Skip to main content

tv   Politics and Public Policy Today  CSPAN  April 20, 2016 9:00am-2:16pm EDT

9:00 am
>> do you personally believe veterans would be armed by their care and association with service dogs? >> i do not know the answer to that question. >> but you have a lot of experience and serving and you're a doctor of veterinary medicine, you've handled a lots animals in your life. i want to know since you came as an expert testifying before congress, i'm just curious of your personal opinion? reluctant. >> do you believe veterans will be armed by their care and association with service dogs. >> it could effect the study. i would prefer not to do that. >> well, i think that's telling and i appreciate for you being loyal to veterans administration, but i think we have a greater responsibility as a nation to be loyal to combat veterans and those who suffered a great deal.
9:01 am
i've handled the flesh and blood and battle to include iraq and afghanistan. i've dealt with a lot of the issues that we're discussing here today as a veteran's advocate before entering a career in politics, i guess if you call it a career, i've even assisted and helped place service dogs with veterans and have seen dramatic results. you know, whether that is a placebo effect or whether it's reality, i can tell you that the results have been remarkable. but here is what i also know, opiad abuse is tragic indictment on the veteran's administration. many veteran suicide i think are misdiagnosed. it's not unlikely for a soldier to drink a beer, now he's prescribed on oxy cotton and percocet, he diminishes himself
9:02 am
to a low state. he doesn't breathe any more and family finds him in the morning and well like, gee, rustle didn't have any indication that he had any problems, he was talking about going fishing this weekend and now he's dead chalk him up as a suicide. here we have an opportunity to do good with a low risk, if the price of that is two dog bites i think we can do that. and i also think that the expense of a dog is far cheaper than years and years of addiction. we are legalizing heroin in this country and we're using our veterans as the number one scientific lab of opioid abuse. it really angers me and i've been prescribed percocet, o oxycontin and tell you this, i quit cold turkey on it because i
9:03 am
would rather have clear pain than deal with a drug addiction and depression. i think we're not being intellectual honest here, and whether the doctor would like to give his professional opinion if you can't speak to the medical side or yourself, give me one good reason why we should not be given this absent already opinion of further study. >> stand and raise your right hand. do you swear the testimony you're about to give is the truth, the whole truth and nothing but the truth so help you god. >> i do. >> witness answered in the affirmative. >> if you can do your microphone, sir, and thank you for being here. thank you very much for the question. first of all, i think we're
9:04 am
mistakenly confusing a couple of issues. they aren't used to treat ptsd. a lot of folks also have chronic pain conditions and they may have started the pain medication to treat the pain. but they're not used by v.a. to treat ptsd. we also monitor prescribing practices and send in experts to facilities where we think there's some missed practice going on in an attempt to correct it. we also -- as you may know, we have the rescue kits that now are being put in the hands of every veteran who has been priored opiod. this is also a very personal issue for me. my sister died of an unintended overdose, i take this very seriously, but it's not part of our ptsd discussion. >> well, and appreciate that and thank you, sir, for your
9:05 am
insight. >> before you go to your next question, can you state your full name for the record so we have. >> dr. chris crow. >> okay. thank you. >> and your title? >> senior mental health consultant and liaison to defense centers for excellence for psychological health. >> i appreciate your patience with being put on the spot. i understand you did come here, as well, today. this is a real issue and i don't believe anybody here doesn't have concern and care to do the right things. but would you also, in your professional opinion, acknowledge that those that deal more than likely with ptsd issues are also liable to be suffering from some sort of pain due to their service? so these two are associated together, would you agree with that? >> not necessarily. you know, i think it would occur in many people, folks who have been deployed have many
9:06 am
opportunities for injury and comes back with muscle skeletal pain. pain medicine are never used to treat ptsd. >> well, and i will take you at your word for that. but i will also absolutely put it to you that people suffering from ptsd are often drugged in a great deal of medications, you know, with the basket load of issues and problems and being good soldiers or sailors and airmen and marines they take their medications, they follow the doctors orders. mr. chairman, i have exceeded my time, but i would like to say, these programs, there's far more evidence that they work than they don't. there's an awful lot of evidence that we're not doing a very good job with our treatment of ptsd and that we have a lot of
9:07 am
veteran suicides, i believe, personally, just from observation, i only come as a combat veteran. i'm not a doctor. i've just fought for a living. so what i would tell you is, we are not meeting those types of issues and we are trying to drug our veterans, send them off to some clinic, rather than get them engaged in something productive and with your indulgence, thank you mr. chairman, i yield back my time. >> the chair now recognizes the gentleman from georgia, mr. keis for five minutes we'll have dr. fallon come back and resume his spot on the witness stand. >> thank you very much, mr. chairman. dr. fallon, do you have any idea how the v.a. is recruiting qualified veterans for the study? >> the veteran participants, sir? the folks -- >> right. >> yes, sir. they're recruited through each of the three medical centers,
9:08 am
the flyers and presentations to mental health clinicians. >> is there currently a waiting list of qualified veterans who would like to participate? >> there is a waiting list at one of our sites, portland, oregon site we've had particular problems in recruiting qualified dog trainers for that site. we now have one trainer that has -- that is on -- it is working now. >> how large is the waiting list? >> i cannot say for sure. i would say it's probably in the range of maybe 20 people, perhaps. >> and this is at one facility or -- >> one facility, yes, sir. >> so are you saying that the personnel at va medical centers are aware of this study and are actively engaged in informing veterans of the potential of having a service dog.
9:09 am
>> yes, i would definitely say that. it's very popular topic of interest with our veterans. >> does the va currently have any way to gauge the demand for the service dogs? we do not, sir. we do not have method of gauging demand for service dogs. >> is that under consideration? >> that would be outside of my purview, sir, i couldn't say. >> mr. diamond, let me come to you, how are qualified veterans referred to your organization? >> we've never advertised for veteran to come to our organization, they find us through word of mouth through the tight veteran community. when veteran applies to us, we have a 22 page application that we do, we do interviews, we do a thorough vetting process so that by the time the veteran comes to our campus after year after we applied. we know about them and are ready to bring them into our program. >> so you don't do any advertising, per se, it's all
9:10 am
word of mouth. >> absolutely. if we advertise, we would get inundated. we're pushing a two year wait list now. >> that's my point. that's where i was going. so the va doesn't seem to have a whole lot of information here, of course, it's not been their program, but you are actively involved in providing service dogs to veterans and you have a two-year waiting list. how many -- do you have any way of gauging what the need is? >> i wish we had the good measure. and since i'm under oath, i'm not going to di venture a guess. i do know for sure, the number of veterans that are referred to us from the va because a va treating physician says i don't have anything else that can help you, is increasing every day. >> absolutely. thank you for your service and your testimony. both are powerful and we deeply
9:11 am
and in heart felt way say thank you for what you have done for our country. how did you find out that service dogs were an option for ptsd. >> so, i actually have a personal friend of mine who had a service dog that he also had to acquire on his own and train. i'm not quite sure which organization he received his dog -- well, where he got his dog trained. but i knew that that was something that was an option that veterans could utilize and then when i went out to organizations, specifically, i went to organizations in texas because that's where i'm currently living, i got pretty much the same result that wait times were at least a year and i didn't feel as though i had that time to wait.
9:12 am
>> okay. your introduction came through personal friend. >> that's correct. >> okay. let me come back to you and my time is almost up. two-fold question. do you find the veterans struggle with a affording service dogs as a general rule and how do -- does your organization enable them to pair up. >> two pieces to that, the first is, that some of our veterans have reported back to us that they would rather make personal sacrifices than to not have -- to forego having a service dog. they do struggle. they're on fixed incomes, and therefore they do have difficulty paying for it. most of the veterans that we get could not independently pay to get a service dog out on their own. we've made a lot of partnerships with our corporate supporters, for example, health has put together a veteran of veterinarians to get free health care for the dog trying to work with pet source to get free dog
9:13 am
food. we do everything we can on the back end to make it free for the veteran, overwhelming veteran for them they would forego their own personal comfort to make sure they have a service dog. >> very good. >> thank you, mr. chairman. >> thank you, gentlemen. mr. lyle, what was your experience with the drugs? how did you get prescribed by the va? >> well, again, mr. chairman, when i took the health assessment, which was the preliminary, what they give you, i'm not sure of the timeline, but there is is timeline that the va is required to give that once you return state side. i then went to a va facility in fort worth and tried to use their system. i eventually met with a psychologist at the va hospital in fort worth and was prescribed the sleep aid and the
9:14 am
antidepressants. >> what was -- why did they do that, was it because of your symptoms? >> correct, when i returned, i was suffering from recurring nightmares and awould have acute anxiety attacks. i also just had difficulty with close interpersonal relationships as i mentioned previously, one of the side effects that goes largely unnoticed as post dramatic amongst military members but that also had effected me. it wasn't the direct cause of the divorce, but it definitely did not help in any way shape or form, so it was affecting my personal relationships, the nightmares, specifically, trained to recognize when i'm having a nightmare and she'll jump up in bed and lick my face to wake me up. that's one of the ways that she's assisted me in my
9:15 am
symptoms. i can further note that dog can give you a sense of purpose that a pill will not ever do, in the sense that there were many days i didn't want to get out of bed. i didn't have really anything to do, like, as i said, i didn't have a job at the time, wasn't currently enrolled in school and i didn't have any reason to. a service dog needs to be taken outside. they need to be fed. they give you a reason to get up and to be productive on a day-to-day basis and give you that small sense of purpose, again, that you can grow on and, again, i reiterate that that's something that pills did not do for me. >> so, because we had testimony before that this is not something the va is doing providing drugs. i guess you disagree with what was said, in your case. >> it's not something the va does, but in your instance, is that what they did.
9:16 am
>> well, my issues as a result of posttraumatic stress were recurring nightmares and i got a sleep aid as a result of those nightmares, so i would disagree with that. >> if you're down to 22,000, you're competent you'll be able to continue to reduce the cost of each dog? >> yes. our efficiencies are in the low 20s for next year. >> good. >> mr. feldman, what do you -- what is your recommendation for making the case, you're familiar with the research that's going
9:17 am
on. what more in congress do we need to find and present or do you think there's enough fact already in existence to justify moving forward. >> we're doing research and we'll come back and share the published research that we gave you a preview of today. a pilot program, as you've written into this bill, is a really good way to go because you've built in some evaluation, you've built in a report on that program as part of the legislation, so, it's a chance to continue studying, but also to help a lot of folks, so that's why we support it. >> great, well, look, at the end of the day, there has been a lot of anecdotal weapons, there's some evidence coming out in some of the literature. i would understand that would be a cautionary tale if there was somehow a negative side effect to this, but there's not. the worst case scenario we've made some veterans happy.
9:18 am
that's the worst case scenario, if there's a positive effect you're giving veterans a sense of purpose and i believe saving lives. i'll tell you, since we've been involved in this issue i've had multiple veterans come up to me and tell me they would have committed suicide, probably, but for being paired with a suicide. it's not often they probably would have done that. it really registers when you hear that. mr. lyle? >> this study that was done by the va, i will also note back in 2013 that indicated the average day that study was based on 21
9:19 am
states. the number tragically is higher than 22 veterans a day, that was just a side note. but i will also say since i've been doing this and i've been talking to members of congress, friends of mine, specifically in texas, because the cost barriers are so high to getting your own service dog and many veterans join the military to get that family, that sense of community when they get out they don't have it any more, they don't have the family support that i had to financially support that are endeavor. they go out and get a dog. i will note i believe it was mr. rustle who had congressman russell who had said earlier that just being around a dog.
9:20 am
i will argue that if you don't think a dog can be therapeutic and can treat certain symptoms to their posttraumatic stress, you probably have never owned or been around a dog. >> you want to go real quick and recognize mr. herd, if you're going to go, i'll recognize you. i'll recognize the gentleman from massachusetts. >> thank you, mr. chairman. the way this is structured under the chairman's bill, the key relationship will be the va and the contractor. mr. diamond and k-9 for warriors or any other group. the 2016 va report said that there was a problem with the va not getting out to the contractor location where the training was going on or to the home of the veteran with the dog and that -- and that broke down.
9:21 am
are we able to cure that defect in further studies, in existing studies. >> yes, ranking member. >> absolutely. the problem was we were relying on the service dog organization trainers to interact with our veterans and that resulted in us problems that develop, which is why we now mr. herd for five minutes. the votes have started, we've got mr. herd and other questions we have time for other members, too. >> thank you, chairman, and i would like to thank the distinguished gentleman for florida for having this panel. and i would like to thank mr. lyle for being here. he's from my alma mater, aggies, which has a long history of working with animals, everything
9:22 am
from texas task force one, which is one of the most active urban search and rescue teams you have. a student organization have called aggie guide dogs and service dogs which promotes the youth of service dogs, and we're also part of the network which includes the operation k-9. first i want to thank you for your -- there's a former officer in the cia, i had the honor of serving alongside members of militaries and familiar with the sacrifices that you and your family make and i know this is a life changing experience and has inspired you to give back to your community and i appreciate you for doing this. my first questions, though, are to mr. fallon. has the va reached out to any other organizations conducting similar studies? >> after the difficulties we had
9:23 am
with the pilot study, we did -- >> the pilot study from 2006. >> the pilot study that was started in 20111 and was suspended finally in 2012. we realize we had to change our study protocol. we actually visited major organizations like k-9 companions. >> let's start before that, why did the -- why did the va decide to reinvent the wheel rather than relying on some, you know, other organizations that have a history in doing this kind of thing? >> well, for the pilots, sir, we relied upon the organizations themselves, all of which professed to be very experienced and to be able to produce high quality dogs and unfortunately that did not turn out to be true. >> i don't even know where to go. there's so many questions. you know, why not reach out to d.o.d. and leverage some of the experience they have.
9:24 am
they had world class trainers and world class activities using dogs for all kind of services. >> how much money did the va spend in phase one to develop veterinary standards, which i've been told are no longer in use? >> i'm not sure the exact figure. it would be somewhere above one million, though. >> above one million or ten million? >> one million. >> the 12-million figure is entire phase one and phase two together. >> could that money have been saved the va had initially adopted dods veterinary standards. >> no, sir, it wasn't just the
9:25 am
veterinary standards. there were training standards involved and also follow up by the organizations dog trainers, all those things ended up to be a major problem. >> you're the chief. you're the chief veterinarian medical offices, correct? >> yes, sir. >> what proposals have you suggested to how to make sure we incorporate this into the va? >> into the studies, sir, or va? >> so that more veterans can get access to this type of care, the va. >> we were directed by congress to do this study and that's been my focus to do this research study. >> what's the best next action? >> to complete the study successfully? >> what's the next step that you need to take in order to make sure this gets completed? >> we're doing them now, sir. we've retooled. >> when is it going to be done? >> we expect the data collection to be complete by late 2018 and then the paper would be published there after. >> mr. lyle, i have a little bit
9:26 am
less than a minute, but if you can go over it if you so need, hopefully the chairman indulging my prerogative. anything that has not been discussed during this hearing today that you think is important to get out there? >> thank you, congressman herd. i think it's important to understand and to reiterate what i said, that a service dog not only will combat specific symptoms like kaya does from me from waking me up from nightmares, et cetera, et cetera. there's an effect that they give to you of providing a sense of purpose. when veterans get out, they get their mission, their purpose ripped away from them very very quickly. there's nonprofits have done admirable work in trying to
9:27 am
assist veterans in transitioning, but they're still struggling. i think the main reason is that they lose their sense of purpose and they lose their mission. they don't have anything driving them any more. and i think a service dog also provides that. i will just further note very quickly that, i've spent the last year doing this, trying to raise awareness about the issue, talk to members of congress, have been received very well, and it's taken me a year to do this funding all of this myself. we don't have until late 2018 to have this study completed and then understand the results and then try to have a program initiated at that point. 22 veterans a day are committing suicide. anybody that is okay with that number, i wouldn't say that anybody at the va is okay with that number.
9:28 am
but we have something that we know works. we have evidence that works now. and with 22 veterans a day committing suicide. i return to what i said in my opening statement, that is un n unconscienceble that we don't explore alternative methods of treatment. >> thank you. i yield back the time i do not have. >> gentlemen, time has expired. i would like to thank all of our witnesses to take the -- there's no further business, without objection, the subcommittee stands adjourned.
9:29 am
9:30 am
>> thursday the head of u.s. customs and border protection testifies that an oversight hearing of the senate finance committee. we'll have live coverage beginning at 2:00 p.m. eastern time here on c
9:31 am
span 3 and officials from apple and other tech companies along with witnesses testified at a house hearing about encryption technology. committee members asked about balancing national security and
9:32 am
privacy. this house subcommittee hearing is three hours and 15 minutes. >> good morning and welcome to the oversight investigation subcommittee hearing on deciphering the debate. we have multiple hearings going on today and tomorrow we have a hearing as well, you'll see people coming and going, especially for our witnesses you don't think it's chaos, we have members trying to juggle a lot of things at the same time. it is chaos, okay. i stand corrected. so, all right. we're meeting today to consider the deceptively complex question should the government have the ability to lawfully access encrypted technology in communications? this is the question of center of heated public debate cat liezed earlier this year when fbi compelled a court order to apple assist in unlocking cell phone used by one of the terrorist. this isn't a new question.
9:33 am
strong encryption has been there for decades. for years motivated individuals have had access to the tools necessary to conceal their activities from law enforcement and for years the government has repeatedly tried to limit the use of or obtain access to encrypted data. the most notable example occurred in the 1990s the development of encrypted communication equipment sparked fears that the government will lose its ability to conduct lawful surveillance. the nsa developed a new encryption chip. the chip would enable encrypted communications but also provide the government with key to access those communications if necessary. this so-called back door sparked intense debate between the government and technology community about the benefits and risks of government access to encrypted technology. one of the principle arguments that it would create vulnerability that could be exploited by actors outside of the government. this concern was validated when a flaw was discovered in the
9:34 am
chip's design. should note that one of the our witnesses today dr. matt blaze identified that vulnerability which made the government's back door more akin to front door. congress passed the communications assistance the law enforcement act called. collie ya addressed that rapidly involving to conduct lawful surveillance by requiring telecommunications providers to provide assistance in executing authority or authorize surveillance. however, the law included notable cave yacht whiat which e government's response. it ended period of relative quiet. what has changed in resent years to renew the debate? part of the concern is, once again, the rapid expansion of technology. at its core, however, this debate is about the widespread availability of encryption by
9:35 am
default. encryption has existed for decades until recently it was complex koum ber some and hard to use. it took effort and sophistication to employ its benefits for good and efl. but because of this, law enforcement was still able to gain access to the majority of the digital evidence they discovered in their investigations. but now, the encryption of electronic data was the norm, default. this is a natural response to escalating concerns both from government and consumers about the security of digital information. the decision by companies like apple and the messaging application what's app to provide default encryption means more than a billion people have the benefit of easy reliable encryption. at the same time, however, criminals and terrorist have the same access to secure means of communication and they know it and they will use it as their own mission control center. and that is the crux of the resent debate. access to secured technologies beyond the reach of law
9:36 am
enforcement no longer requires coordination or sophistication is available to anyone and everyone. it's becoming more dependent on the internet the availability is critical to personal economic and national security. therefore, while many of the arguments in the current debate may echo those of decades pass, the circumstances have changed and so, too, must the discussion. we can no longer be a battle between two sides a choice between black and white. we take that approach, the only out come is that we all lose. this is a core of public safety and epics it requires a very thoughtful approach. that is why we're here today to begin moving the conversation from apple versus the fbi or right versus wrong to constructive dialogue to recognize this is a complex issue that effects everyone and therefore we're all in this together. we have two very strong panels and expect each will make strong arguments about the benefits of strong encryption and the challenges it presents for law
9:37 am
enforcement. i encourage my colleagues to learn from these experts to better understand the multiple perspectives, layers and complexity of the issue. it's time to begin a new chapter, one of which i hope can bring resolution to the war. this process will not be easy. if it does not happen now, we may reach a time where it's too late and its success becomes impossible. for everyone calling on congress to address this issue, here we are. i can only hope moving forward, you'll be willing to join us at the table. i now recognize the ranking member from colorado. >> thank you, mr. chairman, and for holding this important hearing. issues surrounding encryption and particularly the disagreements between law enforcement and the tech community gain significant public attention in the san bernardino case. but i'm not particularly interested in relitigating that dispute today. as you said, mr. chairman, the conversation needs to be broader
9:38 am
than just that one case. let me state unequivocally that i like you and i think the rest of us here today recognize and appreciate the benefits of strong encryption in today's digital world. it keeps our communications secure, our critical infrastructure safe and our bank accounts from being drained. it also provides each one of us the significant privacy protections. but, also, like you i see the flip side of the coin. while encryption does provide these protections, it can also be used to obscure the communications of criminals and terrorist and increasingly great risk. it's our task to help find the proper balance between those competing interest. we need to ask both industry and law enforcement some hard questions today. last month the president said, for example, "we want strong encryption because part of us preventing terrorism or preventing people from disrupting the financial system is that hackers state or nonstate can't get in there and
9:39 am
mess around." but if we make systems that are impenetrateble or waterproof how do we stop criminals and terrorist. if you can't crack the system, president obama said, then everybody is walking around with a swiss bank account in their pocket. i've heard the tech community's concern that some of the policies being proposed, like creating a back door for law enforcement will under mine the encryption that everybody needs to keep them safe and as they remind us, a good -- a back door for good guys ultimately becomes a front door for criminals. the tech community has been particularly vehicle about the negative consequences of proposals to address the encryption challenge. i think many of these arguments are valid, but i've only heard what we should not do, not what we should do collectively to address this challenge. i think the discussion needs to include a dialogue about how to move forward.
