these were quick to have networks that have security built in at the level of the way we define them. >> so that's interesting because when i thought about the question of making cybersecurity more accessible to members of low income communities or vulnerable populations, the thing that immediately comes to mind is the question of usability, right?

so i had spent time in the field where i'm observing people in the classroom, usually older adults, again, someone, you know, that has limited language, english language skills, who spends -- someone who spends at least three classes literally trying to figure out how to drag the mouse from one side of the computer screen to the other right? so that's the first bit. the second bit, usually the last five weeks of the class, is in understanding what in the world is a username? and the password. and so what i've seen is, you know, just like this complete cognitive dissident as to what does is mean to have an identity online, you know, people are definitely choosing insecure passwords, something that is easy to remember.

and if you have low literate skills or limited english skills, you're going to pick something that is much easier to remember that a computer could decipher quite easily. you are more than likely sharing your password and username with other individuals because you've not done this before. and so usability, i mean, it seems like an obvious thing to really focus on. i guess i am hearing that's not -- >> i think we shouldn't pit usability with secured infrastructure against one another. i think we need both. for me to say that the infrastructure needs to be built in a secure way is not at all to say that we should discard usability. i agree with you this is sort of a concern. but like we have usable tools

like mobile phones that people understand and learn how to use, people who have a low technology literacy. the fact useability doesn't solve the security problem. >> interesting. >> seda or tara? >> it is a subject near and dear to my heart. usability, it is important i say obviously i agree with daniel, it comes down to a matter of priorities as to what things we focus on. these are very hard problems but i think some of the issues we're still grappling with come with a large number of users with this background levels of expertise and people of disabilities questions around age, literacy and all of these issues come into how well are we serving our user population but we are working on it. i put a lot more discussions in

the last or so and we've been hearing this talk about a lot more so i'm hoping that or there are more people were prepared to work on this issue, work on the research side, work and putting money into initiatives. a few recently i guess security and was the reset it did something. they put together a set of tools for people that were supposedly easier to use. so it was an effort shall we say to give people a set of tools that there identified as easy just to they did have to go in the world to figure out things themselves. so i'm hoping we cracked some of these problems but they are difficult or even something like the certificate has been issue for what these people understand things break. it's difficult to explain nuances in which -- is this a risk? i'm not sure. what went wrong? i'm not entirely sure. how much information we give you see to make an informed decision? these are difficult problems and there have been incremental steps towards improving things

and we haven't actually cracked this. ideally you wouldn't end up in a situation where a person can make this decision but we all know systems are not perfect and they break. we need to support people when things break down. >> there's a very hard word to pronounce that hopes to analyze this problem it was picking up and it's called responsibilization. >> i agree. >> in very, very short description it's about encouraging individual to manage the risk themselves and for increasing asking individuals to manage their risk. this comes as a result of organizations, companies governments streamlining their processes most likely potential information systems which incurs certain risk but these risks are not taken over by the organization that extra lives to individual users.

so what we're doing, for example, is still collecting data and other risk associate with that, externalizing to the users thing you did want to be part of this issue to protect yourself. so we are pushing a lot of responsibility on to the user saying if you think there are risks become in your direction as result of new information technology, you are responsible for protecting yourself from it. this is very problematic, of course. we've done projects in the past instead of burdening the users with protecting their privacy we should ask phone companies or whoever is making the phones were using to give them secure phones. we should make sure that the network is secure in a way that your communications cannot be eavesdropped on. maybe partner, and i think in the case of like usernames and for a lot of sites that are asking for username and password when they don't need to. you can do those anonymously without giving information but

they were pushing people to sign in and to be uniquely identified, incurring more risk. and in some cases i think there is a risk in terms you want to be logging in and securing a communication with that organization which is getting his services but they are not securing their service and they're asking security questions like what is your mother's maiden name, which is usually public information. and then saying the users are responsible for not taking care of keeping their mother's maiden name private can which is again burdening the user with bad security design but i think there's a lot to unpack there. >> some i want to come back to a theme that daniel had mentioned earlier. i think you were referring to, i mean, i'm hearing that there's a shared responsibility that seems to exist. and you had earlier pointed to this idea that a community right, that we shouldn't be thinking about individual security, but a community is part of the process.

and i'm wondering what that looks like, what that entails in both the work that you've done as a developer of open-source tools and in your work at the aclu? >> so, there are many different ways that a community's security can be impacted by the tools that they use and recommendations that they use. i guess there's at least two different ways i like to answer the question and i will try to be brief. one way is for a tool to be developed in a way that benefits the users, those users, the people developing the tool need to be engaged with the user base. the user base needs to get feedback. how you establish those communication channels and encourage people to contribute in those ways, to the tools that they rely on, is a tough

question. i think we need more people working to try to get those communication channels open and value that kind of feedback. another way that i think, the communities themselves, there's also a way we can to surveillance of a community that doesn't amount to surveillance of any one individual. this is a separate question about how do we secure a community. i think we need to also think about the ways that communities have marginalized people. so, for example, lgbt communities in places that have homophobic laws or homophobic culture have ways of communicating with each other. and rather than just surveilling any one individual you can book is a bit of the community itself and build up information based on the pattern as a whole. and so whether any one individual within that committee has protected information, the fact they're still participating

highlights them as potential target and that itself is a risk. there are sort of two ways i want to make sure the community aspects gets brought up. >> so that suggests that we need a broader base of people using secure technologies. i want a reality check as to where we are at, because i heard you say something about hypotheticals. and tara, you also mentioned that we have a lot to do. so what's the state of the market, for example, with regards to secure technologies? i mean, how many people are using, let's set aside the question of vulnerable populations for a second and just understand the broad base of consumers that do practice, you know, using encryption tools, tools that keep both

the individual and the community, i mean, what are we looking at here? >> it's interesting at one level the user community is massive because there's already an infrastructure even if it's imperfect that already has a large amount of encryptions deployed. much of this we don't necessarily see. it's not the same as decided you're going to download a particular tool to add another level of encryption to your instant message or two off the record messaging or a particular tool, but you already sort of embedded. at one level, it's all of the people who are already using it. that's probably not what you're talking about but we do we need to remember the already a bunch of people who are taking advantage of these tools who may and may not realize the degree to which they are using the tools that are already out there. i don't have a good read on who's using the other tools that

are little more the off beaten path. it can be covered are people who've had an incident happen to them and they suddenly decide it's something need to do. they are maybe people are part of a larger communities who have brought this forward, taking more care on the communications. i think in those groups we are not seeing maybe the diversity that you might see in the broader community that he mentioned earlier who are already using tools. if you look at some of the developer communities where there's volunteer labor. so the way you hear about these tools is because you involve in a community -- the diversity is not particularly large. daniel may want to add a bit more to this. and the numbers are pretty low and among those, for example the number of women who are participating is low. anyone who isn't a group in which they are marginalized, for example, tends not to access to resources to participate in free labor market. you are someone who has multiple jobs, someone is taking care of children.

you may not have the ability to decide you're going to sit down and dedicate a few more hours a week to develop a tool. this is exactly the sort of people who we are speaking with them for trying to bridge that gap i think would be an interesting challenge. if you want to hear from the users and not just the people who feel they know what the users want, you do have to involve people to design with people and not just for people. i am intrigued to see how we might bridge that gap. >> daniel, how good or bad? >> the diversity within the developer community, it's terrible. >> and also with the user community. >> well, so the thing about looking at the user punitive particularly for privacy preserving tools but that often the user community don't want to identify themselves because they're interested in protecting the privacy. so there's a bit of a chicken

and egg problem in determining that the developers who build tools that do actually want to preserve privacy probably don't collect a ton of information so it's hard, but i suspect numbers are relatively low, certainly compared to get out of network users over all. >> seda? >> maybe it's good to distinguish like three types of use that is out there right now. one is basically what we know as https -- basically protects the committee nation between you or your device and the service provided that you are sinking to. those are important to talk about men and their division now. the next one, and that's been

being increasingly used on phones and tablets is man at the end attacks. so those are, so that's when companies use encryption to put controls over what we can do with the devices that we are using. and those two, amenity and encryption used is quite popular, getting more popular. the man in the middle is getting more popular due to also increase privacy concerns and then there's a third type which is kind of what you guys were talking about with the developer commits increase software and the lack of diversity and the miniscule number of users and that's what i will for now call end to end encryption. these are three mates, the man in the middle, man at the end and end to end. it's not perfect but let's try in this kind of classification. and what happened in the last two months, which is rather let's say worrying is that we had a number of government officials speak against the end

to end encryption and its possible popularization through applying end to end, companies applying end to end into a wider user base. so apple said it would provide an application to their users using imessage. google started developing something that we haven't yet seen deployed, and facebook said that they would integrate this into whatsapp. government officials react very identically saying that this would mean law enforcement would not be able to do their jobs. i think we would also banned encryption against man in the middle attacks which was not well received, and obama said something similar, even maybe stronger. he said people with companies will be liable if because of the use of end to end encryption they would find out that an attack happened or somebody was harmed.

