Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  December 4, 2015 3:00pm-4:01pm EST

3:00 pm
get there during reasonable work hours are among the communities that will benefit the most from mobile payments. i think the opportunities in those markets are huge. i think they will help the citizens of mississippi and california and the other jurisdictions that are here. they will help inner city people as well, people who longer have a corner branch of their -- of a bank to help them. and because, as mr. mueller suggested, there are opportunities to use prepaid cards including payroll cards and to spend money out of them using devices of this kind, the opportunities for unbanked and underbanked persons and minority individuals residing in rural or very urban communities expand. the last thing i would say, sir, is that the least secure thing on the face of the planet in the united states at least is cash. so, if you have a way to link to
3:01 pm
some form of an account and to use it as if you were using your bank account through a mobile payment, you may level the field for lots of people to participate in commerce, both the recipients of payments and as people who can make payments on time and, therefore, avoid late fees and other charges that are associated and that these opportunities are enormous more helping a lot more americans have a lot better access to payment options than they have had in the past. >> well, my last question, because our time is limited, is it's interesting that "60 minutes" talked about this payment system in kenya that you touched on, mr. mueller, that has to do with the texting and it doesn't have to be a smartphone, et cetera. the thing that concerns me about that isn't that it's kind of cool, it's that i would imagine that the safety of those individuals in those
3:02 pm
transactions are a lot more vulnerable than perhaps what americans understand that we're not as vulnerable with the systems and the advances we have. i'd like to know, as quickly as possible, because due to constraints of time, the fact that in this country we do have regulations and we do have benchmarks and push industry to make sure that they have safeguards for our consumers and our participants, is that something that is helpful to the industry? is that something that you can to without? >> so, i'd say certainly it's helpful in general, of course, the right kind of regulation. but in general regulation is certainly one component that leads to consumer adoption, and as you said, if people viewed these kind of transactions as really the same as cash with no purchase protection or no protection against unauthorized
3:03 pm
transactions, they would be much less inclined to use it. so, regulation is one component of addressing that issue. industry efforts like visa and mastercard and paypal zero liability all come together to lead to the mobile -- broader mobile adoption for all of us. >> thank you. i yield back my time. >> the gentleman yields back. the chair thanks the gentleman. the chair recognizes the gentleman from kentucky for five minutes for questions. >> thank you very much. it's neat to have this. i was reading about andrew jackson and one of his biggest concerns is how did he move currency, cash, how did he pay people, barter, bank drafts, it was a big issue then and how currency moves really played in to how he was able to move his armies and so forth back and forth. so, we're still talking about moving currency and how we move it in the best and most
3:04 pm
efficient and safe way. and i was watching i guess a football game or so this weekend and samsung had their advertisements, they must have bought of time, because i remember seeing the app we're talking about here today, i grew up in a rural groshcery store. it appeared that anywhere that you can do a credit card your phone would work, so if you can pay at a pump, then you can actually scan or however, whatever the technology is, the right term, that your phone works in all applications like that? so if any merchant takes a credit card, then you have theant to use your application, is that -- >> so, congressman, thank you for the question. when we say virtually anywhere what we're talking about is a very, very high percentage of locations and terminals that accept any credit card or debit card. however, we say virtually because we're not fully 100% there are dip readers, gas stations, atms and a small number -- a small percentage of merchants where the technology software needs to be upgraded
3:05 pm
for us to get to everywhere. so, we're not quite there but we are substantially ahead of our competiti competition. >> my first question was your levels and mixes of security and how it protects consumers. you answer that with ms. blackburn i think. so, does it prevent consumer from doing it to themselves i guess i would say? does your secure -- are there things the consumer needs to do, once they use your phone, can the consumer, like, the old days when you would swipe your credit card and you didn't throw the receipt away and somebody took it out of your garbage, you didn't tear it up, is there something like that the consumer can do? >> the consumer is essentially protected behind a level of pass word protection and fingerprint application that's needed to open up the app. everything they are doing is sitting behind that level of protection. we don't publish that information. it's not easily accessible and the consumer really has full control over that. to that extent it is secure.