9:40 am
i can't believe that this problem is entraptble. now, the same thing seems to be true from where i sit for law enforcement, which raises legitimate concerns, but doesn't seem to be focused on workable solutions. i don't promote forcing industry to go back doors or other sir couple vengss that experts will tell us under miechb security or privacy for all of us. at the same time, i'm not comfortable with spaces where criminals or terrorist can operate without any fear that law enforcement could discover, so what i want to hear today is from both law enforcement an industry about possible solutions going forward. for example, if we conclude that expansive work proof spaces are not acceptable in society, then what are the policy options? what happens if encryption is the reason law enforcement can't solve or prevent a crime. if the holder or the transmitter
9:41 am
of the data or device can't or won't help law enforcement with that? what are suitable options. the washington post reported that the government relied on great hackers to circumvent the san bernardino iphone, well, thank goodness, i don't think so. i don't think relying on a third party is a good model. this resent san bernardino case suggest that when the government needs to enhance its capabilities when it comes to exploring ways to work around the challenges by -- posed by encryption. i intend to ask both panels, what additional resources and capabilities the government needs to keep pace with technology. while providing government with more tools or capability would require additional discussions regarding due process and the protection of civil liberties. enhancing the government's technical kablt is one potential
9:42 am
solution that does not mandate back door. finally, the public, the tech community and the government are all in this together. and that's -- in that spirit, i do want to thank our witnesses for coming today. i hope -- i'm happy that we have people from law enforcement, academia and industry, i'm happy that apple came to testify today. your voice is particularly important because other players like facebook and what's app declined our invitation to be a part of this panel. now, the tech community has told congress, we need to solve this problem and we agree, but i've got to tell you, it's a hard to solve a problem when key players won't show up for the discussion. i'm here also to tell you as long-time member of subcommittee, relying on congress to on its own pass legislation in a very complex situation like this is a blunt instrument at best. i think it would be in everybody's best interest to
9:43 am
come to the table and help us work on a solution. thanks, again, for holding this hearing. i know we won't travel liez these concerns. i look forward to working with everybody to come up with a reasonable solution. i yield back. >> i recognize chairman committee mr. upton for five minutes. >> for months now we witnessed an important debate about encryption. while much of this recent debate is focused on fbi and apple it's bigger than any one piece of technology. at its core this is a debate about what we as a society are willing to accept. if you pay any attention it might be appear to be a black and white choice, either we side with law enforcement and grant them access to encrypted technologies, weakening the security and privacy of digital infrastructure. or we can side with the technology community and prevent law enforcement from accessing encrypted technologies, thus creating a warrantless safe
9:44 am
haven for terrorists, ped files and other efl actors. it's important that we move beyond the us versus them that encompasses this discussion for far too long. its's not about picking sides, it's about evaluating the options. it debins by acknowledging the equities on both sides, from the technology perspective there's november doubt that strong encryption is a benefit to our society. as more of our daily lives become critical to the security and privacy of personal and corporate secrets as evidenced by the breaches over the past year, data theft can have a devastating effect on our personal privacy economic strength and national security. in addition, encryption doesn't just enable terrorist and wrong doers to do terrible things. it provides a safe haven for disdents, victims of domestic violence and others who wish to
9:45 am
remain hidden for noble purposes. as we look to the future and see that more and more aspects of the lives will be become connected to the internet including such things as cars, medical devices and electric grid, encryption will play an important roll in minimizing the risk of harm and life should these technologies be compromised. the law enforcement protection, it helps pro -- it presents a serious risk to public safety as a strong inaccessible encryption becomes the norm, law enforcement loses access to valuable tools and evidence necessary to stop bad actors from doing terrible things. as we'll hear today, this cannot always be offset by alternatives means as metta data or other investigative tools. there are certain situations, such as identifying the victims of child exploitation, not just the person prpetrators or acces
9:46 am
content is critical. it leads us to the question, what's the answer? sitting here today, i don't have the answer nor do i expect we'll find it during this hearing. this is a complex issue and it's going to require a lot of difficult conversations, but that is not an excuse to put our head in the sand or resort to default positions. we need to confront these issues head on because they're not going to go away thand eel get more difficult as time continues to tick. identifying the solution to this problem may involve trade offs and compromise on both sides, but ultimately it comes down to what society accepts as the appropriate balance between government access to encryption and security of encrypted technologies. for that reason and others, many have called on us, us, this committee to confront the issues here. that's why we're holding this hearing and that's why chairman along with ranking members established a bipartisan joint committee working group to
9:47 am
examine this very issue. in order for congress to successfully confront the issue, however, it will require patien patience, creativity, courage and more importantly cooperation. it's easy to call on congress to take on an issue, but you better be prepared to answer the call when we do. this issue is too important to have key players sitting on the sidelines, therefore, i hope all of you are prepared to participate as we take to heart what we hear today and be part of the solution moving forward. and i yield back. >> thank you, mr. chairman. i welcome the opportunity to hear today from both law enforcement and the tech community as we seek to understand and develop solutions to this encryption debate. encryption enables the privacy and security that we value, but it also creates challenges for those seeking to protect us. law enforcement has a difficult job of keeping our nation safe and they're finding some encrypted devices and programs are hampering their efforts to
9:48 am
conduct thorough investigations, even when they obtain a warrant, they find themselves unable to access information protected by end to end encryption. this raises questions with these dark areas that cannot be reached by law enforcement. at the same time, the tech community helps protect some of our most valuable information in the most secure way to do that is by using end to end encryption, meaning the device does not hold the key to that information. when the tech community tells us that providing back doors will make their job of protecting our information that much more difficult, we should heed that warning and work towards a solution that will not solve one problem by creating many others. it's clear both sides have compelling arguments but simply repeating those arguments is not sufficient response we need to work together to move forward and i hope today's hearing is just the beginning of that conversation. in the last several months and years we have seen several players move to congress solutions.
9:49 am
in 2014 fbi director said, "i'm happy to work with congress in our partners in the private sector and law enforcement and national security kounltd ert parts and with the people we serve to find the right answer to find the balance we need" in an e-mail to apple employees, tim cook wrote about his support for congress to bring together and i quote "experts on intelligence technology and civil liberties to discuss the implication for law enforcement national security privacy and freedom. apple will participate in such an effort" if we have any hope in moving this debate to ward, we need all parties to come and it should serve as a model to others who have been reluctant to participate in this discussion. we can't move forward if each party remains unwilling to compromise proposed solution. this is an effort to strike a balance between the security and privacy of personal data and public safety and public needs
9:50 am
to feel confident their information is secure. at the same time we need to assure them that law enforcement has all the tools it needs to do their job effectively. mr. chairman, i like to yield the remaining time to the the jeanettewoman from new york, ms. clams. clarke. >> thank you for yielding. i welcome chief thomas galati, the thief of intelligence for my hometown of new york city. and many refer to the new york city police department as new york's finest, but i like to think of them as the world's finest. welcome, chief galati. at its core, our constitution is about the balance of power. it's about balancing power among the federal government, state government and the rights of individuals. through the years, getting that balance just right has been challenging, and at times, tension-filled, but we have done it, we have prevailed. the encryption versus privacy rights issue is simply another opportunity for us to again
9:51 am
recalibrate and fine tune the balance in our democracy. and as the old cliche states, democracy is not a spectator sport. so it's time for all of us to participate. it's time to roll up our sleeves and work together to resolve this issue as an imperative because it's not going away. so i'm glad that we are having this hearing today because i do believe that working together we can find a way to balance our concerns and to address this issue of physical security with our rights to private security. so i look forward to hearing the perspectives of our witnesses today and i yield back the remainder of the time. thank you, mr. chairman. >> thank you. yields back then. thank you. i do ask unanimous consent that the members' written opening statements be introduced into the record. without objection, the documents will be entered into the record. and now i'd like to introduce the witnesses of our first panel for today's hearing.
9:52 am
our first witness on the panel is ms. amy hess. ms. hess is the executive assistant director for science and technology at the federal bureau of investigations in this role. she is responsible for the executive oversight of the criminal justice information services laboratory and operational technology divisions. ms. hess has logged time in the field as an fbi special agent as well as the bureau's headquarters here in washington, d.c., and we thank ms. hess for preparing her testimony and look forward to hearing your insights in these matters. we also want to welcome chief thomas galati from the new york city police department. chief galati is a 32-year-old -- not 32-year-old -- a 32-year veteran of the new york city police department and currently serves as the chief of intelligence. as chief of intelligence, he is responsible for the activities of the intelligence bureau, the western hemisphere's largest municipal law enforcement intelligence operation. thank you, chief galati, for your testimony today, and we look forward to hearing your comments. and finally, for the first
9:53 am
panel, we welcome captain charles cohen of the indiana state police. he is currently commander of the office of intelligence and investigative technologies, where he is responsible for the cyber crime, electronic surveillance and internet crimes against children. we appreciate his time today and once again thank all the witnesses for being here. i also want to note that sheriff ron hickman of the harris county sheriff's office unfortunately will not be joining us today due to the tragic flooding yesterday in the houston area. our prayers and thoughts are with the people of houston. we know there's been several tragedies there. we all wish sheriff hickman could be with us, but we certainly understand travel logistics can sometimes make these things impossible. i ask unanimous consent, however, that mr. hickman's testimony be entered into the record, and without objection, his testimony will be entered into the record. as the panelists are aware, we're holding an investigative hearing and are taking testimony under oath. do any of you have any objections to taking testimony under oath? they all say no. the chair advises you that under
9:54 am
the rules of the house and the committee, you're entitled to be advised by counsel. do any of you wish to be advised by counsel today? all say no. in that case, please rise, raise your right hand. do you swear the testimony you're about to give is the truth, the whole truth and nothing but the truth? thank you. you may be seated. all the witnesses answered in the affirmative, and you are now under oath and subject to the penalties set forth in 14 section 1001 of the united states code. you may give a five-minute summary of your opening statement. ms. hess, you're recognized for five minutes. >> good morning, chairman murphy, ranking member degette -- >> make sure your microphone is pulled as close to you as possible. >> and the subcommittee. thank you for letming appear before you today. in recent years, we've seen new technologies transform our society, most noticeably by enabling digital communications and facilitating e-commerce. it is essential that we protect these communications to promote free expression, secure commerce and trade and safeguard
9:55 am
sensitive information. we support strong encryption, but we've seen how criminals, including terrorists, are using advances in technology to their advantage. encryption is not the only challenge we face in today's technological landscape. however, we face significant obstacles in lawfully tracking suspects because they can change from a wi-fi service to acellular connection to a hotspot. they can move from one communication application to another and carry on the same conversation or multiple conversations simultaneously. communication companies do not have standard data retention policies or guidelines, and without historical data, it's very difficult to put pieces of the investigative puzzle together. some foreign communication providers have millions of users in the united states but no point of presence here, making it difficult, if not impossible, to execute a lawful court order. we encounter platforms that render suspects virtually anonymous oint net, and if we cannot attribute communications and actions to a specific individual, critical leads and
9:56 am
evidence may be lost. the problem is exponentially increased when we face one or more of these challenges on top of another. since our nation's inception, we've had a reasonable expectation of privacy. this means that only with probable cause and a court order can law enforcement listen to an individual's private conversations or enter their private spaces. but when changes in technology hinder or prohibit our ability to use authorized investigative tools and follow critical leads, we may not be able to root out child predators hiding in the shadows or violent criminals targeting our neighborhoods. we may not be able to identify and stop terrorists who are using today's communication platforms to plan and execute attacks in our country. so, we are in this quandary, trying to maximize security as we move into a world where increasingly information is beyond the reach of judicial authority and trying to maximize privacy in this era of rapid technological advancement. finding the right balance is a complex endeavor, and it should not be left solely to corporations or to the fbi to solve.
9:57 am
it must be publicly debated and deliberated. the american people should decide how we want to govern ourselves in today's world. it's law enforcement's responsibility to inform the american people that the investigative tools we have successfully used in the past are increasingly becoming less effective. the discussion so far has been highly charged at times because people are passionate about privacy and security, but this is an essential discussion which must include a productive, meaningful and rational dialogue on how encryption as currently implemented poses significant barriers to law enforcement's ability to do its job. as this discussion continues, we're fully committed to working with industry, academia and other parties to develop the right solution. we have an obligation to ensure everyone understands the public safety and national security risks that result from the use of new technologies and encrypted platforms by malicious actors. to be clear, we're not asking to expand the government's surveillance authority, but rather, to ensure we can continue to obtain electronic information and evidence
9:58 am
pursuant to the legal authority that congress has provided us to keep america safe. there is not and will not be a one size fits all solution to address the variety of challenges we face. the fbi is pursuing multiple avenues to overcome these challenges, but we realize we cannot overcome them on our own. mr. chairman, we believe the issues posed by this growing problem are grave and extremely complex. we must therefore continue the public discourse on how best to ensure that privacy and security can coexist and reinforce each other, and this hearing today is a vital part of that process. thank you again for your time and attention to this important matter. >> thank you, ms. hess. i now recognize chief galati for five minutes. >> thank you. >> make sure your microphone's turned on and pull it as close to you as you can. >> thank you. on behalf of mayor de blasio and police commissioner bratton and myself, thanks to the committee for the opportunity to speak with you this morning. years ago criminals and their accomplices stored their information in closets, drawers, safes and glove boxes. there was and continues to be an expectation of privacy in these areas, but the high burden
9:59 am
imposed by the fourth amendment which requires lawful search be warranted and authorized by a neutral judge has been deemed sufficient protection against unreasonable government search and seizure for the past 224 years. but now it seems that that legal authority is struggling to catch up with the times. because today, nearly everyone lives their life on a smartphone, including criminals, so evidence that once would be stored in a file cabinet or a notebook is now archived in an e-mail or a text message. the same exact information that would solve a murder, catch a rapist or prevent a mass shooting is now stored on that device. but where law enforcement has legal access to the file cabinet, it is shut out of the phone, not because of constraints built into the law, but rather, limits imposed by technology. when law enforcement is unable to access evidence necessary to the investigation, prosecution and prevention of a crime, despite the lawful right to do so, we call this going dark. every day we deal with this evidentiary dilemma in two
10:00 am
fronts -- first, it's what's known as data at rest. this is when the actual device, the computer, the tablet or the phone is in law enforcement's possession, but the information stored within it is inaccessi e inaccessible. in just a six-month period from october 2015 through march of this year, new york city, we have been locked out of 67 apple devices lawfully seized pursuant to the investigation of 44 violent crimes. in addition, there are 35 non-apple devices. of these apple devices, these incidents include 23 felonies, 10 homicides, 2 rapes and 2 police officers shot in the line of duty. they include robberies, criminal weapons possession, criminal sex acts and felony assaults. in every case, we have the file cabinet, so to speak, and the legal authority to open it, but we lack the technical ability to do so because encryption protects its contents. but in every case, these crimes deserve our protection, too. the second type of going dark is
10:01 am
an incident known as data in motion. in these cases, law enforcement is legally permitted through a warrant or other judicial process to intercept and access a suspect's communications, but the encryption built into the applications, such as whatsapp, telegram or wicker and others, prohibits this type of lawful surveillance. so, we may know a criminal group is communicating, but we are unable to understand why. in the past, a phone or a wiretap, again, legally obtained from a judge, would alert the police officer to drop-off locations, hideouts and target locations. now we are literally in the dark and criminals know it, too. we recently heard a defendant in a serious felony case make a call from rikers island where he had the apple ios8 and encryption software as a gift from god. this leaves the police, prosecutors and the people we are sworn to protect in a very precarious position. what is even more alarming is that the position is not dictated by our elected
10:02 am
officials or our judiciary system or our laws. instead, it is created and controlled by corporations like apple and google, who have taken it upon themselves to decide who can access critical information in criminal investigations. as a bureau chief in our nation's largest municipal police department, an agency that's charged with protecting 8.5 million residents and millions of daily commuters and tourists every day, i'm confident that corporate ceos do not hold themselves to the same public safety standards as our elected officials and law enforcement professionals, so how do we keep people safe? the answer cannot be warrant-proof encryption, which creates a landscape of criminal information outside the research of search warrants and/or a subpoena, an outside legal authority to establish over centuries of jurisprudence. but this has not always been apple's answer. until 19 months ago, they held the key that could override protections and open phones. apple used this master key to comply with court orders in kidnappings, murders and terrorism cases. there was no documented incident
10:03 am
or code getting out to hackers or the government. if they were able to comply constitutionally with legal court orders, then why not now? ramifications to this fight extends far beyond san bernardino, california, and the 14 people murdered there. it is important to recognize that more than 90% of criminals, of all criminal prosecutions in our country are handled at the state or local level. these cases involve real people, families, your friends, your loved ones. they deserve police departments that are able to do everything within the law to bring them to justice, and they deserve corporations to appreciate the ethical responsibilities. i applaud you for holding this hearing today. it is critical that we work together and across silos to fight crime and disorder because criminals are not bound by jurisdictional boundaries or industry standards. but increasingly, they are aware of the safety net that the warrant-proof encryption provides them, and we must all take responsibility for what that means. for the new york city police department, it means investing more in people's lives and then in quarterly earnings reports
10:04 am
and putting public safety back into the hands of the brave men and women who have sworn to defend it. thank you, and i will take any questions. >> thank you very much, chief. now captain cohen, you're recognized for five minutes. again, pull the microphone close to you. >> mr. chairman, members of the subcommittee, thank you for allowing me to testimony. i'm chuck cohen, captain with the police and the crimes against children task force commander. we have serious problems associated with encryption that do not have easy technological fixes. we need your help and it's apparent it must be legislative. as far as i know, the fbi is not exaggerating or trying to mislead anyone when they say there is currently no way to recover data from newer iphones. apple has intentionally designed an operating system and device combination that functionally acts as a locked container without a key. the sensitivity of the personal information people have stored in their phones should be compared with the sensitivity of information in bank deposit boxes and bedrooms. criminal investigators with proper legal authorization have the technical means to access both deposit boxes and bedrooms,
10:05 am
but we lack the technical means to access newer cellular phones running default hard encryption. we are often asks for examples of how encryption hinders law enforcement's ability to conduct investigations. there are numerous encrypted phones sitting in the indiana state police evidence rooms waiting for a solution, legal or technical, to the problem. some of those phones belong to murder victims and child sex crimes victims. earlier this year, a mother and son were shot to death inside their home in indiana. both had new iphones. i'm confident that if they were able, both would give consent for us to differencically examine their phones to help us find their killer or killers, but unfortunately, being deceased, they're unable to give consent, and unfortunately for investigators working to solve their murders, they chose to buy phones running encrypted operating systems by default. i need to emphasize that we are talking not just about suspects' phones, but also victims' phones, and not just about incriminating evidence but also exculpato exculpatory evidence that cannot be recovered. it is important to know what evidence and contraband are not
10:06 am
being recovered, the children victims not being rescued and the abusers not being arrested. but the conviction of randall r. fletcher helps shed light on the evidence concealed by encryption. fletcher lived in northern indiana. during the course of an investigation for production and possession of child pornography, computer hard drives with encrypted partitions and thumb drive were seized. the encryption was a bust such that it was not possible to forensically examine the encr t encrypted data, despite numerous attempts by several agencies. a federal judge compelled fletcher to disclose the encryption key. he provided law enforcement with a passcode that opened the partitions, but not the thumb drive. in the newly opened data, law enforcement found thousands of images and videos depicting minors being caused to engage in sexually complicit conduct. to this day, investigators believe the thumb drive contains homemade child pornography produced by fletcher but have not way of confirming or disproving that belief. he had a child he previously
10:07 am
photographed in lascivious poses. fletcher has previous convictions for conspiracy to commit murder and child sex offenses detailed in my testimony. it is hard to believe that because of encryption on the device, additional crimes committed by him cannot be prosecuted, meaning additional child victims cannot have access to the justice they richly deserve. i hope congress takes the time to truly understand what is at stake with the going dark phenomenno, ma'am phenomenon. there is a much greater and very real human cost that we already see across the country because investigations that fail due to default hard encryption. in my daily work i feel the impact of law enforcement going dark. for me, it is a strong feeling of frustration because it makes the detectives and forensic examiners for whom i am responsible less effective. but for crime victims and their families, it is altogether different. it is infuriating, unfair and
10:08 am
incomprehensible why such critical information for solving crimes should be allowed to be completely out of reach. i have heard some say that law enforcement can solve crimes using metadata alone. that is simply not true. that is like asking a detective to process a crime scene by only looking at the street address on the outside of the house where a crime was committed. i strongly urge committee members to contact your state investigative agency or local police department and ask about this challenge. i greatly appreciate your invitation to share my perspective and i'm happy to answer questions today or at any point in the future. thank you, mr. chairman, members of the committee. >> i thank the panel. i will now recognize myself five minutes for questions. ms. hess, i think sometimes the fbi's concerns about encryption are broadly characterized as being against encryption. considering the fbi's work on investigations like the sony data breach or the recent ransomware attacks on hospitals, i have hard to believe that your
10:09 am
organization in technology and protecting information. to clarify, does the fbi believe that strong encryption is important to the privacy and security of our citizens or economic strength in our national security? >> yes, sir. >> and also benefits law enforcement. yes? can you elaborate on that? >> yes, sir. yes, and you are correct. as i stated in my opening statement, we do support strong encryption because it does all of the things you just said. we also recognize that we have a continuing struggle, an increasing struggle, to access readable information, to access content of communications caused by that encryption that is now in place by default. >> and so, it brings this question up, then, are you witnessing an increase in individuals intentionally or even unintentionally evading the law through availability of default encryption? >> i think it's difficult to discern whether or not they are intentionally doing it. however, we are significantly seeing increases in the use and
10:10 am
deployment of it because it is a default setting now on most devices. >> related to that, chief galati, when you say that the default application of encryption can create significant hurdles for law enforcement, is that the issue as ms. hess was just saying, the default one? >> yes, sir. the encryption, a lot of the apps that are being used today, even with legal process or, you know, coverage on the phone, you cannot intercept those conversations. often we hear criminals, both criminals and also in the terrorism cases that we do people encouraging participants to go to apps like telegram, whatsapp, wicker and so on. >> you know, captain cohen, your testimony was very moving about those cases you described, people involved with murder and with victimizing children. you know, this debate is oftentimes about picking sides, the most notable being apple v.
10:11 am
the fbi. so, either you support law enforcement or you support the tech community. that feels like a loser's proposition. look, i understand people want to be able to have encrypted technology, but based upon the responses, captain that you heard from ms. hess and from the chief, do you think this is an us versus them debate? are there answers that we could be going for here? what do you think? because you're on the front lines dealing with these terrible cases. is there an us/them? is there an answer? >> i definitely do not think it's an us/them. what we see though, is a challenge with default encryption that functionally can't be turned off. i don't even have the option to turn off the encryption. the difference in the example that i gave you of mr. fletcher, was that after two prior convictions, he learned that he had to protect himself better from investigation and then went out in search of, we assume, encryption and ways to do that. the difference is now what we are seeing increasingly, to talk to your question to ms. hess as well, what we are seeing now is
10:12 am
discussion among a wide variety of criminals, and i see a daily discussion among those that sexually explicit children online, sexually extort children, trading child pornography, discussing the best possible systems to buy, the best combination of cell phone and operating system to buy to prevent encryption. please, make no mistake that criminals are listening to this testimony and they're learn which messaging app to use to protect themselves against encryption and they're also learning which messaging app is located outside of the united states and has no bricks-and-mortar location here in the united states, which ones are located in countries with which we have a mutual legal assistance treaty and which we don't. criminals are using this as an education to make themselves more effective at their criminal trade craft. >> so, given that, ms. hess, what answer will we have here for those cases where, whether it's the terrorist planning a plot or they have already killed some people and we're trying to find out what their next move is, or whether it's a child
10:13 am
predator, will there be an answer to this? >> yes, sir. and to clarify my earlier statement, too, we do see individuals, criminals, terrorists encouraging others to move to encrypted platforms, and we've seen that for some time. and the solution to that for us is no inveigator, no agent will take that as an answer to say that they should stop investigating. they will try to find whatever work-around they possibly can, but those solutions may be time-intensive. they may not eventually be effective. they may require an additional amount of resources or an additional amount of skill in order to get to those solutions. but primarily, we are in usually a race against the clock, and that's the key component of how we're finding additional solutions around this problem. >> i know this is a frightening aspect for americans. look, we understand privacy, but if there is some child predator hiding in the bushes by the playground watching to snatch a victim, you can find them. but now if this is giving them this cloak of invisibility, it's
10:14 am
pretty frightening. we'd better find an answer. my time is up. i now recognize ms. degette for five minutes. >> thanks, mr. chairman. to follow up on the chairman's questioning, the problem really isn't default encryption, because if you're limited to default encryption, criminals could still get encryption, and they do. isn't that correct, ms. hess? >> yes, that's correct. >> right. so the problem is that criminals can have easy access to encryption. and i think we can stipulate that encryption is really great for people like me who have bank accounts who don't want them to be hacked, but it's just really a horrible challenge for all of us as a society, not just law enforcement, when you have a child sex predator who's trying to encrypt, or just as bad, really, a terrorist. so, what i want to know is, what are we going to do about it? and the industry says that if
10:15 am
congress forces them to develop tools so that law enforcement with probable cause and a warrant can get access to that data, that then will just open the door. do you believe that's true, ms. hess? >> i believe that there certainly will be always no such thing as 100% security. however, industry leaders today have built systems that enable us to be able to get or receive readable content. >> and chief galati, what's your view on that? >> i believe that in order to provide -- and i don't want to call it a back door, but rather, a front door -- i think if the companies can provide law enforcement, i don't believe that it would be abused. >> why not? why not?
