Skip to main content

tv   Politics and Public Policy Today  CSPAN  May 13, 2016 5:00pm-7:01pm EDT

5:00 pm
of the regional bureau for africa of the united nations development program undp to be invited as panelist before the u.s. senate committee on foreign relations. this is my very first appearance. i have it? ed submitted a longer text, so i have tried to limit my remarks within five minutes. my purpose today will be two-fold. first, i want to briefly update you on what we as undp have learned about instability in africa. and second, i would share our view on the possible developmental approach to mitigate the threats to peace and stability in what is often referred to as africa's arc of instability which encompasses the lake chad, nigeria and the whole of africa. the continent is doing extremely great. for the last 15 years it has
5:01 pm
grown gdpwise 5% per year since 2000. violent extremism is amongst the major risks to economies in part of africa. tunisia's gdp gross has been cut from 3% to 1%. chad's gdp contracted 1% in 2015 from a growth of 5% in 2014. and countries like kenya and nigeria saw a reduction of 25% of tourism following terrorist attacks. we in undp estimate that at least 33,000 people have died on african soils since 2011 as victims of violent extremism. and 6 million are currently internally displaced due to radicalization. mr. chairman, over the last two years undp has held a number of consultations, conducted a series of studies and commissioned research to better understand the violent extremism
5:02 pm
scourge in africa. these various studies and research converge in showing three major findings. one, while the drivers of radicalization are multifaceted and defy easy analysis, their major roots are to be found in the combination of poverty and low human development, a sense of economic and political exclusion and marginalization and weak social contracts with high level of societal divisions among ethnic or villages lines. two, the most fertile grounds for radicalization are the border areas, which are in most of the countries neglected, ungoverned, weak governance, and in terms of socioeconomic and -- low socioeconomic and institutional infrastructure. three, while there are a number of commonalities which drive
5:03 pm
radicalization there are also some important differences between countries. for example, socioeconomic factors tend to be the permanent drivers in the sahel. the lake chad, the lack chade basin, somalia and nigeria. whereas political grievances are much more permanent factor in kenya. it is with this research and analysis in mind that undp embarked on the development approach which seeks to address the multiple drivers and enablers of radicalization and violent extremism. we have launched a four-year initiative on preventing and responding to violent extremism in africa which focuses on supporting regional institutions, government, communities, and at-risk individuals to address the drivers and related factors. we are working in epicenter countries, in spillover countries and at-risk countries
5:04 pm
supporting partners to develop and implement integrated regional and national policies and strategies. rule of law, community and faith-based intervention to prevent youth radicalization and deescalate local conflicts. we also promote social cohesion at the community level. working with local and national governments to provide basic social services to citizens. we support implement creation and we work with local governments to strengthen public administration and the extension of state authority. we have learned that well resourced comprehensive and integrated programs combining security and development response offer the best approaches to combatting violent extremism. let me conclude my remarks by emphasizing that for africa to meet its full development potential preventing and responding to violent extremism is a key. this will require coordinated
5:05 pm
and collaborative partnership between government, development partners and civil groups. i thank you. >> thank you very much. is that a correct pronouncement? >> it's correct, chairman. mr. chairman, ranking member cardin, and distinguished members of the committee, on behalf of the national democratic institute, ndi, i appreciate the opportunity to discuss terrorism and instability and make the case for why democracy and good governance should be a central component of any counterterrorism and stabilization strategy in sub-saharan africa. for more than 30 years ndi has worked around the world to establish and strengthen political and civic organizations, safeguard elections and promote citizen participation accountability in government. the institute has conducted programs in or worked with
5:06 pm
participants from approximately 50 of africa's 54 countries and i have been fortunate to be part of our efforts in many of those countries for the past two decades. terrorist activity in sub-saharan africa over the past decade threatens to destabilize the continent and roll back some of the gains and broaden politic political space and participation since the third wave of democracy that began in the 1990s. groups such as boca haram and the maghreb in northern mali and sahel have caused tens of thousands of deaths and tremendous economic and social dislocations. for civilian populations. some of this extremist organizations operating in africa are eager to establish
5:07 pm
alliances with violent extremist organizations in other parts of the world, notably al qaeda and the islamic state of iraq and syria isis. the international community's right in supporting counterterrorism efforts that seek to defeat this extremist groups militarily and must at the same time assist the affected countries to address the root causes and triggers of the rise in extremism and violence. the principal motivation of today's terrorists in sub-saharan africa is deeply rooted in a pattern of religious beliefs. however, it is noteworthy that governance failures have exacerbated the impact of this phenomenon and created an enabling environment in which extremism thrives. when a state collapses as was the case with somalia prior to the emergence of al shabaab,
5:08 pm