sending the message to companies in my opinion that they should not implement these technologies. so i think that there is a whole economy of where in kuching gets applied and where it is encouraged and discouraged and would like to see into and encourage. one way to do that is have organizations with a large user base implement it properly, not like imessage, but that's another detail and make sure it is available for the privacy user but we haven't seen that happen. >> i want to respond, let's talk about that later maybe because i am actually interested in the quality of the security that end users are receiving. so, one thing that has been of concern, particularly in marginalized communities, is that stuff that they use across the board doesn't work. it's of low quality, right? so i'm wondering, you know, are

we at risk of seeing tools developed and deployed that are not quite protecting us as much as they should be? and i will come back to some of these larger questions, but i think from the perspective of the marginalized communities that i've worked with, that is a very prominent concern. are you getting what you think you're getting? >> there are very few tools that are providing people with full anonymity and confidentiality and privacy protection. there are often gaps in terms of what i would call key management. how you identify the remote party you communicate with. there can be gaps in metadata analysis.

there can be simply bad encryption of if are using encryption mechanism that we know to be broken or to be substandard. so, i think the communities you work with are rightly concerned that what they're getting doesn't maybe live up to the level of security that they want. that said, there are tools that are out there that are a significant step up, and you know, seda mentioned https three years ago, https traffic was a small fraction of what was going on on the internet. and now even look at all web traffic, it is significant larger than it used to be. many people who run websites have decided we need to be doing this to they should be the default, this should be the new standard like why we sending clear text in an encrypted across the internet in the first place with the within that does is put our users ourselves at

risk their so this doesn't all the way to the end to end encryption that seda is pushing for, but it is a step up and it does protect users against certain kinds of attacks. now, there are still failures. i don't know if people in the room heard about the nobel supervision incident last week? that was an attack against https? so when no permit so anyone who bought a lenovo machine and outs click yes on the license agreement on just to be clear who here reads all of the licensing agreements? wow? two people, three people okay. so, that's very rare. it is usually zero. so if you click yes, they would actively intercept all of the communications going on. https is getting better and better, more widely deployed with are still attacks that can happen. so i think we need to be, that

attack happened because people picked the machines are given by vendor and they just used in the wro way that everyone normally uses it. to make sure we have an eye on that kind of situation situation. >> thanks for asking the crowd about their doing a crowd check. actually i'm really curious to see a show of hands in the realm of how many people are working directly with more mobile communities or marginalized populations? we have a few in the back as well. so for the benefits of those who raised their hands in the back of the room, and myself as well, i've heard you talk about usability. i've heard you talk about protocols and infrastructure. i've heard you mention the role of government.

and, there are opportunities. for those of us who are working with vulnerable communities what is the greatest opportunity that we have ahead to institute more secure technologies? what is going to get us to a place where these tools are easy-to-use? what should we be hopeful for? >> [laughter] i think what we should be hopeful for is that if we can get -- a beginning of an adoption of the tools. i think we are getting a bit of -- you are hearing more from users who are expressing a desire hearing about the tools

that might be helpful for them. if we can begin to break down some of these barriers i'm hoping we can hear voices that we do not hear before you can give us information about what people need rather than what we believe you need. we never actually talk to you but actually bringing you into our group. i'm hopeful that will be more funding for things like this more availability for projects to be funded to look into usability issues, to look into tackling these issues. people handling very large complex projects on shoestrings. they are very dedicated an expert personnel who are asked to do a wide variety of very come located tasks to the best of their -- complicated tasks to the best of their abilities. there may not have the tools to bring in people who should be the testing with them. if they have a bit more of that,

i will hope the tools will improve. there is more dissemination. it will be great if people can do documentation that has user support so people don't have to jump onto an irc channel but want a close relationship with people to talk them through problems. i recognize we have a lot of large challenges, but i'm optimistic that we will perhaps move closer to that ideal of tools that are more available to a wider group of people and give them the security they are looking for. >> ok. i think i will look at it more structurally. i think i will come back to some of the proposals for cyber security. what we see in the cyber security strategies as you look at the research and development strategy there is also the executed order -- and move away from secure infrastructure to

making it resilient. if i could make very shortly -- we cannot add security to the networks we have. we should not rely on security. instead, we should try to make communities or systems or critical infrastructure adaptable to attack. let's say there were dirtata breaches. we have to try to learn from past mistakes by surveilling everything all the time so we can recognize when those attacks will happen in the future. resilience is a failure of the state -- a project that replaces the failure of the state to provide security for citizens and the people living within the borders and putting the responsibility on individual communities to secure themselves.

that also goes towards private entities. in this game, the this enfranchised more vulnerable communities will lose even more because they don't already have the resources to protect themselves and now the government will say why don't you make yourselves a little more resilient? i think the structural point we need to look at here is the very careful move towards resilience and seeing that not everybody is going to have the equal resources to make themselves resilient and maybe think about security as something we keep with us and not just give up on. >> i want to send my response in terms of what can benefit the entire network. we desperately need extra security for emerging communities. one concern about providing

targeted security to less communities is it highlights who is getting that. so at some level, what we actually need -- this goes back to infrastructural change -- the more people that are not in marginalized communities that use tools that provide the same protections, a baseline expectation that these are the normal tools. these of the tools to be used. they will bring in a water user base and more traffic -- wider user base and more traffic that will look the same as other communities. if one of the goals we want to see is better support for the security of marginalized communities and individuals in the communities, everybody needs to take on these same set of tools and use them actively,

even if you don't particular feel you are a member of the threatened group. >> we have time for questions. i'm just going to open it up to the floor. i know that we have a hashtag where people are -- potentially joining our conversation. i would just pointed out to you for those of you listening in. let's have a show of hands for questions. yes. in the back there. >> one of the disenfranchised groups in afghanistan are women that fight every day for equality. we established the afghan trusted women's network. we think it is a matter of life or death. there is a secure means by which

women can get on the network through a portal, entirely secure, and they can discuss issues from small businesses they are in to educational issues. there are technologies out there that are secure enough for people, especially those in a difficult situation like women and children in afghanistan, to discuss those issues that are sensitive. we look at that as a matter of life and death. in some cases just the use of technology endangers their lives. they not only have to exercise operational security when they log on, but when they are on that portal, they are very secure. second anecdote -- >> is there a question? i want to be sensitive to others. >> has the panel considered secure portals for the online

collaboration for groups at risk? i mean that also in southern syria, subnational level where we know that people that have people that have sent simple emails have been intercepted by isis have probably been taken away and never heard or seen again. what is your experience with those secure portals as a solution for online collaboration securely? >> i'm afraid i don't know the architecture of the system you're describing specifically. i'm happy to hear that you're working on projects like that. i think we do need more people trying to build these sorts of tools. one of the concerns that i would have based on the brief description that you gave in terms of secure portals would be that there's probably a large amount of information stored on the servers of these systems and if these communities come under

attack or are targeted then the fact that that information is stored in a centralized place makes that particular place a point of vulnerability and this is one of the externalities that sada mentioned where if the administrators of that system don't adequately secure it -- and i'm not saying your administrators aren't adequately securing it, i certainly hope they are, but if they lose because someone tried to compromise the system, if it's centralized in that way, then all of the people who have participated become at risk so that's a certain that i would have in a model that relies on a sort of centralized and trusted intermediary to provide that communication. >> i saw another hand go up in that general area. yes? if you could be sure to ask a question straight off, that would be great. >> so i remember a couple of years ago the food stamp processing went down for a whole bunch of states and i'm