3:06 pm
in concern of usability, all mobile apps have usability issues. the consumer for the most part their muscle memory is credit card and keb bdebit swipes. a new way of tapping, a new way of paying. this is happening in different parts of the world, western europe is a more tap-centric payment countries. in the u.s. we're further behind, however, as a technology company we're very optimistic about technology advances. five years ago the cell phone and smartphone penetration was very different than it is today. new applications and services are quickly adopted, if they are helpful and make an impact. so, we're hopeful that there's enough security, utility, and a better experience to compel consumers to move towards this more technology-centric way of paying. >> thank you. mr. mueller, i understand that paypal utilizes the cloud for storage of consumers' payment
3:07 pm
information. why did you choose to utilize the cloud instead of storing payment information on the phone or the app? is it more secure i guess is the question i'm getting at. >> well, for us it was partly out of necessity in that we don't have the same access to the mobile phone hardware and operating system that some of the other companies that are operating, you know, point of sale payments through mobile de vice do. but also we do think there is some advantage of storing the information in the cloud and not -- certainly not storing any of the information on the device. i mean, that's clear, and that's undesirable. but also we don't have the same access to the device as the handset manufacturer might. >> so, being in the cloud you're obviously -- you're not device specific, then, that's your -- >> yes. >> so what innovations have you seen over the last year or two
3:08 pm
that would make online payment data more dynamic and less useful for criminals? >> well, so certainly tokenization continues to develop. it's just started, so it's certainly not static by any means. but the first really live implementation of tokenization in a practical way that we've seen is a big step forward. and the controls that can be built in for onetime use of the token, merchant-specific use of the token. all those are certainly a step forward compared to where we have been with the primary account number being stored and transmitted in many ways. so, that's probably the major recent development. there are new ones coming out all the time that we read about, so it's an exciting field. with certainly dynamic codes,
3:09 pm
sort of the three digit or four digit card code on the back of your card that you're used to entering. now, companies coming out the capability to generate that dynamically and change it for every transaction. so, it's certainly -- new developments coming out and there will be more to come. >> thank you. and i only have 15 seconds, i'm not going to ask another question. i yield back, mr. charm chairman. >> thank you. i appreciate it. the innovation of mobile payments is at the forefront of many consumers' minds especially those considering purchasing a new smartphone and all consumers interested in the technology to ensure their transactions are safe and secure. like with many new technologies it's subject to some suspicion before adoption and many consumers want to know if their personal information including financial and personal health information will remain protected and private.
3:10 pm
certainly no system's fool in the technology world we frequently read about cyberattacks and successful hacks of various systems. consumers have a right to be concerned about new technology but i'm hopeful that today's conversation will showcase some of the great strides in technology that we've made and what its future can look like. mr. mueller, the number of smartphones in the u.s. continues to grow and obviously mobile payments are increasing in popularity. over the course of paypal's involvement with mobile payments, what's been the largest keys to consumer adoption? and what have been your biggest challenges? >> so, certainly one of the keys is the one you mentioned, which we certainly can't take credit for, but is the proliferation of smart phone and the affordable smartphone through the work of the handset manufacturers and the mobile carriers and that's probably -- that's the baseline for all adoption that we've been talking about.
3:11 pm
and then really there is just the passage of time. as we've seen with other payments devices, professor hughes mentioned the atm card, the credit card, the debit card as a purchase device. consumers get comfortable through word of mouth, through -- there's always early adopters and that's one of the things we're lucky to have in the u.s. is people who are eager to try new things. and if it works for them, to spread the word. so, and then ultimately another important factor has been the merchant adoption and getting the merchants to realize this is something that's good for them as well. it creates a good experience for their buyers and ultimately more transactions for them. and so just that extra nudge from some of the merchants to encourage their consumers to try
3:12 pm
their app on the mobile phone. that can be the deciding factor for many consumers. >> and you also, you know, you obviously describe when you started up you called it an early form of tokenization, very, like, 50,000-foot level, can you just briefly describe how your security methods have evolved over the years from, you know, 16 years ago to today? i know we can talk hours about it but -- >> well, so the first -- as i said, the basic component in what we were referring to as that early form of tokenization is just not -- not creating a process where the merchant receives the card number in the first place. so, with paypal they receive news of the payment in the form of either an e-mail or for some more advanced merchants they might receive an automated notice to their systems or they can just go look at their account to see that the payment is there.
3:13 pm
but in any case they're not receiving the consumer's card or bank account information to start with. so, that's a similar concept to what tokenization is now achieving more broadly. that, of course, makes it inc incumbent on us, we are receiving the account information, to protect that account information. we had the food fogood fortune of our founders was a -- and still is a computer security expert and designed the system in a solid way, and, of course, as i said earlier continuing to make investments on that foundation for both encryption of the data and limited access even by employees to the data. >> well, mr. ahn, some of the security concerns i've heard raised with the nfc mobile payments have been eavesdropping
3:14 pm
and data manipulation, relay attacks and device thefts. can you describe if they are real concerns or perhaps misconceptions? >> some are real and some are misconceptions. the real concerns are related to device theft and loss. they relate to replay attacks. there are a number and a host of ways that fraudsters can steal information. and our job is to be ever vigilant and put the best and most advanced security features in cooperation with our partners wish issuing banks, the visas, mastercards of the work and networks and make sure we have as much fortification as possible. with respect to samsung pay, we've looked at every possible angle of security and it starts at the baseline level and moves all the way up. we are very, very concerned about security. as a matter of background, samsung is one of the most respected brands around the world. we have a very strong
3:15 pm
relationship with a large base of consumers. that relationship and trust and brand is sacrosanct to us. we will not jeopardize it. when we think about what we put into market, we will index heavily towards security. and yet, as a viable consumer solution, we have to have it usable and simple and so that's our challenge and our burden to bear, and so we take that very seriously and we'd be happy to share additional information in more detail. >> thank you, mr. chairman, for your leniency. i yield back. >> thank you very much. congresswoman brooks. >> thank you, mr. chairman. this past august i had the opportunity to visit tanzania, africa, where i saw the majority of the population utilizing mobile payments. and paying for everything from cabs to our -- to a dinner tab to the hotel stays and so the mobile payment technology i think is incredibly advanced in africa.