allows for huge swaths of ungovernable fa ablable spaces mali or fails to fulfill its basic purpose of providing citizens with access to a meaningful life and liberty and property as in northeastern nigeria. the social contract between the state and the citizenry is broken. discontent with governments that are viewed as illegitimate or ineffective is a fertile ground for recruitment as disaffected individuals may easily embrace extremism hoping to access a better life, political power or voice and the resources linked to this attributes in transition environments. moreover, oppressed citizens and marginalized groups that are denied access to basic public goods and services and
5:09 pm
opportunities are more vulnerable to extremist appeals and indoctrination by nonstate actors who in return promise to fulfill their needs. efforts to counter violent extremism and terrorism in sub-saharan africa must, therefore, address poor governance as a part of the overall strategy. based on institutional lessons learned through ndi's work, my own experience and expertise as an african and what i hear loud and clear from african democrats, leaders and activists alike across the continent, i would strongly offer the following three recommendations for your consideration. any counterterrorism strategy for africa should be grounded in the consolidation of democracy and good governance such that short-term military victories can be sustained in the medium to long term. we cannot afford to defeat
5:10 pm
violent extremism now only to take up the same fight five, ten years down the road. two. autocratic regimes should not get a pass from the international community solely because they are good partners in the fight against terrorism. shrinking political space, frequent and overt violations of citizen rights and freedoms and the undermining of constitutional rule and meaningful elections breed discontent and disaffection that form the fertile ground for recruiters and perpetrators of violence and extremism. good partners in countering violent extreme terrorism can and should be good performers in democratic governance. these two principles are not mutually exclusive. in fact, they are mutually reinforcing. africans of this generation of jittery and extremely fearful of
5:11 pm
reliving the experience of the cold war era during which dictatorships thrived amidst great human deprivation because some leaders were allies of the west at the time. the fight against terrorism should not become a substitute for the cold war paradigm of this century with regard to sub-saharan africa. democratic governance is critical to every counterterrorism strategy. before citizen grievances are not allowed to fester and breed extremism, dissatisfaction and alienation from the state. to deprive extremists of possible recruitment grounds and after to sustain the peace that would have been gained militarily for the medium to long term. excessive deprivation in both economic terms and in access to political voice, freedoms and civil liberties make young
5:12 pm
people vulnerable to the recr t recruitment incentives of extremist movements. to conclude let me say despite the enthusiasm of a few years ago and some remarkable accomplishments in the last two decades, democracy and democratic governance in africa is under attack. on the one hand, it is challenged by external threats from extremist terrorists organizations and on the other hand in some cases by internal threats from autocratic regimes that fail to deliver public services, combat corruption and protect rights and freedoms. the international community should do everything in its power to help rid the continent of both existential threats. friends of africa must make sure that they do not willingly or inadvertently allow themselves to become accomplices in denies
5:13 pm
africans their basic rights and freedoms and a secure, prosperous future. thank you, mr. chairman and members of the committee for this opportunity. this is a brief summary of my statement, and a longer statement will be submitted for the record. >> without objection, it will be entered into the record. we thank you both for your testimony and i want to turn to our distinguished ranking member, senator cardin. >> i want to thank both of you for your oral presentations as well as your full statements that are being made part of our record. i've had a chance to look through it. and it certainly reinforces the concerns that i've had. so, i want to get a little bit more granular here. both of you mention the importance of the underlying causes of radicalization. and although we have to deal with the immediate issues, if we don't deal with the underlying causes, it will be short-term success. we have incredible tools. undp is an incredibly important part of our international
5:14 pm
efforts to help develop the prosperity in countries that we hope would provide the long-term stability necessary. ndi's done incredible service in developing democratic opportunities around the globe. and, of course, the united states and our development assistance and our security assistance, these are tools that can provide incredible opportunities for stability globally. and yet we point out that in subsahara africa, we have not been as successful as we need to be. so, therefore, my question to both of you, what has worked that we should build on? i see your specific recommendations. i understand. incorporate good governance, deal with education, deal with the underlying economic issues. but how do you take the current programs that are available, through nations or through private organizations or through government, how do you take those programs and build on the
5:15 pm
ones that are the most relevant to the stability of subsahara africa and what programs need to be reconfigured because they're not providing the returns for the investments that are being made? can we be a little bit more specific here? >> thank you, senator. let me first state that when i was listening to the previous panel, what you said was music to my ears, and you said that it boils down to good governance. this is the fight that we are doing, first in africa but in undp. the major portfolio of undp is good governance. in this country we have seen poor governance and ungoverned face spaces have been the major causes for the insecurity in the continent. you're right. we have good practices. the issue that we are seeing here is that most of these countries have very limited