10:16 am
>> we have the calea law from 1994, and that was not abused, so i don't see how by making a law making law enforcement -- >> what they're saying is the technology, once they develop that technology, then anybody could get access to it and they could break the encryption. >> i believe that if we look at apple, they had the technology going back to about 18, 19 months ago where they were doing it for law enforcement. and i am not aware of any cases of abuse that came out when apple actually did have the key. so i can see if they still have the key today and they hold it -- >> i'll ask them that, because they're coming up. captain cohen? >> i think it might be helpful to look for real-world analogies. if you think of an iphone or android os phone as a safety deposit box. the key the bank holds, that's the private key encryption. the key the customer holds, that's the public key encryption. but what the bank does is it builds firewalls around that. there's a difference between
10:17 am
encryption and firewalls -- >> and you think that technology exists? >> the technology does exist. >> i'm sorry, i don't have a lot of time, but i'm going to ask the same question. now, there's something else that can be done forcing the industry to comply, or like in the san bernardino case, the fbi hired a third party to help them break the code in that phone. and that was what we call gray hats, people who are sort of in this murky market. what do you think about that suggestion, ms. hess? >> yes, ma'am. that certainly is one potential solution, but that takes me back to my prior answer, which is that these solutions are very case-by-case-specific. they may not work in all instances. they're very dependent upon the fragility of the systems, and also they're very time-intensive and resource-intensive, which may not be scaleable to enable us to be successful in our investigations. >> do you think there's any ethical issue with using these third-party hackers to do this?
10:18 am
>> i think that certainly there are vulnerabilities that we should review to make sure that we identify the risks and benefits of being able to exploit those vulnerabilities in a greater setting. >> well, i understand you're doing it because you have to in certain cases. do you think it's a good policy to follow? >> i do not think that that should be the solution. >> and one more question is if third-party individuals can develop these techniques to get in to these encrypted devices or programs, why can't we bring more capabilities in house to the government to be able to do that? >> certainly, these types of solutions -- and as i said, this should not be the only solution -- but these types of solutions that we do employ and can employ, they require a lot of highly skilled, specialized
10:19 am
resources that we may not have immediately available to us. >> can we develop those with the right resources? >> no, ma'am, i don't see that possible. i think that we really need the cooperation of industry, we need the cooperation of academia, we need the cooperation of the private sector in order to come up with solutions. >> thank you. >> gentle lady's time has expired. now recognize the gentle lady from indiana, ms. brooks, for five minutes. >> thank you, mr. chairman. in 2001, after i was appointed u.s. attorney for the southern district of indiana, i began work with the indiana crimes against children task force, led primarily by assistant u.s. attorney steve debroda, working hand in hand with you, captain cohen, and i want to thank you so much for being here. because prior to that time, i would say that i was certainly not aware about what really went into and what horrific crimes really were being perpetrated against children back at that time, in 2001-2002. and when we talk about child
10:20 am
exploitation against children, we need to realize this involves babies up to teenagers. this is not all about just willing teenagers doing these types of -- being involved in these types of acts. these are people preying on children of all ages. and i want to walk you through, captain cohen, what some of the impediments are, a bit more about how this works, how you are being thwarted in your investigations. and i also want to wrap up and make sure we have time for you to explain your thoughts about the firewalls. first of all, if you could just please walk offenders, and i'm talking about older children now, older kids who have access to social media. the offenders, perpetrators are making connections through social media platforms, correct? >> yes, ma'am. >> and are those typically unencrypted or encrypted? >> two years ago, i would say unencrypted, now i would say typically encrypted. >> okay.
10:21 am
and i left my u.s. attorney services in '07, so things have changed i think dramatically. in the second step, the conversation moves to encrypted discussions, would that be correct, through -- they encourage particularly young people to go to apps like whatsapp, kick and others. >> correct. they'll generally go trolling for a potential victim in an unencrypted app. once they have a victim they think that they can perpetrate against, they'll move to an encrypted communication app. >> and then would it be fair to say that through the relationship that's been developed they typically encourage them to send an image? >> correct. they're going to want that victim to do one compromising act that they can then exploit. >> and that image is sent typically from one smartphone to another or from one smartphone to a computer? >> generally from one smartphone to another. in the united states involving an android phone or an iphone. >> and then those -- but this doesn't just happen in our country, correct? >> correct. it's possible like never before
10:22 am
for someone even in another country to victimize a child here in the u.s. >> and in fact, so, we have out-of-country perpetrators as well as in-country perpetrators focusing on even out-of-country victims as well, is that right? >> correct, ma'am. yes. >> and then are those typically encrypted, the transmission of those photos are typically encrypted? >> yes. that's one of our challenges. the transmission's encrypted as well as when the data sits at rest on the phones, it's encrypted there as well. >> and you presenting that image to a jury, if an individual is caught and needs -- and is prosecuted, it is imperative, is it not, for you to present the actual image to a jury? >> yes, ma'am. the metadata alone, who was talking with whom doesn't matter. it's the content of the communication. it's the images that were sent and received. >> so, if you can't get these encrypted images and the encrypted discussions, what do you have in court? >> we have nothing in court. we can't complete the
10:23 am
investigation. >> how do you find the victims? >> oftentimes we don't have a way of identifying the victims. they go unserved. >> and can you please talk to us a bit more about why -- what it is that you actually do to find the victims? >> we do everything we can. we try to look for legal solutions, meaning trying to get records of internet service providers from the technology companies, trying to identify them through that. the challenge we encounter there many times, as ms. hess mentioned, is because of retention periods. the records no longer exist, the metadata no longer exists. and then we try to get the content of communication to show who was talking with whom. and oftentimes, we're unable to do that because of encryption. >> and isn't it pretty common that when you find one of these phones or a computer or perpetrator, there are usually thousands of images involving multiple victims? >> thousands or hundreds of thousands, and increasingly, we're also finding them in cloud sites like dropbox and google
10:24 am
onedrive. >> and can you expand on what you previously started to answer, potential solution with respect to firewalls? >> potential solution is to provide a better firewall. think of it as a vault door where the safety deposit box is. think of that as the doors to the bank. so, while you think of the actual locks on the bank deposit boxes as the encryption, you build firewalls around that. those firewalls can with legal process be opened up, you can go inside it. but just like a safety deposit box, if we go to the bank with a search warrant, the bank uses their key. we get a drill and we drill the customer's lock and we see what's inside the safety deposit box. i've done that dozens of times in the course of my career. the difference is with encryption, my drill doesn't break the lock. >> thank you. i yield back. >> gentle lady yields back. i now recognize ms. clarke for five minutes. >> i thank you, mr. chairman, and i thank our ranking member. in october of 2014, fbi director comey gave these remarks on encryption before the brookings institute -- "we in the fbi will
10:25 am
continue to throw every lawful tool we have at this problem, but it's costly. it's inefficient and it takes time. we need to fix this problem. it is long past time. we need assistance and cooperation from companies to comply with lawful court orders so that criminals around the world cannot seek safe haven for lawless conduct. we need to find common ground and we care about the same thin things." so, ms. hess, i'd like to ask you this. other than tech companies creating back doors for law enforcement, what do you believe are some possible solutions to address the impasse between law enforcement's need to lawful gain access to critical information and the cyber security benefits of strong encryption? >> yes, ma'am. and as previously stated, i really believe that certain industry leaders have created
10:26 am
secure systems that they are still yet able to comply with lawful orders. they're still able to access the contents to either of those communications to either provide some protection for their customers against malicious software or some other types of articles. in addition to that, they are able to do it perhaps for business purposes or for banking regulations, for example. in addition to those solutions, we certainly don't stop there. we look at any possible tools we might have in our toolbox, and that might include things we previously discussed today, whether that's individual solutions, metadata, whether it could be an increase in physical surveillance, but each of those things comes at a cost, and all of those things are not as responsive as being able to get the information directly from the provider. >> so do you believe that there is some common ground? >> i do. >> to the other panelists, are there solutions that you can see that might solve this impasse?
10:27 am
>> the solution that we had in place previously in which apple as an example did hold a key, and as chief galati mentioned, that was never compromised. so they could comply with the proper service and legal process. essentially, what happens in this instance is apple solved a problem that does not exist. >> i would say by apple or other industries holding the key, it reduces at least the law enforcement having to go outside of those companies to find people that can get a solution. so as mentioned earlier about the gray hackers, you know, they're going to be out there. but if the companies are doing it, it reduces the risk, i believe. >> very well. in the san bernardino case, press accounts indicate that the fbi has used the services of private-sector third parties to work around the encryption of the iphone in question. this case raises important questions about whether we want law enforcement using
10:28 am
non-governmental third-party entities to circumvent security features developed by private companies. so i have questions about whether this is a good model or whether a better model exists. ms. hess, assuming press accounts are true and you procured the help of a third party to gain access to that iphone, why were you apparently not able to solve this problem on your own? >> for one thing, as previously discussed, technology is changing very rapidly. we live in such an advanced age of technology development. and to keep up with that, we do require the services of specialized skills that we can only get through private industry. and that partnership is critical to our success. >> so this is to the entire panel. do you believe that the u.s. government needs enhanced technological capabilities? >> i think it does. private industry provides a lot of opportunity, so i think the best people that are out there
10:29 am
are working for private companies and not working for the government. >> okay. >> i agree with the chief. essentially, we need the help of private industry, both the industry that makes the technology and others. we need industry to act as good corporate citizens and help us because we can't do it alone. there are over 18,000 police agencies in the united states. and while the fbi may have some technical ability internally, those other agencies do not. and as the chief mentioned, over 90% of all the investigations are handled at the state and local level. we need industry's help. >> very well. i'll yield back, mr. chairman. >> gentle lady yields back. i now recognize mr. griffith for five minutes. >> well, thank you all for being here for this important discussion that we're having today. i will tell you, we have to figure out what the balance is, both from a security standpoint, but also to make sure that we are fulfilling our obligations under our constitution, which was written with real-life
10:30 am
circumstances in mind, where they said we don't want the government being able to come in and get everything. they were aware of the situation with general warrants, both in london used against john wilkes and the founding fathers were also aware of james otis and his fight in massachusetts, which john adams said sewed the seeds of the revolution. when the british government wanted to go from warehouse to warehouse looking for smuggled goods. so, it's not an easy situation. i do have this question, though. apparently, some researchers recently published the results of a survey of over 600 encrypted products that are available online. and basically, they found that about two-thirds of them are foreign products. so the question would be, given that so many of the encrypted products could in fact be from companies not headquartered
10:31 am
within the united states of america, if we forced the companies that we do have jurisdiction over to weaken the security of their products, are we doing little more than hurting american industry and then sending the really bad actors like mr. fletcher, who's the child pornographer, just to a different format that we don't have control over? that's one question that i would ask all three of you. >> right now google and apple act as the gatekeepers for most of those encrypted apps, meaning if the app is not in the app store for an ios device, if it's not available in google play for an android os device, a customer in the united states cannot install it. so, while some of the encrypted apps like telegram are based outside of the united states, u.s. companies act as the gatekeepers as to whether those apps are accessible here in the united states to be used. >> all right. chief? >> i would agree exactly what the captain said. and you know, certain apps are
10:32 am
not available on all devices. so if the companies that are outside the united states can't comply with the same rules and regulations of the ones that are in the united states, then they shouldn't be able on the app stores. for example, you can't get every app on a blackberry that you can on an android or a google. >> yes, sir. what you stated is correct. and i think that certainly we need to examine how other countries are viewing this same problem because they have these same challenges as we speak and are having similar deliberations as to how their law enforcement might gain access to these communications as well. so as we move toward that, the question for us is what makes consumers want to buy american products? is it because they are more secure? is it because they actually cover the types of services that the consumers desire? is it just because of personal preference? but at the same time, we need to make sure that we balance that
10:33 am
security as well as the privacy that the consumers have come to expect. >> and i appreciate that. captain cohen, i am curious. you talked about the fletcher case and indicated that the judge ordered that he give the password to the computer, but then you didn't get access to the thumb drive. was the judge asked to force him to do that as well or -- >> the judge -- in that instance, the judge compelled him to provide it. he said the thumb drive was not encrypted. his defense expert disagreed with him, said it was encrypted. he then provided a password and failed a stipulated polygraph as to whether he knew the password or failed to disclose it. so, every indication is he intentionally chose not to give the second password for that device. >> and was he held in contempt for that? >> not that i -- i do not believe he was. >> all right. i mean, it's -- look, obviously, if you can get the images, you have a better chance of finding the victim, but it's true that even before encryption there was
10:34 am
a great difficulty in finding victims, even if you found a store of photographs in a filing cabinet. it was sometimes hard to track down the victims, isn't that correct? >> it is always difficult to find child victims. >> it is. it is just a shame. i like the concept, the visual of you're able to drill into the safety deposit box but you can't get into the encrypted computer or telephone. is there a product out there that would be that limited? because one of the problems that i know apple has had is that they don't want to have a back door to every single phone that other folks can get a hold of and that the government could use at will, particularly governments maybe not as conscious of civil liberties as the united states. do you know of any such a product that would give you that kind of specificity? >> again, the specificity would be similar to what we had prior to apple changing where the encryption key is kept, meaning that the legal process served on apple, as an example -- and apple's the one to use the drill, not law enforcement. that helps provide another layer
10:35 am
of protection against abuses by governments other than ours. meaning, while they have that capability because they're inside the firewall, those outside the firewall, outside the vault would have no ability to get access. >> all right. i appreciate it and i yield back, mr. chairman. >> gentlemen yields back. i now recognize mr. walsh for five minutes. >> thank you very much. first of all, i want to thank each of you for the work you and your departments do. i mean, it's astonishing times when the kind of crimes that all america is exposed to are happeni happening, and the expectation on the part of the public is somehow, some way you're going to make it right, you're going to make us safe. so, i think all of us really appreciate your work. this issue as you've acknowledged is very, very difficult. i think if any of us were in your position, what we would want is access to any information that the fourth amendment allowed us to get in order for us to do our job. but there's three issues that are really difficult. one is the law enforcement issue
10:36 am
that you've very clearly annunciated. you've got probable cause, you go through the process of getting a warrant, you're entitled to information that's in the cabinet or on the phone or in the house. yet, because of technology, we have these impediments to you getting what you're legally authorized to get. i think all of us want you to be able to get the information that you rightfully can obtain. but the second issue that makes it unique almost is that in order for you to get the information, you have to get the active participation of an innocent third party who had nothing to do with the events but who potentially can get the information for you. that's the whole apple case. but it's a very complicated situation because it's not as though if you came with a warrant to my house for me to turn over information that i had, it's one thing if i just go in my drawer and give it to you. it's another thing if it's buried deep in the backyard and the order is that i've got to buy a backhoe or rent a backhoe
10:37 am
and go out there and start digging around until i find it. normally, that would be the burden on the law enforcement agency. so that's the second issue, how much can the government require a third party, a company or an individual to actually use their own resources to assist in getting access to the information. and then the third issue that's really tough that mr. griffith was just acknowledging -- we get a back door key, we trust you, but we have other governments that our companies are doing business with, and they get pressured to provide that same back door key, the key is lost, and then things happen with respect to privacy and security that you don't want to happen and that we don't want to happen. so this is a genuinely tough situation where, frankly, i'm not sure there's a, quote, easy balance on this. so, just a couple of questions.
10:38 am
ms. hess, what would you see as the answer here, if i know you want the information, but if the getting of the information requires me to hire a few people to work in the yard with a backhoe or apple to really deploy high-cost engineers to come up with an entry key? are you saying that that's what should be required now? >> yes, sir, i think that the best solution is for us to work cooperatively with technology with industry and with academia to try to come up with the best possible solution. but at that, i would say that no investigative agency should forego that for all other solutions. they should continue to drive forward with all solutions available to them. >> all right. so, and chief, i'll ask you. i mean, you're on the front line in new york all of the time. and is it your view that the right policy now would be for
10:39 am
you when you had probable cause to protect us? and you know, we're all on the same page there. to force a technology company at significant effort and expense to assist in getting access to the information? >> i would say up until a couple of years ago, most the technology companies -- and they still do -- have law enforcement liaisons that we work very closely with. for example, if it's facebook or google or even apple, where you know, we have the ability to go to them with legal process and they're providing us with the search warrant -- >> right. yeah, my understanding from talking to those folks is that if it's information like is stored in the cloud -- i mean, this is the situation with san bernardino. there was a lot of stuff that was relatively easy to retrieve, and they do provide that, they do cooperate, as long as you have the warrant, they do everything they can to accommodate those lawful relations from law enforcement.
10:40 am
has that been your experience? >> yes. the cloud does have some issues because things could be deleted from the cloud and then never recovered. if the phone is not uploaded to the cloud, then things are lost. there's a very interesting -- >> would you just acknowledge, there's a significant distinction between a company turning over information that's easily retrievable in the cloud, comparable to me going into my house and opening a drawer and giving you the information you requested versus a company that has to have engineers try to somehow crack the code so that they're very energetically involved in the process of decryption. that's the difference, you'd agree. >> yes, it is a difference. and i believe when they create the operating system, that's where they have to make that key available so that they don't have to spend the resources to crack a code, but rather, have a new operating system that -- >> thanks. just one last thing.
10:41 am
by the way, thank you for -- oh, i'm over? >> time. >> i just want to say, i think what representative clarke said about resources for you to let you do some of this work on your own really makes an awful lot of sense, because some of these conflicts are going to be, frankly, as much as we want to say they're resolvable, they're tough to resolve. >> thank you. >> i'm sorry. thank you, mr. chairman. >> i now recognize mr. mullin for five minutes. >> well, as you can see that i think both sides on this, up here on this -- in this committee, you can see we want to get to the real problem. we want to be helpful, not a hindrance. obviously, all of us want to be safe, but we also want to make sure that we operate within the constitution. the technology is changing at such a pace that i know law enforcement has to do their job and staying with it because the criminals are always doing their job, too, like it or not. and if it changes, crimes
10:42 am
change, we have to change the way we operate. the concern is privacy, obviously. and getting into that, ms. hess, some have argued that the expansion of connected devices through the internet of things provides law enforcement with new surveillance tools and capabilities. recently, the burkman center at harvard university argues that the internet of things could potentially offset the government's inability to access encrypted technology for providing new paths for surveillance and monitoring. my question is, what's your reaction to the idea that internet of things presents a potential alternative to access encrypted devices? >> certainly, sir, i do think that internet of things and associated metadata presents us with an additional opportunity to collect information and evidence that will be helpful to us in investigations. however, those merely provide us with leads or clues, whereas the real content of the communications is what we really
10:43 am
seek in order to prove beyond a reasonable doubt in court, in order to get a conviction. >> could you expand a little bit on the content, the content, what's in the device or the conversation that happens between the devices? >> what the people are saying to each other, as opposed to just who's communicating or at what location they are communicating. it's critically important to law enforcement to know what they said in order to prove intent. >> is there something that we on this panel need -- or i say this panel, this committee should be lookat to help you to be able to gain access to that? or since it's connected, does it even take any extra steps for you to build to access that information? >> yes. and exactly to the point of the discussion here today is that we need to work with industry and with academia in order to come up with solutions so that we can access that content or so they can access it and provide it to us. >> so, is the fbi exploring their options, i'm assuming?
10:44 am
>> we are. yes, sir. >> okay. are there challenges or concerns using the growth of connected devices that you can see coming down the road? obviously, with the technology changing rapidly today, what are some of the challenges that you're facing? >> certainly as more and more things in today's world become connected, there is also an increasing demand for encrypting those particular services, those particular devices and capabilities, and that's well washington warranted and well merited, but again, it presents a challenge to us as metadata is increasingly encrypted. that presents a challenge for us as well. we need to be able to access the information, but more importantly, the content. in other words, if a suspect's toaster is connected to their car so that they know it's going to come on at a certain time, that's helpful, but it doesn't help us to know the content of the communication when it comes to developing plots. >> so, is there a difference between, say the fbi, the way you have to operate, captain cohen, and the way you have to
10:45 am
operate? >> there's not much of a difference, because quite can d candidly, we work very well together. but you asked of initial challenges. in february, apple announced that it plans to tie the same encryption key to the icloud account. so, as an example, the content in the icloud, apple's announced publicly they plan to make that encrypted and inaccessible with a service of legal process. so, that's one of the challenges that you asked about that we're looking at is we're going to lose that area of content as well. >> so, i just assume that everything i do online for some intent and purpose is out there and people are going to be able to retrieve it. i don't assume any privacy really when it's on the internet. is that analogy -- could that analogy hold up true, or should we be expecting a sense of privacy when it's on internet? i mean, we put it out there. >> sir, i believe we should all expect a sense of privacy on the internet, a sense of privacy when we talk in a restaurant, when we talk on the telephone, land line or cellular, but that privacy cannot be completely
10:46 am
absolute. we need to have when we serve proper legal process, a search warrant as an example, have the ability. the constitution protects us from unreasonable search and seizures, not all searches and seizures. so, we have our private companies without checks and balances protecting everyone against all searches. >> chief, do you have an opinion on this? >> yeah. i agree also. you know, on the internet, you have a right to privacy. and most of these apps and programs give you privacy settings so nobody can get at it. i think when you get into the criminal world or the malicious criminal intent, that's when law enforcement has to have the ability to go in and see what you have on there. >> thank you. i yield back. >> thank you. mr. pallone is recognized for five minutes. >> thank you, mr. chairman. i never seem to be amazed at how complex an issue this is. and it requires, you know, balancing various competing values and societal goals. yet, much of the public debate
10:47 am
is focused on simplified versions of the situation that painted in black and white. and there seems to be some misunderstanding that we have to either have cyber security or no protection online at all. we've heard that the limitations encryption places on law enforcement access to information puts us in danger of going dark. by contrast, we heard that the law enforcement now has access to more information than ever, so-called golden age of surveillance. at harvard, at the burkman center, there was a report titled "don't panic: making progress on the going dark debate" that concludes, and "quote, "the communications of the future will neither be eclipsed into darkness or illuminated without shadow." and i think that's a useful framework to view the issue, not as a binary choice between total darkness or complete illumination, but rather, a spectrum. i think it's fair to say there have been and always will be areas of darkness where criminals are able to conceal information, and no matter what, law enforcement has a tough job. but the question is how much
10:48 am
darkness is too much? so, i wanted to ask you all, and this is for any of you, about some key questions on this spectrum, if you will. where are we on the spectrum currently? where should we be on the spectrum? if we're not in the right place, how do we get there? let me start with ms. hess and then whoever else wants to say something. >> yes, sir. as far as the amount of information that we can receive today, i think, yes, it is true, we do receive more information today than we received in the past, but i would draw the analogy to the fact that the haystack has gotten bigger, but we're still looking for the same needle. and the challenge for us is to figure out what's important and relevant to the investigation. we're now presented with these volumes, this volume of information. and the problem additionally with that is that what we are collecting, what we are able to see is, for example, who's communicating with who or potentially what ip addresses are communicating with each other, the location, the time,
10:49 am
perhaps the duration, but not the content of what they were actually saying. >> chief, did you want to add to that? >> i do agree that the internet has provided a lot more information to police that we could go out and we can find public records, we can find, you know, records within police departments throughout the country. so to police, the internet has made things a little bit easier. however, the encryption is taking all of those gains away, and i think the more and more we go towards encryption, the harder it's going to be to really investigate and conduct long-term cases. we do a lot of cases in new york about gangs, drug gangs. we call them crews. and it's very vital, all the information that we get from people on the internet that sometimes are very public out there. but now they're switching over to encrypted, and it's making those long-term cases or those, i guess to call them similar to rico cases, very, very difficult to put together because we're in the blind.
