Skip to main content

tv   Politics Public Policy Today  CSPAN  May 14, 2015 9:00am-11:01am EDT

9:00 am
captioning performed by vitac let's not just ask, how are we going to pay for our system for the next six months or six years. let's ask, what do we want our system to do to advance our country's best interests. how can it be a strategic asset that supports commerce and strengthens our competitiveness. we will be confronted by major infrastructure questions and trends in the coming years. everything from competitiveness to technology and all their implications. so let's be ready to respond to them, or better yet, to lead the
9:01 am
discussion and help move transportation and infrastructure policy forward. thank you very much, and i look forward to our discussion. thank you. [ applause ] >> go ahead and sit in the middle. and rich, if you join us on the end there. we'll have some q&a here. we'll chat a little bit and then time to open it up to some questions from you all in the audience. thank you both for being here. as i said at the top, a host of issues where the chamber and the afl-cio, organized labor do not see eye to eye. i saw mr. trumka and on this issue there is so much overlap and the question is raised immediately, if organized labor and the largest business group in washington are on the same page, why can't this get done. maybe i'll go to you, rich, first. what's standing in the way? you've looked at this issue and
9:02 am
battled over this for years. what's in the way? >> it's pure politics right now. in the past this was always a bipartisan issue. there was never bickering. everybody knew that you had to keep the country running. it's like your household. if something leaks you have to fix it. if it needs painted, you have to fix it. you have to do those things. and the country needs to be replenished so we can stay competitive. everybody knows that, yet they can't figure out a way to get it done. it's just politics. there's no other reason for it. they know it needs to be done. they agree it needs to be done, but it doesn't get done. i think that's what frustrates the american people, business, working people. this is an issue that needs to get done now. >> from the chamber's perspective? >> i completely agree with rich on this. it needs to get done. i think one thing that congress fails to make a distinction on
9:03 am
is the investment in infrastructure is a capital investment, not an expense. so it needs long-term funding, not month-to-month or quarter-to-quarter funding. it's like running any business. you can't make investments for growth if all you can do is look forward 30, 60 or 90 days. it's a capital investment that we need to make in the country, not a short-term expense. >> and it really does need to be five or six years so the projects can be planned, they can get done. right now we've had 30 extensions in the last several years. >> looks like we're about to get another one. >> i know. it will either be to june or december. but again, how do you plan? >> it's much more expensive when you do it that way. it's no different than building your house and doing change orders instead of taking the time and scoping it out, creating a budget and then utilizing that budget over the long term. and so, some reports have shown
9:04 am
that these extensions have increased the costs by 30% over what we could have spent to do just the little that has been done to date. >> but the reality is, would you agree at the chamber we're looking most likely at either something at the end of the year or a two-month patch? do you have a preference if there is a patch how long it should be? >> the length of the patch from our perspective should be just long enough to allow congress to create and pass a long-term bill. >> what's your take? >> we would agree. i'd rather see june and pass a long-term bill after that. because the more we keep kicking the can down the road, the more it keeps hurting the country and the further behind we get. we're looking at over $3 trillion right now that needs to be invested to make the country healthy again, to make it competitive again. the longer we kick the can down the road, the bigger the bill gets and the more individuals pay, like waiting in line,
9:05 am
wasting gas, but also losing salary down the line because business becomes less competitive. when they become less competitive, workers get laid off or don't get raises that they could otherwise get. we're paying, every american is paying the price for their inaction and every business is paying the price. >> do you get a sense that there's been a change in the conversation or the tone in washington right now about where this is headed? you hear senator hatch, chairman ryan at the ways and means committee talking about the possibility of progress. i've interviewed secretary liu, about the trade-off. secretary foxx talked about it again, using corporate earnings overseas somehow that being the funding stream that gets this off the block. i'll let you both weigh in if you see something different today than six months or a year ago? >> i think there's been conversation about repatriation
9:06 am
as the solution but it doesn't really make sense because they're talking about a holiday. again it's a short-term gap. we need comprehensive tax reform, not corporate tax reform solely. we need comprehensive tax reform. what we should be looking for for funding solutions, as rich pointed out, a user tax funding through public private partnerships, additional funding through federal and state programs, but we should be looking at transportation-related revenues that are sustainable, long term, and have growth built into them. >> i don't disagree. there's a number of things that can and should be done. i think we need to use the user tax. we need to look at vehicle miles traveled, a program being tried out in the west because you're coming up with electrical cars. the gas tax hasn't been increased -- >> americans don't like the idea of the government watching where their car goes. >> they already do if they have a cell phone in their pocket.
9:07 am
i hate to tell them that. look, there's a lot of ways to do it. if you say let's do it, they need to agree on a target. let's say we need to fix the problem. come up and be honest about that, and then define the problem. the society of civil engineers have already defined the breadth of the problem, the magnitude of the problem, and say we're going to fix it and here's what it will take. then come up with a funding sources. it can be multiple, but they must be long term so that everybody can plan, so that the states can plan, so that the construction companies can plan, so that everybody can plan without wasting money. >> we heard earlier today in the earlier panels about there have been ideas about handing this money off to the states, let the states, the folks at the local level deal with these issues because they understand their
9:08 am
transportation problems better than anybody else. tell me why that doesn't make sense. >> i think to a certain degree obviously state involvement is very key. but we have a comprehensive national transportation network that is a huge competitive advantage. we operate businesses across all lines, so you have to have an integrated federal policy. you have to have federal involvement in order to support a national structure. >> she's absolutely right. look, you remember we were going to do high speed rail, and two states said we don't want high speed rail. if you leave it up to the states, there would be 50 different policies and railroads would go to the border i guess and end. that's why you need federal policy. this cannot be 50 states doing 50 different things. it has to be a federal policy and an integrated system. how would one state do the electrical grid system? how would they do enough for ports?
9:09 am
how would they do inland water ways? it doesn't make sense to do it on a state by state basis. it must be done as a national plan. >> let me ask you another question that you get sometimes in this debate is montana cattle rancher paying my gas tax in montana, yet some of my taxes are going to help the banker in new york get on the subway and get to his job. why is that fair? >> that montana farmer gets a lot of subsidies back into that state a lot of different ways. in fact, some states like texas get more subsidies than anybody else, as well as louisiana and mississippi. it's give and take. you have a national system. you're going to create a transportation network that's going to benefit everybody. the products that montana cattle rancher gets could be cheaper if they're brought there by a good rail system that delivers feed
9:10 am
and delivers different things that he or she may need. so they're going to benefit in the end by having an efficient system and having the country becoming competitive. they can also get their products to market or export those products a whole lot easier when you have an efficient system, not one in every nine bridges is about to break down. >> at the end of the day right now there are federal taxes that are associated with transportation. they haven't been raised since 1993. gas prices are at their lowest level. cars are more efficient than ever. the infrastructure that's been built, a lot of it was not intended to last this long so that farmer in montana or i come from a state, oregon, where there's a tremendous amount of agricultural commerce. when those supply chains block up, those products go to waste. when the ports aren't efficient, those products can't get out to
9:11 am
95% of the consumers in the world who are outside of the u.s. it exists now. what we're saying is that upgrade the infrastructure to make it globally competitive, to enable people to sell their products more efficiently and at less cost, we need to invest. >> is it hard to imagine any final solution here that doesn't include an increase in the federal gasoline tax? >> i think if you speak to leaders on both sides of the aisle they all know that in their heart. it's a question of who wants to put their chips on the table first. >> i don't see a solution that doesn't include hiking the gas tax. it's done, it's there. it's available. we're another 30 days away from an expiration. if you're going to do a totally new funding source, it's going to take a long time and we'll have to kick the can down the road for another two or three years before they get that funding source perfected.
9:12 am
so i can't see a way of getting it done, at least a major part of it through the user. >> both of you mentioned the competitive side of things, what's happening in china. for a lot of americans who may not be able to go to china and see what's happening there or in other parts of the world, tell us -- you obviously have to travel the world. a lot of your customers are out there. you've been over in china as well. what's really happening out there? where is it you can see america's getting its lunch handed to it? so i'll begin, since this is an infrastructure conference, i'll begin with infrastructure. the roads, bridges, tunnels, airports, ports, run at an efficiency level that far exceed ours. if it takes us x-number of days to get our material from the middle of the country to the coast in order to export it, it takes them less time for that time period. if you look at china, china is
9:13 am
actually suffering from a lot of the same things that we're suffering from. they've got a slowing domestic economy which means that they've got pressures on employment which we do as well. they've got oversupply which we do as well. our country is a place where people want to bring their businesses. there are many u.s. companies that are bringing their businesses back onshore, manufacturing businesses, because our electricity, our power is cheaper. our laws are clearer. we have an able and ready work force. it's that work force that has really suffered and has not gone back to work since the global financial crisis. i'm sure you see these same statistics. while our unemployment rate appears to be improving, the participation rate hasn't improved, and so many of the people who haven't been able to participate are the ones who lost their jobs in the financial crisis. so one of the things that we agree on over and over again is jobs, jobs, and jobs.