5:16 pm
political space and cannot deliver to scale the good practice we are advocating. the solution is number one not only limit ourselves to military solutions but blend military and u.n. rights and then development. but the good practices that we are having, put them to scale. i think the national community have to understand the issue of terrorism is a global public fight and this country with limited fiscal face cannot do it alo alone. in a spirit of partnership we can scale up the good practices. i'm coming from kenya and egypt where i saw an excellent partnership between the two countries where they are doing cross-border initiatives. we haven't discussed it a lot during the first panel. it's at the border that we see problems. so, if we invest in creating resilience for communities at the border areas we will have done great. i think with good funding we can scale up those excellent initiatives.
5:17 pm
>> senator, the national democratic institute obviously doesn't have the luxury of governmental entities such as the department of state or even a multinational organization such as undp. but with the resources that we've always received, graciously from some of these agencies, we've tried to put a lot of emphasis on developing civil society. because when you look at the statistics or the studies done by organizations, and i referenced it in my written statement, 75% of africans aspire to live in democratic societies. believe in democracy. and so the demand for democracy and good governance continues to rise on the continent. unfortunately the supply is shrinking. and so programs that can allow the expansion of political space
5:18 pm
would bring most citizens into the process. it would also allow those citizens to rad advocate the channeling of resources. so i would put a lot more emphasis on strengthening civil society. strengthening citizen-based organizations. because some of them are very active especially even in rural -- including in rural areas and in some of the areas that have been impacted by these grievances. i understand that in northeastern nigeria, for example, there are a number of groups that are engaging with internally displaced persons. that are engaging with some of the people that are dealing with trauma and some of the impact of boca haram and organizations such as those sometimes have received support from ndi and other organizations in helping build their capacity to be effective advocates on behalf of citizens. >> i agree with both the points
5:19 pm
you made. i think border issues are -- it's a good point and we need to concentrate. they're more complicated because the problems can go across borders and therefore the country -- not sure what host country's responsible unless you have partnerships between the two countries it makes it complicated and difficult. and i certainly agree with you on civil society. i think civil society is a critical factor in good governance and if you don't have a healthy civil society, it breeds the problems. let me try to get to a third point that -- your view on that. and that is the reality or perception that you can get a free pass from the united nations or from the united states if you are working with the international coalition to fight counterterrorism and that what you do internal in your country will not really be a major importance to the international participation and support.
5:20 pm
that to me whether it's real or perceived could be a huge problem in dealing with civil society or dealing with good governance or dole dealing with democratic institution development. just share with me your concern as to whether the leaders of countries that are working with us have the view that the international community will give them a free pass on governance issues as long as they are part of our coalition against violent extremism. >> thank you, senator. for us human rights is the bedrock of whatever we do, and it's not negotiable and i was -- >> you are willing on pull out of a country if you can't get the cooperation you need from their leaders? >> what we do is we support capacity building -- >> i understand that. but are you willing to pull out of a country. if you said it's the bed rock and it's the most important point if you have a corrupt regime and you're doing good work in that country but at least part of it is supporting a
5:21 pm
corrupt regime, are you willing to pull out? >> if you pull out there's a cost to the community you serve. we make a strong statement, we make these kind of strong declarations. and i think we as the u.n. could be better off to support the capacities and support communities and help countries deal with human rights. and this is a voice that we have to put strongly. but whatever we do human rights is embedded in our programs. so, it's a culture you have to infuse into societies and government. it takes time and it may not happen overnight but it is embedded all the work that we do. >> senator, i would say the perception is real and that you hear it as you travel across the continent. even with partner organizations within civil society. that when you go through the list of countries that have become poor performers, some that were initially on a positive trajectory but that
5:22 pm
have been backsliding, that those countries, coincidentally, happen to be partners in the fight against terrorism. and it's a perception that that, then, on their minds, all of the declarations and all of the work that has been done to support civil society in the past. the example that you raised earlier about is very clear. it's obviously if upi has been backsliding on the democratic governance front but it's still viewed as a good ally. and what many civic leaders, then, pose is the question of whether this regimes are getting a pass solely because of their cooperation on that front, whereas this -- on the takings are really mutually reinforcing. and you could be a good partner on the counterterrorism front and still be a good performer on the democratic governance front. >> well, i agree. it's not a choice of either/or. it's got to be both. there's no question.