10:50 am
>> all right. captain, did you want to? >> i see it we have a lack of information that i have not seen before in my 20 years of investigations to be able to do criminal investigations. not solely by encryption, information and the lack of -- similar to what the rest of the banking industry as well as our inability to service legal process on companies who are located in the united states and stored data outside the united states. i see it as interrelated issues which together conspire to make it more difficult than ever before for me to gather the information i need to conduct a criminal investigation. on the spectrum you asked about. i see it far to the extent we're losing the ability to access information we need to rescue victims and solve crimes. >> thank you. i think my second question, i think to some extent you already answered. if anybody wants to add to it. the second question is where do you see the trend moving? are you comfortable where we're
10:51 am
heading or the technology trends leaving us with too much darkness? you kind of answered that unless anyone wants to add to what they said. ms. hess? >> increasingly technology platforms continue to change and present challenges for us that i provided in my opening statement. in addition to that, we try to figure out how we might be able to use what is available to us and we are constantly challenged by that as well. for example, some companies may not know what exactly or how to provide the information we're seeking. and it's not just a matter of needing that information to enable us to see the content or enable us to see what people are saying to each other. it's a matter of being able to figure out who we should be focusing on more quickly. if we can get that information, we can exonerate the innocent and identify the guilty.
10:52 am
>> i'm going to end with that. i wanted to ask, obviously, that you can continue to engage with us to help us answer these questions. i mean, not just, you know, with what you're saying today. you know, a constant dialogue is what we need. thank you, mr. chairman. >> thank you. now recognize dr. burgess for five minutes. >> thank you. and thank you all for being here. i acknowledge there's another hearing going on upstairs. if we seem to be toggling back and forth that's what happening. there is another committee called the commerce manufacturing and trade subcommittee. we're working very closely with federal trade commission which is under our jurisdiction on the issue of data breach notification and data security. a component of that effort has been to push companies to strengthen security. one of those ways could be perhaps through encryption.
10:53 am
the ftc will look at security protocols for handling data when it reviews a company. so has the fbi had any discussions with federal trade commission over whether the back doors are access points might compromise the secured data? >> yes, sir we have engaged in a number of conversations among the interagency with other agencies with industry. with academia. i can get back to you as far as whether we met with the trade commission. >> that would be helpful. we are trying to work through the concept of more on the retail space but of data security. data security is data security regardless of who is harmed in the process. data security is national security at large. so that would be enormously helpful.
10:54 am
let me ask you a question, probably off topic but i can't help myself. one of the dark sides of encryption is someone comes in and encrypts you stuff you didn't want it encrypted and they won't get it back to you unless you fork over bitcoins unless you fork over bitcoins to them in a dark market. what is it the committee needs to understand about that ransom ware concept that's going on currently? >> yes, sir. it's an increasing problem we're seeing and investigating on a regular basis. certainly to exercise cyber security hygiene is important. to be able to access the information is important to be able to talk to each other about what solutions might be available to be able to fall back to another type of backup solutions so you aren't beholden to any particular ransom demands. >> that's critically important. i'm a physician by background, some of the ransom ware has occurred in medical facilities.
10:55 am
i just cannot imagine going into an icu and asking to see the data on my patient and being told it's been encrypted by an outside source and you can't have it, doctor. when you catch those people, i think the appropriate punishment is shot at sunrise and i wouldn't put a lot of appeals between the action and reaction. thank you mr. chairman. i'll yield back. >> i recognize mr. yarmouth for five minutes. >> thanks to the witnesses for your testimony. i find it hard to come up with any question that is going to elicit any new answers from you. and i think that the -- your testimony and the discussion we've had today is an indication of how difficult this situation is. it sounds to me like there's a great business opportunity here somewhere.
10:56 am
but probably you don't have the budgets to pay a business what they would need to be paid to get the information you're after. so that may be not such a good business opportunity after all. i want to ask one question of you ms. hess. in your budget request for fiscal year '17. you request more than $38 million to deal with the going dark issue. and your request says it's non-personnel. so it seems to me that personnel has to be a huge part of this effort. could you elaborate on what your request and budget request involves and what you plan to do with that? >> yes, sir. at a higher level, essentially we're looking for any possible solutions, any possible tools we might be able to throw at the problem. all the differenchallenges we encounter and whether that's giving us the ability to be
10:57 am
better password guessers or whether that's the ability to try to develop solutions for we might be able to perhaps exploit some type of vulnerability. or maybe that's a tool where we may be able to make better use of mata data. we try to come up with solutions to get around the problem we're currently discussing. >> i don't know enough to ask anything else. unless someone is interested in my time i yield back. >> now recognize mr. mckinley for five minutes. >> thank you, mr. chairman. i've been here in congress for five years, five and a half years. we've been talking about this for all five and a half years. i don't see much progress being made with it. i hear the frustration in your voices. i was hoping we were going to hear today more specifics. if you could pass a magic wand what would it be. what's the solution.
10:58 am
you hinted towards it but we didn't get close enough. so one of the things i'd like to try and understand is how we differentiate between privacy and national security. i don't feel that we've come to grips with that. i don't know how many people are on both sides of that aisle. i don't care. i'm very concerned about national security as it relates to encryption. we've had just this past weekend there was a very provocative tv show with 60 minutes came out with the hacking into cell phones. we had about a year ago we were briefed, it wasn't classified. it was the -- where russia hacked in and shut down the electric grid in ukraine. the impact that could have that a foreign government could have access to it. it just in this past week at town hall meetings back in the district, twice people raised the issue about hacking into
10:59 am
shutting down the electric grid. and it reminded me of testimony that had been given to us about a year ago on the very subject when one of the presenters like yourself said that it would -- within four days a group of engineers in america or kids could shut down the grid from boston down through -- where was it? from boston to new york you could shut down in just four days. i'm very concerned about that. where we're going with this whole issue of encryption and protection. if i could ask you the question, how confident are you? that the adequacy of the encryption is protecting our infrastructure in your jurisdiction? >> sir, cyber security and infrastructure is very complicated. we have another whole section in
11:00 am
the police department and in the city that monitors works closely with all the agencies such as coned, dep and so on. we work very closely with the fbi and that joint cyber task force to monitor -- >> but my question really is how do you feel? everyone comes in here, and when i've got to the power companies, i don't need to list their names. all of them have said we think we've got it. yet, during that discussion on 60 minutes, this hacker that was there is a professional hacker, he said i can break into any system. any system. my question back to you is how confident are you that the system is going to work? it's going to be protected? >> i think with all the agencies that are involved in trying to protect critical infrastructure. i think there is a big emphasize in new york, i'll speak about new york. working with multiple agencies
11:01 am
we're looking at vulnerabilities to the system. i do think that is an encryption issue. i think what i was speaking about more when it came to encryption is more about communications and investigating crimes or terrorism related offenses. >> beyond your jurisdiction on that? >> that's not an area i would comment. >> how about you in indiana? >> what are you talking about? control systems being compromised. again we're talking about fire walls not encryption. we're talking about the ability for someone to get inside the system. to have the password, to have the pass phrase something like that. to get the fire wall. so encryption of data in motion as an example, would not protect us from the types of things you're talking about and being able to shut down a power grid. it's noteworthy i saw that 60 minutes piece. and what that particular hack was able to exploit would not have been fixed by encryption. that's a separate system related to how the cellular -- cell
11:02 am
system works separate from the issue of encryption. what i can say is having more robust encryption would not fix those problems. i lack the background to be able to tell you specifically do i feel confident or not confident about how the fire walls are right now in the systems you asked about. >> ms. hess? boiler up by the way. my question, same to you. how would you respond to this? >> first off i don't think there's any such thing as 100% secure. anything as a purely secure solution. with that said, i think it is incumbent on all of us to build the most secure system possible but at the same time representing the challenge law enforcement has to be able to get or access or be provided with the information we seek pursuant to a lawful order. a warrant that has been signed by a judge to be able to get the information we seek in order to prove or to have evidence that a
11:03 am
crime has occurred. >> thank you. i yield back my time. >> recognize mr. tonka for five minutes. >> thank you, mr. chair. thank you to our witnesses. i'm encouraged that here today we're developing dialogue, which i think is critical for us to best understand the issue from a policy perspective. there's no denying that we're at risk with more and more threats to our national security. including cyber threats. but there's also a strong desire to maintain individual rights and opportunity to store information and understand and believe that it's protected. and sometimes those two are very difficult. there's a balance that needs to be struck. and so i think, you know, first question to any of the three of you is is there a better outcome in terms of training? do you believe that there's better dialogue, better communication, formalized training that would help the law
11:04 am
enforcement community? if they network with these companies that develop the technology? i'm concerned that we don't always have all the information we require to do our end of the responsibility thing here. >> i do think that certainly in today's world, we need people who have those specialized skills and have the training. who have the tools and the resources available to them to be able to better address this challenge. there is still no one size fits all solution to this. >> anything, chief or captain that you'd like to add? >> i would just say that we do work very closely with a lot of these companies like google and we do, you know, share information. and at times work on training amongst the two -- agency and the company.
11:05 am
there is cooperation there. i think that it could always get better. >> and ms. hess in this encryption debate. what specifically would you suggest the fbi is asking for? asking of the tech community? >> that when we present an order signed by an independent neutral judge that they're able to comply with that order and provide us with the information we're seeking in readable form. >> and also to ms. hess, is the fbi asking apple and possibly other companies to create a back door that would then potentially weaken encryption? >> i don't believe the fbi or law enforcement in general should be in the position of dictating to companies what the solution is. they have built those systems, they know their device and systems better than we do and how they might be able to build some type of the most secure
11:06 am
systems available or the most secure devices available and be able to comply with orders. >> do you believe that that type of assistance that you're requesting from tech companies would lead to any unintended consequences such as a weakened order of encryption? >> i believe it's best for the tech companies to answer that question. because as they build these solutions to be able to answer these orders, they would know what those vulnerabilities are or potentially could be. >> thank you. another potential unintended consequence of u.s. law enforcement gaining special access may be the message that is sent to -- they're sending to other nations. other countries that seek to stifle dissent may ask for tools as well. if countries demand a work around. apple and other companies can legitimately argue they do not have it. how would you respond to the argument that helping
11:07 am
tech companies help subvert their own encryption establishes precedence from people around the world to protect them from despotic regimes? >> first in the international community -- we've had a number of conversations with our partners internationally this is a problem throughout the work. there are international implications to any solutions that might be developed. what we seek is a lawful order with the system we've set up in this country to be able to go to a magistrate or judge to get a warrant to say that we believe we have probable cause to believe that someone or some entity is committing a crime. i believe that if other countries had such a way of doing business that that would probably be a good thing for all of us.
11:08 am
>> chief or captain, do you have anything to add? >> i saw stories that said apple provided an ios code to china. i don't know if that's true or not. i tried to find an example of apple answering a under oath and i did not find that. the source code of the operating system would be the first thing that would be need today hack into an iphone. and i know that they have not provided a source code to u.s. law enforcement. >> thank you. thank you. my time is exhausted, so -- >> thank you, mr. hudson you're recognized for five minutes. >> thank you, chairman. thank you to the panel today. as our lives become more of the technical universe, the need for strong security becomes more
11:09 am
important. i naturally suggest a massive increase in our digital footprint and the amount of information that's available on the internet. is there more creative ways to conduct investigations? we talked about meta data but other options we haven't discussed yet? >> i do believe we should make every use of the tools that we've been authorized by congress, the american people to use. and if that pertains to mata data or other types of information we might be able to get from new technologies we should take advantage of that in order to accomplish our mission. at the same time, clearly, these things present challenges to us as well as previously articulated.
11:10 am
>> have you and others in law enforcement engaged with the technology community or others to explore these types of opportunities or look at potential ways to do this going forward? >> yes, sir. we're in daily contact with industry and with academia in order to try to come up with solutions in order to try to come up with ways we might be able to get evidence in our investigations. >> and what have you learned from those conversations? >> clearly, technology changes on a very very rapid pace. and sometimes the providers or the people who build those technologies may not have build in or thought to build in a law enforcement solution. a solution so they can readily provide us with that information, even if they want to. in other cases perhaps it's the way they do business that they may not want to provide that information or may not be set up to do that. either because of resources or just because of the proprietary way their systems are created. >> i see. the other members of the panel, do you have any opinion on this?
11:11 am
>> i would just say that as technology advances, it does create a lot of new tools for law enforcement to complete investigations. however, as those advances as we start using them, we see them shrinking away. you know, for -- with encryption especially blocking things that we recently were able to obtain. >> got you. you don't -- okay. to all of you, i recently read about the co of msab, a technology company in the detroit news article. said there's a way for government to access data stored on our phones without building a back door to encryption. his solution is to build a two part decryption system with both the government and the manufacturer possess a unique key and only with both keys as well as the device in hand could you access the encrypted data on the device. i'm not an expert on decryption.
11:12 am
i ask, is such a solution achievable. secondly, have there been discussions between you and the tech community regarding a proposal like this or something similar that would allow safe access to the data without giving a key so to speak to one entity? >> to answer your question, that paradigm would work. that's very similar to the paradigm of the safety deposit box in a bank where you have two different keys. it would require the cooperation of industry. >> anything to add? >> what i was going to say. >> okay. we'll get a chance to hear from industry in our next panel. i was trying to explain this to my staffers, i said did you see the new star wars movie. the map to find luke. you got to put them together. oh, i get it now. anyway, i think it's important that law enforcement and
11:13 am
technology work together. continuing to have the discussions. i want to thank the chairman for giving us the opportunity to do that. i thank you for being here. >> gentleman yields back. recognize ms. blackburn for five minutes. >> thank you, mr. chairman. and thank you to the witnesses. i am so appreciative of your time. and i'm appreciative of the work product that our committee has put into this. mr. welch and i with some of the members that are on the dias have served on data security task force. for the committee looking at how we construct legislation and looking what we ought to do. when it comes to the issues of privacy and data security and going back to the law and the intent of the law. i mean, congress authorized wire taps in 1934. and then in '67 you come along and there is the language you've
11:14 am
got katz versus the u.s. that citizens have a reasonable expectation of privacy. and we know that for you in law enforcement you come upon that with this new technology. and that sometimes it seems there is the fight between technology and law enforcement. and the balance that's necessary between that reasonable expectation and looking at the ability of your ability to do your job. which is to keep citizens safe. so i thank you for the work that you are doing in this realm. and considering all of that, i'd like to hear from each of you -- ms. hess we'll start with you and work down the panel. do you think that at this point there is an adversarial
11:15 am
relationship between the private sector and law enforcement? and if you advise us, what should be our framework, and what should be the penalties that are put in place that will help you to get these criminals out of the virtual space? and help our citizens know that their virtual you, their presence online is going to be protected, but that you are going to have the ability to help keep them safe? kind of a loaded question. we've got two minutes and 36 seconds. it's all yours and we will move down the line. >> yes, ma'am. as far as whether there's an adversarial relationship, my response is i hope not. certainly from our perspective and the fbi, we want to work with industry. we want to work with academia. we do believe that we have the same values. we share the same values in this country that we want our citizens to be protected.
11:16 am
we also very much value our privacy. and we all do. i think as you noted for over 200 years, this country has balanced privacy and security. these are not binary things. it shouldn't be one or the other. it should be both working cooperatively together. how do we do that. i don't think that's for the fbi to decide nor do i think it's for tech companies to decide. >> it will be for congress to decide. >> it's not an adversarial relationship either. there's so many things we have to work with. all the big tech companies, twitter, google, facebook on threats that are coming in. they are cooperative and we work with them in certain areas. this is a new area we're going into. but right now i will say it's not adversarial. they're cooperative. >> as you mentioned, some of the statutes that authorize wire tap lawful interception, authorized a collection of evidence, they have not been updated recently.
11:17 am
as technology evolves some of the statutes have not evolved to keep up. we lack the technical ability at this point to properly execute the laws that congress has passed because the technology has by-passed the law. >> okay. we would appreciate hearing from you as we look at these updates. the physical space statutes are there. but we need that application to the virtual space. and this is where it would be helpful to hear from you. what is that framework? what are those penalties? what enables you to best enforce? and so if you could submit to us -- i'm running out of time. submit to us your thoughts on that. it would be helpful and we would appreciate it. mr. chairman i yield back. >> now recognize mr. cramer for five minutes. >> thank you mr. chairman. i thank all of you. it's refreshing to participate in a hearing where people asking
11:18 am
the questions don't know the answer until you give it to us. that's really cool. i want to hone in on the issue of breaking modern encryption by brute force as we call it. that's the ability to apply multiple pass codes and perhaps an unlimited number of pass codes until you break it. that's sort of the trick. with the iphone specifically there's the issue of the data destruction feature. would removing the data destruction feature sort of be at least a partial solution to the -- your side of the formula? in other words, you know, we're not creating the back door, but we are removing one of the tools. and i'm just open minded to it and looking for your out loud thoughts on that issue. >> yes, sir. if i may. certainly that is one potential
11:19 am
solution that we do use and we should continue to use. to be able to guess the right password. is something that we employ in a wide variety and number of investigations. the problem and the challenge is that sometimes those pass code links may get longer and longer. they may involve alphanumeric characters. it could take years to solve that problem regardless of what resources we apply. we ask our investigators to help us be better guessers in order to come up with information or intelligence to help us make a better guess. that's not always possible. >> ten tries and you're out data destruction feature that iphone utilized. that makes your job all the more difficult. would expanding that from 10-20 or unlimited, is there some -- i'm not looking for magic formula.
11:20 am
it seems to me there could be some way to at least increase your chances. >> yes, sir, and that's one of the things that does quite clearly present to us a challenge. usually it takes us more than ten guesses before we get the right answer. if at all. and in addition to that, many companies have implemented services or types of procedures so that there is a time delay between guesses. so after five guesses for example you have to wait a minute or 15 minutes or a day in order to get between those pass codes. >> others? >> i don't think personally that the brute force solution would provide a substantive solution to the problem as ms. hess mentioned. oftentimes the delay is built in, ios went from a four digit pin to a six digit pin. you're increasing the number of guesses to guess it right. if you were to legislate it
11:21 am
would not wipe the data after a specific period of time you would have to write in that pass codes could only be a certain complexity and length. and that would degrade security. what's important to understand is we want security, we want hard encryption but we need a way to quickly be able to access that data because the investigations i work. oftentimes i'm returning against the clock to try to identify a child victim and being able to brute force that in a matter of days or weeks or months is not fast enough. >> thanks for your testimony and all that you do. i yield back. >> someone outside the committee, you're recognized for five minutes. >> i thank the witness for your service to the country. i heard one of you state in your
11:22 am
opening testimony that congress is the correct form to make decisions on data security. i agree with that. however, encryption and related issues are technical, complicated. most members of congress aren't experts in these areas. therefore, it's appropriate that congress authorize a panel of experts from relevant fields to review the issues and advise the congress. the legislation does exactly that. do each of you agree with that approach, the mccall legislation? >> i believe we need to work with industry, academia and all parties to come up with the right solution, yes. >> you agree that's the right approach, convene a panel of experts in cyber security, in privacy, and so on? >> i believe that construct, there are varying aspects of that construct, but, yes, that premise, i would agree with. >> okay. captain.
11:23 am
>> sorry. i really couldn't comment because i haven't seen that bill. >> basically -- >> i agree with what she said, we need to work together, have a panel of experts and advise and work with congress. i do believe the answer is in congress. so i do agree with the principle. >> whatever paradigm helps members of congress feel they are properly balancing civil liberties and security versus ability for law enforcement to conduct investigations, whatever paradigm supports that i fully support. >> you've eliminated some of the information that has been available before in cell phones but no longer is available because of encryption. i thank you for doing that. i was a little in the dark about that. what haven't we heard, though, about information that is now available but wasn't available in the past because of technology? >> i'm having problems thinking of an example that wasn't
11:24 am
before. from my perspective, through investigations that information for, when you combined encryption issue with shorter and shorter retention keeping records, metadata, the process, find an example of an avenue available that wasn't before. >> sir, i would only say i've been in the police department for 3 years. technology opened up avenues for law enforcement. i do think there's a lot of things we are able to obtain today that we couldn't 10 or 20 years ago. technology helped law enforcement. the encryption and the issue we're speaking on today is eliminating a lot of those gains we made.
11:25 am
>> thank you. recording back door access would drive customers to oversee suppliers. if so, we would gain nothing by acquiring back door or exceptional access. do you agree or disagree with that? >> i disagree from the sense that i think many countries are having the same conversation, discussion, because law enforcement in those countries have the same challenges we do. this will continue to be a larger and larger issue. while it may temporarily drive certain people who may decide it's too much of a risk to be able to do business here in this country, i don't think that's the majority. i think the majority of consumers want good products and those products are made here. >> thank you for calling out the quality of american products. i appreciate that, especially since my neighbor here and i represent the part of california where those products are
11:26 am
developed. i think there's always going to be countries where products are available that would supersede whatever requirements we make. also back door access would alert bad actors that there's a weakness in our system and motivate them to try to find those weaknesses. do you agree with that or not? >> i don't believe there's anything such as 100% pure system. there will always be people who are trying to find and exploit those vulnerabilities. >> if we design weaknesses into the system and everybody knows about it, they are going to be looking for those and those are designed weaknesses. i don't see how that could further security infrastructure and so on. i guess my time has expired, mr. chairman. >> thank you.
