it's going to be in fact it's going to bl a win. >> we'll start with the questions in the back and move up front. raise your hand please. we have two there one in the front and then we're through.

>> josh with the center for data innovation. i think you described it as a his tearia the recent concern about people worried about their data being shared or collected and misused or abused. so with the internet being ubiquitous everything from your car to a bridge to a street corner how do you address the concern from a regulatory perspective or public image perspective of all the data being collected and shared and used to end up returning value to the consumer to the citizen but with a lot of devices they don't have a touch screen like your smart phone and you can't really collect, consent or deliver notification about the data being shared. how do you work around that? >> that's a good question for all the panel. >> i don't know that i have a unique answer on it. it's interesting. one of the things i've been grappling with, i don't know if

it's useful but it's a distinction and to me this element of choice and consent nd that sort of thing may have morrell vance in those things of which you have no choice. right? or those things where you have a choice versus those things where you do not have a choice. but even then you know there's this element of sort of is it anonymous data, aggregated data or identifiable data? for us we were grappling with as an auto industry we focused on data that is identifiable. if it's agzpwated or deidentified it was not part of the calculus. and then there are pieces of vehicle data collection that are going to be optional to you like if you want to be a probe on the wave system you can choose to be or if i want to wear a fit bit i can choose

versus some systems where there's not a choice. i don't know if it's a useful distinction but it's one i've een focusing on. >> i think piggy backing that a little bit. a lot of it starts with the education that we talked a bit earlier that is in the report. people need to start understanding the amount of data they're generating. when i bought a fit bit i didn't think about all the different places that data would be. i don't really care who has the data on how many steps i take. but we did a report last year that looked at all of the data and all the different places and the different vulnerabilities that it goes through. again, if i'm talking about step count not such a big deal. but when you start getting into other health characteristics, who knows how they're going to be used. until you have people being aware and raising concerns it's going to be hard to get

traction to come up with solutions because there's not going to be that outside force driving it. people need to understand even what they're giving off with their phone. who here has read an entire ulo when they click accept on an ap? i'm not banging them but we need to think about that. they actually are collecting data and it's going out there. >> my question is about the connections between the devices. so it's two fold. the first is does the f.c.c. have the capacity to manage the prioritization and distribution of that spectrum? are they thinking about this issue? and then the other thing is to what degree will the internet go nance debate with i can play into the global nature of iot?

>> i'll take a stab at the first question at least. you know, shared spectrum use has been technically feasible for a long time. some futurists have argued the f.c.c. shouldn't exist at all because everybody can share all the spectrum and i think that's technically true although there's the issues of enforcement and improper use. but there are these fair amount of capacity set aside for shared use and the technology knows how to hop around when it detects interference and finds unused portions and any pact based systems also have a certain inherent resilience. so i don't personally think that's going to be a big bottleneck in terms of solving problems. >> the issue of prioritization is being looked at. there's a couple of programs around the federal partnership for interoperable communications as well as the

first net program looking at when we instrument these up how do we understand and provide appropriate allocations for example the first responders. so everyone is at the scene of the fire streaming that video back up to you tube whereas the fire department would really like to stream it back to the in bound truck and so how do we ensure that there's proper allocation to places where potentially it could provide the most good or should there just be a separate set for them altogether? so this is still in a research/development phase of discussion and deployment right now. >> we've talked a lot about capability but i'm wondering who is leading on the issues of data ownership to the life cycle of the data and liability. who are the star lawyers who are hemming you along the way to build that in just like you need to build

security in? >> so i'm not a lawyer. i'm an engineer. but this kind of dove tails with the question earlier. from an engineering perspective we're very interested in can we provide specific tangible privacy requirements that then can be used as with enough level of specificity so that rivacy capabilities around redress confidentiality transparency ownership effective understanding of privacy risk maybe with the ula maybe not can all be actually built or designed into the system, the concept of privacy by design as we start to deploy these things out. so then whoever is making those decisions at the policy stack can actually have that capability built in and designed with these systems going forward. so we're looking at it more at the capability and having providing what references that

we can to allow for the systems to at least have the capabilities to enforce or implement whatever the privacy policy happens to be. we'll do a poll how many are lawyers. >> i have never practice add day in my life. do i get credit for that? >> yes. >> ok. >> i can't say that. >> i would say that right now from what i've seen the iot privacy legal work is really coextensive with internet privacy generally. i may have missed it but i haven't seen a breakout into let's look at iot, the ownership of stick with my data as it moves around the world. i think that's coming. but all of this is i feel we're at the leading edge of a wave of both technology and policy on this. >> anything about personal

data? commercially for companies along the way through the life cycle. >> well, in the early 90's there was debate among economists and one famous onomist said that we saw information technology everywhere but in the productivity statistics and the good news about that is he was wrong. and people buy things for a while. you don't see a benefit because they have to figure out how to use them, they have to innovate. and then you got a burst of economic growth that drove the u.s. economy for about a decade. so i'm hopeful we can get this right it may not be as distinguishable as the it revolution but we can see a similar burst in economic growth. and this was an appreciable increase to income so with that please -- that's a goal here

for us. thinking about the issues we've talked about security privacy standards international cooperation but i think we're on the path to maybe do this. i found this to be a really excellent panel. i really appreciate them. please give them a hand. [applause]

[captioning performed by national captioning institute] [captions copyright national able satellite corp. 2014]

>> the chair of the ways and means committee congressman dave camp is retiring. he's represented michigan's fourth district for 12 terms, 24 years. he recently talked with c-span to reflect on his time in congress, his efforts to change the tax code, and how a former president helped him get on the ways and means committee. he also talks about his cancer

diagnosis two years ago. his is about 30 minutes. >> house ways and means committee dave camp, we're talking on the closing hours of congress. in your time here you've had something of a singular focus for tax reform, tax overhaul. you're leaving congress without achieving that. >> when i became chairman four years ago i knew that we had to do something about this policy that expired and then we've retro actively put nit place. and we're the only nation in the world that lets its tax policy expire. so my first hearing was on tax reform, you're right it was my focus, and spent really three years put out a discussion draft on the international taxes in october 2011 and then obviously created bipartisan working groups more than 35 hearings really to get the right input from families, businesses, stake holders.

but these are big things to move. i had a good partner in the senate with senator baucus and he did white papers. we traveled the country together to highlight the problems with the tax code and it's been an experience. a lot of members have gotten involved. but unless you have a but unless you have a president who is involved in something this big, it's not really going to move too far. but i thought it was very important to push. it's a debate this country needs to have. we don't have the kind of growth in our economy, we don't have the kind of job creation or the kind of growth in incomes that we absolutely need to have. so it's a debate we need to have in america. i think the step now is the treasury department and administration need to come up with their detailed plan. they were part of the process. they've seen everything we've done. they now need to come forward. if the president does want to actually grow the economy, bring more revenue to the government and higher incomes to people, this is one way to do it. so i think it will happen.