9:14 am
and when you improve infrastructure, it attracts business. the chamber a few years ago did a transportation performance index which showed a huge positive correlation between infrastructure that works and foreign direct investments. so people coming onto u.s. shores to make cars, to make appliances, to make tools, to manufacture. so that's where we're getting our lunch handed to us is we've got the platform to really become another industrial manufacturing center. we've got to take advantage of that by creating the platform that allows people to do that. >> each year our rail, our port, our roads, our airports fall further behind and we become less competitive. you asked about china. china needed a deep water port. they didn't have one.
9:15 am
so in four years they built a six-lane highway, 21 kilometers into the china sea. they created a port that did 14 million containers. this is in four years. and in two more years that same port will be handling 21 million containers a year. now, that's what they're doing. that's the competition. and we sit around. it would take us two lifetimes to build a six-lane highway 21 kilometers into a sea and then build a port that could handle 14 million containers. do we need that? absolutely we need that. we have a grid system that is falling apart. we have water lines. we have a break every two minutes. every two minutes in this country a water line breaks somewhere. seems like all of them break here in d.c.
9:16 am
but they're everywhere. it's a tremendous loss of resources and efficiency. it doesn't have to happen. they've figured out that infrastructure creates jobs. in the united states you do an infrastructure job. for every three construction jobs that you put to work, five other jobs are created in other industries, in materials and transportation. it's a no-brainer. it is truly a no-brainer and we don't do it. >> quickly, we have a short amount of time left. a question or two right here? there should be a microphone floating around. >> i want to ask -- >> identify yourself. >> leslie blakey, coalition for america's great ways and trading. we work on freight and goods. i want to ask a provocative question because i know you've been trying to get something
9:17 am
going here all morning. besides needing to raise the gas tax which we do, and i know greg here, he's going to say the gas tax is paid by highway users and it really needs to be highways and when we get to our freight system we're talking mega infrastructure and important needs for prioritizing that infrastructure. so i'd like to ask the business community and the labor community represented here about the idea of needing dedicated funding for infrastructure and multimodal and needing to draw on a dedicated source of funding possibly coming from a business freight fee. any possibility that the business community could support that? >> business freight fee? >> a fee that would support freight infrastructure. >> a new dedicated source of funding for freight, for
9:18 am
multimodal. any thoughts on that? >> i will say that with respect to the comments that i made before, there are multiple sources of federal, state, private, public and user fee taxes that need to be looked at to address the whole chain of transportation needs. and so i think that to solve the problem and to create the capital funds that we need, we need to look across the board at a variety of different funding solutions. >> i agree it needs to be permanent. i agree it needs to be dedicated, and i would be willing to look at that fee and other things as well. sort of roll a deck together so that no one segment of the economy picks up the whole tab for all of it, that it's fair to everybody, that we can create jobs, we can invest and get a return. we're going to get the money
9:19 am
back. every person out there is going to get the money back that we put into infrastructure. >> on that note, i know there are more questions but we have a tight timetable with the vice president coming up. i want to thank our guests for being here and i have a message for everyone here. we ask you not to get up at this moment because of the vice president's arrival. we're going to be serving lunch. you're not glued to the chairs but you're pretty mitch glued to the chairs. if you do leave, the risk is you may not be able to get back in. lunch will be served in a moment. thank you for being here and the vice president will be speaking shortly and thanks again. appreciate t . here are a few of the book festivals we'll be covering. this weekend we'll visit maryland for live coverage of the gaithersburg festival with tom davis and martin frost as well as former senior adviser to president obama david axelrod.
9:20 am
and then we'll close out may at book expo america, in new york city, where the publishing industry showcases their upcoming books. then on first week in june, we're live for the chicago tribune printer roll's lit fest including three hour live in depth program with pulitzer prize winning author lawrence wright and your phone calls. that's this spring on c-span2's book tv. several live events on c-span3 to tell you about. more than a handful of bills dealing with data security breaches are pending before congress and the house financial services committee will hold a hearing on the issue live at 10:00 a.m. eastern. then in the afternoon at 2:30 a house foreign affairs hearing on the recent operations to rescue child sex slaves. and at 5:00 p.m. eastern, we'll have live coverage of president obama after a camp david meeting with gulf cooperation council countries including bahrain kuwait oman, qatar, saudi
9:21 am
arabia, and the united arab emirates. [ applause ] >> the summit on infrastructure funding and policy continues. president obama has proposed a $478 billion infrastructure bill. current transportation funding is set to expire on may 31st. up next, vice president joe biden. [ applause ] >> welcome back everyone. thanks again for joining us today as we kick off infrastructure week. a great discussion so far. you know, we have conferences like these all the time but i think infrastructure is unique. it influences where we live, where we work, how we get around, it impacts everyone and everyone has an opinion. it was interesting professor kanter mentioned how much time we spend at bloomburg government debating plane versus train as we go to our headquarters in new
9:22 am
york, my personal opinion is plane wins vast majority of the time. but i think we have a different perspective up here. as josh mentioned earlier, you may know the vice president occasionally takes the 75 minute, 108 mile ride on the aucella from washington to wilmington, it delaware. the bridges in washington maryland and delaware about 20% of them, are functionally obsolete. more than 6% are structurally deficient. and in washington 95% of the roads are considered in poor condition. i'm not a civil engineer. but i can give anecdotal evidence that the roads on my commute from arlington to d.c. are not in great shape. this is an important subject and we at bloomberg government are proud to have convened such an esteemed group of panelists. we are also just incredibly grateful that the vice president
9:23 am
has taken time out of his incredibly busy schedule to share his unique perspective on this subject. please join me in welcoming vice president joe biden. [ applause ] >> thank you. >> governor how are you doing? good to see you. well, i tell you what it is an honor to be part of bloomberg's government. you're supposed to laugh at that. [ laughter ] i spent last weekend with mike and he's the only mind i know that has a government. but he's doing great -- he's doing great, great things. you all are as well. don, thank you for having me and, rich, it is great to be with you, pal. this has been a song we have been singing for a long time together. and governor rendell, and eric spiegel, president semens who has done -- north america, has made some significant
9:24 am
investments in north america that make a lot of difference to a whole lot of people. and tamara lundgren of the chair of the u.s. chamber of commerce. is this on? can you all hear me? okay. the -- i understand that either you are going to hear from or have heard from anthony foxx and jeff zinse, but i would like to get right to the point with you. as i said backstage for a moment with don, the idea that there is actually a debate in washington up on capitol hill as to whether or not we need to invest in infrastructure is mind blowing. i've been here a long long time. i understand the need for a debate as to how to pay for what we need to do. i don't get the debate about whether or not we need to significantly invest in our
9:25 am
infrastructure. 6 1/2 years ago, the economy was in recession just short of depression. and even before then, the middle class was getting clobbered and the operative word that everyone heard constantly was outsourcing, and top down economics governed our politics and our economy. both. and when the president and i were in office we knew there had to be some drastic changes made and we made them very unpopular, very, very unpopular changes. the recovery act almost $840 billion. i might add every outside expert looked at it less than .04% of waste or fraud or abuse in the application of that legislation. t.a.r.p., if you want to talk about maybe the hardest vote any member of congress ever had to take is to bail out the same guys who put us in the mess. that was a really difficult
9:26 am
vote, but we did it not only we were told it was a dangerous thing to do we were going to ruin the banking industry, the end result was every penny was paid back, the american banking system is sound, and the american taxpayers made $15 billion in the process. dodd frank, all the horror stories of how things would come to a screeching end those of you that represent corporate america, you had as little confidence in wall street as we had in wall street. now there is transparency that's not hyperbole, that comes from the corporate state of america. i can promise you that's true. but now there is transparency things are functioning and the stock market is bouncing up back and forth between 18,000 and 17,900. when we took office the question was would it go below 6,000. the automobile rescue, which no one wanted, told we would never be able to make more than 13
9:27 am
million, made 21.6 million last year and we are moving. as well as the affordable care act, which was going to ruin our health industry and now it is the slowest rate of growth in health care costs in recent history. but mostly because of the grit and determination of the american people, our economy has gone from crisis to recovery on the verge of resurgence. if we're smart. if we act with a little bit of foresight. 12 million jobs, 62 straight months of growth, more jobs created in the entire industrial world combined since the recession hit. unemployment down from 10% to 5.4%. and deficit cut by two-thirds. wasn't because of what we did it is because of what all of you did, it is because people began to stand up and realize what in the hell was wrong. and now instead of my grandchildren aren't going to
9:28 am
hear about outsourcing, they're going to hear about insourcing, that's the operative word now and will remain that way if we're smart. at carney does a survey as many of you know every single year. 300 largest leading industrialists in the world, where is the best place in the world to invest? by a margin larger than any time the survey has ever been taken they said the united states of america, in every single solitary category, from manufacturing to i.t. to service. and you have boston consulting group. some of you use them. every single year they survey every american company that has an investment in china and a position in china. they ask what are your plans for next year. this year, 54% said they're coming home, talk to semens and what they have done. and so, folks, look, there is a reason for this.