11:27 am
chair recognizes congressman for five minutes. >> thank you. i appreciate it so much. miss hess, thank you for participating today this much needed hearing. appreciate the entire panel. we're certainly at a crossroads of technology and the law and having the fbi perspective is imperative in my opinion. i have a question about timing. the recent debate has been revised as technology companies are using strong encryption. you describe the problem as growing. what will a hearing like this lo like a year from now, two years from now? what do you see as the next evolutionary step in the debate so we can attempt to get ahead of it. as processors become faster, will the ability to encrypt keep increasing? >> yes, sir. my reaction to that is if things
11:28 am
don't change, this hearing a year from now, we would be sitting here giving you examples how we would solve cases or find predators or rescue victims in increasing numbers. that would be the challenge for us, how can we keep that from happening and how might we be able to come up with solutions working cooperatively together. >> thank you. again, the next question is for the entire panel, please. what have been some successful collaboration lessons between law enforcement and software or hardware manufacturers dealing with encryption. are there any building blocks or success stories we can build upon or have recent advancements in strong encryption making any previous success obsolete for the entire panel. who would like to go first, miss
11:29 am
hess? >> yes, sir. i apologize. could i ask you -- i'm not 100% clear on that question. >> let me repeat it. for the entire panel again. what have been some successful collaboration lessons between law enforcement and software or hardware manufacturers dealing with encryption. that's the first question. there are any building blocks or success stories we can build upon or have the recent advancements in strong encryption made any previous success obsolete. >> yes, certainly deal with industry on a daily basis. come up with secure ways to provide us with that information and still be responsive to our request and our orders. i think building on our successes from the past, clearly there are certain companies, for example, as has been already stated here today that fell under calea. those covered providers have
11:30 am
built ways to respond to appropriate orders and that's provided us with a path so they know when they build those systems what exactly we're looking for and how we need to receive that information. >> sir? >> i'm sorry, sir. i really couldn't comment on that. that's not an area of expertise for me. >> i agree with what miss hess said. there are companies that worked with law enforcement to provide a legal solution and did that voluntarily, technological solution, provide a legal solution such as we can access data. >> thank you. >> building on those collaborations and having other industry members follow in that path would be a great help. >> thank you. next question for the panel. what percentage of all cases jeopardized due to suspect having encrypted device, cell phone, laptop, desktop or something else. i recognize some cases such as
11:31 am
pornography, it may be 100% impossible to charge someone without decrypting their storage device. what about other cases where physical evidence or other evidence might be available. does metadata fill in the gap? for the entire panel, let's start with miss hess, please. >> yes, sir. we are increasingly seeing the issue currently and just the first six months of this fiscal year starting from last october. we're seeing in the fbi the number of cell phones we have seized as evidence. we're encountering passwords about 30% of the time. we have no capability around 13% of that time. we've seen those numbers continue to increase. clearly that presents us with a challenge. >> thank you. >> sir, i'll give you some numbers. we have approximately 102 devices we couldn't get in. these are 67 of them being apple devices. if i just look at 67 apple
11:32 am
devices, 10 related to homicide, two to rape, one to criminal sex acts and two related to members of the police department who were hot. we are seeing an increase as we go forward of phones, not getting information on the phones. one thing i will say, it doesn't always prevent us from making an arrest. however, it doesn't present all the evidence available for the prosecution. >> and to expand on what the chief said. that can be exculpatory evidence we don't have access to. the sad part is when our forensic examiners get called, we ask a series of questions of investigator, is there an iphone, which model? we're told a model 5s or newer, 164 operating system, encrypted. we don't even take that into evidence anymore because we know there's no technical solution. the problem is we never know what we don't know.
11:33 am
we don't know what evidence we're missing. whether that is, again, on a suspect's phone or victim's phone where the victim is not capable of giving us that pass code. >> thank you very much. i appreciate it, mr. chairman. i yield back the time. >> i think we have one last question for the first panel. that's gentlelady from california. >> thank you for extending that legislative encouragement to be here and join in on this hearing because i'm not a member of the subcommittee. the rules of the committee allow us to, and i appreciate your courtesy. i first want to go to captain cohen. i first heard you say apple disclosed its source code to the chinese government.
11:34 am
i believe that you said that. that's a huge allegation for nypd to base on some news stories. can you confirm this? >> yes, ma'am. i'm with indiana state police, not nypd. >> i'm sorry. >> what i said in my testimony, i have found several news stories but i was unable to find anything to either confirm or deny -- >> did you say that? i didn't hear all of your presentation around that allegation. but i think it's very important for the record that we set this straight. that takes my breath away. that's a huge allegation. so thank you. to miss hess. the san bernardino case is really illustrative for many reasons. one of the more striking aspects to me is the way in which fbi approached the issue to gaining access to that now infamous
11:35 am
iphone. we know the fbi went to court we know the fbi went to court to force a private company to for the government. i think that's breathtaking. it takes my breath away to try and digest that. then to use that information whenever and however it wishes. some disagree, some agree, but i think that this is a worthy and very, very important discussion. this came about after the government missed a key opportunity to back up and potentially recover information from the device by resetting the icloud password in the days following the shooting. the congress has appropriated
11:36 am
just shy of $9 billion, with a b, dollars for the fbi. now, out of that $9 billion and how those dollars are spread across the agency, how is it that the fbi didn't know what to do? >> yes, ma'am. >> how can that be? >> in the aftermath of san bernardino, we were looking for any way to identify whether or not -- >> did you ask apple -- did you call apple right away and say, we have this in our possession. this is what we need to get. how do we do it, because we don't know how? >> we did have discussions with apple. >> when? after it was essentially destroyed because more than 10 attempts were made relative to the pass code. >> i'm not sure. i'll have to take that as a question for the record. >> i'd like to know, miss hess,
11:37 am
your response to this. i served for almost a decade on the house intelligence committee. during my tenure, michael hayden was the cia director. now he's the former director of cia he has said america is safer with unbreakable end to end encryption. tell me what your response is to that. >> my response -- >> i think cyber crime, excuse me, is embedded in this whole issue but i'd like to hear your response to the former director of the cia. >> yes, ma'am. from what i have read and heard from what he has said, he certainly, i believe, emphasizes and captures what was occurring
11:38 am
at the time that he was in charge of those agencies. >> has his thinking stopped from the time he was cia director to being former, and he doesn't understand encryption any longer? what are you suggesting? >> technology proceeds at such a rapid pace, one must be constantly in that business in order to keep up with the iterations. >> let me ask you about this. once criminals know that american encryption products are open to government surveillance, what's going to stop them from using encrypted products and applications that fall outside of the jurisdiction of american law enforcement? i've heard you repeat over and over again we're talking to people in europe, we're talking. i don't know. is there a body that you're working through? has this been formalized? because if this stops at our border but doesn't include
11:39 am
others, this is a big problem for the united states of america, law enforcement, and american products. >> the gentlelady's time has expired. >> can she respond. >> working with international committee. >> how? is there some kind of international body you're working through? >> thank you. >> can she answer that? >> do you want to finish your remark? >> there's no one specific organization that we work through. there are a number of organizations we work through to that extent. >> thank you, mr. chairman. >> mr. chairman, i'd ask unanimous consent all of the members of the committee, as well as the members of the full committee who have been asked to sit in be allowed to supplement their verbal answers with written answers of the witnesses. >> approved. >> without any members seeking
11:40 am
to be recognized for questions i'd like to thank the witnesses for their testimony today. now i'd like to call the witnesses for our second panel to the table. thank you again.
11:41 am
okay. start the second panel, i'd like to introduce the witnesses of our second panel for today's hearing started with mr. bruce sewell will lead off the second panel. mr. sewell is apple's general counsel and senior vice president of legal and global security.
11:42 am
he serves on the executive board and oversees all matters including corporate governance and privacy. we thank you for being with us today and look forward to comments. also like to welcome amit yoran, the president of american security company. as president, responsible for developing rha strategic vision and operation across the business. thank you for appearing before us today and we appreciate the testimony. next, we welcome dr. matthew blaze, the associate professor of computer and information science at the university of pennsylvania. dr. blaze is a researcher in the area of secure systems, cryptology, he's been at the forefront over a decade and appreciate his being here and offering testimony on this very important issue.
11:43 am
finally i'd like to introduce dr. daniel weitzner, who is director and principle research scientist at computer science and artificial intelligence laboratory, decentralized information group at the massachusetts institute of technology. mr. weitzner previously served as united states technological officer for internet policy in the white house. we thank him for being with us today and look forward to learning from his expertise. i want to thank all of our witnesses for being here and look forward to the discussion. as we begin, you're aware this committee is holding an investigative hearing. when doing so has had the practice of taking testimony under oath. do any of you have objection to testifying under oath? seeing none, the chair advises you under the rules of the house and rules of the committee
11:44 am
you're entitled to be advised by counsel. do any of you desire to be represented or advised by counsel during your testimony today. seeing none, in that case full rise and raise your right hand, i will swear you in. do you swear that the testimony you're about to give is the truth, the whole truth, and nothing but the truth? thank you. you're now under oath and subject to penalties in title 18-1001 of the code. you now have a five-minute summary -- each of you may give a five-minute summary of your written statement starting with mr. sewell. >> thank you chairman murphy and members of the subcommittee. it's my pleasure to appear before you today on behalf of apple. we appreciate your invitation and opportunity to be part of this discussion on encryption.
11:45 am
hundreds of millions of people trust apple products with the most intimate details of their daily lives. some of you may have a smartphone in your pocket right now. if you think about it, there's probably more information stored on the phone than a thief could get breaking into your home. it's not just a home. it's a photo album, a wallet, it's how you communicate with your doctor, your partner and your kids. it's also the command central for your car and your home. many people also use their smartphone to authenticate and gain access to other networks, businesses, financial systems and critical infrastructure. we feel a great sense of responsibility to protect that information and that access. for all of these reasons, our digital devices, indeed, our entire digital lives are increasingly and persistently under attack by attackers. their attacks grow more every day, the quest fuels multi-billion dollar covert world of thieves, hackers and
11:46 am
crooks. we're all aware of some of the recent large scale attacks. hundreds of thousands of social security numbers were stolen from irs. u.s. office of personnel management has said as many as 21 million records were compromised and as many as 78 million people were affected by an attack on anthem's health insurance records. the best way we and technology industry know how to protect your information is through the use of strong encryption. strong encryption is a good thing. it is a necessary thing. the government agrees, encryption is the backbone of cyber security infrastructure and provides the very best defense we have against increasingly hostile attacks. the united states has spent tens of millions of dollars through the open technology fund and other programs to fund strong encryption. the administration's review group on intelligence and communications technology urged the u.s. government to fully
11:47 am
support and not in any way subvert, undermine or weaken generally available encryption software. at apple with every release of software we advance safety and security features in our products. we work hard also to assist law enforcement because we share their goal of creating a better world. i manage a team of dedicated professionals on call 24 hours a day, 365 days a year. not a day goes by where someone on my team is not working with law enforcement. we know from our interaction with law enforcement officials the information we're providing is extremely useful helping to solve crimes. keep in mind people subject to law enforcement inquiries represent far less than one-tenth of 1% of our hundreds of millions of users. but all of those users, 100% of them, would be made more vulnerable if we were forced to build a back door.
11:48 am
as you've heard from our colleagues in livermore, they have the perception that encryption walls off information from them. but technologists and national security experts don't see the world that way. we see a data rich world that seems to be full of information, information that law enforcement can use to solve and prevent crimes. this difference in perspective, this is where we should be focused. to suggest american people is to choose between privacy and security is a false choice. the issue is not about privacy at the expense of security it's about safety and security. we feel strongly americans will be better off if we can offer protections for their digital lives. mr. chairman, that's where i was going to conclude my comments but i think i owe it to this committee to add one additional thought. and i want to be very clear on this. we have not provided source code to the chinese government.
11:49 am
we did not have a key 19 months ago that we threw away. we have not announced we're going to apply pass code encryption to the next generation icloud. i just want to be very clear on that because we heard three allegations. those allegations have no merit. thank you. >> thank you. we turn to the second panelist. >> chairman murphy, ranking member and members of the committee, thank you for the opportunity to testify. i applaud the committee's effort to better understand all aspects of this debate. my name is amit yoran. i'd like to thank my mom for coming to hear my testimony today. in case things go sideways, i assure you she's much tougher than she looks. i've spent over 20 years in the cyber security field. in my current role i strive to
11:50 am
ensure we provide industry leading cyber security solutions. we have been a security leader more than 30 years. more than 30,000 global customers we serve represent every sector of our economy.
11:51 am
serving justice. partnered with law enforcement agencies to advance and protect our nation and the rule of law. where lawful court orders mandate or moral alignment encourages it many tech companies have a regular,
11:52 am
ongoing and cooperative relationship with law enforcement in the u.s. and abroad. simply put, it is in all of our best interest for the laws to be enforced. i have four points i'd like to present today, all of which i've extrapolated on in my written testimony. first, this is no place for extreme positions or rush decisions. the line connecting privacy and security is as delicate to national security as it is to our prosperity as a nation. i encourage you to continue to evaluate the issue and not rushz to a solution. second, law enforcement has access to a lot of valuable information they need to do their job. i would encourage you to ensure that the fbind law enforcement agencies have the resources and are prioritizing the tools and technical expertise required to keep up with the evolution of technology and meet their important mission. third, strong encryption is foundational to good cyber security. if we lower the bar there, we expose ourselves further to those that would do us harm. as you know, recent terrorist attacks have reinvigorated calls for exceptional access mechanisms. this is a call to create back door to allow law enforcement access to all encrypted information. exceptional access increases complexity and introduces new vulnerabilities. it undermines integrity of internet infrastructure and introduces more risk, not less, to our national interest. creating a back door to encryption means creating opportunity for more people with nefarious intentions to harm us. sophisticated as ver sears and criminals would not knowingly use methods they know law enforcement could access, particularly when foreign encryption is readily available. therefore, any perceived gains to our security from exceptional
11:53 am
access are greatly overestimated. fourth, this is a basic principle of economics with very serious consequences. our standard of living depends on the goods and services we can produce. if we can require exceptional access from companies that would make us less secure, the market will go elsewhere. worse than that, it would weaken our power, utilities, infrastructure, manufacturing, health care, defense, and if anything systems. weakening encryption would significantly weaken our nation. simply put, exceptional access does more harm than good. this is the seemingly unanimous opinion of the entire tech industry, academia, national security industry as well as all industries that rely on encryption and secure products. in closing, i'd like to thank all the members of the community for their dedication understanding this complex issue.
11:54 am
>> thank you. dr. blaze. >> thank you, mr. chairman and members of the committee for the opportunity to testify before you today. the encryption issue, which you know i've been involved with for over two decades now has been characterized as a question of whether we can build systems that keep the good guys -- a lot of the good guys in but keep the bad guys out. much of the debate focused on questions of whether we can trust the government with keys for data. but before we can ask that question, and that's a legitimate political question that the political process is
11:55 am
well equipped to answer, there's an underlying technical question of whether we can trust the technology to actually give us a system that does that. and unfortunately, we simply don't know how to do that safely and securely at any scale and in general across the wide range of systems that exist today and that we depend on. it would be wonderful if we could. it would solve -- if we could build systems with that kind of assurance, it would solve so many of the problems in computer security and in general computer systems that have been with us since really the very beginning of software-based systems. but unfortunately many of the problems are deeply fundamental. the state of computer and
11:56 am
network security today can really only be characterized as a national crisis. we hear about large scale data breaches, compromises of personal information, financial information, and national security information literally on a daily basis today. and as systems become more interconnected and become more relied upon for the function of the fabric of our society and for our critical infrastructure, the frequency of these breaches and their consequences have been increasing. if a computer science had a good solution for making large scale robust software, we would be deploying it with enormous enthusiasm today. it is really at the core of fundamental problems we have. we are fighting a battle against
11:57 am
complexity and scale that we are barely able to keep up with. i wish my field had simpler and better solutions to offer, but it simply does not. we have only two good tools, tried and true tools, that work for building reliable robust systems. one of those is to build the systems to be as simple as possible, to have them include as few functions as possible, to decrease what we call the attack surface of these systems. unfortunately we want systems more complex and more integrated with other things and that becomes harder and harder to do. the second tool we have is photography, which allows us to trust fewer components of the system, rely on fewer component
11:58 am
of the system, and manage the inevitable insecurity that we have. unfortunately proposals for exceptional access methods that have been advocated by law enforcement, and we heard advocated for by members of the previous panel, work against really the only two tools that we have for building more robust systems. we need all the help we can get to secure our national infrastructure across the board. there's overwhelming consensus in the technical community that these requirements are incompatible with good security engineering practice. i can refer you to a paper i collaborated on called keys under door mats that i referenced in my written testimony that i think describes the consensus of the technical community pretty well here. it's unfortunate that this debate has been so focused on this narrow and very potentially dangerous solution of mandates
11:59 am
for back doors and exceptional access because it leaves unexplored potentially viable alternatives that may be quite fruitful for law enforcement going forward. one of -- there's no single magic bullet that will solve all of law enforcement problems here, or really anywhere in law enforcement, but a sustained and committed understanding of things like exploitation of data in the cloud, data available in the hands of third parties, targeted exploitation of devices such as miss hess described in her testimony will require significant resources but have the potential to address many of the problems law enforcement described. we owe it to them, and to all of us, to explore them as fully as we can. thank you very much. >> thank you vice chairman mckinley, chairman murphy and
12:00 pm
ranking member, thank you for having me. i think this hearing comes at a very important time in the debate about how to best accommodate the very real needs of law enforcement in the digital age. i want to say i don't think there's any sense in which law enforcement is exaggerating or overstating the challenges they face and i don't think they should be surprised they have big challenges. we think about introduction of computers in our society, workplace and homes. to be colloquial, it throws everyone for a loop for a while. our institutions take a while to adjust. we shouldn't expect this problem to be solved overnight. i do think that's happening at this point in the debate, as some of the previous witnesses said, we are, i think, seeing a growing consensus that introducing mandatory infrastructure-wide back doors
12:01 pm
is not the right approach. i'm going to talk about some ways we can move forward. i'm going to why i think it is. it comes back to safe-deposit box analogy we heard. we all do think it's reasonable banks should have a second key to our safe-deposit boxes and maybe you should have drills to drill through the locks in case you can't find one of the keys. the problem here is we're all using the same safe, every single one of us. so if we make those safe-deposit boxes too easy to drill into or someone gets ahold of the key, then everyone at risk, not just couple thousand customers who happen to be at one bank. that's why we see political leaders around the world rejecting the idea of mandatory back doors. recently secretary of defense ash carter said, i'm not a believer in back doors or single technical approach. i don't think it's realistic he said. robert hanigan, director of uk said in a talk he delivered at mit that mandatory back doors are not the solution. epps encryption should not be weakened, let alone banned. neither is it true nothing can be done without weakening encryption.
12:02 pm
he said i'm not in favor of weakening encryption or mandatory back doors. vice president of european commission, who was the former prime minister of estonia and famous for digitizing almost the entire country and the government, said if people know there are back doors, how could people, for example, who vote online trust the results of the election if they know their government has a key to break into the system. two very quick steps that i think we should avoid going forward, and then a few suggestion about how to approach this challenge that you face. number one, i think you've heard us all say we have to avoid introducing new vulnerabilities into an already quite vulnerable information infrastructure. it would nice if we could choose only the bad guys got weaken encryption and the rest of us got strong encryption but i think we understand that's not
12:03 pm
possible. you've also heard reference to calea, a piece of legislation in this commission, extending calea to apply to internet companies. if you look closely at calea, it shows just how hard it will be to solve the problem in one size all solution. calea, a few telecommunication companies that had the same product, regulated in then stable way by federal communications industry. internet, platform, mobile apps, device industry is incredibly diverse, global industry. there's no single regulatory agency that governs those services and products. that's very much by design, and so i think trying to impose a top down regulatory solution on
12:04 pm
this whole complex of industries in order to solve this problem simply won't work. what can we do going forward? number one, i think that in the effort of the encryption working group this committee and judiciary committee set up, i think it's very important to look closely at the specific situations law enforcement faces, at the specific court orders they have been issued which have been successfully satisfied, which haven't, which introduce system wide vulnerabilities if followed through and which could be pursued without systemwide risk. i think there's a lot to be learned about best practices both of law enforcement and technology companies. there are probably some law enforcement agencies and technology companies that could up their game a little bit if they had a better sense of how to approach this issue.
12:05 pm
i also think it's awfully important that we make sure to preserve public trust in this environment, in this internet environment. i think we understand in the last five years that there's been significant concern from the public about the powers both of government and private sector organizations. i think it's a great step that the house judiciary committee moving forward and amendments electronic communications privacy act that will protect data in the cloud. i think we can do more of that and ensure public data is protected both in the context of government surveillance and private sector use that will be able to move forward with this issue more constructively. thanks very much and i'm looking forward to the discussion. >> thank you very much for your testimony and for the whole panel, if i might recognize myself for the first five minutes with some questions. mr. sewell, you made quite a point that you have not provided the source codes to china. that was interesting. it had come up in the earlier panel on that. were you ever asked to provide by anyone? >> by the chinese government or anyone? >> yes. >> we have been asked by the chinese government, we refused. >> how recent were you asked? >> within the past two years.
12:06 pm
>> okay. >> mr. yoran, i've got a couple questions for you. first i was a little taken back, you said don't rush on this solution, whatever that might be. as i said earlier, this has been 5 1/2 years i've been hearing everyone talk about it and they are not getting anything done. i think we're waiting. i don't know what we're waiting for. there's got to be a solution. i'm one of three licensed engineers in congress. by now we would have the solution if there were more engineers and less attorneys here, perhaps. i might, your question, i understand your company was founded by original creators of critical algorithm and public cryptography. needless to say encryption is your company's dna. if anyone understands the importance of protecting encryption keys, it's your company. yet apparently several years ago someone stole your seed keys. as i understand, these are the
12:07 pm
keys that generate keys, that are used for remote access, much like those used by members and their staff. if a company like yours, as sophisticated as it is and all the security you have can lose control of encryption keys, how can we have confidence in others, especially smaller companies, the ability to do the same. >> mr. chairman, i think you bring up two great points. the first statement i would make is that i'd like to highlight the fact a tremendous amount of cooperation happens currently between law enforcement and the tech community. so the characterization we've made no progress over the last five years understates the level of effort put forth by the tech community to reapply to and support the efforts of law enforcement. i think what's occurring is -- and i won't call it a line in the sand, but i think the current requests of law enforcement have now gotten to
12:08 pm
the point where they are requesting a mandate that our product be less secure and will have a tremendous and profound negative impact on our society and public safety as has already been made the point earlier. the second point regarding -- that highlights the very critical role encryption plays in the entire cyber security puzzle. the fact that sophisticated threat actors, nation, state or cyber criminals are going to target the supply chain and where strong encryption and strong cyber security capabilities come from. we're dealing with incredibly sophisticated adversary and one that would put forth a tremendous effort to find back doors if they were embedded in our security systems. it highlights the value of encryption to society in general. i think it also highlights importance of transparency around cyber breaches and cyber
12:09 pm
security issues. >> thank you. in the first testimony, first panel, stay with you, mr. yoran, talked about security of our infrastructure. and i think the response was along the line that that's not -- it's not an encryption problem, it's a firewall problem. i'm not sure that the american public understands the difference between that. so i'm going to go back. how comfortable should we be, can we be, we have proper protection on security from firms like yours that our energy, our transportation system, particularly our grid, as i said, we've been -- we're subject to it. we know we've already been attacked once. so what more should we be doing? >> mr. chairman, i think the point made by the response provided by earlier panelist was wrong.
12:10 pm
i think encryption plays an incredibly important role protecting critical infrastructure. it is not -- this is a firewall solution or encryption solution, most organizations that truly understand cyber security have a diverse set of products, applications, and many layers of defenses, knowing that adversaries are going to get in through fire walls. not only adversaries but important openings are created in fire walls so that the appropriate parties can communicate through them as well. those path are frequently leveraged by adversaries to do nefarious things. >> are you acknowledging we still are very vulnerable to someone with the electric grid? >> i believe we're vulnerable in
12:11 pm
any infrastructure that leverage technology. how much of it is the entire grid, how much is localized, i certainly believe utilities are exposed. >> let me in closing to all four of you, if you've got suggestion how we might address this, i'm hearing time and time in the district with our grid system, i'd sure like to hear back from you what we might do. with that yield the next question from the ranking member from colorado. >> thank you so much. following up on the last question, i'd like to stipulate that i believe, as most members of the panel believe, strong encryption is critical to national security and everything else. as i said in my opening statement, i also recognize we need to try to give law enforcement the ability to
12:12 pm
apprehend criminals when criminals are utilizing this technology to be able to commit their crimes and cover up after the crimes. first of all, mr. sewell, i believe you testified that your company works with law enforcement now. is that correct? >> that is correct. >> thanks. and i think you would also acknowledge that while encryption really does provide benefit both for consumers and for society for security and privacy, we also need to address this thorny issue about how we deal with criminals and terrorists who are using encrypted devices and technologies. is that correct? >> i think this is a very real problem.