wondering, seemed like a practical question here, is that the food stamp system as secure as the commercial credit card system? or do we even know? is anyone checking? >> the credit card system in the united states is based on things that you can trivially photograph with your mobile phone in a restaurant. and i can't speak as to the technical security of the food stamp system but my understanding is that the credit card system in the united states is backed by the legal framework around the -- around fraudulent -- fraudulent draws not around the technology of the use of the credit card itself. >> i was going to add, we talked about security and confidentiality. we didn't mention the availability part. people talk about the triad that comes up a lot and this is a case of availability, people are

dependent on a system in order to eat and this is not having that secured against an attack is a place where the security failed a group of very vulnerable people and again nothing to do with confidentiality but availability, we have to think about that, as well. >> one of the sayings in communities that are focused on economic justice or community development is that systems for the poor are poor systems. and hopefully we'll see that changing in the future. i saw a hand go up here. yes, this gentleman in the green >> my question is about the -- like the topography or the geography of how the digital world actually appears. just thinking about the weather these days and about that weather doesn't follow along county lines and the internet obviously doesn't fit

necessarily in national borders so how should we look at the internet and how we connect to it and how we interact with it, perhaps just markers with which we change our behavior when we get online when we use our phones and things, what are some things to understand based upon how you would describe what the internet is actually -- how it's actually designed and then how we should interact with it. >> can you be more specific? how we should interact with the internet is a big question. >> well, ok. to be on the more technical -- >> but also brief. >> i guess on the more technical side. i've used servers to watch bbc internet videos that i can't see because i'm in the u.s. but my digital identity can be copied and i can fake it. so how do we -- i guess that's what i'm more curious about. if this can be done all over the

world and i can appear anywhere in the world instantaneously how do we -- if we don't understand it as well -- go about protecting ourselves or interacting. just things to keep in mind. >> we'll come back to that. >> great panel. >> i'm learning what you guys make of the trend of providers charging for the privilege of not to be tracked. at&t enrolling in its gigabit service, will allow you to opt out of super cookie tracking for

$29 a month although the answer is fairly obvious. what do you think this means for low-income users for privacy and security and do you see this to be a growing trend? >> it's clearly a growing trend and it's not just at&t doing this. another situation with a similar consequence is the facebook zero style plans. for folks unaware of how this works. facebook zero is when facebook toss your mobile provider, we'll cover the connectivity costs as long as you're talking to facebook so what if you could get your mobile phone plan and your mobile phone plan was free as long as the only parties you were talking to was facebook so facebook becomes your mobile phone and that's your network and they're sitting at a central point for data collection and surveillance. the answer to your question maybe it's a leading question, but the answer is that for communities without funds, that is the only way that they're going to get initial access.

and the long-term view of that is that actual access, what we currently think of as the internet to the, like, whole world, could become the domain of just the people with the ability to pay for it and i think that's a tragic outcome if that continues in that direction. >> we have time for one or two more questions. i see this gentleman here. >> my question has to do with existing infrastructure already in place affecting everyday cybersecurity issues for everyday people. what would the proliferation of the use of the tour browser have to do with security issues affecting everyday people? do you think that's a good solution? thank you. >> i would love to see more people using the tour browser.

i don't think it's a solution to all the problems we face. the tour browser provides a specific set of bounded anonymity preservation but it would be great to see more people using it. again it doesn't solve all the problems. i was happy to see facebook open a tour hidden service, not because i have a particular stake in facebook. i don't actually use it but i am happy to see that that's there because it points out that the use of tour is a fundamental -- it's an activity that many people would want to do simply because they're blocked from the network services that they want, whether that's by their government or by their employer or by their -- by their home internet provider. so -- >> so i want to end with a question that will hopefully get us thinking through the connection between this conversation and the rest of the conversations that we'll have

throughout the day. so throughout the day we'll have -- we'll see this concept of cybersecurity in all of its permutations and i get the sense that the conversations and some of the ideas that we have been talking about in terms of accessibility, availability, now affordability, protocols and standards setting -- what do you hope of these issues that we've been talking about this morning and this session travel or intersect with some of the conversations that are happening later today? >> maybe i can follow up on two questions. the anonymity question. i think there are a lot of times in what we call real life or the fresh world where we rely on

anonymity and the digital world the way it is designed right now, makes it very difficult to enact these things in the real world anonymously. crisis lines have been an example. and i think it's very important that we think that the digital and real world are enmeshed that we have to make sure that certain basic cultural and societal practices like anonymous speech or anonymous access to services also remain available in this new enmeshed environment. i'm not saying online. this new environment. and the gentleman who was talking about afghanistan and syria, those are some of the most surveilled countries not only by the u.s. but by virtue of making that available, we're enabling parties in those

countries to surveill on their own populations. in the case of syria, they have massive amounts of deep pocket software from companies in the west and they've been using that to surveill their population which is endangers any of the populations of minorities or disenfranchised people living in those societies so while we can always look at the security and privacy of the tools that we develop, they are only as secure and as private in the general environment in which they exist and if we go for an environment based on surveillance because we think that's a good strategy, we're endangering the existence of these tools and therefore anonymity and privacy in this new enmeshed world. >> so let's think of things as an interacting system. >> that is correct. >> i want a word or two from tara and daniel. >> it's hard to add on to what seda said.

i liked the discussion of the virtual world and physical world. we spend so much time in the digital, we tend to forget that we have broader communities and social systems that we interact with so i would like to hear more discussion about our larger social and interpersonal systems in our continuing discussions throughout the day and beyond. >> quickly, daniel? >> to add to what they said, i just wanted to reinforce the idea that as policy proposals are made, they often have technological components and if you ask for a policy proposal that allows the kind of deep surveillance that we have been sort of warning about here, that surveillance is not just going to ultimately be used by the parties that you think will have access to it and i think we just want -- i just want to make sure that proposals like that are understood in the risks they pose to the network as a whole and everyone involved in it. >> great, thank you. please join me in thanking our

panel. [applause] >> before i announce our next speaker, i wanted to let people in the back who might not have seats know we have plenty of seats in front so please feel free to move up here, especially here to your left, to my right right here. our next speaker is dr. heather randy moss and i'm particularly pleased to welcome her here today. dr. ross is a visiting speaker from the university of denver and she will talk about new and old ethelics and what emanuel ka yt can teach us. >> thank you for inviting me.

i am a weird individual for an academic. i'm trained as a political scientist but i do law and ethics and political philosophy so i like to merge these together to think about new technologist so today my job is to tell you how we can look back 200 years to somebody who can help us find information to help us in the future. so this is how political scientists think about war. this is a bargaining model and what it assumes is two rational actors making rational decisions and this is literally how political scientists think about war but this is how -- and this is how they think about cyber war but this isn't how it works. we don't really face off in cyberspace with our adversaries. we don't look them square in the face like this. for those of you who don't know, this is gigi ping. we don't square off in the face. we don't even do good battles

like fun battles in cyberspace. we hit below the belt, we do it just enough to be irritating but not enough to trigger what we consider an act of war, right? and this is really telling so how do we figure out when all of these below the belt issues are coming out. it would be really nice if we had something like a dark mark from harry potter that told us that when our networks were insecure that we were owned that all of our data would pop up on the screen, right "you're owned, the dark lord is coming" but we don't have any of this stuff and it's hard to enforce our rights claims in cyberspace. this is where i think emanuel kant comes to the rescue. i think when we think about cyberspace and think about rights claims and enforcing our claims of justice and making sure that we can -- the state can protect us or protect our

data or different types of things right kant tells us a couple of things. one, he says that the state needs to have the monopoly on coercive force in order to protect our rights. and to do this right, you have jurisdictions, you have borders you have laws, everything's great. in cyberspace, we don't have the monopoly and jurisdiction is a problem and he says when that's a problem, you fight with other states and that's how you prosecute your rights when you don't have the jurisdictional claims that you need. ok, you go to your army, you go to your navy. they help you enforce your rights but this is a problem in this completely insecure and it's not a good bet so he says then you need to create a free federation of states for a defensive community much like nato, right. so we have nato, i call this social contract nato style, if you know any of the people in the back that i sort of shot