9:29 am
we're going to -- we have now and will have for the remainder of the first half of this century and longer if we're smart the cheapest energy in the world. the cheapest -- the epicenter of energy for the 21st century is not the saudi arabian peninsula it is not nigeria. it is not venezuela. it is north america. number two we have the best research universities in the world. we're basically -- we basically have the only stable of research universities in the world because we decided during the sputnik era, instead of investing it all in government entities invested in our research universities. we also have the most agile venture capitalist system in the world. and we have a rule of law to protect not only contractual rights, but also intellectual property. and i might add and i say this with my friend rich trumka here we also have the most productive
9:30 am
workers in the world. there are three times as productive as the workers in china. for example, and i want china to be productive. i want china to grow. i want the eu to grow. look, in order to keep our edge and to make this a permanent resurgence, which it has the possibility of being for real i don't know how many of you guys i've talked to before telling me how about china is going to eat our lunch and how the eu -- we can't compete with come on man. no, i'm serious. i'm being deadly ernest. we want them to do well. but as they say my old -- they're not a patch on our jeans if they're smart if we act with a little bit of foresight and less rank partisanship in this town. but there is two things you all know we have to do among many others. one we have to have the most skilled workforce in the world to keep this going, and, two, we
9:31 am
have to have the most modern infrastructure in the world. president asked me to head up an eight-month study an how we could be -- make sure we had the most skilled workforce in the world. that warrants another and totally different speech. we have come up with a number of things and they're beginning to work. but the second thing we need we can talk about today, is we need the most modern infrastructure in the world. first of all, let's get it straight. there is two things we need to get to this modern infrastructure. it needs to be modern because it is not now. it is not now. it is not now. we rank 28th in the world in transportation infrastructure. the united states of america ranks 28th in the world in terms of a modern infrastructure. american society of engineers says we need to invest $3.6
9:32 am
trillion to get infrastructure up to snuff by 2020. assume they're off by 50% and they're not. the second thing we have to focus on because of the age, complexity, and fundamentally changing nature of our energy mix, as well as the increasing impact of severe weather occurrence, that's a euphemism for saying climate change but i don't want to get into a debate with you all about climate change. we still have guys here in this town -- i got criticized for saying once senator denied the climb change there is climate change, he probably denies gravity. whatever you want to call it there are severe, severe weather occurrences, putting our energy infrastructure at risk and there is a need for major repair, major reorganization and major investment in our infrastructure, energy infrastructure.
9:33 am
this is important, not only for economic competitiveness of the 21st century but for simply our national security. it is desperately needed. look, i can understand why my republican colleagues and by the way, as you've noticed every time there is a problem, i get sent up to the hill because i'm viewed as the least partisan guy. i have real relations. i have great respect for real for the members of the house and the senate. but something's going on here. something different is going on and all the 36 years i served as united states senator chairing two of the major committees in the united states senate for about half of that time there is something different happening here that old expression from another context, the tail is wagging the dog in both parties. and the fact of the matter is it has got to change. and one example is here, i can understand republicans debating us about how to pay for needed investment. but i don't understand the debate about whether or not we
9:34 am
need to invest in our infrastructure. that's the debate. that's the debate. you all are here to talk about how to pay for it. and what to prioritize. still a debate up on the hill about whether or not it is even needed. look you all know as well as i do or better in order to attract and keep investment in the united states, companies have to know, they have to know they can get their raw materials on the factory floor, get their product to market cheaply and efficiently in order to remain competitive, they can get it off shore, on shore. otherwise, they're going to locate where costs are cheaper and the movement of product is more efficient and timely. businesses want to know what is the access to freight rail and interstate highway system? can ports reliably and quickly move my product? how fast and reliable is the broadband network? is it affordable and accessible transportation to attract the
9:35 am
talent, the jobs we need to fill here? how is the water supply? the storm water runoff? sewers? are they available to handle our needs? how reliable is the energy grid? especially during extreme weather? folks, these are the requirements of the 21st century and we need the 21st century infrastructure. i know i got in trouble calling from the very newspaper that got me in trouble referring to an airport in new york as a third world airport. do you notice they wrote an editorial saying close that third world airport. that's the phrase they used, not me. i don't think it should be closed. i think the governor is on the right track how to modernize it. but my point is everybody knows it affects everything from attracting talent, reliable, certain, access to markets, and
9:36 am
it doesn't exist and increasingly we're moving behind. to repeat myself the american society of engineers said we need 3.6 trillion in additional investment. nearly one in four bridges, 7,000 are structurely obsolete, making it more dangerous for people to drive over them, more expensive to fix and eventually when they become undriveable extremely costly for the conduct of business and commerce. cities like detroit, but many others, they're replacing wooden -- hear me now wooden water pipelines installed in the 19th century. you all laugh, a number of your cities have wooden pipelines that are transporting your water and your storm water sewage -- storm water runoff. sitting in your car, stuck in traffic cost americans over $100 billion a year. loss of productivity at work, loss of time with family, less
9:37 am
time spending money in the community of movies restaurants, and much higher energy costs. and, by the way many of you live in the east coast. you know how much it costs to just take one linear mile to expand i-95 in the northeast corridor? minimum of $20 million to $40 million. do you realize there are more people that get on an amtrak train in the east coast than every single solitary person that gets on and off an aircraft from maine to florida every day? are you all aware of that? where are they going to go? the population is expected to increase over the next 50 years by close to 35%. what do these guys expect? maybe by that time we'll have
9:38 am
teleported. and we might. maybe they know something i don't know. but i don't get it. i generally don't get it. americans lose $22 billion a year stuck at congested airports waiting for their flights to leave. $22 billion a year. when our economy was growing and the middle class was prospering from 1946 to '73, every economic study shows infrastructure investment represented about 4% of our gdp. that's federal and nonfederal investment and infrastructure during that period of time. today, federal government invests less than 1% of gdp in transportation infrastructure. the government can't do it alone, but it is the indispensable partner to states communities, and many times to business who need certainty in
9:39 am
planning and be able to bring in those projects on time and online. we need to modernize our transportation infrastructure and you experts in here know what that means. most people think it means our airports and our railroads and our bridges. but it is also our rivers. it is also our locks and our dams. there is billions and billions of dollars. there are more cargo sitting on top and the back of the ship in the ocean in a port representing 70% of all -- all the commerce in the world as i speak to you right now. they're building ships i took a group of my republican and democratic friends down to the panama canal to see what i call the eighth wonder of the world to see the new locks. they're twice as big can carry twice as much cargo at 40% of the cost and they cannot dock in
9:40 am
any port from houston to maine but two. what are we thinking? what are we thinking? we can't get the money to dredge those rivers and harbors in the ports? the former mayor and governor of pennsylvania can tell you 40% of all of the oil that takes care of the northeast goes up that delaware river through the delaware bay under the delaware -- up to the refineries. and marcus hook, just south of philadelphia. what are we talking about? what do they need? another epiphany? look folks, we need to modernize our water infrastructure, sewage, storm water runoff safe water
9:41 am
supplies. go back to the town you live in. ask your local city or county councilman what the biggest problem he or she has, what they have. it is enormous cost of the infrastructure work and, by the way, they don't have the tax base to do it. and if they -- if they did, if they do it, nobody sees it. so you get a chance to invest in the water -- in the storm water drainage system, which causes enormous pollution, or you build a new park. it is not a hard choice for a politician to make. and we're getting further and further behind. absent these improvements, business will not grow, and will not relocate because to be at such a competitive disadvantage relative to their competitors around the world, notwithstanding all the other advantages we have here in the united states. and with regard to the energy
9:42 am
grid, and how rapidly it is aging and changing we will not only suffer in terms of economic growth if we don't make an investment, and we don't modernize, we will face a national security dilemma. we'll jeopardize our secure -- approximately 50% of our nation's gas transmission and gathering pipelines were constructed in the '50s and '60s. as we build out the interstate pipeline network to meet the increasing and thriving demands of the post world war ii economy. but 9% of those -- of those distribution pipelines of the united states are made of leaked prone materials that require replacement. those of you experts from new england, you understand the problem you're facing now in terms of leakage coming out of those pipes and the environmental threats that are being posed. and the potential for some real
9:43 am
disaster. and how and where we're producing energy is changing rapidly. that's the really good news. we used to import most of our oil from places like the middle east. russia used to be the number one supplier of natural gas in the world. today, we have more oil and gas rigs pumping in america than ever before and north dakota, for example, is now a major crude oil producer. in 2011, we're the world's number one producer of natural gas. these are big changes from six years ago. and it has implications for our infrastructure and how to handle it. and how these home grown energy sources move across the country and around the world. our energy infrastructure has to capture the incredible growth and renewable energy. just as 2009 solar power generation increased 20 fold and wind power has tripled. now, the cost right now the cost the cost of wind power is as cheap as the cost of coal.