3:16 pm
and we know that a large part of sub-saharan africa, traditional banking's been hampered by a lot of infrastructure problems and transportation. and we now know that so many people over worldwide approximately, approximately 2 1/2 billion people don't have bank accounts at institutions and as professor hughes touched on it's allowing these communities to provide for the unbanked and the underbanked individuals and businesses to conduct business. and so i'm curious, though, how it is that africa in many ways has leapfrogged over the united states in using this technology. and it was being used in the smallest of shops and to the large hotels. and so i'm curious particularly for anyone with any -- with companies with the international background, how and why did that happen? mr. ahn, and what should we be
3:17 pm
thinking about in seeing that, you know, other countries -- and i'm talking about visiting with people in huts and that didn't even have significant access to electricity at times. and so a lot of them were charging their phones with solar-powered devices and so forth. but how is it that africa has i think advanced so much faster than we have? >> so, congresswoman, one thing i would add is the examples in africa highlight that necessity is the mother of invention. in africa the financial institutions and the infrastructure for typical banking is at such a state of underdevelopment that those in need of payment, remittance, access to funds needed to find some other way to move money around, pay each other and to conduct commerce. and so these payment solutions in kenya and other leading
3:18 pm
applications leapfrogged the need for established banking institutions in such a way to create viable payment commerce. and i think the relevant piece of what we've learned in developing countries for us is the question the congressman asked earlier with respect to how we serve our underbanked populations and provide access to as many people as possible for these payment solutions. for us, our view is that mobile changes everything. mobile does not tie you down to location or place. as ms. hughes was saying, you can at your own time, at your own choosing of locations conduct transactions and services are important to you and have access to a more even playing field as opposed to being tied to time and place. as mobile is coming into the picture we believe our job now is to then open up access to the services and solutions that we can make an impact for consumers. the way we think about it is we have a large device footprint. we want as i mentioned in my
3:19 pm
testimony, we have plans to continue to evaluate broader ways to provide samsung pay on more devices. one very easy way to do so is when previous generation phones are in market, they come down in price point making it more accessible for different consumers. in addition, we know from our own data that samsung as an oem has one of the highest percentages, if not the leading percentage, of share of market in underserved populations as well as lower-income populations. and then on top of all of this the way we've constructed our solution is to be -- to open our doors for all payment types. what that means is that we can support credit cards, debit cards, prepaid cards, we will roll out in the near future gift cards. we have every opportunity for any payment instrument in any tender type to be usable on our device, so that's how we think about this. >> thank you. and, professor hughes, i'm curious what you believe the
3:20 pm
impact is going to be for this type of payment method for the, you know, is there going to be any burden of entry for entrepreneurs who are just, you know, starting businesses? or do you think this will be beneficial to them? >> oh, congresswoman brooks, i think this is -- >> mike. >> oh, i did it. it just didn't happen. thank you. i think this is a boon to small business. i think as i mentioned earlier it's a boon to farmers markets and artisans and music festivals as we have in bloomington, indiana, and arts organizations and charitable causes around the country. i think particularly for smaller businesses, this is an enormous advantage because it will allow them to take payments that they may not have been able to take before in a speedy and secure environment. and i think that we should be optimistic about the future of mobile payments and their ability to serve underbanked, unbanked, and small business.