faces in, kudos to you and if you can point out who hobbs is, you know where he's sitting, more kudos to you. what i really think is happening here is that we need our friends. we need our allies, we need to get together and have cooperation, right? that's what we learned from kant. we need trust. we need allies to trust. but when this happens when we have these defensive communities and we have allies and we have trust, we can't do certain things, he says. in fact, we can't spy on our allies and he makes a really, really big claim about not involve what he calls dishonorable stratagems and to be involved in spying is to be engaging in a dishonorable stratagem so we know all these reports that come out over and over again about spying and different types of things breaking down trust, right? we have all of the different

leaders of states saying that they are breaking bonds of trust necessary for allies and this is huge right, when we think about cybersecurity because the claims of justice that we want to enforce, our rights that we want to protect, require our allies and it requires we trust our allies but now we're kind of not doing so who the that, right? in fact, google's executive chairman eric schmidt famously said we're going to break the internet if we keep doing what we're doing, right? so we have to bring it back down to building trust. we can't be what kant would call an unjustneths, onhoenn shab stratagems and threatening the fragile bonds between allies and peace so to be an unjust enemy, to square off, to fight against another unjust enemy, is ultimately to go back to a state of war,

right, what he would call a state of war. and this is huge, right, because all of the international agreements we have all of the international wall wee all the cooperation that we have so we don't involve ourselves in interstate war is based on very basic rules of trust but if we keep breaking those bonds of trust, we will undo the great thing that we've created this great thing, the internet, that has given us communication shopping. he was a big fan of shopping and commerce. he thought it would create bonds of trust. he friday -- said if you go visit somebody else's shores, you'll learn about their culture so we need to continue to engage in the sharing of ideas and commerce and we have to stop, i think he would say we have to stop thinking about short-term goals of militarizing cyberspace spying on our enemies and breaking down the

very basic relationships we have to enforce our rights claims. so the way i like to think about this is if you other were to quote neo from the matrix, i can't tell you the future but i can tell you how it's begun, and we need to stop militarizing cyberspace. we need to think back to what kant tells us about the claims of justice how we enforce our rights, how we utilize our allies how we make laws and stop engaging in what he would call dishonorable stratagems. thank you very much. [applause] >> federal reserve chair janet yellen delivers the bank's semi annual monetary policy report to congress tuesday morning. we'll have her testimony before the senate banking committee starting at 10:00 a.m. eastern live on c-span3.

this portion of the new america foundation cybersecurity conference features remarks from john carlin. he discussed the threat of financial data theft from other countries. it's 35 minutes. >> thanks, tim. i have the honor and privilege of introducing our next speaker, john carlin, who's the assistant attorney general for national security. he runs the national security division which is about 350 federal employees who basically are responsible for prosecuting cases of terrorism espionage cyber issues and national security in general. previously he was chief of staff and senior council to f.b.i. director robert mueller. he's a graduate of harvard law school and i'm going to engage him in conversation and then open it up to you. so, john what is the role of

the national security division when it comes to cyber? >> thanks, peter. the national security division is the first litigating division in the department of justice in 50 years. it was one of the reforms from post-nevin and the recommendation was relatively simple, spy cases, terrorism cases, applications for intelligence before the foreign intelligence surveillance court and cyber cases, all reported through different chains at the department of justice so the idea was to set up a one-stop shop at the department of justice that would have the sole responsibility for the national security portfolio and thus be a privilege to the intelligence community and law enforcement and in particular, one of the founding reasons for our creation was to tear down the wall that had existed prior to

9/11 both legally and culturally between law enforcement and national security and based on the fact that we were formed in response to 9/11 and terrorism events, in the beginning we were really focused on the terrorism portfolio but with time it became clear that the national security cyber threat was growing, both a threat that's here in terms of the theft of economic information by nation state actors and growing intelligence and the growing threat of the future which would be to use a cyber attack for destructive means. starting in 2012 we really started to apply the lessons we learned from terrorism to cyberspace and that meant engaging and developing in every u.s. attorney's office across the country, from the from 93, 94 offices especially trained

officers trained to handle the electronic evidence in cyber cases and on the other hand how to handle classified sources and methods and to learn the patterns and practices and the intelligence about terrorist groups and nation states. that network is called the national security cyber specialist network and we administer is through the national security division and as part of it we make sure we have our criminal colleagues because at the beginning of a cyber case, it can be difficult to determine who the actor is. that approach and change in 2012 i think simultaneously, the f.b.i. put out an edict to the field that said we're going to start sharing what we're formally on the intelligence side of our house with these new specially trained prosecutors just like we did in terrorism cases and we're going to use this new approach to make sure we're bringing all tools to the fight against those who would harm our nation through cyber enabled means. it was a direct result of that approach that led to first ever indictment of state actors in the case against the five p.l.a.

officers in the spring of last year. i think last year was a significant sea change where you saw the results of this new approach and i think it also led to the ability to very very quickly have attribution in the case of the sony hack which we were able to do, from the beginning treat as a national security matter. >> you mentioned the case, the cases against the five people's liberation army officers that you pursued. do you think that's going to be an effective approach with china? to what extent is it possible these guys would get inside an american courtroom? >> i think it was a necessary change in approach. we got really, really good as a community when i was over working for director mueller the f.b.i. and the rest of the intelligence community, vastly improved their game at being able to watch what our nation state adversaries were doing to our system and see the amount of information exfiltrated daily

from our private systems but with that increased ability to watch came an increased obligation to act. we can't just watch this data going out. we need to do something. part of that approach, i think just like in the terrorism arena, and we use this phrase often in terrorism cases, is the all tools approach. meaning we got to look at the threat actor, what are they doing? in this case, they're stealing from american companies for the economic benefit of their companies. how can we increase the costs using every lever of american power so at the end of the day they say it's not worth this approach, we're going to stop stealing day in and day out what american ingenuity is producing, instead we're going to compete fairly. in order to do that, that means we effectively decriminalized it because we weren't before looking to make these cases. that means applying the resources to look and if the facts and the evidence lead to a criminal group in the u.s. if they lead to a criminal group in europe or if they happen to lead to nation state actors in china we're going to follow it and

bring charges where appropriate but it also means looking as you saw in the sony case, can we do sanctions through the treasury department, can you designate certain entities based on their conduct through the commerce department, can you use the levers of diplomatic power through the state department? so looking across the spectrum of u.s. levers of power and then gradually increasing the costs to make it clear there are consequences and when it comes to these cyber events, number one, i think for too long people assumed that you can be anonymous. we can find out who you are and who did it and number two, there will be consequences. >> quick attribution on the sony hack. do you expect indictments to come? >> i'll just say this, that we -- we continue to investigate it as a criminal case and i think with each one of these national security related

intrution we're going to be looking to do as we did in p.l.a. and see what are the tools we can bring to the table would be a criminal charge. >> these five chinese p.l.a. officers, if they left china would they be arrested by interpol or some other entity? >> i won't talk specifically about what we do but i'd say it's a charged criminal case and we very much hope to bring them to a united states courtroom where they'll be accorded all due process under the law and tried as we have other individuals. >> are they subject to a red notice? or whatever interpol, these kinds of entities? >> i'm not going to discuss the specifics of how we might try to bring them to a u.s. courtroom although we have asked the chinese government to provide them. backing up a little bit on this approach, in the beginning when we were doing our

non-proliferation approach so one of the tools we brought to prevent the proliferation of weapons of mass destruction was the prosecution. in the beginning, i think some in china and others thought this was a proxy for a trade war with them that we weren't serious about the proliferation problem but using it for economic reasons. over time, they realized, no, we really want to stop the weapons of mass destruction from getting into the hands of terrorists in rogue states and have realized that's why we're using the criminal tool in that arena and we've had countless cases of individuals arrested overseas, extradited and brought to face justice in the united states courtroom for export, control and proliferation cases and similarly with narcotics kingpins in the beginning folks asked why would you bring a criminal charge against someone protected by their own country because they're the heads of

cartels but over time we've brought heads of cartels and they're sitting in u.s. jails. it's an approach used in other threats. it will not solve the problem the criminal justice system will not solve the nation state national security problem but it needs to be a tool in our arsenal. >> would you consider criminal charges against people who are kind of proliferating isis, social media sites or involved in isis's social media production? >> yes. i think you've seen, you need to look at the particular facts in evidence but -- and that brings up a broader point. the use of the material support statute, so this should be when there's a designated terrorist group and you're providing your services to that terrorist group either by providing them actual material, money, technical expertise or yourself, that these are cases we have and will charge under our criminal justice system and that approach, i think you is a you in 2012, about 27 countries were