9:44 am
and what a phenomenal possibility that presents to the united states of america and to our environment. we need to ensure new transmission lines can carry this solar and wind to power more and more homes and businesses throughout the country including in our rural areas. our energy infrastructure is increasingly vulnerable to extreme weather as we see superstorms, wildfires and droughts. between 2002 and 2012 an estimated 679 widespread power -- widespread power outages occurred due to severe weather, costing the economy in those years between $18 billion a year and $33 billion each year. president and i started with the recovery act which contained the largest public works project since the eisenhower interstate highway system.
9:45 am
we invested $50 billion in transportation infrastructure improved over 6,000 miles of rail more than 350,000 miles of road, 20,000 bridges, and to connect the entire infrastructure system. and, by the way, this supported millions of good paying jobs. millions of good paying jobs. but it is only the first step. our budget and legislative priorities laid out an ambitious long-term investment in our entire infrastructure system including transportation and energy. this is what we should be debating about. the administration put forward a plan to do that. we call it the grow america act. a six-year $478 billion transportation bill that would do the following -- it would provide $317 billion over six years to our nation's highway systems, so our roads, bridges can move forward with the certainty, they can see it through to the end saving hundreds and hundreds of
9:46 am
thousands of jobs i might add. continue the tiger grants which bring federal, state and local and private partners together to get capital off the sideline to connect the different points of our entire infrastructure. it doesn't matter a whole lot if you can get a product to port, coming in, but you can't get it out on the road because you don't have the highway system, you don't have an access you don't have a rail system. since 2009, we invested $4 billion in these tiger grants that leveraged over $14 billion off the sidelines, nearly $4 in private investment for every $1 in federal investment. we had a bill on the success of cutting red tape and expand -- and competentexpediteing the permanenting process, like the tappan zee bridge in new york where we cut the permitting process down to 1.5 years. we increased our federal commitment to public transit
9:47 am
funding by more than 75% to meet the growing demands of rail and bus and city suburbs, royal communities, all around the country. and we pay through it through a pro growth corporate tax reform that could encourage companies to bring home profits and reinvest them here in the united states. we would levy a one-time 14% tax on $2 trillion in oversea profits held by american companies, which is in some cases three times less than the tax they ordinarily have to pay if they brought it home. that would generate a one time surplus of $268 billion dedicated directly to modernizing our infrastructure benefiting american businesses, the very people who will be paying less tax bringing it home as well as the american middle class because we would be begin to grow this economy again. and we have a plan for energy infrastructure. last month we released the quadrennial energy report which calls on congress to do a few
9:48 am
things. one, help states and companies cover the cost of digging up and repairing the miles and miles and miles of pipelines that have to be repaired and expanding transmission access transmission line access. modernize intermodal hubs so that our ports are connected to freight rail and highways to move our home grown energy around the world and bring our products to the world market. you know, we did something down the port of baltimore the problem was, folks, that as much as the progress we made in the port of baltimore, it turns out that you couldn't get products to the port of baltimore. one of the reasons why manufacturing is still growing in the upper midwest where it used to be thriving and is still surviving is through a tiger grant in a place called east baltimore. there is the largest rail connection head anywhere in the country. you go there and see thousands upon thousands of railcars.
9:49 am
they're directly connected to a line where we're allowing them a double stack containers because we are increasing the height of all of the tunnels that have to go under, going from east baltimore to the port of baltimore. and, by the way if you take the ports of baltimore the port of philadelphia, the port of savannah the port of houston they generate in those states anywhere from 90 to 310,000 jobs in that state in each of those states. millions of jobs directly related to these ports being able to function. and so we're going to be able to move product westinghouse can move product on the back of the ship at 40% the cost when this project is finished, generating economic growth not only in the midwest, but throughout the country. and so folks here we are, they provide the federal government more resources we're asking
9:50 am
congress to permit processing, permitting quicker so we can get solar and wind energy and transmission lines up on -- running quicker.quicker. as they gut these agencies, it takes longer to get this permitting done. i think that's part of the process. part of the -- i don't know what the goal is but as they do it that's the effect. accelerate the adoption of smart technologies like smart meters to help utility companies run faster and more efficiently to the power outages in extreme weather so they can regulate it more. i spent two hours in an area that looked like a norad command center looking at how they balance these needs. this is complicated stuff. it is all made easier and significantly better for these companies if people had smart meters so they can move quickly. folks, we also asked them to
9:51 am
help pay for these investments through what i just described as this grow america act. there's other pay-offs we have in our budget. again, if they don't like them, offer something else. tell us what they want done. we will be willing to listen. i will sit there for hours and compromise with them to get this done. look, these kind of infrastructure jobs create a virtue would you say cycle. first of all they attract and raint business secondly, these are good middle class paying job. you could actually raise a family on them. it creates and supports millions of jobs. it's not just a job on the construction site. it's a job at the steel mill, the job at the asphalt plant at the kiln, it's a job for all the material needed for this. in addition to that it also creates jobs because guys and
9:52 am
women are able to buy new cars, stop at the diner at lunch while they are working at the site. they are able to move and make sure that they can take their kid on a vacation. these create -- this is a virtue virtuousious created by this. these are good-paying jobs. there's absolutely no reasonable rationale, no reasonable argument against the needs for these investments. i've yet to hear one come from anyone. we can argue about specifics. i have yet to hear that we can be in the same position we're in now, deteriorate deteriorating infrastructure. we can't even come up with a funding for a highway bill. you hear me? a highway bill. we're going to have a patch hopefully occur very soon. so folks you know we'll get
9:53 am
through this period of dysfunction. the question is how much pain and how much loss of opportunity will we suffer as a consequence of it. we'll get through it. but we got to the point where we understand that it's not about compromise. it's about consensus. how do you govern a country as big as strong as powerful, as promising and as diverse as this one without being able to reach a consensus on every major issue? if the republican congress disagree, i hope and i invite them with the press here to propose an alternative but don't just do what they recently did and walk away. they just passed their budget in the house and the senate with virtually no opposition support. they lock in sequestration.
9:54 am
they add another $500 billion in cuts to discretionary spending, slashing infrastructure, education, and medical research. just the really smart things we need to be doing right now. insisting that by 2025 nondefense discretionary spending, that's infrastructure will be 35% below the lowest level in the past half century, just as we're growing, and they would slash local transit investment by more than 40% now if the budget become law. if it's enacted into law. they would reduce the capital budget for the faa. that's how we repair and modernize our airports to the lowest levels in 15 years. what do they expect to happen?
9:55 am
i'm being very serious. i know you can sense my frustration, but what do they expect to happen if we actually implement a budget like this? how can we lead in the 21st century not investing in infrastructure. with our economy surging back, we're only spending 1.5% of our gdp on total infrastructure. .5% on transportation infrastructure. where are these used panama ships, three times as big where are they are going to berth? what american businesses are going to be able to take advantage of it? 70% of all the koorgs to and from that canal is carrying a product from the back going from the united states abroad or coming to the united states.
9:56 am
how are we going to transport 30 million bear relts of crude oil a month from north dakota to the refineries in the gulf without a dependable safer more reliable infrastructure. all you got to do is turn on the television. there are not enough rail cars, you hear me there are not enough rail cars in the united states of america to meet the need and the danger of the transportation on an antiquated system is real, is real. it can blow up entire towns. how can american businesses and american economy lead if we remain ranked 28th in the world? now that wind energy is as cheap as coal, having to climb nearly 50% in just the last four years now costs 85 cents a megawatt,
9:57 am
how are we going to get this clean renewable energy to the cities, the towns, the homes, the factory without more transmission lines? what's going to happen when a category one hurricane, which is predicted by the way, wipes out 3 to 400 substations in the gulf of mexico, texas, and louisiana? because they are below water? what do we do then? what is the cost to the economy, the cost of citizen's health? let me end where i began. we need a debate. we need a debate. but that's why i'm really here. to say thank you and tell you we need you. i don't ask you to agree with the way we propose funding this. i think it's the most rational way to do it because i think it's a win-win for business. you may not.