3:21 pm
>> thank you. thanks for your testimony, i yield back. >> thank you. mr. olson? >> i thank the chair. and welcome to our witnesses. i have a challenge for you, mr. ahn and mr. mueller. in preparing my questions for this morning, this testimony, i relied on advice from people here in d.c., lots of folks back home, and two of my own personal experts, my two teenagers. my 18-year-old daughter and my 15-year-old son. they are all about mobile. that's all they know. and they're current and future consumers, big consumers. so, mr. ahn, can you explain how your mobile technology works that i can show my daughter and my son, explain to them, so they
3:22 pm
can explain to their friends, hey, samsung has a great vision, what can i say to my kids? how can you explain it in english? >> so, apparently the previous testimony was -- >> it was good. but it's good for d.c. i want my kids to understand this because they're the future. >> i think for kids, the young poplation is an important demographic to follow what they do and what their habits are, are leading indicators of what new consumer trends will be. for them what's important is the ability i think to focus their life around services and goods that revolve around the mobile device. our view is that we want a future where consumers have the ability to pay in a store, offline, inside an application, an app, let's say in uber, or in a mobile web context. anywhere you are in any space that you are, we want you to be able to pay with the secure credentials that you've loaded. so, we have that opportunity as we build out our product roadmap. what a samsung phone allows you to do is take a credit card or
3:23 pm
debit card or any other payment instrument, put it into the phone and make a secure payment at the terminal. over time we expect to create more intelligent services that create more consumer impact, things that we can't discuss today. but over time we expect the ability to pay in a secure method with a phone allows you -- allows us to open the door for new innovations that will have a direct impact for them. >> is there any -- i left personal identifying information after a transaction with your mobile system? >> there's no pii except you do know the phone belongs to a certain user. the traditional information is already there. but no additional information is left. >> mr. mueller, same question, explain to my kids how does paypal's system work and is there any pii involved after the transaction? >> so, paypal's system, you know, works somewhat differently or it's not tied as closely to the physical device. it does involve working through an account that has to be set up
3:24 pm
to start with. either by the individual themself, if they're over 18, since that's one of our rules. or by their parents. we do offer a student account capability where the parents can control an account on behalf of the student. but there is that initial stem of setting up an account. once the account is set up, we then have a broad network of merchants that the user can access through their mobile device, through their laptop or other kinds of device. so, it becomes very easy to make that payment once that initial stem of s stem of setting up the account. >> any pii left over after the transaction with paypal's system? >> the pii is something that is kept only by us, so we do have it and we do have the information. and the merchant has what they need if they're shipping
3:25 pm
physical goods, inevitably that means they need a physical address to ship it to. but really that's the extent of the information. >> and you're the new kid on the block. how does currency envision its testing phase and would you explain how your mobile technology works to my daughter and son? >> yeah, we have some pretty cool technology. >> i like it already, the word "cool." >> that will helpfully help ease the path. we have pay-it table and the frustrating experience when you are sitting in a restaurant and you want to pay your bill and you are waiting for the server to come over and pay the bill we allow you to scan a qr code on the receipt pay and leave without having to do that. we allow you to stay in your car when it's 100-plus degrees in texas and pay from the comfort of your car. >> thank you. >> and we allow you to pay at the drive-through without handing a card to the person on the other end.
3:26 pm
the phone when you pay in the drive-through is pinged with bluetooth. and a pii was the other question. >> that's a yes, ma'am. how do you guys plan on protecting that? do you have anything leftover? >> like mr. mueller, there is some pii involved. however, we do not pass any financial information through the transaction, so we use tokenization, everything from a financial perspective is tokenized and enscripted which means no financial information is stored on your phone so should your phone be stolen or hacked or taken by someone nefario nefarious, nothing can be done with it. >> thank you, my time is up. my kids will be happy. >> thank you, mr. olson. mr. welch? >> very good. is there anyone else who would like to ask questions? thank you. i thank each of the members of
3:27 pm
the panel for participating. i think this has been a very interesting and informative hearing. before we conclude, i include the following documents to be submitted for the record by unanimous consent. statement from the electronic transmission association. a statement from the national association of convenience stores and the society of independent gasoline marketers of america. and a statement from the national retail federation. does the ranking member have anything that should be included in the record? >> i don't, but i approve of those inclusions. >> thank you. pursuant to committee rules i remind members that they have ten business days to submit additional questions for the record. and i ask that witnesses submit their responses within ten business days upon receipt of the questions. without objection, the subcommittee is adjourned.