part of the global countering terrorist forum and produced the memorandum of best practices what type of legal codes should be on the books to enable you to bring criminal charges before someone commits a terrorist act and what i think you've seen since then is the adoption by nearly over 20 countries of new criminal codes to address this type of conduct. some modeled after our material support approach, and you saw this fall, unprecedented unanimous approach at the united nations both through the security council and that same global counterterrorism forum group, talked specifically about the problem of foreign terrorist fighters. international, there are over 90 countries that have contributed foreign terrorist fighters to the syria-iraq reason and part of the approach to stopping that problem, similar to the all-tools approach, would be making sure that nations have on

their books, now they're required to have on their books statues so they can take criminal action to prevent citizens from their country from joining that fight before they become the terrorists. >> isis is using social media to recruit but it's a huge advantage for people in the justice department because they can legally monitor twitter and facebook and we've had quite a lot of cases in this country of americans who have tried to join isis have been stopped at the airport. to what extent is social media a good thing or bad thing for you? >> so pulling it even further back. social media is here and it's been an enormous boon to the american economy. it's a change in technology that has many advantages to the world and can be used for many positive expressive intent. it is also a -- presents a new challenge to those who want to combat the terrorism threat. it's essentially a free form of communication that you can use

to plot and plan. this is something that people would invest billions of dollars to come up with a communication system this fast and sometimes this secure for their armies. now we provide it essentially for free. it's a new way to propagandize and reach individuals in a very targeted fashion in their home. the ability to produce slick propaganda is cheap and widely available so it presents a new threat. there are some intelligence collection communities that come from that threat but i would say -- you saw this in recent events now, in meeting with my counterparts ministers of the interior from france the u.k., canada, as nation states we're still learning how to confront this new threat what's the best way to counter the use of social

media in particular for this targeted type of recruiting. >> the private sector owns much of the cyber infrastructure in this country. what's the responsibility of the private sector for -- let me just take twitter, for instance, which has been quite slow when it comes to taking down content from isis and other groups like this which is against their terms of use. what role should twitter or a facebook have in sort of really being careful about the kind of content going up? >> we've talked about two issues. cybersecurity, so much of what we value, now we store in cyberspace so we need to worry about it being stolen or destroyed in that space. social media for the purposes of propaganda or communicating. i think in both instances, these are areas where we really need public-private sector

cooperation, particularly when we talk about our critical infrastructure. it's pretty much all in state or private hands. and so in order to effectively defend the american people from threat, we need to work with companies so they improve their defenses, but we also need to work at ways in which they can effectively share information to the government so we can coordinate and put out threats cut across sectors. and also we need to be able to share information that we have collected as a government to them to best enable them to protect themselves. i think we've made enormous strides in this area but given the scope of the threat as the 9/11 commission report put it out earlier this summer, in some respects, with a pre-9/11 moment, given the threats we can see coming to the cyber infrastructure, so although

we've made progress we still need to do more and faster to meet this threat. >> when you say we're in a pre-9/11 moment, what do you mean? >> i think in some respect the terrorists groups have the intent to cause the maximum amount of harm than they can against our critical infrastructure and they define it broadly. against things that people associate with the west or with america and would cause damage here. so back in 2012, you had zawahiri formally publicly call upon jihadists to take these types of attacks and since then you've had numerous groups issue similar calls. so we know what they want to do. we've seen their pattern and practice in the past of these terrorist groups announcing what it is they want to do and then doing it, attempting to do it. that means, as a country, before that devastating attack occurs, we need to put the attention resources, statutory changes

into place so hopefully we never reach the moment where that catastrophic attack has occurred and then we're suddenly putting in a variety of new procedures. >> on 9/11, al qaeda had both the intent and the capability. cyber terrorism so far has been in the area of cyber nuisance rather than national security problem. >> so, i'd -- i think it's -- characterize it a couple of different ways. one, i don't think they have the capability to do the type of destructive attack they've talked about or they would have done it because they have the intent and there's really no barrier to entry. you have seen destructive cyber attacks. you saw the attack against saudi alamco where they essentially turned an oil company's computers into bricks. you saw the sony attack which wasn't done for economic advantage or intelligence gains it was done to destroy and coerce.

and the damage that nation states in particular are doing by stealing our economic information day in, day out, not for strategic purposes but to use it in direct competition with our companies is real. i agree that we haven't seen the kind of sophisticated nation state capability make its way into the hands of a terrorist group but that's a matter of time and when you look at the criminal groups, using an example, criminal case that was taken down last spring, game over zeus. it was a botnet that was bom posed of thousands and thousands of computers. botnet is just a term for essentially an internet of compromised computers so they've gotten into people's computers and they use a vulnerability to take control of your computer and use it for their purposes. and that can be used to launch attacks like a denial of service attack but it can also be used

as it was by this criminal group, they used a code called cryptolocker and they would encrypt people's computers and they were doing it for profit so they would blackmail you and say if you want to see your data again and for all of you in your different fields i'm sure there's much you value in your computer, that you need to pay us money. if a terrorist groups gets access to that type of botnet, they could use it to block people's access to health information or keep people out of the financial sector and they're not going to offer payment to set it loose, they're just going to cause the massive amount of destruction that they can so it doesn't take too much imagination and some of those botnets are for rent so even without having the in-house capability as a terrorist group you can see how over the horizon this is a capability they're going to develop. >> what about states that also are quasi criminal enterprises like north korea or terrorists groups which are proxies for states like hezbollah. >> i think we need to look at

the particularly sophisticated nation states like russia and china and see what we can do to deter their particularly a lot and pay particular attention to the north koreas and the irans who might launch destructive attacks and part of that approach is proving it's not cost-free because we can do attribution and prove who you are behind that keyboard which is why the p.l.a. case was important and why the attribution of north korea was important and we also need to show that after we do that we're not afraid to publicly say what we've found so you won't be hiding in the world stage and third that there will be consequences for that type of activity but it's a threat that i'm very concerned about. >> one final question before throwing it open to the audience, what is the international legal framework that exists or should exist that would prevent, that would sort of be employed for future -- is

there enough international law to prevent this going forward at least make it harder for states like iran and others to do a saudi iramco attack? >> i think we need to continue to work both norms in this area which is relatively new although some of the activity that takes place i think clearly violates already established international norms but secondly to make sure we develop the partnerships and capability the same way we do with traditional terrorist threat, for instance, with our partner nation states so that means getting prosecutors, getting f.b.i. agents, getting experts from the department of homeland security, out to meet, train familiarize themselves with their counterparts. it's a fundamental international threat and even when you're threat actors in one place that the tools that they're using to launch the attack may come from another country's infrastructure. so just like here in the united

states, we need to work with places like universities who have a lot of bandwidth and server space so they're a tempting target for criminal groups or bad actors who want to use that space not necessarily to steal something from the university but to launch attacks against others. we need to have that same concern with other countries work with them so we can take action when others are trying to maliciously use their infrastructure. we're seeing this approach. the botnet case involved coordinated action by public and private sector partners throughout the world. 30, 40 different companies and countries taking simultaneous action to disrupt these threats. that's got to be the model moving forward. >> thank you. if you have a question, raise your hand, wait for the mic and identify yourself. thank you.