9:58 am
but at least you all think we have to do it. we need you. we need you to talk to the house and senate. we need you to macon kreet -- make concrete real examples of what it means if you do not get the investment we need here. this is critical and every day, every year, every decade we wait, it gets more expensive, the dangers increase, and the consequences are immense. my dad used to have an expression and eddie has heard me say this a lot of times the only war that's intinded is the one that's unintended the only sin a lther and a president and vice president commit that's worse than coming up with a bad
9:59 am
idea is coming up with no idea in the face of what everyone acknowledges is a pending, looming, and present crisis. so please, i hope you are all republicans. i really mean it. i hope you are all republicans. i hope you all have contacts. i hope you all are prepared to go up and make the argument. folks, i remember the day, many of you are here i remember the day when fight about infrastructure. there was no fight. republicans led the fight. republicans were the ones out front. what happened? what happened? ideologies become the master and there's no applicability to this of all things one of the most
10:00 am
nonpartisan issues the country can face. again, it may be partisan how we pay. you may not like it but i use another one of my dad's expressions. pay me now or pay me later because the price is going to be extremely high if we don't step up. thank for what you are doing. i appreciate it very much. [ applause ] and live now on capitol hill where the house financial services committee is about to hold a hearing on financial data security, members expected to
10:01 am
discuss ways to protect consumers and their personal data former minnesota governor and the current president and ceo of financial services round table advocacy group tim pawlenty is among the people testifying today. congressman maxine waters is ranking member. this should get under way in just a moment. live coverage here on c span 3.
10:02 am
[ . >> financial data security in the age of computer hackers given that the pa just turned on, it is a testament to the fact to members, welcome home. i assume we have many of our colleagues who are furiously running from hvc 201 as we speak for our witnesses and for the audience, we have been nomads since the beginning of the year so you will notice a few changes in the room.
10:03 am
this renovation was caused by an upgrade of the audio visual systems. although i did not specifically request it i now notice there are twice as many microphones in our hearing room as before. i wish to notify members that does not mean they can speak twice as long. that doesn't go along with the microphones. in addition you will notice that our witnesses are quite a ways away. that we have less room for the public as hearing rooms are renovated, they must be made and should be made compliant with the americans with disabilities act. this room complies with that ada statute which means every row has been enlarged which means we have lost part of our gallery
10:04 am
but the overflow room is still alive and well. in addition, for those who have ever moved into a new home or new apartment, there is such a thing known as a punch list and for some of the subcommittees, you may be kicked out of this room foefer -- over the next five to seven days as that punch list is attended to. another change in our committee room, if you will look over my left shoulder you will see our -- the portrait of our most recent chairman, spencer bacchus, to have barney over one shoulder and spencer over the others, it kind of seems like old times. we certainly know of barney's fierce intellect and tenacity, but i also hope that members
10:05 am
will remember spencer's gentle and kind leadership of this committee and sometimes when emotions and passions start to run high let's remember the example he set for us with respect and decency and, yes, humaner and moum -- humor, and somehow for one of any moment, i expect them to carry on one of of their classic debates. we'll see if that happens or not. i believe that's all i need to say about the hearing room at the moment. in which case the chair now recognizes himself for three minutes for an opening statement. at today's hearing we will be focused on protecting consumers and their private financial information in an age of computer hackers. the world has experienced a technology revolution. one that has brought remarkable benefits to consumers and the
10:06 am
broader economy but it has also increased some risk on consumers by making the theft of their personal financial information a profitable enterprise for cyber criminals and computer hackers. in the era of big data large scale security breaches are unfortunately all too common. in every breach leaves consumers exposed and vulnerable to identity theft fraud, and a host of other crimes. we have certainly all read about the high profile headline grabbing breaches at target and home depot. according to the identity theft resource center there were 783 u.s. data preaches in -- breaches. the center for strategic studyies estimate that such attacks cost the economy $100 billion annually. consumers expect their information to be protected by
10:07 am
their financial institutions, retailers, card networks, payment processor and by their federal government. consumers shouldn't be left to hope and pray their personal information will be safe every time they swipe their debit or credit card every time they enter their information on line. they deserve protection. today, we'll hear from organizations whose members are part of the system. my hope is this hearing affords members on both sides of the aisle an opportunity to better understand what security measures are currently in place to prevent data breaches. our consumers are notified following a breach what types of emerging technologies will help reduce the frequency and severity of breaches, and what steps are being taken by the merchant and financial services communities to address the problem and where additional federal legislation may be
10:08 am
warranted. i further hope that the committee will engage in a thoughtful and constructive dialogue on a bipartisan basis and in that regard i wish to thank chairman nagabauer and mr. carney starting this off on the right foot by introducing a bipartisan bill to address this important problem. i will now yield back the balance of my time and recognize the ranking member for three minutes. >> thank you, mr. chairman. americans are increasingly reliant on electronic means to communicate, shop and manage their finances. while new technologies bring substantial opportunity, they also bring a range of new vulnerableeventual verbal its for consumers. massive atacts on some of our nation's retailers and financial institutions are affecting our
10:09 am
sector. consumers are not the only ones who pay the price of a breach. the cost of recovering losses by retailers and card issuers can be extensive and weigh particularly heavy on small community banks and credit unions. we all know companies face a number of challenges in determining how best to secure customers financial and personally identifiable information. in addition, we know that there are significant costs to complying with various state laws and providing notice after a breach. however, as we consider setting national standards for safeguarding consumers' personal information and ensuring timely notification, we must again acknowledge the good work of those states that for years have been at the front lines of this fight. i believe that any federal
10:10 am
preemption should complement state's protections and ensure at a minimum that state attorneys general continue to play an important role in enforcement and notification standards. in setting minimal standards we need to be careful not to hamstring our states and federal regulators' ability to continue adapting and strengthening protections for consumers. otherwise, we will limit regulator's ability to keep up with technological change and we must preserve a private right of action for consumers and financial institutions to ensure that affected entities and breach victims have legal recourse. further, consumers must be consistently provided with clear disclosures of the rights and remedies available to them so that they remain aware of the various ways in which they can protect themselves from identity theft and fraud and other cyber
10:11 am
crimes. mr. chairman efforts to guard against cyber threats are critically important and shouldn't devov into the same partisan fault lines we've seen on too many occasions for this committee. such as blocking efforts to reauthorize the charter of the import export bank which expires in 22 legislative days. with that, i look forward to hearing from the witnesses. i yield back mythe ball of my time. thank you, mr. chairman vem you know, we live in a world where a global market place is supported by a global payment system. delivers payment services to consumers in the blink of an eye. immense amounts of sensitive consumer information is transferred and processed and stored in any one transaction. the security of the system is
10:12 am
only as strong as its weakest link and today i look forward to learning more about the new payment technologies that continue to facilitate payment efficiency, speed, and security. i'm hopeful we can have a robust policy discussion about what new data security standards are needed to level the playing field. this month congressman carney and i introduced a bipartisan legislation which builds on prior work. our sta starting point was to look at the graham leech. 16 years later this framework has worked very well. the data security standards in ho 225 is based on certain core principles. first, we need a national data security standard and a national breach notification standard. this standard must minimize regulatory requirements but carry with it strong federal enforcement mechanism. second the data security standard must be technology neutral and process specific.