3:28 pm
on the next "washington journal" former nsa general counsel stuart baker and the american civil liberties union discusses nsa changes to collection of phone records and how they affect information gathered in terrorism-related cases. then physician dennis cardone of new york university talks about sports-related concussions and what's being done to protect athletes in schools and in the pros. and after that supreme court reporter david savage previews upcoming cases before the high court including ones on redistricting and affirmative action. plus your phone calls, facebook comments and tweets. "washington journal" live at 7:00 a.m. eastern on c-span. every weekend on "american history tv" on c-span3, 48 hours of programs and events that tell our nation's story. saturday morning beginning at 11:00 eastern we're live from
3:29 pm
historic colonial williamsburg bringing you scenes from the 1770s the eve of the american revolution with reenactments of revolutionaries and british loyalists mingling on the streets. we'll also tour the governor's palace and virginia capitol building. and throughout the day we'll take your calls and tweets on "road to the white house rewind" we'll hear the aspirations of presidential hopefuls from 1987 former defense secretary donald rumsfeld shares his thoughts about running from manchester, new hampshire. from 1994 dick cheney explores his possible run in the 1996 presidential race. >> i used to think of it as a political calculation. you'd sit down and look at the landscape and try to figure out who else was going to run and what your prospects were. the more i think about it, the more it becomes a personal decision rather than a political decision. >> and later at 11:30 on on "lectures in history"
3:30 pm
edwardsville history professor robert paulette on the sugar trade and its impact on race and slavery in the 1600s. >> sugar was one of the main motors of the slave trade in the americas. 75% of all africans brought to the americas in the 1600s were brought to areas where they were growing and making sugar. it was a huge business. it was some scholars argue the first industrial enterprise in the western world. >> "american history tv" all weekend, every weekend, only on c-span3. up next the house judiciary committee held a hearing on e-mail privacy. members heard from government officials and a representative from google about the e-mail privacy act which would require the federal government to provide a warrant when asking companies to turn over consumer e-mail records.
3:31 pm
this is about 2 hours 15 minutes. >> good morning. the judiciary committee will come to order and without objection the chair is authorized to declare recesses of the committee at any time. we welcome everyone to the hearing on hr-699 the e-mail privacy act and i'll begin by
3:32 pm
recognizing myself for an opening statement. today's hearing examines hr-699, the e-mail privacy act, and the need to modernize the electronic communications privacy act or ecpa, in enacting it nearly 30 years ago congress declared the law's purpose was to achieve a fair balance between the privacy expectations of american citizens and the legitimate needs of law enforcement agencies. reforming this decades-old, outdated law has been a priority for me as chairman of this committee and i've been working with members of congress, advocacy groups and law enforcement for years on many complicated nuances involved in updating this law. i am pleased to now hold this important hearing to examine the leading reform proposal in the house, hr-699, and to examine in more detail the nuances congress must consider in updating this law. while technology has undoubtedly outpaced the law in the last
3:33 pm
three decades, the purpose of the law remains steadfast. i am confident that congress will once again strike that balance and do so in a way that continues to promote the development and use of new technologies and services and create a statutory framework that will modernize the law to reflect how people communicate with one another today and in the future. ecpa reform has broad, sweeping implications. ecpa and more specifically the stored communications act governs federal, state, and local government access to stored e-mail, account records, and subscriber information from telephone, e-mail and other service providers. ecpa not only applies when law enforcement seeks information in a criminal information, but also in civil investigations and for public safety emergencies. hr-699 at its core establishes for the first time in federal statute a uniform warrant
3:34 pm
requirement in criminal investigations regardless of the type of service provider, the age of an e-mail or whether the e-mail has been opened. i support the core of hr-699 which would establish a standard that embodies the principles of the fourth amendment and reaffirms our commitment to protecting the privacy interests of the american people. however, our adherence to the fourth amendment should not end there. congress can ensure that we are furthering the legitimate needs of law enforcement through ecpa reform by joining with the warrant requirement, recognized exceptions and procedures designed to further the legitimate needs of law enforcement. one of the goals of this legislation is to treat searches in the virtual world and the physical world equally so it makes sense that the exceptions to the warrant requirement and the procedures governing service of warrants should be harmonized. it's well settled law the government may conduct a search
3:35 pm
in the an sense an sense absenc in certain conditions. the stored communications act, however, created a framework unique to the electronic world in which even in an emergency or with the consent of the customer disclosure of e-mail content or even noncontent records is voluntary at the discretion of the provider. it is also well established law that a search warrant must be served at the place where the search or seizure occurs. for three decades ecpa warrants have been executed with the provider because, as with any other third-party custodian, the information sought is stored with them. hr-699 would now require the government to also serve the warrant directly on the criminal suspect. a proposal which has raised serious public safety and operational concerns across the law enforcement community.