>> hi, i'm just interested, in relation to the terrorist propaganda we see in social media or websites, are the internet service providers and social media companies taking those down and deleting them? or would the security agencies and law enforcement agencies here in the u.s. like to see them do that more, remove some of those inciteful postings or inciting postings? >> i think there was a call from the attorney general to paris after the attacks there, we met with the interior ministers of many of our partner nations and from that meeting there was a call that was echoed again when 60 countries were in town last week.

and we need to find a way where we can work with internet service providers to obtain the information that law enforcement intelligence services need to prevent terrorist attacks before they occur and at the same time we need to do that in a way that's protective of the civil rights and civil liberties of the many users who are using these systems for innocent purposes and i think that's a balance that we can obtain and it's something that there's great interest not just in the united states but with partner countries across the world to make sure we find that proper balance. the other thing we need to do which is not my expertise as someone who focuses more on ghinged did it and holding them accountable but it's to figure out the best way to counter message so when you're competing for those who are getting propagandaized by these very

targeted social media campaigns how do you reach that audience in a way to explain where if it's a war of ideas, we ought to be able to win why an ideology based on enslaving other individuals, killing children and innocent civilians and is fundamentally nihilistic is one that you shouldn't join. so that's where we also need the creativity of those who are experts in this space in the private sector married up particularly with our partner countries in the middle east on making sure both that you have that message and that you figure out a way to reach those most at risk of being targeted for propaganda and recruitment. >> another question? over here? this gentleman. can you wait for the mic? >> hi. i'm with the american bar

association. john, thank you for your service. it's been wonderful for you to be involved with the government. my question as you know is that there's a lot of legislation on the hill and from the private sector perspective the issue for sharing information to help the government concerns immunity issues so i'd like to hear your perspective on what you think may happen and how far the immunity issue can be pushed vis-a-vis the private sector and sharing information for you guys? >> thanks for that question harvey. legislation in this area is needed. we know that we need the information, the private sector needs to be able to share information effectively with each other and they need to be able to share information effectively with the government when it comes to cybersecurity threat information and like wise the government needs to have a method of giving, for instance, you find a bad signature, an identification for a piece of malicious code, we need on

tohave mechanisms where we can push that out so private companies can harden their infrastructure and protect against those who would use that bad signature to attack their systems and that's why the president has called upon congress and introduced legislation that would provide immunity from -- for instance, private companies know clearly what the type of information that's they can share to the government and know that when they do they that can do so legally. in the absence of legislation we've tried at the department of justice, talking to private sector partners, we've issued guidance saying meeting together in a sector to talk about cybersecurity issues and share signatures is not going to be a violation of the antitrust law. we've tried to issue clarifying, again, based on questions that we heard when i was doing outreach with general counsel

that the electronic outreach privacy act is not a bar from sharing information in certain instances in this space and the president recently issued a new executive order on information sharing to try to set up these industry specific groups that could share the information. but what i've heard again and again from general counsels in doing outreaches is that to reach the optimum level where they feel they can share in the space, we need legislation so i very much hope and i know members of both parties have been very engaged and active on this issue and i hope we'll see legislation in the coming year. >> this lady in front? >> i have a question -- >> can you wait for the mic? >> sorry. >> thanks. >> hello. i have a question that was sent in on twitter for the two of you. the question is from casper bowden and it says, on

february 5 privacy authorities demanded the united states stop fault collection of european data, will you? it's twitter. >> i look forward to hearing peter's answer. >> i think it's -- peter has the power to press you for an answer to that question. >> so i think the united states alone really at this point, among nations throughout the world, has had a president who's announced what we'll do and what we won't do in terms of our intelligence collection. i think you'll find every major country in the world western and otherwise, has an intelligence service and that intelligence services are recognized under international law and what the president has said is it's not a question -- we need to make sure it's not a question of what we can do but

what we ought to be doing with those technical expertise and authorities so he's put self constraints on what the intelligence community can do in this space and you also see in the american system a unique system of oversight, as well, that dates back to the original passage of the foreign intelligence surveillance act where it's not just the executive branch but that you have the involvement of the court system. these are the same judges i appeared before as a prosecutor, who are doing, in addition to their regular duties sit on the foreign intelligence surveillance court. and we set up a unique structure in terms of having the intelligence communities of the hill -- and it was in response to abuses that this was structurally set up and rightly so -- where they regularly need to be briefed on every significant intelligence activity and what you've seen with the advent of new technology and the way these are

being applied and the threat, a national debate as to whether the involvement of the intelligence community are sufficient or whether we should change that structure and you've had different versions but the house, the senate and the president all endorse different statutory proposals to change the current structure but i would make -- since that sounds like a question that's perhaps from someone overseas, the point that there isn't another country in the world, i think, that has as robust and transparent approach to the collection of intelligence but i guarantee you that they are collecting intelligence so although we should continue to hold ourselves to the highest standards and make sure we reach the right balance that we're comfortable with here, i also look forward to seeing what approaches that other countries including european partners, apply to reach that same type of balance. >> it seems like you asked the

obama administration realized the collection of meta data for several years by the government was sort of an overreach. >> i'm not sure. i think you've heard the president say -- what we're talking about here is the potential for abuse on the one hand. but they haven't said they found actual abuse which i think is an important report and a very different place than where we stood, say, after the church report, where we found information being used for improper purposes. here there was a potential of abuse because of the amount of information that you're collecting and on the other hand you're balancing that against the potential to prevent terrorist attacks. looking at that balance, i think what you find is that there's another way to achieve that goal, which is what they've called for in the legislation. there are important national security implications for that type of information. there's another way to get it that doesn't involve, in that

instance, the government holding the data so it decreases the potential for abuse and that's the change that's been called for in part and the president has said this overtly because law enforcement, intel agencies, they're working for you and they need the trust and confidence ultimately of the american people to do their jobs so if that can increase the trust and confidence, we should do it. >> one more question, the lady over here. >> hi, my name is jessica dear from social media exchange a lebanese n.g.o. and we do a lot of research on digital rights in the arab region. thanks for being here. i'm particularly interested in this partnerships with countries in the middle east. and i'm concerned about these partnerships because i see in the middle east there's so much

lack of respect for freedom of expression online in particular and that these partnerships could actually -- basically what i want to ask, what are you going to do as the justice department when you're partnering with these countries and there was an initiative announced last week at the extremist summit about working with messaging on social media but what are you going to do to make sure we're not drawn closer to their idea of what should be free expression online versus asserting what is our first amendment right for freedom of expression online. >> we got it. >> thanks. >> so this is partly discussed with peter earlier, there's so much good that can be done through social media, through giving people access to this new form for expression, so while we need to work to make sure that we can approach and meet the national security threats, i think we can do so in a way

that's consistent with our values and speaking from my own division, that's why we have lawyers who are steeped in the protection of civil liberties and civil rights but also the use of genuinely independent court systems and the execution of those rights and how to balance that against national security threats so what we're working to do -- we don't have all of the answers -- but here's how we were able to draw those balances in our system, here's the protections that we were able to provide, here are the limitations in terms of the protection of the first amendment speech and we're trying to draw up best practices with partners that would enshrine those rights in law and it will obviously be an ongoing conversation. >> i want to thank assistant attorney general john carlin who has one of the most responsible jobs in the american government for taking time out of his busy day to speak with us today. [applause]

>> coming up on c-span with four days before homeland security department funding expires, president obama talks to national governor's association members about the risks a shutdown poses to state economies. several governors speak to reporters about issues they discussed with the president. later, we get remarks from n.s.a. director mike rogers on cybersecurity. on the next "washington journal," north carolina congressman walter jones discusses a new authorization for military force debated in two house committees this week. then texas representative sheila jackson-lee looks at immigration issues and the current gridlock over homeland security spending. after that, blake ellis and melanie hicken of cnn money talk about state and local government debt collection practices. "washington journal" is live every morning at 7:00 a.m.

eastern and you can join the conversation with your calls and components facebook and twitter. federal reserve chair janet yellen disfers the bank's monetary policy report to congress tuesday morning. we'll have her testimony starting at 10:00 a.m. eastern live on c-span3. >> this sunday on "q&a," baltimore police commissioner on the challenges of policing the city. >> it was very clear to me that i still had an issue with public trust and people believing things that were said and regardless of the fact that i stand in front like i did for you today and say use of force is down 46%, that discourtesy complaints are down 63%, that lawsuits are down, that officer involved shootings are dramatically down, people in communities say we don't believe it. >> sunday night at 8:00 eastern

and pacific on c-span's "q&a." >> funding for the department of homeland security is set to expire friday at midnight. monday, president obama spoke to the national governor's association about the direct impact a shutdown will have on state economies and national security. vice president biden gave the opening remarks along with n.g.a. chair, governor john hickenlooper of colorado. this is 20 minutes. >> all right, gentle peoples. this year we have one of the largest classes of veteran governors. some of us got back in by the skin of our teeth. but we also have a dozen new colleagues who are relatively new to politics entering the realm of elected office after many successful years in the

private sector and i think the experiences and perspectives of these governors are going to be of great benefit not just to our individual states but i think to the whole country and we certainly with all of them look forward to working with this administration. our commitment to an ongoing and lasting partnership with our federal peers at all levels is continuous and i think that partnership depends upon having people that understand the benefit of that relationship, are willing to invest themselves in that relationship and really understand how governors work so it's my honor to introduce a friend of states and governors a man who joined us in nashville at the n.j. summer meeting to talk about the twhoork remains to be done, someone who has worked tirelessly for this country, vice president of the united

vice president biden: good morning. or almost afternoon. thank you very much. governor, thank you for the leadership you have shown. and for the introduction. it is great to be here with so many old friends. i got a chance to meet many new friends -- i hope friends. i hosted the new governors over in my office back in december, and had a chance to spend some time with you last night. i appreciate it very much. the president and i look forward to this every year. for real. we get a chance, as mary can tell you, to actually have real-life conversations that often do not take place in the city. you guys, and women, took office to get things done.