10:13 am
it must be reasonably -- identify certain core elements in the absence of an ftc rulemaking. third, it is absolutely necessary that the data security standard is scaleable based on the size of the business, the scope of operation, and the type of information that it holds. legislation must recognize that the corner market cannot and should not have the same standard as the largest retailer operating in 50 states. while i'm confident in our bipartisan legislation, i'm open to work with any member of interested groups, one to minimize unintended consequences and to continue tailoring this legislation. we have shared interest in seeing this signed into law giving consumers the safest payment system possible. with that i want to thank our panel for being here this morning and i look forward to looking at -- based on -- looking at the testimony that's been entered, i think this is going to be very informative for our members and i think it's good that we have these
10:14 am
different interests at the table today, so mr. chairman, i look forward to a very informative hearing. the gentleman yields back the chair now recognizes the gentleman from delaware, mr. carney for two minutes. >> thank you, mr. chairman. over the last decade alone data breaches have compromised nearly a billion records containing consumer information. it directly costs consumers an average of $290 per victim. studies show that cyber criminal are costing u.s. companies sds 100 about billion a year. one thing is clear, the current patch work of laws is failing to protect american consumers. that's why we have worked together on a bipartisan effort to development a security and breach notification framework that all relevant stakeholders can operate within. we think consumers and companies that handle the personal financial data should all know the rules of the road when it comes to the standard for protecting this data. our bill, 22 ho 225, it builds
10:15 am
off the efforts of other senators across the capital. it requires companies to enact a data security program that's robust and scaleable and with the goal of protecting consumers' personal information from breaches and it sets a reasonable standard for accurate and timely notice to consumers when a breach occurred. importantly, the requirements avoid a one size fits all approach. it allows companies with varying sizes and complexity to find a program that's tailored for their business. as with any comprehensive peace of legislation, our bill can always be improved. looking forward to working with my colleagues on both sides of the aisle to make improvements to this legislation where necessary. the fact is, though, that the white house, congress, and the private sector and consumers all agree that the status quo is not
10:16 am
acceptable, and i'm encouraged that this committee is having this hearing today and we're moving forward to protect consumers, businesses and the american economy. i would like to thank mr. nogabaure for his leadership on this issue. thank you, i yield back. gentleman yields back and indeed it is time to hear from our witnesses. we welcome each and every one of them to the panel. first, the honorable tim pawlenty, the president and chief executive officer of the financial services round table and former governor of the state of minnesota. mr. brian dodge is the executive vice president of communications and strategic initiatives at the retail industry leaders association. mr. jason oxman is the chief executive officer of the electronic transactions association. mr. stephen orfay is the general manager at pci security
10:17 am
standards council. and ms. lora moy is senior counsel. several of you have testified before congress before. i'm not certain of all of you so we have a rather simple lighting system. green means go. yellow means hurry up because the rlt -- red light is soon to follow. the yellow light comes on with one minute to go. each of you will be recognized for five minutes to give an oral presentation of your testimony. without objection, each of your written statements will be made a part of the record and since we are brand-new in our refurbished space in the old hearing room, you had to pull these microphones very close to you. i think now you can keep them a somewhat comfortable distance from your mouth. governor pawlenty you are about
10:18 am
to be our guinea pig on our system. >> good morning. thank you for the opportunity to share a few thoughts with you this morning about one of most pressing issues facing our country, and that is the emerging growing, and threatening cyber warfare that's taking place both commercially and otherwise across the globe and being visited upon american businesses and consumers in ways i think deserve congress's attention. to give you a few measures of what we're up against, 80% of the companies that were breached in 2014 did not know they were breached until somebody else told them, a third party told them. sometimes the government, sometimes a vendor but a third party. in the average length of time between the breach actually happening and the discovery was months after the fact. in addition, here's another interesting fact. over half of the adult american population had their personal data exposed last year, according to a cnn published report and the list goes on including that we now know
10:19 am
through public and confirmed reports that this is no longer college kids in their basements having some fun trying to get into some systems. these are nation state actors including or semistate nation actors including china, north korea, iran, russia former soviet union sponsored states and individuals and enterprises associated with them and very sophisticated international crime syndicates. if one of those entities triangulates on a company, it's not going to end well for that company or their customers. we need a rebus response to these threats and the fact this committee is paying attention to these issues we appreciate it very much. thanks to the house for passing legislation. we hope the senate does the same. we're not talking about sharing personal information but that threat information sharing bill is very helpful to this cause and make being the country more
10:20 am
prepared to again against these threats. as it relates to the financial service sector and the payment system our sector as the chairman mentioned has been dealing with these issues in a regulated context for quite some time. in 1999 act, part of it was to visit on this industry enforcement mechanisms in part of the examination process, that has serve the industry well. as you look at the percent of breaches that have taken place in recent years, our sector has the lowest breach incident rate. still have a lot of work to do. but compared to other major sectors, it's progress and that's because of some of the good work that's been done since the act was passed and otherwise. we're about to launch some other secure level domains. as it relates to the payment system, it's about to get a lot better. we're going to move as a next
10:21 am
step to the chip-enabled cards. it's already happening. the networks have said look if you want to avoid fraud liability, you got to make this transition toward the end of 2015. there is some saying we're not ready. it's going to take a little bit longer. over the course of the next couple of years, almost all cards are going to be chip cards, that's going to help. don't be focused on that. that's technology from the 1960s, magnetic strips were invented in the 1960s. chips of course more recently. but it's moving well beyond that discussion. the new technologies that are coming fortitude and being actively considered include voice recognition facial recognition, biometrics location confirmation, gesture recognition and a lot more. this is evolving extremely rapidly and is going to continue evolve as new technology emerges. as to the legislation that's before you, thank you very much. we strongly support hr 2205. we think it's an excellent piece
10:22 am
of work, it may need some modifications as mentioned. it creates for all sectors not just the health care sector or the financial service sector, a data security standard which is really important and it's flexible. we're only as strong as the weakest link in the chain. if we've got strong standards but one of other links in the chain don't the whole system is expose ds. thank you for putting a marker down on a strong national data security standard. we strongly support that. another important piece of the bill is a uniform data breach notification law. many states including my own have strong laws in this regard but as you think about cyber space and mou commerce gets conducted now, it doesn't make a lot of sense to have 50 different standards, approaches and responses to a breach and the notification relating to it. in closing as you think about this, we're not asking for any current state initiatives to be dlutd. i think if you set a standard, set it high. make it nation leading. i'm out of town. thank you for the chance to be here this morning.
10:23 am
thank you, congressmen for your leadership on these issues. we strongly support what you are trying to do. thank you, governor. mr. dodge erk you are now recognized for five minutes for your testimony. >> thank you and good morning. chairman hensarling ranking members waters, members of the committee. my name is brian dodge. thank you for the opportunity to testify today about data security and the steps the retail industry is taking on this important issue and to protect consumers. retailers embrace innovative technology to provide american consumers with unperilled services and products. as we have seen, no organization is immune from attacks. retailers understand that defense against cyber attacks must be an ongoing effort. as leaders in the retail community, we are taking new and
10:24 am
significant steps to enhance cyber security throughout that industry. we formed the cyber intelligence sharing center in partnership with america's most recognized retailers. we've opened a study -- steady flow of information sharing. also, we've recently established a formal working relationship with the financial services that will ensure collaboration across the system on these issues. we applaud the house for passing information sharing legislation and we hope the senate will quickly take up and adopt this approach to electronic sharing. while i expect we will discuss many cyber security topic today one area of security that needs immediate attention is payment card technology. woefully outdade magnetic stripe technology used on cards today
10:25 am
is inadequate for today's system. the new cards will not be issued with pins. chip and pin technology has proven to dramatically reduce fraud when it's been deployed elsewhere around the world. in contrast, chip and pin technology provide consumers the best security today. the two factors will prevent criminals from duplicating cards with ease, devalue the data that retailers collect at the point of sale. ultimately, these steps have been proven to substantially reduce the economicen incentive for cyber criminals to launch these kind of cyber attacks. before i discuss what we believe is important considerations, i will highlight the laws with which retailers currently comply. 47 states have adopted data
10:26 am
breach notification laws. in addition, retailers are subject to robust data security regulatory regimes. the federal trade commission has charge more than 50 businesses for failing to maintain reasonable practices. they clearly spell out the data standards expected of businesses. also many states have so-called little ftc facts that can be used to enforce against what toergs daem to be unreasonable data security practices. finally, retailers voluntarily follow a variety of security standards. while retailers diligently comply with this range of data breach notice and data requirements, a carefully crafted federal data breach law can clear up regulatory confusion and better protect and
10:27 am
notify customers. we support legislation that is practical and sets a single national standard. we support data breach legislation that creates a single national notification standard that allows businesses to focus on quickly providing affected individuals with actionable information. it ensures notice is required when there is actual theft of economic information. it establishes a precise and targeted information for personal information. it recognizes that retailers already have robust data security obligations and that security must be able to adapt over time. i thank you for inviting me today and look forward to answering your questions. mr. oxman, you are now recognized for five minutes for your testimony. >> thank you, mr. chairman. thank yous to you, ranking member waters for the opportunity to be here.
10:28 am
i'm jason oxman, eta is the trade association of the payments industry. our more than 500 member companies are focused on providing the world's most secure reliable and functional payment systems to american merchants and consumers. electronic payments in the united states are largely invisible to consumers because simply put they just work. u.s. consumers carry 1.2 billion credit debit and prepaid wallets in their wallets. they can use them to pay at more than 8 million merchants in the utilizes. they process more than 5 trillion in u.s. consumer spending every year. thousands of transactions are moving across our network every second. consumer enjoy a wide variety of ways to pay electronically, including in person, in a car, in a mobile device or watch or remotely via the phone or
10:29 am
internet. from the moment a payment is initiated, it's securely transmitted, authorized and processed within a matter of seconds. we take very seriously the obligation to protect the security of their customer's information. consumers in the united states choose electronic payments because they benefit from zero liability for fraud maker being electronic payments the safest and most secure way to pay. today, criminal fraud amounts to less than six cents of every $100 processed in transactions. it's a fraction of a tenth of one percent. now, even though fraud represents a tiny percentage of overall transaction volume we're deploying cutting edge new technology and using self-regulatory guidelines to bolster the fied against fraud. three couldn't kreets steps we're taking to protect consumer information. first, eta members are deploying
10:30 am
emv-enabled chip cards to fight the number one cause of card fraud, counterfeit cards. they represent 2/3 of present fraud today. chip cards prevent cards from being countered fitted. they don't stop data breaches but they do make it harder for criminals to reap the rewards of data breaches. chip migration happening now in the united states it's the most complicated overhaul of our payments technology system in the 40 years since the magnetic stripe card was introduced. our banks need to replace more than 1 billion cards. merchants need to update point of sale equipment at 10 million locations. we're working together and getting it done. our association is using new technology. these tokens cannot be used to generate fraudulent
10:31 am
transactions. think of a token as a mathematical cryptogram. it cannot be reproduced. tokens can be used in card environments as well and we're working with our merchant partners to deploy this technology at both brick and mortar and online retail. we're deploying new encryption technologies. point-to-point encryption is a way to secure all entry points against an attack. it denies cyber criminals the access they need to install malware and other cyber hacking tools. as we deploy all these technologies, i want to affirm our strong support for legislation that creates uniform national data standards and data protection breach standards as well.