3:36 pm
congress should also continue to ensure that civil investigative agencies are able to obtain electronic communication information for civil violations of federal law. courts have routinely held that subpoenas satisfy the reasonableness requirement of the fourth amendment. unlike a warrant, which is issued without prior notice and is executed often by force with an unannounced and unanticipated physical intrusion, a subpoena commences an adversarial process during which the person served with the subpoena may challenge it in court before complying with its demands. the stored communications act currently authorizes the issuance of a subpoena directly to the provider, albeit with a requirement that the government notify the customer. but, congress can go further to ensure that ecpa satisfies the fourth amendment by requiring that any civil process authorized by the law begin with service of a subpoena directly
3:37 pm
on the customer. in this context the customer is provided notice and the opportunity to contest the subpoena. enforcement of the subpoena through a court order issued by a federal judge that protects the rights and privileges of the customer while ensuring that evidence of illegal activity is not insulated from investigators would afford heightened protections beyond that which the courts have deemed necessary to comport with the fourth amendment. congress has enacted laws that impose penalties for certain conduct, sometimes criminal penalties and sometimes civil. we have established federal agencies to enforce these laws with the tools necessary to carry out that enforcement. congress should ensure that in its efforts to modernize ecpa we do not eliminate access to evidence of violations of federal law simply because congress chose to make those violations punishable by civil penalties. i want to thank our distinguished witnesses for being here today, and i look
3:38 pm
forward to hearing from each of you on hr-699 and how to properly balance the privacy expectations of american citizens and the legitimate needs of law enforcement. and i look forward to working with all members on both sides of the aisle to modernize the electronic communications privacy act. it is worth noting today that we also plan to hold a separate hearing in the future on the issues surrounding law enforcement access to information located on servers outside the u.s. as with the broader topic of ecpa reform, that is an issue with many nuances that we need to carefully examine. i would now like to ask unanimous consent to enter the following items into the record. a statement dated december 1, 2015, from the department of justice. a letter from the federal bureau of investigation agents association dated november 24, 2015. a letter from the national association of police organizations dated november 30,
3:39 pm
2015. a letter from the association of prosecuting attorneys dated november 24, 2015. a letter from the virginia association of commenwealth attorneys dated july 10, 2015. a letter from the technology counsels of north america dated november 30, 2015. a statement from americans for tax reform dated december 1, 2015. a coalition letter signed by tech freedom and other coalition members dated november 30, 2015. without objection, the items have been entered into the record. it's now my pleasure to recognize the ranking member of the judiciary committee the gentleman from michigan, mr. conyers, for his opening statement. >> thank you, chairman goodlatte, members of the committee and our honored witnesses here for the hearing. and those who are in 2141 to
3:40 pm
participate in the listening of this very important measure. hr-699, the e-mail privacy act, enjoys, i'm pleased to say, the overwhelmingly bipartisan support in the house. -- 191 republicans, 113 democrats, and 27 members of the house judiciary committee. now, what do all of these members have in common? first of all, we agree that the electronic communications privacy act is outdated and provides unjustifiably inconsistent standards for government access to our stored communication.
3:41 pm
this statute continues to serve as one of the main guarantees of our digital privacy. but the law was designed in 1986. when few of us used e-mail and even fewer imagined a world in which we could so freely share information online. the consequences of applying a 30-year-old understanding of technology to modern communications are inconsistent at best. for example, the law seems to apply different standards for government access to the same e-mail at different points in its life cycle. when it's drafted, when it's transmitted, when it's opened by its recipient and when it is archived in the cloud. we are not welcome served by a
3:42 pm
law whose application is unpredictable and that the courts have had great difficulty in interpreting. because of the rapid pace of technological change, this situation will only get worse if we do not act. secondly, the sponsors of this bill agree that the government should be obligated to show probable cause before it can provide a provider -- before a provider to disclose the content in its customer's mail, no matter how old the message is. this standard is consistent with the holding of the sixth circuit court in the warshak case in 2010. that case motivated the department of justice to
3:43 pm
voluntarily adopt a warrants for e-mail standard. it also effectively ended the unconstitutional use of subpoenas to compel third parties to produce content in civil enforcement actions. current law requires the government to show probable cause and obtain a warrant only for e-mail that has been in storage for 180 days or less. but the government can use and subpoena for the same e-mail if it's stored for one day longer. this is no longer acceptable to most americans. as the sixth circuit rightly observed, citizens have the same reasonable expectation of privacy in their e-mail before and after the 180-day mark. and as the department of justice
3:44 pm
testified soon thereafter, there is no principal basis to treat e-mail less than 180 days old differently than e-mail more than 180 days old. thirdly, the sponsors of hr-699 all agree that current law is not adequate to protect new forms of digital communication. content is content. our expectation of privacy does not diminish merely because congress didn't think of the medium when it last visited this statute. the law should protect electronic communications across the board, e-mail, text messages, private messages of all sorts, and other forms of digital information stored in the cloud.
3:45 pm
finally, the sponsors of this bill agree that we must act without delay. we have an obligation to provide clear standards to law enforcement with respect to emerging technologies. we should also recognize that american businesses cannot sustain these new technologies if consumers cannot trust them. as the committee takes up this bill, we should ensure that it does not conflict with the basic notion that the government seizure of our e-mail without a warrant violates the fourth amendment. but we should note that this principle has already taken hold across the federal government?/. the department of justice already uses warrants for e-mail in criminal cases.