12:13 pm
let me start by saying the conversation we're engaged in now has become something of a conflict, apple versus the fbi. >> right. >> just the wrong -- >> you don't agree with that, i would hope. >> absolutely not. >> mr. yoran you don't agree with that, that it's technology versus law enforcement, do you? yes or no will work. >> no, i don't agree. >> i'm assuming you dr. blaze. >> no. >> and you? that's good. here is another question, then. i asked the last panel that. do you think it's a good idea for the fbi and other law enforcement agencies to have to go to third party hackers to get access to data for which they have court orders to get.
12:14 pm
>> i don't think that's a good idea. >> do you think so, mr. yoran? >> no, ma'am. >> dr. blaze? >> no. if i could just clarify the fact that the fbi had to go to a third party indicates that the fbi either had or devoted insufficient resources to finding a solution. >> right. i'm going to get to that in a second. so it's just really not a good model. so here is my question. mr. yoran, do you think the government should enhance its own capabilities to penetrate encrypted systems and pursue work arounds when legally entitled to information that cannot obtain either from the users directly or service providers. do you think they should develop that? >> yes, ma'am. >> do you think they have the ability to develop that? >> yes, ma'am. >> professor, do you think they have the ability to develop that? >> it requires enormous resource. they probably with the resource they currently have, i think it's likely they don't have the ability? >> what congress has, we may not be internet experts but we have resources. >> i think this is a soluble problem. >> mr. weitzner? >> i think they certainly should have the resources. i think really the key question is whether they have the personnel and i think it will take some time to build up a set of -- >> i understand it will take time but do you think they can
12:15 pm
develop resources. >> thank you. okay. so mr. yoran i want to ask you another question. do you think that all of us supporting the development of increased capability within the government can be reasonable path forward as opposed to relying on technologies or companies with new systems. do you think that's a better source? >> yes, ma'am. >> i guess mr. sewell you agree with that, too. >> more time, money, resources on the fbi training -- >> would apple be willing to help them with those capabilities? >> we actively do help them. >> so your answer would be yes. >> participate in training. >> helping them develop those new capabilities. >> what we can do is help them understand our ecosystem. that's what we do on a daily basis. >> i'm not trying to trick you. >> i'm responding. your answer would be yes, you're
12:16 pm
willing to help us with law enforcement and congress to solve this problem. is that correct, mr. sewell? >> i want to solve the problem like everyone else. >> are you willing to work with law enforcement and congress to do it, yes or no? >> congresswoman, we work with them every day. of course we are. >> yes or no will work. thank you. >> mr. yoran? >> yes. >> mr. blaze? >> yes. >> thank you so much. mr. chairman. >> thank you. now recognize mr. griffith from virginia. >> i appreciate that. just a small college history major who then went into law. as a part of that, mr. sewell, i would have to ask, would you agree with me that it took in the history of mankind took us thousands of years to come up
12:17 pm
with civil liberties and perhaps 5 1/2 years isn't such a long time to try to find a solution to this current issue? and likewise, it was -- the answer was in the affirmative for those who may not have heard that. >> yes. >> and it was lawyers who actually created the concept of individual liberty and one that our country has been proud to be the leader in the world in promoting. would that also be true. >> that's very true, yes. >> that being said, i was pleased to hear answers to miss dagett to solve this. there is no easy answer. i like the safe-deposit box analogy. thanks for ruining that for me, in your analysis. i would ask mr. sewell if there isn't some way -- and again, i can't do what you all do. so i have to simplify it to my terms. is there some way we can create the vault that the banks have with the safety deposit box in it. once you're inside of there, if you want that security, because not everybody has a safety
12:18 pm
deposit box, but if you want that security, then there's a system of dual but separate keys with companies like yours or others holding one of the two keys and the individual holding the other key and having the ability to, with a proper search warrant, have law enforcement be able to get in? i'm trying to break it down into a concept i can understand, where i can then apply what we have determined over the course of the last several hundred years is the appropriate way to get information. it's difficult in this electronic age. >> it is very difficult, congressman, i agree. we haven't figured out a way that we can create an access point and then create a set of locks that are reliable to protect access through that access point. that's what we struggle with. we can create an access point and we can create locks, but the problem is the keys to that lock will ultimately be available somewhere. if they are available anywhere, they can be accessed by both good guys and bad guys. >> you would agree with mr. weitzner's position or his
12:19 pm
analysis, which i thought was accurate, the problem is we're not giving a key and a drill to one safety deposit box, it's everybody in the bank who suddenly would have their information open. i saw that you wanted to make a comment, mr. weitzner. >> i just want to -- since this analogy seems to be working, you know, we don't put much stuff in our safe-deposit boxes, right? i don't have one, to be honest. i think that there's this core concern back to your civil liberties framework somehow we have a warrant-free zone that's going to take over the world. i think that if you follow the safety deposit box analogy, what we know is that the information
12:20 pm
that's important to law enforcement exists in many places. i don't question that there will be some times when law enforcement can't get some piece of information it wants. i think what you're hearing from a number of us and from the technical community is that this information is very widely distributed. much of it is accessible in one way or the other or inferable from information by third parties. the path to try to understand how to exploit that to the best extent possible in investigations so that we're not all focused on the hardest part of the problem. the hardest part is what do you do if you have very strongly encrypted data, can you ever get it. it may not be the best place to look all the time because it may not always be available.
12:21 pm
>> historically you're never able to get ahold of everything. dr. blaze, you wanted to weigh in. >> i want to caution the split key design, as attractive as it sounds was also at the core of the nsa designed clipper chip, which was where we started over two decades ago. >> i appreciate that. mr. yoran, i've got to tell you, i did think your testimony and written testimony in particular was enlightening in regard to the fact if we do shut down the u.s. companies, then there may even be safe havens created by those countries not our friends and specifically our enemies. unfortunately i wanted to ask a series of questions on that and i see my time is expired and i'm required to yield back, mr. chairman. >> welcome looking at other panel members, we have miss brook from indiana. your five minutes. >> thank you, mr. chairman. i'd like to start out with a comment that was made in the first panel. i guess this is to mr. sewell,
12:22 pm
whether or not you can share with us. does apple plan to use encryption in the cloud? >> we have made no such announcement. i'm not sure where that statement came from, but we made so such announcement. >> i understand you made no such announcement, but is that being explored? >> i think it would be irresponsible for me to tell you we're not even looking at that, but we have made no announcement, no decision has been made. >> and are these discussions helping inform apple's decisions? and is apple communicating with any law enforcement about that possibility? >> these discussions are enormously helpful. i would be glad to go further into that. i have learned some things today i didn't know before. so they're extremely important. we have considering, talking to people, we are being very mindful of the environment in which we're operating. >> and i have certainly seen and i know that apple and many
12:23 pm
companies have a whole set of policies and procedures on compliance with legal processes and so forth. and so i assume that you have regular conversations with policymakers of law enforcement, whether it's fbi or other agencies on these policy issues. is that correct? >> that's very correct. i interact with law enforcement at two very different levels. one is a very operational level. my team supports daily activities in response to lawful process. we work very closely on actual investigations. i can mention at least two where we have recently found children who have been abducted. we have been able to save lives working directly with our colleagues in law enforcement. at that level, we have a very good relationship. i think that gets lost in the debate sometimes. at the other side, i work at perhaps a different level. i work directly with my counterpart at the fbi. i work directly with the most
12:24 pm
senior people in the department of justice. and i work with senior people in local law enforcement on exactly these policy issues. >> i thank you and all the others for cooperating with law enforcement and working on these issues. but it seems as if most recently, there have not been enough of -- enough of the discussions, hence that's why we're having these hearings and why we need to continue to have these hearings. but i think that we have to continue to have the dialogue on the policy while continuing to work on the actual cases and recognize that obviously technology companies have been tremendously helpful, and we need them to be tremendously helpful in solving crimes and preventing future crimes. it's not just about solving crimes already perpetrated, but it's also, particularly with respect to terrorism, how do we insure we're keeping the country safe. i'm curious with respect to a couple questions with respect to legal hacking.
12:25 pm
and what -- and the types of costs that are associated with legal hacking, as well as the personnel needed. and since the newer designs of iphones prevent the bypassing of the built-in encryption, does apple actually believe that lawful hacking is an appropriate method for investigators to use to assess the evidence in investigations? >> so, i don't think we have a firm position on that. i think there are questions that would have to be answered with respect to what the outcome of that lawful hacking is, what happens to the product of that lawful hacking. so i don't have a formal corporate position on that. >> but, so then because that has been promoted, so to speak, as far as a way around this difficult issue, are you having those policy discussions about apple's view and the technology sector's view on lawful hacking? are those discussions happening with law enforcement? >> i think this is a very nascent area for us. but particularly, the question is what happens to the result?
12:26 pm
does it get disclosed, does it not get disclosed? that is an issue that has not been well explored. >> do you have an opinion on lawful hacking? >> not an opinion on lawful hacking in specific, but i would just point out that doing encryption properly is very, very hard. trying to keep information secret in the incredibly interconnected world we live in, is very, very hard. and i would suggest that it's getting harder, not easier. so the information, the data that law enforcement has access to is certainly much more than the metadata that they have had over the past several years. but now as applications go to the cloud, the cloud application providers need to access the data. so the sensitive information is not just on your iphone or other device. it's sitting in the cloud, and law enforcement has access there because it cannot be encrypted. it needs to be accessed by the cloud provider in order to do the sophisticated processing and provide the insight to the consumer that they're looking for.
12:27 pm
>> my time has expired. i have to yield back. >> thank you. and no other members of the subcommittee that are with us, we can then -- >> mr. chairman. >> i'm sorry. >> okay. you're on the subcommittee? >> no. >> we're going, none of the subcommittee so now we're going to members who have been given privileges to speak. i was advised to go to the other side. your five minutes. >> thank you, mr. chairman. first of all, to mr. yoran, i love your suit and tie. it brings a little of the flavor of my district into this big old hearing room. and warm welcome to your mother. i don't know where she is, but it's great to have your mother here. great, wonderful. i know that associate professor blaze talked about the crisis of
12:28 pm
the vulnerability in our country relative to, you know, how our systems, how vulnerable our systems are. i would just like to add for the record that up to 90% of the breaches in our system in our country are due to two major factors. one is systems that are less than hygiene. unhygienic systems. number two, very poor security management. so i think the congress should come up with at least a floor relative to standards. and so that we can move that word crisis away from this. but we really can do something about that. i know it costs money to keep systems up. and there are some that don't invest in it. but that can be addressed. the word conversation has been
12:29 pm
used, and i think very appropriately. and this is a very healthy hearing. unfortunately, the first thing the american people heard was a very powerful federal agency on the -- you know, within moments of the tragedy in san bernardino, demand of a private company that they must do this, otherwise we will be forever pitted against one another, and there is no other resolution except what i call a swinging door that people can go in and out of. when i say people, in this case, it's the government. the american people have a healthy suspicion of big brother. but they also have a healthy suspicion of big corporations. they just do. it's in our dna. i don't think that's an
12:30 pm
unhealthy thing. but that first snapshot, i think, we need to move to the next set of pictures on this. and i'm heartened that the panel seems to be unanimous that this weakening of our overall system by having a back door, by having a swinging door, is not the way to go. so in going past that, i would like to ask mr. sewell the following. whether introducing the third-party access, and that's been talked about, i think that would fundamentally weaken our security. how does third-party access impact security? how likely do you think it is that law enforcement could design a system to address encrypted data that would not carry with it the unanticipated weaknesses of its own? i'm worried about law
12:31 pm
enforcement in this. i want to put this on the record as well. i think that it says something that the fbi didn't know what it was doing when it got ahold of that phone. and that's not good for us. it's not going to attract smart young people to come into a federal agency because what it says to them is they don't know -- it doesn't seem to us they know what they're doing. can you address this third-party access and what kind of effect it would have on overall security? >> thank you very much for the question. if you allow third-party access, you have to give the third party a portal in which to exercise that access. this is fundamentally the definition of a back door, or a swinger door, as you have, i think, very aptly described it. there is no way that we know of to create that vulnerability, to create that access point.
12:32 pm
and more particularly, to maintain it. this was the issue in san bernardino, was not just give us an access point, but maintain that access point in perpetuity so we can get in over and over and over again. that, for us, we have no way of doing that without undermining and endangering the entire encryption infrastructure. we believe that strong ubiquitous encryption is the best way we can maintain the safety, security, and privacy of all of our users. that would be fundamentally a problem. >> thank you very much. thank you, mr. chairman, and again, thank you to the witnesses. you have been, i think, most helpful.
12:33 pm
>> i apologize. i ran out for a while, but i get to ask a few questions here. mr. sewell, we can all understand the benefits of strong encryption, whether it's keeping someone's own bank statement, financial records encrypted, so we don't have to worry about hackers there. we also offered compelling testimony about law enforcement, criminal activity, child predators, homicide, et cetera. based on your experience, what we heard today, can you acknowledge that this default encryption does provide a challenge for law enforcement? >> i think it absolutely does. and i would not suggest for a moment that law enforcement is overstating this same claim that has been made by other panelists. i think the problem is that there's a fundamental disconnect between the way we see the world and the way law enforcement sees the world. and that's where i think we ought to be focusing. >> what is that disconnect? >> the disconnect has to do with the evolution of technology in society. and the impact of that technology in society. what you have heard from our colleagues in law enforcement is that the context in which
12:34 pm
encryption occurs reduces the scope of useful data that they have access to. this going dark problem. if you talk to technologists, we see the world in a very different way. we see the impact of technology is actually a burgeoning of information. we see there's an abundance of information, and this will only increase exponentially as we move into a world where the internet of things becomes part of our reality. so you hear on one side, we're going dark. you hear on the other side, there's an abundance of information. that circle needs to be squared. the only way i think we can do that is by cooperating and talking and engaging in the kind of activity that the madam was suggesting. >> i appreciate that. that's a very compelling argument you gave, but i have no idea what you just said. let me put this into terms we can all talk about. your time from the first panel, child predators were able to hide behind this invisible cloak. a murder scene in where they could have perhaps caught who did this. we know when it comes to crimes, there are those who won't commit
12:35 pm
crimes because they have a good moral compass. we have those who will commit them anyway because they have none. we have those who can be deterred because they think they might get caught. and we have terrorist acts where you can get into a cell phone from someone who has committed a terrorist act, you can find out if they're planning more and save other lives. so what do you tell a family member who has had their child abused and assaulted in unspeakable forms? what do you tell them about burgeoning technology? i mean, tell me what comfort we can give someone about the future? >> i think in situations like that, of course, they're tragic. i'm not sure there's anything any one of us could say to ease that pain. on the other hand, we deal with this every day. we deal with cases where
12:36 pm
children have been abducted. we work directly with law enforcement to try to solve those crimes. we had a 14-year-old girl from pennsylvania who was abducted from her captor. we worked immediately with the fbi to identify the location where she had been stashed. we were able to get feet on the ground in a matter of hours, find that woman, rescue her, and apprehend -- >> that's good. i appreciate that. but what about -- i look at this case, it was presented, when someone may have a lot of information hidden, and if they could get in there, whether it is child predators or it is a terrorist where we could prevent more harm. >> and we're missing the point of technology here. the problems that we're trying to solve don't have an easy fix. >> i know that. i need to know you're working in a direction that helps. >> absolutely. >> that's what i'm trying to help -- >> hashing images so when the images move across the internet,
12:37 pm
we can identify them. we can track them. the work that we do with operation railroad is exactly that. it's an example of taking technology, taking feet on the ground, law enforcement techniques, and marrying them together in a way that fundamentally changes. >> for people using encrypted sources, whether it's by default or intention to hide their data and their intention and their harmful activity that they're planning on hurting more, what do we -- what do we tell the public about that? >> we tell the public that fundamentally we're working on the problem and we believe strong ubiquitous encryption provides -- >> does that mean apple is working with the fbi and law enforcement. the response of apple is we ought to have a commission. you're looking at the commission. we want to find solutions. we want to work with you. i'm pleased you're here today. you heard many of us say we don't think there's right or wrong absolutes. this is not black and white. we're all in this together. and we want to work on that. i need to know about your commitment, too, in working with law enforcement.
12:38 pm
could you make a statement? >> could i tell you a story? i sat opposite my counterpart at the fbi, a person that i know very well. we don't talk frequently, but we talk regularly. we're on a first-name basis. i sat opposite him and said amidst all this clamor and rancor, why don't we set aside a day? we'll send some smart people to washington or you send smart people to cupertino and what we'll do is talk to you about what the world looks like from our perspective. what is this explosion of data that we see, why do we think it's so important, and you talk to us about the world. how do they think ability technology? how do they think about the problems that they're trying to solve? and we are going to sit down together for a day. we were planning that at the time that the san bernardino case was filed. that got put on hold. but that offer still exists.
12:39 pm
that's the way we're going to solve these problems. >> chairman. >> yes? >> will you yield for one second? you know, mr. sewell, if we can facilitate that meeting in any way, i'm sure the chairman and i would be more than happy to do that. and we have some very lovely conference rooms that are painted this very same color, courtesy of chairman upton, and we'll have you there. >> madam, if we can get out of the lawsuit world -- >> you know what. that would be great. thank you. >> we want that to be facilitated.
12:40 pm
we have too many lives at stake and the concerns of many families and americans. this is center, this is core. >> i agree. >> i know i'm out of time. mr. bilirakis is recognized for five minutes. >> thank you. i appreciate it so very much. i want to thank everyone on the panel for your technology leadership that helps us keep us safe, because that's where our top priority is here in the united states congress. at least it's mine and i know many others on the panel. we're here to try to find a balance between security and privacy and not continue to pit them against each other. i think you'll agree with that. mr. yoran, how quickly does one life cycle of encryption last in the secure system until vulnerabilities are found and exploited? will this continually be a game of cat and mouse? or are we at a level now where
12:41 pm
software and the processes are strong enough to make end-to-end encryption a stable system? >> systems are attacked and vulnerabilities are exploited almost instantaneously once computer systems, mobile devices are put on the internet. once crypto methods are published, there's an entire community that goes to work depending on the strength of the encryption, vulnerabilities made to be discovered immediately or decades down the road, in which case all of the information may have been at risk while the crypto system was in use. and frequently, the exposure and the exploitation of crypto systems isn't necessarily based on the strength of the algorithms themselves but on how they're implemented and how the systems are interconnected. i might not have the key to get information off of a particular device, but because i can break into the operating system because i have physical access to it, because i can read the chips, because i can do different things, i can still get information or i can get the key. it's a very complex system. it all has to work perfectly in order for the information to be protected. >> thank you. next question is for the entire panel. we've known for the past few
12:42 pm
years that any significant threat to our homeland will likely include a cyberattack. will you agree on that? >> can you elaborate on the role that encryption plays in this process of continuing national security, certainly the military has used forms of encryption for decades. but can we -- can you give us a contemporary snapshot of how encryption used by government or non-government ers protect us against cyberattacks today? we can start over here, please. >> i will answer the question, but i'm not at all the expert in this space. i think the other panelists are much more expert than i am in the notion of encryption and protecting our infrastructure. the one point i will say that i tried to emphasis in my opening statement is that we shouldn't forget about some of the changes that are happening in terms of the way that infrastructure can be accessed. i think we sometimes lose sight of the fact that phones themselves now are used as authentication devices. if you can break the encryption and get into the phone, that may be a very easy way to get into the power grid, to get into our transport systems, into our water systems. so it's not just a question of
12:43 pm
the firewalls or the access. it's what is the instrumentality that you use to get into those things that we have to be concerned about. >> i believe fundamentally that security is on the same side as privacy and our economic interest. it's fundamental in the national security community. it's also mandated by law to protect all sorts of other data in other infrastructures and systems such as financial services, health care records, so on and so forth, such that even folks who might not gain an advantage by having strong encryption available like admiral rogers, the director of the nsa, and james clapper, the director of national intelligence, are on the record saying that they believe it's not in the u.s.'s best interests to weaken encryption. >> anyone else wish to comment? >> i mean, encryption is used in protecting critical infrastructure the same way it's used in protecting other aspects of our society. it protects sensitive data when it's being transmitted and stored. including on mobile devices and over the internet and so on. i just want to add that critical
12:44 pm
infrastructure systems are largely based and built upon the same components that we're using in consumer and business devices as well. there aren't, you know, critical infrastructure systems essentially depend on mobile phones and operating systems that you and i are using in our day-to-day life. so when we weaken them, we also weaken the critical infrastructure systems. >> could i just add briefly that i actually thought mr. sewell's answer was pretty good. and what's critical about those systems that we rely on to protect our critical infrastructure is when we find flaws in them, we have to patch them quickly, we have to fix them quickly, as mr. yoran said, the systems are constantly being looked at. i'm concerned if we end up imposing requirements on our security infrastructure on our encryption tools, if we impose requirements, the process of identifying flaws, fixing them, putting out new versions rapidly, is going to be slowed down. to figure out whether those
12:45 pm
comply with whatever the surveillance requirements are. i think that's the wrong direction for us to go in. we want to make these tools as adaptive as possible. we want them to be fixed as quickly as possible. not be caught in a whole set of rules about what they have to do and not do to accommodate surveillance needs. >> thank you very much. thank you, mr. chairman for allowing me to participate. appreciate it, and i'll yield back. >> i thank you. i asked unanimous consent that the letter from cta be admitted to the record. >> i would ask unanimous consent, ms. eshoo has a letter we would like to have put on the record. >> i also ask unanimous consent the contents of the document binder be introduced to the record. without objection, they will be entered to the record with any redactions stamped. i want to thank all the witnesses and members that participated in today's hearing. i remind members, they have ten business days to submit questions to the record. thank you so much. we look forward to hearing from you more and we'll get you together.
12:46 pm
>> thank you. >> meeting adjourned.
12:47 pm
12:48 pm
later today on c-span 3, a senate rules committee confirmation hearing. on the nomination of karla hayden to be the librarian of congress. that's live starting at 2:15 p.m. eastern here on c-span 3. and tomorrow the senate finance committee holds an oversight hearing with the head of customs and border protection. that's live at 2:00 p.m. eastern on c-span 3. we proudly give 72 delegate votes to the next president of the united states --
12:49 pm
the supreme court on monday heard a case about the president's plan to halt deportations for some undocumented immigrants with children who are in the country legally. the supreme court releases audio of the oral argument on friday and you can hear it friday night on c-span at 8:00 p.m. eastern. the new america think tank recently released a report calling for federal student aid programs to be shut down and replaced with state-based student loans. the group recently hosted a discussion with college and university officials about the idea. >> thank you all so much for being here today. we really appreciate you taking time on this cold saturday to come and enjoy this debate with
12:50 pm
us. so this debate is actually not focuseden our paper that we released a few months ago starting from scratch. but the idea came about differe topics that formed our paper. so that is printed and in the lobby for anybody that's interested in having a nice, shiny copy. we also have copies of a new paper released today called strengthening the partnership that analyzes many of the other proposals about a new state and federal partnership that have been proposed by candidates, think tanks, associations, and actually compares them to the new america proposal. so that's also in the lobby. we hope both publications are thought provoking, and we hope that this today's debate is also thought provoking. so, the proposition of today's debate is any federal dollars for higher education should go directly to states or institutions rather than to student aid.