10:32 am
such standards must be industry neutral, preemptive of state law and this is the approach set out in hr 2205 which eta strongly supports. we applaud chairman naugabar and mr. karn fore engaging in important dialogue for this legislation. we support legislation to promote information sharing sharing of information across government and technology and manufacturing companies will support prevention of and investigation of breaches and ensure against cyber attacks. cyber criminals are increasingly sophisticated. they are global in scope and we're working proactively to address every threat. we must not forget that these data breaches of merchants and consumers make them victims of crime. we share a desire to stamp out fraud and we take seriously our responsibility all of our customers to do so. thank you for the opportunity to be here. look forward to your questions, mr. chairman.
10:33 am
mr. orfi, you are recognized for your testimony. >> good morning, my name is stephen orfai, i'm the general manager of the gci security council. i had the privilege of leading an organization that is responsible for the developing and maintaining of the global data security standards for the payment card industry. our approach combines people process, and technology. continuous effort in applying our efforts is the best line of defense against organized crimes state funded actors and criminals who threaten our way of life and attempt to under mine our confidence in the financial system. everyone has been victimized by these criminals and we know the very real harm caused by breaches. developing standards to protect payment card data is something the private sector and specifically pci is uniquely
10:34 am
qualified to do. consumers are understandably upset when their payment card data is put at risk. the council was created to proactively protect consumers payment card data. our community of over 1,000 of the world's leading businesses tackling data security challenges from simple issues, for example, the word password is still one of most commonly used passwords and to complex issues liken kripgs. our standards are a solid foundation for a multilayered security approach. we aim to remove payment card data if it is no longer needed. simply put, if you don't need it, don't store it. if it's needed, then protect it and reduce the incentives for criminals to steal. here's how we do that. the data security standard is built on 12 principles covering everything from logical to
10:35 am
physical security and much more. it's updated regularly through feedback from our global community. we manage eight other standards that cover card production, pin entry devices payment applications, and much, much more. we work on technologies, best practices and private market guidance. we have laboratories to vet solutions that we list on our website. all of our information is free. our mission is to educate, empower, and protect. now, our end game strategy is to devalue the data so that it is useless in the hands of the bad guys. we have three technologies that will allow us to do so. emv at the point of sale. point-to-point encryption and token iization. when bundled and implemented properly data becomes useless and there's no reason to break in. that's why the council supports
10:36 am
adoption of it in the u.s. through organizations such as the emv migration forum and our standard support emv today in other worldwide markets. but emv chip is not a silver bullet. additional controls are needed to protect the integrity of payments on line and in other channels. this includes encryption, tamper resistant devices malware protection, network monitoring and more. all are vital parts of the pci standards. effective security requires more than just standards for standards without supporting programs or just tools not solutions. the council's training and certification programs have qaetd tens of thousands of security professionals and make it easier for businesses to choose products that have been lab-tested, certified as secured. finally, we conduct global campaigns to raise awareness of
10:37 am
payment card security. the committee's leadership on this critical issue is important and there are clear ways in which the federal government can help. for example, by leading stronger cooperative law enforcement efforts worldwide by encouraging stiff penalties for these crimes and recent initiatives on information-sharing are also proving to be invaluable. the council is an active collaborator with government. we work with many government entities including global law enforcement. in conclusion payment card security is complex. silver bullet solutions do not exist. unilateral action is usually a disappointment. alliances, partnerships, information-sharing, and collaboration between the public and private sector is critical. the pci council stands ready and willing to do more to combat
10:38 am
global cyber crimes that threaten our way of life and confidence in the financial systems of the world. we thank the committee for taking a leadership role and seeking solutions to one of the largest security concerns of our time. thank you. >> thank you. ms. moy, you are now recognized for your testimony. >> thank you. thank you so much mr. chairman, thank you, good morning, ranking member waters good morning other members of the committee. thank you so much for your commitment to addressing data security and data breaches and for the opportunity to testify on this important issue. consumers today share tremendous amounts of information about themselves. consumers benefit from sharing information, but they can be harmed if that information is compromised. for the most part, the states are actively dealing with this issue in ways tailored to address the needs of their own residents but with a large body of common elements. at least 29 states have introduced or are considering breach notification bills or
10:39 am
resolutions this year alone. bills in 27 of those states would amend existing laws to account for changing needs and changing threats. only three states have no breach notification law on the books and two of those states have considered bills this year to change that. consumers would therefore be best served by a federal bill on this subject. to the extent congress seriously considers broad preemption, any new federal standard should strengthen or at least preserve protections that consumer enjoy at both the state and federal levels. because of any broad federal bill would bring an end to activity taking place in state legislatures, it would need to provide a mechanism to quickly adjust the law in the future to match developing technology and new threats. unfortunately, a number of recent proposals would diminish consumer protections in a number of ways by replacing strong and
10:40 am
broad state protections with a weaker federal standard. in addition, a number of the bills do not provide the flexibility we need to make sure consumers' personal information remains protected as the information landscape changes. don't get me wrong. most of the bills we have seen would certainly offer some new benefits for consumers but many consumer and privacy advocates, myself included, question whether those new benefits outweigh the potential harm to state jurisdiction and to consumers' existing protections. i will therefore focus today on four potential shortcomings of federal legislation that would need to be addressed in order to ensure that any new bill represents a net gain for all consumers. first, federal legislation should not ignore the serious physical, emotional and other non-financial harms that consumers could suffer as a result of misuses of their personal information. a bill that would both preempt state laws and condition breach
10:41 am
notification on demonstrated risk of financial harm could actually reduce consumer protections in 33 states and the district of columbia where the existing law either has no harm trigger or has one that's not limited to financial harm. second, federal legislation should not eliminate data breach notifications for types of data that are currently protected under state or federal law. some proposals feature a narrow class of protected information along with broad preemption. such legislation would eliminate protections consumers currently rely on at the state and sometimes federal level. for example, many bills would eliminate protections in ten states for health information or eliminate federal protections for telecommunications cable and satellite records. third, federal legislation should provide a means to expand the range of information covered by the bill as technology develops. ten state breach notification laws that now cover health information represent a clear
10:42 am
trend as states are currently updating existing consumer protections to respond to the growing threat of medical identity theft. we can't always forecast the next big threat years in advance, but unfortunately we know that there will be one. federal legislation on this topic must provide flexibility to meet new threats. whether by continuing to allow states to protect classes of information that fall outside the four corners of bill or by establishing agency rulemaking authority on the definition of personal information. fourth and finally, federal legislation should include enforcement authority for states attorneys general. thousands of data breaches are reported each year, many only affect a small number of consumers. federal agencies are well equipped to address large cases but they could be overwhelmed if they lose the support of state ags especially when it comes to handling smaller cases and
10:43 am
providing resources for local consumers. i and many of my fellow privacy stakeholders are not opposed to the idea of federal legislation, but any such legislation must strike a careful balance between preempting existing laws and providing consumers with new protections. the open technology institute therefore appreciates your close examination of this issue and i'm looking forward to your questions. thank you. the chair now yields himself five minutes for questioning. so based on my unofficial survey of good folks in the fifth district of texas that i have the privilege of representing, data breach, although they don't typically use that phrase certainly makes their top 20 anxiety list and probably their top 10 when they think of identity theft, other forms of theft, privacy laws. so it's a very serious matter, but as ms. moy was positing in
10:44 am
her testimony, there is a cost and a benefit associated with anything we do around here, to state the obvious, we are lawmakers, and there was a law made about 15 years ago graham-leech-blyyee that dictated standards. so let's start with you, governor pawlenty. what exactly is broke? what needs fixing here? does it work or doesn't it work? >> mr. chairman. thank you. it's a great question. if you step back from how individuals might characterize it and ask them these questions how is the current system working? half of the adult american population has their personal data exposed in one year. it is not a stretch of the imagination to think somebody could get into the electrical grid and shut it down in a big
10:45 am
part of the country for months on end. you do that you lose electricity in your district lose pressure of national gas pipelines, points of sales go down, you got a very -- not -- you've got a very dramatic impact on the country. it requires a sense of urgency and understanding regarding the magnitude of the threat. as to the act, it works. it's flexible. it makes accommodations for the size of the business, but it says given the importance of this infrastructure to the country, if the payment system doesn't work, it's stalled, people lose confidence in it you are going to have a big piece of economy grind to a halt. there's trillions of payments that flow per day. if that gets disrupted this is an urgent deal, it is growing in terms of concern.