3:46 pm
the government stopped using lesser process in the civil context years ago. in short, mr. chairman and members, this legislation accomplishes two vital tasks. it updates the statute for modern use, and it does so without any significant interruption to law enforcement. we should all come together on this bill as soon as possible, and i want to personally thank the witnesses for being with us today and for their testimony. i urge my colleagues to give this measure their full support. and i thank the chairman. >> thank you, mr. conyers. and before we swear in the witnesses, i'd like to recognize the presence of the chief sponsor of the legislation, the gentleman from wisconsin, mr. yoder. thank you for being with us
3:47 pm
today. kansas. kansas. kansas. the gentleman from wisconsin says he'll take you. we welcome our distinguished witnesses today, and if you would all please rise, i'll begin by swearing you in. if you'd please raise your right hand. do you and each of you swear that the testimony that you are about to give shall be the truth, the whole truth, and nothing but the truth so help you god? thank you very much. and may you please be seated, and let the record reflect that the witnesses have responded in the affirmative. mr. andu seresni is the director of the enforcement division at the united states southeastern conference where he has served since 2013. prior to joining the s.e.c., he served as the assistant united states attorney in the u.s. attorney's office for the southern district of new york where he was a deputy chief appellate attorney and a member of the securities and
3:48 pm
commodities task force in the major crimes unit. as a prosecutor he handled numerous white collar criminal investigations, trial and appeals, including matters related to securities fraud, mail and wire fraud, and money laundering. he is a graduate of columbia college and yale law school. mr. steven cook is president of the national association of assistant u.s. attorneys. he currently serves as the chief of staff of the criminal division of the u.s. attorney's office for the eastern district of tennessee. he has been an assistant u.s. attorney for 29 years. in this capacity, he has worked in the organized crime, drug enforcement task force and the general crime section where he handled white collar crime, fraud and public corruption. he also served as the deputy criminal chief in the narcotics and violent crime section. prior to joining the u.s. attorney's office mr. cook was a police officer for seven years in knoxville, tennessee. he earned a j.d. from the university of tennessee. mr. richard littlehail is the
3:49 pm
assistant special agent in charge at the tennessee bureau of investigation. in addition to his duties, he serves as an adviser and trainer in criminal law and procedure as well as the bureau's chief firearms instructor. mr. littlehale is a frequent presenter to community organizations on ways to protect children online. he's active in engaging the legal community on better ways to protect children from victimization. mr. littlehale received a bachelor's degree from bowden college and a j.d. from vanderbilt university. mr. chris calabrese is the vice president for technology where he serves as the center's -- where he oversees the center's policy portfolio. before that he served as legislative counsel at the american civil liberties union legislative office where he led advocacy efforts relating to privacy, new technology and identification systems.
3:50 pm
prior to joining the aclu chris served as legal counsel to the massachusetts senate majority leader. chris is a graduate of harvard university and holds a j.d. from the georgetown university law center. mr. mr. richard salgatto is the director of law enforcement and information security at google. he oversees the global law enforcement and national security efforts and legal matters relating to data, security and investigation, previously mr. salgatto worked with yahoo and served as senior counsel in the computer crime section in the u.s. justice department. he specialized in computer network crime such as hacking, denial of service attacks, malicious code and other technology driven privacy crimes. in 2005 he joined stanford as a legal leg error on computer crime. internet business and legal policy issues and modern surveillance law.