12:51 pm
so arguing for the proposition are f. king alexander, president of louisiana state university, and will doyle, associate professor for higher education at vanderbilt university. on this side. arguing against the proposition are sarah flanagan, vice president for government relations and policy development at the national association for independent colleges and universities. and andrew kelly, american enterprise institute resident scholar and director of the aei center on higher education reform. and our capable moderator today is danielle degilou douglas-gabrielle, for the "washington post." we should be able to see our proposition up on the screen pretty quick here. i want to explain the voting process that we're going to be doing. there we go. so you can see, the proposition is now up on the screen. we want to take the temperature of the audience before and after
12:52 pm
the debate to see how much our debaters have actually changed how people perceive this particular issue. so you can vote now by texting new america, all one word, to 22333. and then putting in a or b depending on whether you agree or disagree with the proposition. >> can we vote? >> i think the debaters cannot vote. so with that, i'm actually going to turn it over to danielle to continue on with the debate. thanks. >> thank you guys for joining us this morning. so we're going to start with some opening statements so that we can kind of firm up the proposition in favor and against. i'm going to start with dr dr. alexander. >> thank you. and i thank new america. i know a lot of you out here. this is about a serious discussion as we could ever have. we have been working on the hill
12:53 pm
to get the federal government to use any portion of its $170 billion altc or any of it to shore up what the states are doing, because states have figured it out. states are disinvested in their public universities and within the next seven years, louisiana has just surpassed colorado being the first state to be out of the public higher education affordability business. our legislators have told me, they have told me that i can get reelected, this was in another state, i can get re-elected by not raising taxes. i'll give you tuition authority to raise it on your own and you go to the federal government and get the rest of the student aid. we'll get it through loan money or however you can get it. in 1965 and 1972, the great debate went on and it was about institutional aid versus direct student aid. let the market decide instead of incentivizing institutions to enroll the needa population. we took the market route and
12:54 pm
went to direct student aid. the assumption was made that states would always take care of the public universities. states have vanished from taking care of their public universities. now we have a tuition and fee based system that has allowed a whole new sector to emerge because it's so lucrative. the for-profit sector, which enrolled 11% of the students, gets 30% of pell grants, and has 47% of all student loan defaults. now, would you want your k-12 system to have the same structure where we let for-profit universities educate middle schoolers, elementary schoolers and high schoolers? right now, we had no idea the federal government would become the main supplier of revenue to higher education. the objective in 1972 was to save private higher education. and the university of chicago said with public funds, we'll be more like the university of illinois and we will increase our lower income access and we will keep our costs controlled
12:55 pm
better. none of that has happened. the university of chicago is just as university of chicago as it was then. the only difference is the university of illinois for survival purposes is trying to become the university of chicago. low-income access has only been increased in the lowest cost institutions in this country. the entire ivy league combined, the richest institutions on this earth, with federal direct student aid, more and more of it, the wealthiest institutions on this earth have less pelgrant students that lsu. have less substantial pell grant students that i had at long beach when we had 15,000, the ivy league combined had 9800. has this 140 to 170 billion worked? well, our 55 to 64-year-old population in this country ranks number one in the world in college degrees. our 25 to 34-year-old population ranks 13th in college degrees
12:56 pm
and it's dropping. it's time to do something different. it's time to incentivize our states to do the right thing. when our medical center chancellor told our legislators in a special session a couple weeks ago that for every dollar they cut from him in medical education, he'll lose three federal dollars, that changed the entire dialogue of our legislature. in louisiana, we actually raised taxes to make sure that we didn't lose the federal money. now, it's time. we know it works. ffsig was a federal matching program to encourage states to do the right thing. the stimulus packages, the reason it worked for education was, we put a maintenance of effort provision from the federal government that said you can't collect educational resources if you cut your budgets below the 2006 funding level. they did it, we do it in the eca, it's time that we use new federal dollars, any new federal
12:57 pm
dollars to encourage and incentivize states to get back in the public college affordability game. otherwise, we won't have public colleges and universities. starting in the next eight years, when states drop off the map. >> great. thank you. in 2013, the new america policy program made an impassioned case for the pelgrant program. they wrote it's the cornerstone of student aid. it keeps low income students from attending college. over the years, as college prices have soared, the system has become less and less effect. now it's in dramatic need of restructuring. we should stop handing out vouchers and instead give the money directly to states and institutions. on the contrary, they argued for increasing the maximum grant, making the program a permanent entitlement, and providing bonuses. let me say that i agree with 2013 new america. and believe the shift in the
12:58 pm
fwr federal laws would not be an improvement. i see four arguments for giving these. the first, providing vouchers to students on the base of their income allows us to target scarce public duelers to those who need it most. those who would benefit fraught college but would not otherwise being able to afford it. this is the real reason the federal government got involved in the business in the first place. in contrast, state direct funding of public colleges is often quite regressive. for one thing, subsidized and state tuition benefits upper and middle class families who could pay more to attend than they do. what's more, state funding formulas short change the colleges that enroll the most low income students. they estimate the public research snufuniversities recei nearly $7,400 in 2012. just up the road in maryland, the formula provides community colleges with 25% of the per student appropriations for four-year colleges.
12:59 pm
that's in the law. students who are more likely to attend a four-year college are the big winners. states have their own reasons to fund their colleges this way and they have every right to, but let's not pretend it aligns with the fed's concern, targeting low income students. the second point. need based grants choose the option where they're most likely to succeed, be it private, p publ public, in state, or out of state. it lowers tuition at only a substet of institutions, but are institutions always the bet fit for student? this might be a costly tradeoff. a recent analysis found that 28 states and the district of columbia have no public colleges with four-year graduation rates over 50%. in one study, josh goodman of the kennedy school and teachers college of columbia found the adams scholarship in massachusetts, which students can only use at public state colleges, actually led
1:00 pm
scholarship resepiants to gr graduate at lower rates than peers without the scholarship? why? because it was only good at a substet of schools and they happened to have lower graduation rates than the schools their peers went to, even though they paid more, they were more likely to graduate. third, giving students aid and letting them change from a range of options has helped innovation and a diverse array of offerings. we have laid out competency based operations and other things. where did most of those innovations emerge? many, not all, came from the outside sector. a voucher system with reasonable state and federal performance standards places the power to decide which innovations are worthwhile in the hands of the market, not bureaucrats in washington or state capitals. fourth and last, i believe portable aid is critical to accountability. not detrimental to it. to be clear, i agree with my
1:01 pm
colleague. policymakers should demand much more of colleges in terms of performance and affordability. this is an area where we may disagree. advocates of institutional aid believe that by giving the money directly to colleges states and schools instead of students, the feds will have better abiment to hold universities to standards than they are today. the truth is policymakers could demand stricter accountability under the current system and they have chosen not to. it's not clear why direct funding would change that. the problem is leaving that in the hands of a few regulators have led to a scenario where colleges are hardly ever held accountive. they found 1% of colleges lost their accreditation, and only 11 colleges have lost accountability. regulators answer to many masters, members of congress, interest groups and institutions they approve. in contrast, a voucher driven market -- a voucher driven
1:02 pm
system rises on the decisions on individuals. advocates of direct aid are right to say that this market does not work nearly as well as it should. students need better information. and regulatory policies should have better outcomes, but these are not possible without sacrificing what an aid system sacrifices on students and not institutions brings to the table. >> will. >> thank you for having me. i thought what i would do is provide more context and background to president alexander's remarks. our essential argument is the assumption that underlie our national systems for making college affordability no longer hold. what were those assumptions originally? first, they would provide need-based financial aid directly to students, and they weren't the only stakeholders. next, the institutions and the states, public institutions and states, working together, would keep tuition low.
1:03 pm
and the state government would do that by provided appropriations. institutions would do that by using those appropriations efficiently. state-based financial aid would be mostly need based and be there primary for choice. and then, for institutions, their commitment was, if they were charging prices that were well above what the financial aid system covered, they had an obligation to make sure any student who was admitted could enroll. need lines financial aid essential. what happened over time to each of those? our argument is that besides the federal government, the other stakeholders have drifted away from their commitment. if you think of the states and institutions, public institutions, the states have, are spending much less than in the past. for instance, public tuition between 2000 and 2015 increased by 80%. if you look at the state financial aid, if you take a low-income student attending a public institution and compare the amount of aid they got from the state financial aid program, that didn't change in inflation
1:04 pm
adjusted dollars between 1996 and 2012. same amount of money for that student. if you look at a high-income student attending a public institution, the amount of financial aid they got, they increased by 450% during the same time period. the state drifted towards funding more high-income students. if you look at institutional aid, a lot of work on this, as new america, what's happened in terms of the institutions commitment, funding students, look at private institutions. private institutions have increased both tuition and financial aid substantially between 1996 and 2012. an impressive 150% increase for low income students at these institutions. they give credit for that, but it doesn't compare to the 260% increase that high-income students saw in the same institutions in the same time period. if you're a family making over $125,000, the amount of financial aid you got increased 230%. that's a massive increase. you can see the states and
1:05 pm
institutions drifting away from their commitment. so the solution, it seems to me, is to give states and institutions every incentive to go back to their original commitment. kind of asking them to do so or kind of pointing out that they're not doing so does not seem to be effective. we need to find a way to use additional federal funding to give states every incentive to do so. the way to do that effectively is to make sure that as federal funding, some of it can go to the states, and the states have to both change how much they're spending and how institutions are behaving if the states are going to continue to benefit from federal funding. those are the main points i wanted to make. >> thank you. i'm going to take a little different approach. i'm going to ask you to assume that some form of what's in the atmosphere right now of giving more federal aid to public institutions via the states actually comes to pass. so let's look ten to 20 years from now, and let's look at the
1:06 pm
higher ed landscape and make basic assumptions about what it might look like. i think you would see disparity among states. because some states will buy into this. and some states won't. and we have seen that certainly recently with the recent medicaid debate. we will see a variety among institutions. we will have less access, private nonprofits, less access for out of state public. the affordability on those will primarily be tweeg upper income and for wealthy institutions, whether they be public wealthy institutions or private wealthy institutions, because they'll be funding their own student aid. so those institutions that are wealthy are also selective. so we will have low-income students who are very bright, may be able to have the same options they had before. this landscape is rather
1:07 pm
familiar. it looks like american higher education circa 1964. this is exactly what the federal government came in to address in 1965 when they set up the higher ed act, in 1962 when they filled out the current framework. so what has -- where are the holes in that framework? i agree, i'm glad that both will and dr. alexander mentioned the path, mentioned the original structure, because much of the original structure is no longer functioning. the pell grant program was not supposed to be the only program. no one wants to talk about ssig anymore. i'm glad that dr. alexander did. the whole concept of the federal government was, they said we're going to start with low-income students, but we're also going to incentivize the states to also step in for low-income students. we set up the ssig program.
1:08 pm
federal government completely defunded that about eight years ago, as soon as they started defunding it, four states stepped out of need-based states. dr. alexander has said in his testimony before congress, if you give me $200 increase on a pell grant and louisiana makes me raise tuition $1200, my low-income students have lost $1,000. the same principle applies with ssig. if you make the pell grant go up $200 and the state takes away a $1,200 aid, low-income students lose. you saw this with the stimulus bill. what happened with the stimulus bill? it worked well for public institutions but not for low-income students. a study showed low income students, whether they were at public colleges or private colleges, lost in that scenario. now, we could fix that. we could fix that scenario. we could simply put the moe that worked so well for public
1:09 pm
colleges into a new ssig with a lot of money. we could add to an moe on need-based aid and congress was very intentional on not protecting need-based aid. and then we can look at institutions. i'm going to surprise you. we are not against adding whatever the accountability dejure mejs are on institutions. perhaps into a reinvigorated, well funded campus based aid formula. there's no question that they serve a large number of pell grant students are not getting enough. let's put real money into it. the house did this in a proposal in 2009 on the perkins loan program. price, even, and that formula could be worked. so my main argument today is that the federal government in '72 recognized that institutions are institutions.
1:10 pm
they have mixed obligations. they have to also survive as an institution. they have to balance books. states have mixed obligations. they want to educate their citizenry and they want to keep the best and brightest at home because they're competing with the other 49 states. so the federal government in many ways has the purest thing. they want to get low-income students that are capable. let's not throw out the current system. let's work on it together. let's work towards 2064 instead of 1964. >> thank you, guys. gentlemen, we'll start with your team. dr. alexander, if we were to funnel additional aid directly to the states and have them make the decisions as to how to disperse that, how would you protect colleges from being subjected to the whims of state legislatures? >> well, one thing that's been constant and i have been a president in kentucky and california and now in louisiana,
1:11 pm
and worked in illinois and wisconsin. in virtually every state, our state legislators have told me, i said i told them, why do you take the medicaid money? because we don't want to leave any federal dollars on the table. and that is the biggest influence that i can see with legislators. some with political aspirations have not done that because they have said, i've got a future political aspirations. but within a couple years, they go after that money, and i can tell you that louisiana did not take the medicaid money until the new governor got in. it was the first act he did. that we have been leaving millions and millions of federal dollars on the table. states highway funds, why do they invest in highways before they invest in higher education? why do they inved in medicaid before higher education? why did the land grant universities get created? because the federal government gave them lands that they could
1:12 pm
sell under the partnership that states had to do the following things, which would create the greatest public university system in the world. which resulted from that. so legislatures, state legislatures, one of their top motivations and incentives is whether or not they're going to leave federal money on the table. and i'll point out one other thing about the '72 act. in 1972, when pell grant was passed, there was also a consensus that following the pell grant student, the cost of education allowances were passed by congress, what was supposed to happen was $2500 would follow those students to those institutions, to the institutions. to provide the programming for the low-income students. cost of education allowances were passed at the same time pell grants were. they have ever, ever been funded a penny. so institutional aid was recognized. institutional programming was needed. but it was never funded by the federal government.
1:13 pm
>> would you like to respond? >> the only thing i would add is we do need to learn the lessons of the affordable care act, but it's important not to learn too much. they just passed -- the accountability provisions in there are still actually pretty intense. there's a lot of things that states and schools are supposed to do, and there doesn't tend to be a lot of provisions. a lot are saying this is not going to happen because the feds are asking too much. you look at a lot of different types of policies from a federal government using power to leverage state behavior, it works. >> i just want to point out a couple things quickly on these points. one, i think that the medicaid and higher examples are particularly instructive, vis-a-vie higher education, not state student aid, not need-based state student aid, but the state direct appropriations to stools. medicaid is a need-based
1:14 pm
program. in state tuition, not means tested. so the federal government has an incentive to insure that states spend more on a need-based program because it's further targeting -- it's targeting more dollars to low income people. highways, and king would probably disagree with this a bit. highway are pure public goods. people need them to get around, right? higher education doesn't serve everybody in the state the way a highway does. it doesn't serve large swaths of the low-income population. these arguments about partnerships are not great analogies because higher education is not the same kind of service. >> i think the original question you asked is so important. because i represent private nonprofit colleges, and obviously, there is concern about what a proposal for pre-public to higher ed or whatever version you look at
1:15 pm
would do for those institutions. i often say i would be even more afraid if i was a public college because the most of the proposals that are out there do not come free for public colleges. they come with incredible controls. that i think will take away the creativity and the ability of the public colleges to pivot. we have a very competitive marketplace out there. private -- most competition is regional privates competing with regional publics, and national publics compete with national privates. that's where students are choosing among and between. and there are a lot of accountability measures that people expect and even more that i think state legislators would add or feds would add that i don't think would lead to a higher quality public education or lead to the ability of higher ed to get revenue streams they'll still need to fill in.
1:16 pm
>> kind of staying with this theme, if you are for preserving the current system, student aid, how would you address state disinvestment and increasing prices? how do we tackle that? >> sure. i think the increase in prices is very complex because it's a whole section of the economy. so let me take on something simpler, though, on the disinvestment. i would go back to this ssig program, this ssig concept. and i think we should consider, what would a maintenance effort look like if we had a lot of money out there for the states to partner with the federal government on pell grants? you did have an effort that included state aid to institutions, to public institutions, to private institutions, to whatever the revenue, that part of, the institutional aid part, did work in the stimulus bill. what didn't work was the money for low-income and net price for low-income students. that's where i would begin.
1:17 pm
>> i agree with this. this is an area of common ground. i know president alexander has written about ssig and testified about it, as a working federal partnership. and this is an area where i think we could agree that a federal effort to incentivize states to invest more in need-based aid, given to students, could be a workable arrangement, and again, it allows for targeting to the students that we want to help the most from the federal perspective. but to point out that that's a very different model than giving money to states and states divvy up to give to institutions to lower tuition prices for everyone in the state. >> would you like to respond? >> i think it's wonderful. listening to talk about maintenance efforts, i think that's amazing because in '05,' 06, '07, you were completely against it. they did everything they could
1:18 pm
to stop it. i think it's wonderful you have come this far to realize how important this is, encouraging states. that's exactly what we had to fight. i love in accountability. we're not afraid of more accountability. i need a two thirds vote from my legislature to increase a fee. i'm not worried about federal accountability. i need more federal accountability. more federal regulation to stop corightian colleges from stealing public money and state student aid grants. in california, our state need-based program, the university of the university of america, a kid that goes there gets $13,000. a kid that went to cal state long beach or san diego state got $5,500. think about how your voucher system works in your own state. these aren't pure need-based programs. ohio is a need-based program that only goes to private universities. we're getting them to private institutions, to anybody without the regulations necessary. i need more help from the federal government on accountability. to encourage the money to go to the right places who remain
1:19 pm
affordable, who remain committed to low income students. that would include the truainit universities in washington, who are short changed because they can't continually raise their tuition. the colleges of kentucky who agree with me. they are nothing but low-income kids and they can't charge anything, but they don't get help. we're very much in line with this maintenance of effort provision. we need more federal help to tie $170 billion in federal assistance to state behavior. not just $350 million, which is the only part tied to state behavior. >> will. >> i'll just start off by saying i agree that expanding the state student incentive grant program, something like that, a federal state matching program is a great place to start, but we can't just keep on trying to figure out how to cover these price increases. that's kind of the spiraling that we have been trying to cover through all different types of federal aid and
1:20 pm
whatever is left over goes to debt. we have been trying everything to feed it, how do we cover the price increases. we just can't keep having policies do that. so a state student incentive grant program, great, as long as there's a change in institutional behavior. as long as the institutions are strongly encouraged and incentivized to use their own funds to take care of students, as they're rel toative to what families can pay. it shouldn't increase more than median family income has increases in the year. between the states and institutions, you have to figure out, without the tuition, how are you going to make it work? it it's some combination of increasing funding efficiency. but we can't figure out a way to cover those every time. >> affordability and completion very much tied to each other. i'm going to pose to same question to each side. how will you use state directed
1:21 pm
aid to increase completion rates and the quality of higher education? >> it's not one thing. it's about 100 things. it's campus culture. i have been at two campuses, and we're working on the third one right now, where our graduation rate was 20 points above our predicted graduation rate. cal state long beach, we had 50% pell eligible students. over 1,000 undocumented students that would tell us they're undocumented that we're educated. we got our graduationerate up from 42%. we testified two days ago to our state ledgislature and said do one of two things. reward performance in institutions that are doing what they're supposed to do, or number two, let us go. set us free. let us run. we know our markets. we're not allowed to do either. what happens, we end up public higher education, serving 80% of the students in this country. the scale of this nation, and
1:22 pm
all populations, all the institutions that are being put out of business in the current model. >> so the first place to start, always remember you can't complete unless you get in. that of course, we need to worry about that, and i think there's huge issues with college, but we have done research. if you change the price of higher education by $1,000, you're going to get about 3% more students enrolling. we know that. i'm a researcher, and that's one of the things we know best. i wish we had a lot of other findings like that. we can say that with a great degree of certainty. what do we know about making sure students complete? we don't know nearly as much. if you try to provide incentives or try to restructure it to get students structured the right way, i'm very skeptical of those efforts. research based isn't nearly as clear on those.
1:23 pm
so it seems funny to me that sometimes we're hesitant to yauz what works. we know this works. we have to get them in and how the campus works on improving it. exciting research and developmental education and restructuring the first couple years of college. but start with what works. we know that getting more financial aid means you can go, then from there, we need to do more to figure out how they can complete. >> any response? >> i would say two things. one, building on will's point about what we know about financial aid. i do agree. i did a book on how the evidence based is not nearly as thick as it needs to be. i will refer to a paper, the future of children, which asks what do we know from research on financial aid. one of the lessons they pull out is incentive based grants with academic benchmarks where students are encouraged to meet academic benchmarks to get more funding, they seem to have positive effects.