you are accustomed to making sure whatever the problem is your state is facing, actually addressing the problem. we look forward to this event every year. you know, as i said when i spoke, when i was in nashville back in july, i said then, and i really mean this, governors are the single best hope for the political process now. we will get it right and eventually back in washington. it will occur. the public will not put up with this gridlock for much longer. you are the place where it is happening. so many of you are expementing

with, and moving forward on plans that are viewed here as toxic. republic governors, democrat governors, you are reaching coensus on things like early childhood education minimum wage. i do not see much difference between a republican governor and democrat governor. you're getting things done. the other thing that i have observed is that you are used to being held accountable. held accountable for what you do. i think that focuses one's attention really closely. i got a chance to work with some of you veteran governors when we initiated the recovery act. it ends up being over $800

billion. everyone said, it could not possibly work and would not do much for the economy. and it was going to be such a wasteful undertaking. i want to thank you vegan -- veteran governors for making it look like i knew what i was doing. i spent time with all but four of you at the time on the telephone, multiple times. you took every single solitary project and program you had, and you held it to the same standard that i did, which was if you needed an answer, you would get one in 24 hours. or if you did not get an answer, within 24 hours you got a call to tell you when you would get the answer. you implemented and made it work. at the time, it was viewed as something that was not very useful. since then, the geo pointed out that because of you and the way you implemented the recovery

act, there was less than 1% of waste, fraud, or abuse. paraphrasing, someone said it was a model for the federal program. in addition to that, as time has gone on, the vast majority of economists, on both sides of the aisle, have acknowledge that this work. 88% of american economists found that the recovery act was worth doing. that is because of you. by the way, the mayors were equally as responsive. michael greenwald wrote a book called "the new new deal." in the past year or so, i've also had the chance to be in a number of your states. i had the chance to travel with governor cuomo and governor haley in their states to talk

about building 21st century infrastructure. you all know. last time we met, afterwards, i sat with you, and said, if you could take one infrastructure project in your state that would have a profound impact on the economy of your state and growth of your state, and attract business to state. most of you cannot come up with one. most of you came up with 2, 3, 4. i don't remember how much time we spend together. we still long time talking about what is possible. this used to always be bipartisan stuff.

it was never viewed in such as in terms as it is in the city. working with other governors you are working on strategies to make sure that we have the most highly skilled workforce in the world. you are doing a great job. you're using the community college and the most laughable -- flexible way that it can be used. it is working. you are actually putting people back to work and connecting them with businesses. with a little help from the federal government, a little funding. the tiger grants, you have used every one dollar of those. you have brought in private capital, state capital. you understand better than any group of people how this process works. most of all, the thing i want to thank you for is the tone that you set. it's the one place in politics where most american people feel some sense of security. some sense of maybe we can get this right. i'm caps on you being contagious. i'm counting on you continuing to talk to -- democrat or republican -- you're elected

senators and called his people to see if we can move this thing forward. we are ready to work with you. we genuinely see you as the vehicle in order to -- look, we are gone from crisis to recovery, and we are on the verge of resurgence. we are in a better position than any country in the world to lead the 21st century. it is not just us. take a look at what the imf has projected in terms of growth in the united states relative to the rest of the world. take a look -- they go out and ask ceos, we are the best place in the world to invest. for over three decades of doing this poll, they say the united states. you know, we need two things to keep the swelling. the highest skilled workforce in the world and the best infrastructure in the world. we are anxious to work with you. the person who is most anxious to work with you, the man that i will introduce now, who looks at you, as he said last night -- i'm paraphrasing, he said, i job that a governor does in a really big state. or something to that effect. you all have been our best hope right now. i think you can help us all change our mindset about making politics work in this country because we are so well-positioned as a country to be the dominant economic force in the 21st century. we have the cheapest energy in the world. we are at the epicenter of energy. we have the most active venture capital is in the world. we find our workers are three times as productive as they are in china. we have the greatest research universities in the world. and, we have you. we are counting on the goodyear. we are counting on being able to work with you. ladies and gentlemen, the person

who is most anxious to work with you, the man who i want to do is now. my friend, the president of the united states, barack obama. the president: thank you everybody. thank you so much. please, everybody have a seat. have a seat.

welcome to the white house once again. the only thing more glamorous than a dinner with hall and oates is a q&a with obama and biden. we saved the best for last.

i know you are excited. i want to thank everybody for being here. i will be very brief. as joe said, last year was a breakthrough year for the united states. last year, the economy created more than 3 million new jobs. that is the best job growth any single year since the 1990's. the same was true for manufacturing growth. in fact, manufacturing jobs grew

even faster than the overall economy. the deficit has been cut by two thirds. energy production at an all-time high. small businesses have created over 12 million jobs. the best news of all, wages have started to go up. america is as well-positioned as we have been in a long time. the question is, what kind of choices do we now make together to make sure that that momentum is sustained? i have talked about it before, and want to emphasize it again during our conversation, the belief that middle class economics is what works. the idea that not only do we want the country as a whole to prosper, but we want to make sure that everything a person in this country has opportunity. if they work hard, they can get ahead. prosperity is broadly shared. not only is everybody sharing in that prosperity, but everyone is contributing to that prosperity. in order to do that, we have to make sure that everybody has a fair shot. the everybody does their fair share, and everybody is playing by the same rules. we have got to make sure that anybody out there that is skrimping and saving, trying to figure out how to send their kids to college, worrying about retirement, that they have some sense of security and some sense that they can make it.

as joe indicated, i think everyone of the governors here and every one of the states of this great union of ours, cares about the same things and is doing a lot of creative work to enhance the opportunities for advancement for their citizens. you have states like oklahoma, leading the way in making sure that we are educating our children at the earliest age with high quality early childhood and pre-k education. since 2013, 17 states have joined companies like the gap and walmart to raise their minimum wage and make sure that

some of the hardest working people in america can support their families while working full-time. states are removing unnecessary licensing requirements so that people can fill jobs that they have skills for. you have states like california, leading the way in providing paid leave so that a mom or dad can take a day off to take care of a sick child or an aging parent without having to give up a paycheck. states are also leading the way to make sure that citizens have health insurance. today, thanks to the affordable care act, 10 million americans now have the peace of mind of

being covered. i want to thank all governors, republicans and democrats, supporters and opponents, who have expanded aca to millions of people over the past couple of years. i think there is recognition that it makes sense. and it is bigger than politics. as one governor said, from ohio, it saves lives. the question about it. if your state is not one of the 28 that has expanded and, i would urge you to consider it. our team is willing to work with you to make it happen. some of you may not always agree with my approach or policies, that i think we can all agree that it is a good thing when a family does not lose a home just because a member of that family get sick. surely, we can agree that it was -- is a good thing with businesses have roads, ports, and internet connections that allow all of us to thrive. surely, we can all agree that when workers and management come together around helping families getting ahead, that is a good thing. it is a good thing when workers and businesses can compete on a level playing field with new agreements for fair and free trade. that will be my agenda for the next two years. congress may pass parts of that agenda, not others. i will keep on pushing for these