10:46 am
no institution is immune. we have some of our biggest institutions have been breached. the best in the world, the nsa, by everybody ten out of ten in terms of world class capability in this regard breached by an insider at the threat. there is much more work to be done on all fronts and we're the best of class. financial services gets breached from time we manage it. people get their money back. it's inconvenient but the other sectors that don't have these kind of standards and capabilities need to up their game and you can help lead that effort. >> mr. oxman, you in your testimony -- i think -- were lauding the elements of the legislation about preemptive national standards. it seems to be an open question in ms. moy's mind regarding preemption and perhaps national standards, so why do you consider preemption and national standards to be so important? >> mr. chairman, as a number of witnesses noted we all share an
10:47 am
interest in ensuring the consumers and merchants are protected. when something does go wrong, we also need to make sure we get the word out quickly and efficiently as possible and make sure those protections that are available under law kick in. the reason the consumers use electronic payments is because they are 100% protected against any liability for fraud but we still need to get information out to them. there are 47 different regimes that companies have to subscribe to and it's not just the payments industry it's every company in the country that has to subscribe to these 47 different regimes. they all appoint a different time, place, and manner for the notification. they all have different triggers for what kind of notification has to take place. some of them are even contradick tory. there's one state that actually requires the breach notification include information detail about the breach itself. there's another state that makes it illegal to include any information about the breach itself. so in some cases, they are
10:48 am
contradick tory. if we had a uniform national standard, it would allow everyone to work together toward the same goal which is to provide the reasonable notice that needs to be provided as quickly as possible. in my remaining time, governor pawlenty, back to you we've reported a piece of legislation with regard to a national breach notification law that only impacts retailers. should this committee not act from your vantage point, what does that look like? >> time is short. don't let the perfect get in the way of the good. we would like to have the standards apply across the board otherwise their effect is diluted. we can be really good but if our partner in payments has a flawed, outdated weak system at a point or sale or a backroom at say fill in the blank retailer or a different sector, the whole
10:49 am
chain gets compromised. if you are missing one piece you are missing a very important part or opportunity to up the game of the whole system. it's an ecosystem it has to be addressed holistically or the whole system is compromised. first, i would like to thank mr. carney and mr. nagagaur for the work they have done on this legislation. i believe that both sides of the aisle are concerned about getting strong piece of legislation that will protect our consumers. this is a bipartisan issue and we should not spend ape lot of time -- spend a lot of time fighting about some aspects of this initiative, but rather we should work out whatever the differences may be. from what i can understand there are those who believe that
10:50 am
the federal law should be a floor rather than a ceiling and there are those who believe that where you have states who have stronger laws, we should not preempt those as i understand it, despite the fact that we have varying laws in our states now, they all have similarities. and so rather than thinking about this as states with such different laws that would somehow cause great complications, let's think about this in terms of of the fact that we want our state attorney generals to be involved. we want them to be involved in enforcement. i think that's very important. so let us take a look at what i think is the biggest obstacle to us getting the best legislation and deal with the preemption question. deal with the preemption
10:51 am
question and think about states like california. can you tell us for example, in my state of california, what are we doing with the cyber security, and is that stronger than what is being proposed here now? >> sure yes. thank you. that's a good question and a good place to start because, you know california passed the first breach notification law years ago and has really been a leader in this area. so thank you for your work on that. california, for one thing, california recently passed a law to include log-in and password for account authenticaters. for example, my e-mail accounts if my log-in and password were breached, i would get a notification, which i certainly would want to. there's a lot of information in there, while it may not lead to
10:52 am
financial harm, it could lead to emotional harm if that information were breached or misused. california has a reasonable security standard, but california does enforce that standard and has had a number of cases over the past few years, and along with that had some very rich guidance for businesses attempting to comply with the reasonable security standard. so one thing that i think california is also very strong on is the type of guidance that the state ag's office provides to consumers and the way the state's ag office interacts with consumers to provide that guidance. >> thank you very much. so i'm sure that none of us would want to interfere with states ability to have the strongest possible laws for cyber security. so miss moy don't you think that perhaps the federal laws should be a floor, and that we should certainly allow states
10:53 am
that have tougher laws to be able to enforce those laws and that would require the attorney generals to be involved? do you think that is the best way to approach this? >> i do think that from the consumer's perspective, that could provide the strongest protection. and you mentioned previously a discernible pattern among the various state laws. i think that is the case. when you look at the various breach notification laws o f the states, most of them cover a core of common information, and have have similar requirements in terms of what ought to be provided in the notification when the state ag and the consumer reporting agencies ought to be notified. and in addition to that, some states have added onto that. so that's where, for example, you see states like texas and wyoming and just this year hawaii, montana have added medical information to the class of unprotected information in order to extend protection to
10:54 am
categories where they see a developing threat that must be addressed. >> so we certainly would not want texas to be preempted, with the good law they have, particularly as it relates to medical information, would we, miss moi? >> i do think it's important for pieces of information, like medical information and including other states. the very states of mr. chairman, texas. >> thank you very much, and i yield back. >> the chair understood the subtle point. the chair now recognizes another gentlewoman from texas for five minutes. >> thank you mr. chairman i would note if you let the federal standard be the floor and then all the states have the opportunity to start one upping each other, then basically we're right back to where we are now and it defeats the purpose of having a federal standard. mr. dodge, in reading your
10:55 am
testimony last night on our proposed security legislation, there's actually a lot that i think you and i agree on. i'm hoping today that we can discuss some of the provisions where we have a little bit of a difference of opinion, in hopes we can have a better understanding of where everybody is on this issue and you state retailers support a carefully calibrated reasonable data security standard. under hr-2205 mr. carney and i will lay down a data security standard that is based oen key elements of data security programs that have worked well. to ensure the smaller retailers are not unduly burdened, we calibrate the standard to match the size scope and type of information that those entities hold. whether there are some process requirements that say if they don't apply to you, you don't have to necessarily implement them. so the question is, can you
10:56 am
identify the specific processes we've laid out in our carefully calibrated, that aren't carefully calibrated and reasonable in your estimation? >> thank you for the question. i think, first, it's important that we be having this debate about proper national data security standards that help businesses address this growing and sophisticated threat. it's the perspective of retailers that the act, the baseline for the legislation that you introduced especially the data security standards within it were expressly wherein for the financial services community. the industries are very different. anybody who has ever filled o ut a mortgage understands that the information that a bank holds is very different from that of a retailer. if we were to pursue legislation that replicated or shoe horned the act to apply to the rest of the business community we would be applying this law to
10:57 am
industries beyond the restale industry, ok well beyond us to high-tech internet app makers, bigger and small. so we think the history of enforcement in the trade commission, is a good standard that is very clear and strong for businesses to adapt to meet today's challenges to adapt to in the future. we don't think that you can regulate your way to security. that we need to employ layers of security. we need to start with the baseline that we think is a strong standard in emboldening the federal commission to strengthen these standards. includeing advancing the security that's in that system today. >> you mentioned i think 50 ftc enforcement actions since 2001. that would be 3.1 a year. so if you believe that ftc is
10:58 am
your enforcement agency do you support then giving ftc rule making authority to make a uniform standard? >> so, the ftc has enforced the cases under the unfair acts. we think giving them the express authority from congress is the right way to go about it and it would preserve the flexibility that they needed in order to adapt to the threats as they changed over time. >> well, the question is would you support them promulgating standards that make sure that the playing field is level and you are doing things specifically necessary in your industry to, you know, have a uniform standard. >> we wouldn't support rule making because that's the purpose of passing a law. congress that has the the privilege of defining a law, and then leave it to the agency to
10:59 am
adapt it over time. they have the flexibility under current law -- >> isn't that what we're trying to do then? congress is trying to pass a uniform standard? >> exactly. and we believe providing the ftc to enforce data security laws based on the case law today the common law based on the 50 cases, would provide businesses not only with the clarity that they need, on whoo the expectations are of government but the flexibility for the enforcement agency, in this case the ftc to involve over time to meet new threats. >> do your members take steps to protect consumer day that? >> absolutely. there's no important relationship in the retail business than that they they build and maintain with their customers and obviously a breech, a data breach, would be -- >> so if they're already doing it, what's the the objection to
11:00 am
applying them across the industry? >> you're speaking specifically about a law written for the financial services committee. >> i'm talking about the law -- i'm talking about my bill. >> right so you would be expanding under your legislation, expanding to the rest of the business community. what you're saying is we can stick within the current regulatory structure that has the federal trade commission regulators. >> we took principles from this but this isn't -- this is a uniform national standard. >> the time of the gentleman is expire expired. >> i would like to pauk about this issue because wrn it's a concern for many of the members and we

6 Views

info Stream Only

Uploaded by TV Archive on