1:24 pm
the studies, there are not as many as we would like. for instance, one is that in west virginia, promise scholarship. students had to meet particular benchmarks and she found that it increased on-time completion rates by scholarship recipients by seven percentage points. and that it was the incentive because as soon as the student reached the fourth year at which point the standards didn't matter, the effects went away. i do think one other thing, the second point is just that we have this problem, i think, in institutional improvement, and i'm guessing dr. alexander would agree and will as well, that we're focused on the cost, the cost of doing things to help get more students succeeding and not focused on the cost effectiveness of implementing things to help students succeed. to me, i would much rather see state legislators and federal legislators be discuss cost effectiveness. by that, i mean it may cost more
1:25 pm
up front, but far more students are successful, the cost per outcome goes down. the productivity increases. to think about how can you think about building that kind of idea into your performance-based funding as opposed to just doing it on the basis of your outcome and trying to minimize the cost up front. i do think that's a conversation we need to have. >> exactly. very much supportive of that. >> first of all, i don't want to miss the opportunity to have a kumbaya moment because back to moe, the public on including need based aid, that was part of the background battle. that's why i say it was intentional. if we can protect need-based aid and all state founding, we migh be able to work something out. on the completion question, i agree with will. it's very, very complex. i agree with dr. alexander. it depends different institutions are going to have different cultures. but different students are going
1:26 pm
to have different issues, too. for some, it might be lack of money. for some it might be lack of academic preparation. we have the great alarm clock example, which i don't know if everyone is familiar with. for some students, it's making sure there's an alarm clock and somebody is tracking them to get out of bed and into class. that can make a huge difference. so there's multiple solutions. we're learning a lot about this since we had a federal focus on completion, which i think has been really positive. whatever we do, i think the biggest mistake that we have had in the policy debate that's gotten more and more dramatic over the last ten years is that we have talked too much about penalties and not enough about incentives. when you put out penalties, you instantly start to run into debates about states' rights and institutional autonomy, and you're never going to find a positive solution. i think that we need more conversations on this like this,
1:27 pm
potential on how we could move forward. they have had a long standing proposal out there on -- that we see as part of a completion agenda. we called it loan flex and pell flex. the idea is we have some sort of a federal thing. we'll give you $35,000 in pell grants to get through. if you get through faster, good for you. you're going to get your money sooner. so there's a financial incentive and a pathway to help people stay in and take as many classes as they're capable of to get through as soon as they can. >> i get the sense that there are aspects of the current system that both of you would say are flawed and you have already discussed a couple of them. in addition to things like improving campus based aid, what else would you do in order to correct some of the design flaws within the current student aid system? >> i would begin by saying ymg
1:28 pm
not sure they're a design flaw. i think society continues to evolve and change. we have to always update things. we learn lessons as we go. people are going to learn more about completion as more and more schools have focused on it. i think we should have, if we want degree attainment to be a goal, we ought to set up, as i said, a certain amount of money, if it's $35,000 pell to get through, we have to put hard targets there so people won't squirrel money. i bring back in the partnership, as i mentioned before. we need to bring states and institution institutions through incentives into a positive national conversation, which i think we all do our part, but it's scattered. i think incentives on students, incentives for institutions, for states, there are certainly pieces of the federal formula,
1:29 pm
especially in the analysis that constantly need to be tweaked and updated. we could do some of the issues on the table. >> i would -- this is where i think again there's common ground. i agree with dr. alexander, to suggest that we need to hold colleges to higher standards. and i think we need to hold all of them to higher stands and make sure that they have incentives to keep their tuition low and continue to help low-income students. if i were entirely in favor of preserving the current system, quote/unquote, which is how this was pitched, i wouldn't have much to do all day. right? but as anybody who has read my work knows, that is not my position. sarah and i probably disagree on this, especially on the punishment side. frankly, i think we have to punish some schools that are not doing the right thing, and some of them need to go out of business. we have written about the notion of setting a stricter performance floor, getting rid of default rates, setting a
1:30 pm
stricter performance floor on retainment rates and putting schools on the hook for some of the percentage of loans their students don't repay. that's something we could discuss after the fact. which i'm sure we'll have fun with. but we have on a panel similar to this where we were sitting on opposite sides. i think these are the ways -- we have to get the incentives right and let institutions think about how best they can reach those standards. >> i worked for seven years on the college record card, score card, to get good information in parents and students hands. when i talk to them, they want to know what our graduates are doing, not just how many we turned away, which is u.s. news and world report. and how well are they do midcareer, how well are they doing when they graduate? are they getting jobs, are they indebt or not in debt? we had to fight since 2006 to get that, but the privates
1:31 pm
fought us to put student indebtedness, to record it, and i can tell you that's one of the critical elements and issues that parents raise when they talk to me. what are the students doing? we fought to get the college score card to put more information in the marketplace. the one reason the higher ed market foucher system doesn't work is because there's no information for parents and students. we are given the same glossy brochures. we don't share with them what's happening at the end of the day. we know more about the cars we buy because of a blue book than we do about the colleges and universities that we invest for a lifetime in. and so we are very much in favor of more accountability and showing parents value for the dollar that they're investing. but we certainly would like the private sector in higher ed in washington, not to fight us every step of the way to make this information available to students. this is vital, useful, and
1:32 pm
absolutely essential information for them to make the most important decision in their lives. so accountability, we're not afraid of accountability. we fought to have more and more accou accountability. that's one reason why curightian college went out of business, because they persuaded people to go to their institution and they ended up with nothing afterwards. that's why many of the same institutions are milking our veterans blind. they say i have used up my g.i. bill benefits at a variety of these institutions that are getting public vouchers and g.i. bill vouchers for worthless pieces of paper. then they're asking for us to come up with scholarship help because they had their g.i. benefits milked from them. this voucher system is far out of control. we want more accountability in it. we're not against student aid, but we have to have institutional aid. a voucher to nowhere doesn't get you anything. a scholarship to nowhere won't get you anything.
1:33 pm
so we're not against student aid, but we need to rebalance what we're doing to provide the institutions who serve these students. >> will. >> one reasonable point to make. there was an argument for kind of direct funding of students. it says, well, if the institution, one institution isn't doing what they should and don't have the right kind of characteristics for that individual, they can always take the voucher and go elsewhere. but it's not much of a market for a lot of students. the medium distance, 50% of students travel less than 14 miles to campus. 80% travel less than 100 to campus. there's just not many campuses close to that many people. most students just don't have that many choices. the idea that a student-based funding system is going to sort itself out in the market isn't born out by the way most students attend college. there has to be something in there that forces the institutions that are available to students in a local area to be better, to push on them to use their own funding better,
1:34 pm
and to insure that they can -- that the students who need that higher education can enroll at the institutions that they have access to. >> the idea of accountability keeps on coming up in this discussion. that was one of the key focuses of some of the presidential proposals around college affordability in this campaign season. are there any -- what if any other aspects of the proposals that have been floated thus far would be beneficial to your position of how college aid should be disbursed or to your position. i'll let you go first. >> sure. well, we have -- i mean, i think that if you kind of dig into hillary clinton's proposal a little bit below the hines, she's looking a lot at debt, and i think that's a very, very valid question to look at. she does not exclude the private nonprofits from her proposal,
1:35 pm
although she's not very clear on where they fit in. so i think the conversation we're having a very rich conversation about debt anyway. some of it is over inflated. some of it with the cost of loans is very, very valid to have. so i think questions around that are good to continue. how should we be having students repay, how long should students be repaying? those are good questions. >> it strikes me that most of the plans of the remaining contenders, at the very least -- >> there was another plan in my private time i hope to work on. it's out there in the either spare. look it up. >> i think the remaining plans are focused on the debt question. they're at the forefront of family's minds, middle-class family minds especially, but my concern is that they wave their hands mostly at issues of
1:36 pm
quality and completion and value. and i think you see that in both the sanders and clinton plans. there's an assumption, i think, that solving that mechanically lower tuition is going to mechanically raise completion rates. and to your point, i don't know that we have any evidence that that's true. or compelling evidence that that's necessarily true, i should say. so i would like to see a lot more on how to actually think about improving the quality of higher education and insuring that federal investment that we're getting a return on federal investment because students are completing credentials in labor market value. i don't think we have seen enough of it. hillary clinton's plan has pretty much everything in it. she does say a few things on that, but bernie sanders, to my recollection, does not have a whole lot. that's a missing part of the conversation. >> the present plan has, has our
1:37 pm
federal partnership as a third leg, to incentivize or to hold states accountable. if you remember the beginning of president obama's administration, when he gave the state of the union address, he said we're going to hold colleges and universities account abili accountable, and we're going to hold states accountable. what hasn't happened is the state part of it. that is part of senator clinton's plan. is the state federal partnership, which we have had an opportunity to work with them on. the interesting part about the accountability issue is marco rubio said something very interesting. he said when he was running that our accrediting bodies are like a cartel. we're the only country in the world that allow s private accrediting bodies to deck taoc where $140 billion in student
1:38 pm
aid goes. and you can't think of an institution that has not been -- that hasn't been reaccredited or accredited. everybody gets accredited. everybody has access to public money. that's why we can't control it. we tried to address this free issue in the early '90s when bill clinton and secretary longen acker had an opportunity to tackle it. we killed it. now we have a problem that's so out of control that we need greater accountability and the accredited bodies have fallen flat on their face on this issue. when fast track universities in ft. lauderdale, fast track gets millions and millions in pell grants, and they hired exotic dancers as their recruiters and admissions officers, then we have an accountability problem. that's how the system works. that's why we need a new system. >> so looking at the clinton and sanders plans, i think they both
1:39 pm
recognize the same issue that really concerns me, is that they have to start using their leverage with the states to insure there's going to be changes in how the states are funding, and how the institutions are behaving. one thing i can pick out as a reservation about either of them, with the sanders plan, there's this provision about how the institutions have to spend their money, a certain amount on a certain type of faculty and so on. again, i think that's where you get this kind of, i would agree, the overreach and kind of the exactly how these institutions are going to accomplish what we set out. i think it's better to set out goals and let the institutions figure out a way to get there because specifying specific business models for institutions is i think too far in terms of setting up these plans. the interesting thing with the clinton plan, and this is something that came up at the new america as well, is how much of an out would you allow
1:40 pm
states? you allow states to refuse to participate and then they'll still fund plans? the clinton plan includes that, which makes it clear that a lot of states might not do that, su assuming that the government will pick up the slack. new america said you get this money, you have to participate in the way we structure this. there's risks with either and tradeoffs with either. i think that's one of the key things i would point to. >> i just wanted -- one of the things i don't think anyone mentioned, and i should have, i'm remiss in not, is free. is making free the big political idea. right? free colleges. a big idea. and it wouldn't surprise anybody in the room that i disagree with that. fundamentally, i think that's a silly goal and not a goal that's going to lead us to an efficient system where people who can pay pay what they're able to pay. the clinton plan is much better on this, obviously. but you know, this notion that we're somehow now going to be locked into this debate about
1:41 pm
whether it should be free for everyone, a universal free college for everyone or not, over the next decade at least, now is a litmus test for particular democrats, i think, is a shame because we have to have a much more productive debate about who pays what share, what's reasonable. and so that's, i think, where politics have made it harder in some sense to have this policy debate we need to have. >> one final question and then we'll kick it off to the audience. if we were to go to a system where additional aid would be directed to the states, how would private institutions work in this? certainly, there are very well heeled private institutions that aren't of as much of a concern, but you think of other minority serving snuszs that are private, have a huge pell population and are trying to serve the population. how do we think about them in this overall kind of model?
1:42 pm
>> so this is one of the reasons why i didn't favor sending money to the states, allowing states flexibility, because the privates play a really different role in the provision of higher education depending on what state you are in. in some, there has to be a state role in funding and accountability for the institutions because they educate so many students, if you think of new york or massachusetts, states like that. in other states, it's a pretty small part of the sector. the institutions are relatively well funded. they may not need as much assistance and need as much relationship with the state. allowing that flexibility at the state level seems really important to me. >> states also have the states programs, and privates do benefit disproportionately from those. keep in mind that a private institution has about twex% of students but they get about 46% of all student aid because a lot of it is price sensitive. if funds went into those programs, they would benefit from this type of discussion.
1:43 pm
more importantly, though, yesterday in the national academy of science, we released recommendations from the lincoln project. the lincoln project is about saving our public land grant universities. and many hbcus are a part of that. i will point out, in louisiana and illinois, we have seen chicago state. we have the southern and grambling in the same situation. we need to focus on salvaging and saving our public higher education institutions now. our first student expenditures add the land grant universities have grown in the last 20 years from $21,000 to $29,000 per student. that seems good, but our private peers have grown from $31,000 to $60,000 per student. that means faculty salary disparities were becoming and have become many of us the training grounds for many private universities in this country. because of first student
1:44 pm
expenditures and facally salaries. we all know this. that was part of the initiative and part of the purpose of the lincoln project. so we really need to focus, the states are bowing out. public universities are getting left, and colleges are getting left with no resources, talking about financial exjencie in louisiana and illinois under the current situations and you'll see this more and more so in the coming years. i would say we need to ince incentivize our states to make the right decisions like we have in medicaid where the money will be rewarded to the states for putting them in institutions of which are the biggest losers today compared to where we were 20 and 30 years ago. >> response? >> yeah. i think the good question, of course, i'm interested in the role of the private nonprofits. we have to remember that in seven states and the district of columbia, there are more pell students, not just by percentage
1:45 pm
but more pell students in the private sector. more states with a higher percentage of instate students are pell at private colleges. we have seven other states and the district of columbia where there are more total enrollment. and there's many, many private colleges have very efficient degree production for state taxpayers, for the small investment that the states might make. 3% of the state funding 30% of the degrees. 2%, 20% of the degrees. i have those states listed. so we need both sectors to be part of the solution. i think all of the sectors benefit from each other. it makes for a richer higher ed thing. i also want to do mention and take up one other point. they really pioneered the concept of some thought of a
1:46 pm
federal consumer piece. easy to access federal consumer piece that would sort of counter this u.s. news and world report problem we have it's called you can. it's been out for ten years. they borrowed our first two pages. we gave it to them, we said let's try to create a universal system. our problem with the president's scorecard is awhether there was going to be a letter grade, a, b, c, or d. we said it was impossible. they agreed. we think the scorecard needs more improvement, but it's a good start. >> so we're going to open this up to audience questions. keep in mind to keep your questions to 30 seconds. anyone who would like to ask our panel a question? >> some of you have heard of the
1:47 pm
bennett hypothesis that raising direct student aid essentially allows colleges to raise their tuition because they're assured that the federal government will take over part of the cost increase. and recent work by the new york fed has sort of found a confirmation on this, that when you raise the pell grants by a dollar, you see an increase in tuition by about 50 cents. i was just wondering for those who are in support of funding colleges through direct student aid, if you could address how we could design student aid so as to avoid this issue. >> i actually participated -- i participated in that because it is -- i don't know why bennett gets credit for it because it's about institutions making decisions, how they're making decisions. the gao supported that, too, through federal loans. there are institutions, for private institutions as well as
1:48 pm
many other institutions who have particularly used the loan programs, the more they could get before the cap fell off, the more they could charge. there's an institution in this town that used to brag about this, gw. i won't mention them. but used to brag about charging the most amount and leading the country enwhat you charge and get more applications. and they are one of the leaders in trying to blow the loan caps off to get their students more loan money. there is a relationship, a correlation. in the public sector, it's not. unless we have our own tuition and fee autonomy. we don't. most of us, it's either controlled, the governor says freeze it for two years. well, we didn't play a role in it. we need a state legislature that needs a two thirds vote to raise the fee dollar. the public sector, we have controls on us that don't allow us to roll into that hypothesis, but there are many institutions that have taken advantage of that, and many that have not.
1:49 pm
so it's a mixed bag of who's using it, who has for profit institutions that say exactly how they set their tuition and fee policy. we need better controls. we have to have better controls. >> so i'll jump in. it's a great question. i do think that we're seeing more evidence and more convincing evidence from more rigorous work that the bennett hypothesis is a real thing. it makes sense. i think we have now gotten studies that line up with that, particularly the one you cited. my sense, though, from that literature is that the effect of the pell grant and need-based aid are not as conclusive and not as large as the effects for student loans. and in some cases for tax credits. dollar for dollar substitution. so i do think it's worth asking. you know, i have written about the need to get, to reign rein
1:50 pm
programs that allow unlimited borrowing up to the cost of attendance. that sends one signal to colleges about what they can do, which is raise their prices. i about which programs are likely to happen. which aren't. it's not to say there is not a chip, but some papers show that they have a paper out of maryland that actually substitutes money away from students and towards other students. there is some gamesmanship and they are right that they have an effect on other colleges in that regard. your question is a good one. what we need to do is think about what parts are likely to cause this effect most dramatically and reign the
1:51 pm
pieces in while maintaining a commitment to need-based student aid. >> this has been looked at under the clinton and obama and bush administrations and congressional instructions and all three said they could not find a correlation. those advocates that had a draft that study, it was somewhat flawed use that as proof. it is to be problematic. i think the way that traditional colleges set tuition is that they are looking at the whole sector of the economy. the student aid money with so many factors.
1:52 pm
and i'm a college. i'm looking at something that walks in with an absolute poverty student. looks more like a family making 60 or $70,000. i don't care if they are taking it from a checkbook or uncle sam. how do i fill in that differential between what it costs to educate that. many institutions got it.
1:53 pm
seems like it's real. they have to admit they have been doing it that way and that's good evidence. i would say that i think to me it's no coincidence. the studies that i found a positive effect, i read that carefully and they are well-designed. it's hard to ignore that the middle income in 1978, that's when the tuition up tick started. we have to ask the question what's going on there. it's worth asking. it is focused and need-based and has grown into the frankenstein with the distribution. the tax credits and loans for parents and it's worth asking what that has done to the incentives for institutions and for states. part of the problem i see is that we don't have a lot of
1:54 pm
proposals that propose to layer that in. that's likely to lead us down the path further. >> before we take our second question, a quick update on the poll. 42% of you who agree that extra federal dollars in higher education should participate, but we have 58%. next question. it's not accurate to say there is no orilation. it's accurate, but not causal. there is an increase in 88 and prices. several here they are all things
1:55 pm
like that and we have three quick questions. what is the topic of this session? is it additional money or substituting for the vote to replace. two, i forgot what the question is. that's one. second is states have it within their power to do these things now. why are they not doing it? >> it is additional 8 aid. who would like to take that
1:56 pm
part? >> we didn't have two sides. >> they don't have to raise taxes. they get reelected. that has been told to me by a speaker of the state senate. >> when they were approved in 1965, the esea that was just reauthorized, it's an institutional program that have low income schools and low income students which would be wonderful.
1:57 pm
they pulled their money out of the four schools. that was put in 62 years later. they had to sue the states to not take their money out. the same thing is happening here. states have incentives to get out of the funding and force it on to the backs of policies at the federal level. that's what they are doing nationwide. we don't have the same law. we only had it during the stimulus package. only three years in the last ten years where pell grant increases exceeded tuition increases. states were halted in order to collect federal money.
1:58 pm
>> this is one of the oddities. they start by saying these state legislators don't know what they are doing. we want to give them more power in terms of giving up the money. they continue to fund because the feds come in and offer a carrot. it's a strange way to think about this. suggests to that the politics change overnight. i don't think that's true. one of the things that worry me most,specially the free college proposal, they are counter cyclical and what happens in the next recession when the states say we have to balance our
1:59 pm
budget. we pledge to you under this hypothetical plans. and then nobody gets aid anybody? they get a path in which case it's worth asking whether they have a commitment problem. that's the inceptive or the partnership. these are eventualities that are not hypotheses. they are where we end up at some point in the future. >> they have an intentional disinvestment. they are reacting in the short-term and the reason the higher education is, it's the only majoring it that has their own revenue source. all the rest don't have enough. higher education has.
2:00 pm
very, very appealing place to cut because they can raise the money through tuition. that's what they have done. what you see overtime is this boom and bust cycle. we are back on the increase. >> but in many states we are actually against any more on higher education than in the past. it's not a steady downward trend. the role of federal government is going to change that exact behavior that you are talking about. states have to be procyclical. they can help with that. the game theory of this, we can talk about it and model it. i don't worry about it. in a given year if you have to make a match, make a match. that doesn't concern me.
2:01 pm
that's whether or not it would pony it up with the state highways and the medicaid saying they are for everybody and the other program is just for a few. we have seen states opt out. i wonder if they are different for the effects that affect poor people versus a program that affects everyone. families who are very powerful constituents. i was wonder figure you could address that. >> sounds like you are talking to a state that puts 95% of its money in the merit-based programs. you have to realize we had this conversation yesterday with the presidents and the land grant. when states have reduced their budgets like they have, college tuition has gone up.
2:02 pm
the middle class starts screaming and untiling they can't afford it because they are left out of the equation. that resulted in them getting elected. it's a middle class backlash because states have increasingly made their institutions less affordable by reducing their role and it's such a backlash that pop and secretary clinton got in a big debate over how high they would raise it from 60,000 to 180,000. now, 55% of the parents take this. i bet that's going to get increased. that's up for 2500. the politics of hitting that middle class voters and i'm waiting to see states tackle t issue. it's the number one issue in
2:03 pm
louisiana. we may not get funded, but the program probably will. that's a big challenge for us. we are dealing with the politics of a middle class that feels disenfranchised because they were not part of the equation. all they could curn to is loans. >> that's a great question. there is a level at which states have a lot of programs and they have brought in and that has been the history. you have seen a more recent turn over the health care issue. and probably at least one factor in that is because it was so strongly identified with one political party. you see a backlash and i am not sure that the free public college debate does not suffer from the free politics. i think that we have to ensure that whatever we do, we would
2:04 pm
work on something that we try to gauge as much as we do. my concern is the states are so committed to i'm never going to vote for increased taxes, one of the things i haven't seen them look at, what has all the balanced budgets done for the states? this was a big trend 20 years ago. what ends up, education is all within the counter circle or higher ed is. when the unemployment rate goes up, people go back to school and the states run out of money. when the colleges need the money the most, the states have the least and i don't know how you get out of that cycle. politically i don't see any movement. i can't imagine they would be
2:05 pm
willing to borrow in the lean times. i think they won't have the money. they won't have the money to do this. >> i would say to be clear, my point about medicaid is to suggest that's where the federal government goals are more directly aligned. with the way this policy functioned. that's the way the goals and something like medicate can provide health care to those who couldn't have it otherwise. what i am suggesting is that in the case of higher education that states often have different goals than the fed. some of them are this. to make sure that the families stay in the state. so they fund the flagships really well. those goals are to me what the federal government should be
2:06 pm
pursuing. it should be pursuing the other side. middle class families clamor to be part of your plan. that's not as efficient. >> we will give everyone a two-minute closing remark. we will start with sarah. okay. well? >> i think we should not throw out a system that has incredibly deep and broad political support. that probably is the most significant thing about what we have with the student aid. it is incredible pell grant program has the bipartisan
2:07 pm
support it has. the federal investment is bigger than many agencies. that is not nothing. the thought that a new system that funds colleges, i wish colleges were as popular as we might think. to fund colleges or states will be very, very hard to sustain. i think we need to work on incentives and not beating their. we can work within the framework about 1972. they kind of lure states into a national goal that may recognize
2:08 pm
they have different things to survive and the states want to keep the best surprises at home and renewing the partnership of what it looks like today. >> i was trying to think of mine as we get going. shoot from the hip. >> to me this was the first why the federal government was involved. i think it's worth asking. there is a sense in washington among advocacy groups that more state investments are a good thing for low-income families. and to me that is not more now. it's differently by different states and not by the funding.
2:09 pm
and who attends colleges in the states. i was reading from washington about the situation in indiana. the throw away line about how at the last minute they were able to save the universities. >> it was literally the last three minutes. by increasing the sales tax, the sales tax is a regressive tax. it taxes low income people the most. they spend far more money on goods and services than do rich people. it is worth thinking and not just waving our hands and saying no, no. by definition. more dollars to lower the price for everyone regardless of income. to start asking whether that's true and think about how a
2:10 pm
federal role could help without spending. >> they were created by federal intentions to tell states they needed to do it. in 1862 and 1890. we need that intervention and for the federal government to step up to the plate. our states are getting out of the business. we had 48 governors against us in the nga when we put the provision and the economic stimulus packages. they said it wouldn't work and the federal government has no business doing that that. provision said that you can only take education stimulus if you do not cut your budgets below the funding level. within six months, 20 states cut it to that level and left it
2:11 pm
there. lamar alexander and tennessee had a $1.1 billion budget. they cut within $13. colorado and oregon cut to within $1. they are necessary. if we do not do this and continue this course by cutting more money, the new money into the current programs we are doing, we will have nothing but a system of higher education. iowa 2029. do we want a federal system of higher education based on tuition or loans or grants or keep and incentivize our states? i said we will have to cut 4,000
2:12 pm
classes. we will have to take the s off the football helmet and that got their attention. that's what we are fighting to keep to be the institutions that the mission said we were founded to be. >> i talked about the set of assumptions and what i worry a lot about, assuming the things are the way they have to be. they will continue they change the way they are behaving. they must change the way it is
2:13 pm
investing. >> thank you, guys. we will open one last time for a few minutes. get a final conclusion. i don't think so. i'm still going to stick to it. >> preem can vote strategically.
2:14 pm
that's how you helped. in our first conversation, the trouble with this whole thing is it's not an either or. we have to do both. the states need help in making the right decisions to stay players in this vital enterprise for the country. >> thank you. you made my job easy. >> thank you for all of you working in the areas to raise awareness of the trends and don't be afraid of new ideas. >> all right. thank you for joining us today.
2:15 pm
>> we a


info Stream Only

Uploaded by TV Archive on