ideas because i believe it is the right thing to do. i think it is right for america. i will keep on urging congress to move past some of the habits of manufactured crisis and self-inflicted wounds that have so often bogged us down over the last five years. we have one example of that right now. unless congress acts, one week from now, over 100,000 dhs employees will show up to work without getting paid. they all work in your states. these are folks, who if they do not have a paycheck, will not be able to spend that money in your states. it will have a direct impact on your economy. it will have a direct impact on america's national security. their hard work helps to keep us safe. as governors, you know that we cannot afford to play politics with our national security. that said, let's try to focus on some of the things that we have in common. i want to thank governor ensley and his fellow west coast governors that helped reach an

agreement to help open 29 points and keep business flowing i have to add an applause for tom perez who went out there and really made an extraordinary conjuration to the effort. that will make a big difference for the country's economy as a whole. that's the kind of thing that we can accomplish when we put aside divisions and focus on some common sense steps to improve the economy for everybody. it is an example that i know congress follows in the months ahead. keep in mind, when congress does not act or does not act fast enough, i think we can still work together to make a difference. whether you're a democrat or republican, what i have found is that the more specific we are on focusing on problems, less concerned about politics, the more we get published. i will give you one specific example. that is in the criminal justice area. last year was the fourth -- first time in 40 years that the criminal and cost -- criminal incarceration rate and the crime rate went down. in georgia, governor deal's have

given judges alternatives. we want to be a partner in those efforts. that is what the american people expect. one of the great privileges of being president is that you get to travel everywhere. you get to meet people from just about every walk of life. what i have found is the assumption that i made that i think joe made when we first ran for office still holds true. the american people are good decent, and have a lot more in common than our politics would indicate. if we can just focus on that there is a lot of good stuff that we can get done. i'm in the fourth quarter of my presidency.

of course, some of you might call it the kickoff for your campaign season. i think there is still a lot that we can get done together. i think we can build an america that is creating more opportunities for hard-working folks. i think we can make sure that the future for the next generation is even brighter than the one that we enjoyed. i look forward to making progress together at the federal and state levels. thank you very much, everybody. [applause] . >> following their meeting with president obama several depove no, sir spoke with reporters outside the white house on some of the issues they discussed including immigration and the keystone pipeline. this is 15 minutes.

>> good afternoon. we got everybody here, governor walker, a couple coming down the hill. we just finished an hour and a half a very productive and candid conversation with questions and answers with the president and the vice president. as always, we came as a group of governors from over the country, respectful, trying to find solutions. we are all in each of our situations problem solvers. in many cases the problems we seek and find and create are bipartisan, and that is certainly the way we approached the president. we discussed trade from a variety of points of view. we discussed the export-import bank, transportation funding finding a long-term solution to the highway trust fund elementary and secondary

education, reauthorization. we talked about the use of public lands. we talked about the affordable care act and what the consequences of a supreme court decision would be affecting that. we talked about the export of crude oil and natural gas. we also had a robust conversation around the department of homeland security and looking at immigration. in each of these cases, i think the president was direct candid. he did not try to mince words. in some cases it was answers he gave before. sometimes he said, an interesting question, let's think about it and look at it in a new way. i thought the exchange was very constructive, and certainly for the president over the course of this last couple days, he has spent several hours, including last night, with the governors and that openness and

willingness to have an engaging conversation with us is very much appreciated. governor herbert, my vice-chair? >> thank you. on behalf of the national governors association, we thank the president and the vice president for his hospitality, for his willingness to show the respect to the governors that i think is appropriate, and willing to engage in a dialogue and talk about the issues that face us. the goals we have really are the same. we sometimes differ on process as far as how to achieve those goals, but that is part of the dialogue we had here today. as we talked about a number of different issues, the common theme for most of us as governors is the states have a role to play, is what we refer to as the laboratories of democracy. we like to see the states have more autonomy, the ability to do the creative work that comes with solving some of the problems, and allow us in fact

to find solutions that are unique to our own respective states. as we couple that together, it helps develop better policy. the aspect of this dialogue in this discussion and bringing us together as republicans and democrats governors, as the vice president said to us today, the governors and the states are the best hope for america to get some things done and get good policy. i agree with that. i think most of my colleagues agree with that also. it has been a great opportunity for us talk about a lot of different issues and see what the states' role should be. it is a matter of us engaging with the congress. they have a role to play, and we need to work with both sides there to make sure we can collectively influence, for the good of the american citizens, policy in america. this starts an opportunity for us. a new year, new congress, new opportunities, and the national

governors association stands ready and willing to play our part. >> the president was chipper, vigorous, and used his sense of humor. questions? there will be no questions. >> >> i want to ask about rudy giuliani. you reported his criticism of president obama. he has come out with an op-ed explaining his comments, walking

back a little bit saying he maybe should've taken a different phraseology. he did not mean he should question the president -- do you think he has lost any credibility through this exchange? >> i think the mayor should of use different words to express what he wanted to say. i do not want to throw him under the bus. the president loves america, he loves our country. there is no doubt about that. i think the substance, the point that the mayor was time to make is important. there are many of us concerned about the president's unwillingness to call out radical islamic terrorism and the threat we face as a country. i wrote an op-ed today saying the president has to cause find that has this all fight himself as commander in chief because he will not take this up to defeat this threat. for example, in his request for authorization, use of force to the congress, two things i would like to see congress change. i would like him to take up the ban of ground troops. i would like to take out the three-year timeline. i think the real timeline should be we are done when we have hunted down and killed these terrorists.

you have the administration, people in the state department saying we cannot kill our way to victory. you have a spokesperson saying we need jobs programs and better governance. this is a war against radical islamic terrorism. the central point was it would be better for the president not to want to -- or point out those kinds of things rather than actually identifying the threat we face. i think americans speak -- i think the mayor spoke for himself. i would not have used those words. i think the president loves his country. many of us are concerned about the president taking on radical islamic terrorism. >> you said there was a robust discussion about immigration. was there any opposition from the governors about the immigration executive orders or any signs or concerns about how that was going to be handled? >> the dhs issue from a variety

of issues, but many governors want to make sure that that funding continues. all governors want to figure out solutions as quickly as possible. the president made a robust defense of his executive effort around immigration. his point was it essentially that the number of people coming into this country illegally is at the lowest level since 1970 and noted this time in our history have we spent more money on border security. there are 11 million people illegally, and they are not going to go away. we are not going to deport all of them. they are addressing the most serious issues and that's what his point was their executive efforts are it's ridiculous if we deported all these people it would have a material effect in a negative sense on our economy for a variety of reasons would be unthinkable. as they are limited by

resources, they are deporting the people that they feel are the highest priorities, 300 to 400,000 people a year. why have those other people live in terror and not be able to have a drivers license not be able to feel they have to flea and make sure the guilty parties are brought to justice. he was not backing away from what he sees is a failed system. his first -- from the beginning he has maintained he wants a comprehensive solution to immigration reform and he wants to work with congress to do that. all of us governors want to see a comprehensive solution. we might disagree about some of the details but everyone recognizes the time has come that immigration needs to be solved now. >> on behalf of the association

there is not any governor here that does not want to have the department of homeland security funded. we all have responsibilities of homeland security within our states. we understand the importance of shared responsibility that comes for public safety with the states and homeland security so we want it funded. we also want immigration reform done. it's emotional and complex. and we keep seeing the can get kicked down the road. we are calling on the congress and president to work together to solve those issues. it's high time. there might be four or five steps on comprehensive immigration reform. let's start with one we can agree on and build to number two. let's get some immigration reform and fund homeland security. >> would you like to see a temporary solution while this is

being debated? >> whether there has been an executive order or executive responsibility, that is a debate worth having. i hope we don't freeze ourselves in action. if that takes some kind of continuing resolution to get done. let's look for a permanent solution. let's not look for a limited solution. >> would you ask democrats to stop the filibuster so senators could decide? >> the governors did not pick one slant or another. we said, we are fed up. every state is dependent on

homeland security. the temporary situation does not address the threat. if someone has a national -- a natural disaster, how do they use resources to start rebuilding? we did not get into who is right or wrong. what of the things the governors are relatively good at, maybe not perfected the process, is trying to look at the big picture and say, let's look at what our goal is and work on how to get there. >> a governor did ask that question. >> what was the answer from the president? >> the president did not agree he said he would veto the bill as written. >> do polls suggest it is a popular move to defund dhs? >> i don't think the president looks at it from that perspective. he looks at how -- he does not view