3:51 pm
he received his jd from yale law school. mr. paul rosenswieg is the founder of red branch consulting. a homeland security consulting company and senior adviser to the chertoff group. served in the department of homeland security and a distinguished visiting fellow at the homeland security studies and also serves as a lecturer in law at georgia town university, a senior editor of the journal of national security law and policy and as a visiting fellow at the heritage foundation. he earned a bachelor's degree, a master's from scripts institute of ocean agofy and jd from the university of chicago law school. written statements will be enter into the and we ask each of you
3:52 pm
summarize your testimony to help you stay within the time there's a timing light on your table. when the light switches from green to yellow, one minute to conclude your testimony. when it turns red, time is up and it signals your time is expired. am i pronouncing your name correct correctly? >> you are. >> thank you. you may begin. >> good chairman and members of the committee. thank you for inviting me to testify today on behalf of the commission concerning e-mail privacy act, hh-699. the bill seeks to modernize portions of electronic communications ecpa which became law in 1986. i share ecpa's evidence collection procedures to account for the digital age. but hr-699 in its current form poses risks to the public by impeding the ability of the fcc and other civil law enforcement agencies to uncover financial
3:53 pm
fraud. i believe there are ways to update ecpa that offers stronger privacy protections and observe constitutional boundaries. the sec's admission is to protect investors. maintain fair markets and facilitate capital formation. the division of enforcement furthers its mission by investigating potential violations of the federal securities laws, recommending the commission bring cases against alleged frauds and litigating the enforcement actions. a program is a critical piece to protect investors and promotes confidence in the integrity of the nation's securities markets. electronic communications provide critical evidence in our investigations as e-mail and other message content can establish timing, knowledge or relationships in certain cases or awareness that certain statements to investors were
3:54 pm
false or misleading. when we conducted an investigation we will seek e-mails and other lurk tronic communications from the key actors through administrative s subpoena. in other cases the sup peenia recipient may have erased e-mails, or refused to respond. individuals who violate the law are reluctant to produce to the government evidence of their own misconduct. e-mail account holders cannot be subpoenaed because they are beyond our jurisdiction. we may in some instances need to seek information from an internet service prider also known as an isp. the proposed amendment would require government entities to procure a criminal warrant when they seek the contents of e-mails and electronic communications from itp's. because other civil law enforcement agencies cannot obtain criminal warrants we would not be able to gather evidence including
3:55 pm
communications such as e-mails regardless of the circumstances even at instances where a subscriber deleted e-mails, related hardware was lost or damaged or the subscriber fled to another jurisdiction. depriving the sec authority from an isp would have recipients less forthcoming because an individual who knows that the sec lacks the authority to obtain his e-mails must feel free to destroy or not produce them. these are not abstract concerns for the investors we are charged with protecting. among the type of scams are poncecy schemes as well as insider trading activity. illegal acts are particularly likely to be communicated via personal accounts and parties more likely to be noncooperative in their document productions. technology has evolved and no question that the law ought to evolve to take account of advances in technology and
3:56 pm
protect privacy interests even when significant law enforcement interests are also implicated. but there are various ways to strike a balance between those interests as a committee considers the best way to advance this important legislation. any reform to ecpa can and should afford a party from whose information is sought, an opportunity to participate in judicial proceedings before the isp is compelled to produce this information. indeed when seeking e-mail content from isp's in the past the division provided notice to account holders in keeping with longstanding and just recently supreme court precedent. if the legislation were structured the individual have the ability to raise with a courtney privilege, relevancy or other concerns before the communications are provided by an isp, while civil law enforcement will maintain a limited avenue to access existing electronic communications in appropriate circumstances from isp's.
3:57 pm
such a proceeding would offer greater protection to subvibers than a criminal warrant in which subscribers receive no opportunity to be heard before communications are provided. we look forward to discussing with the committee ways to modernize ecpa without putting investors at risk and impairing the fec. i'm happy to answer any questions you may have. >> thank you mr. cook. welcome. >> chairman, and members of the committee. thank you very much for giving me the opportunity to address you and give you the perspective of career prosecutors with respect to hr-699. let me get right to it. the importance of the sca to the law enforcement community cannot be overstated. at issue are records of contact and communication by internet and cell service pro voiders to understand the importance of these records to the law enforcement world i would ask you to pause and think for a
3:58 pm
minute about how these powerful resources are being used in the criminal world. child predators troll the internet 24/7 for children to lure them away from their parents and homes. purr vaers of child pornography often of graphic pictures of children being sexually molested sell those images across the internet. terrorists boast of their horrific crimes posting pictures of those online and international drug dealers, and others involved in organized crime communicate with c coconspirators through e-mail and text. when you realize how pervasive this technology is you quickly realize the evidence covered by the sca is central to our ability to solve every type of crime and our ability to access this information covered by the sca and to access it quickly can
3:59 pm
literally mean the difference between life and death. the difference between recovering a child alive and returning her to her parents instead of the child being the victim of a predator determined to commit unspeakable crimes. even beyond the critical role of stopping crimes in progress and rescuing victims evidence covered by the act is often central to the search for truth in our courts and our ability to bring those most dangerous in our community to justice. here are the problems with ecpa and both the opening statements by the chairman ranking mesh. ecpa were enacted in 1986, before much of this technology was in use. before any of us had any idea of its capabilities and to continue to use a statutory framework with definitions enacted before any of this technology was known is simply not workable. it does not fit. that brings me back to hr-699.
4:00 pm
we would submit the extension of the fourth amendment protections to e-mail and texts in storage over 180 days. we can all agree but the bill goes much father and we submits demonstrates a need for a comprehensive not piecemeal reform. in my testimony i have addressed a number but by far not all of the concerns that we have. i would like to highlight two places where this bill creates or perpetuates limitations on law enforcement that far exceed those imposed anywhere else in law. burdens greater than those related to the search of a home. burdens greater than those related to the search of a body cavity. while the e-mail privacy act expands and imposes a warrant requirement to compel disclosure of e-mail or text, the statute does not recognize any of the well established except


info Stream Only

Uploaded by TV Archive on