5:23 pm
because otherwise, again, you get short-term gains but long term you're not going to succeed with the type of stability that will provide not only an opportunity for its citizens but also eliminate the gap that is used for recruitment of extremists. so, you've got to do both. and i'm afraid that we have focused on the counterterrorism from a military point of view with partners at times to the exclusion of dealing with the development of good governance in a country -- in a country. and it seems like this hearing has only put a spotlight on that, so hopefully we can figure out. and just in response to the u.n., you've got to be prepared to walk away if you don't have a partner that is providing a fair opportunity to the people of their country. and it's sometimes difficult because you know that there are needs out there that you have to deal with, but if it's not getting through and if it's supporting corruption, then the
5:24 pm
better alternative is to look for another new opportunity rather than continuing the existing partnership. thank you, mr. chairman. >> thank you. now, what he just said, though, is unlikely to ever occur, is it not? let's just be honest with you. >> you want me to answer that? >> i think you answered with your laugh, but it's not going to occur, is it? >> but there's a way of suboptimum way of doing it is not to walk away from a country but go to the communities and invest in the communities. >> yeah. >> that's -- we say that it's the rebuilding the social contract, empowering the communities for them also to fight for human rights. that's what the investment i think is doing. >> to underscore the point we always look for a way to provide humanitarian help and we always look for a way to deal with a human crisis that exists, but if the host country believes that they're always going to have a partner regardless of their own activities, you lose the ability
5:25 pm
to change the underlining problems within that country. >> and we talk, you know, the first panel was here and we went down this same line of discussion. there's no question, is there, that the fact that citizens understand that we're going to hang because the terrorism issue is acute, the other issues are longer term, they know that we're going to hang in there with them on the counterterrorism piece. there's no question as they see malfeasance relative to government and other issues that that creates ill will towards the united states, is there? >> it's a question. >> obviously it creates a lot of doubts in the minds of the people, and we are also dealing with a segment of the population that's only going to increase. it's the young people. it's the activists. it's the journalists. and we know that africa is a young continent.
5:26 pm
so, the bulk of the population is in this category of people who aspire to be governed differently, who aspire to democracy and who love and respect the united states for these values. and they are the ones being put in the position of -- when government does not take up anti-terrorism legislation that is then used to shrink political space and silence voices. we end up not creating friends with a segment of the population that is the continent of the future. >> and that spurs, by the way, a magnet for folks to be attracted more so to terrorism, right? so, it just feeds on each other. let's just step back. we all understand this presidential race under way. and we understand both of us here understand that we spend 1% of our u.s. budget on foreign aid. 1%. but there's no question that during the presidential race
5:27 pm
there will be discussions about foreign aid. i mean, i don't think that's -- it's possible for that not to occur. and so, you know, people listening to this testimony today, listening to the fact that we're on one hand dealing with corrupt leaders that are not treating their populations properly, sending them money that in many ways keeps them in power and if they partner with us on counterterrorism even more so. on the other hand, we have people that -- we have terrorism. we have, you know, people that are being treated unfairly and we actually have one of our committee members here that constantly is focused on this issue. so, just stepping back and as we debate our nation's fiscal issues and our nation's interests, which i think maybe more so in this presidential year may be discussed than in times in the past, if you would, both of you, advocate to me why you believe that our continued
5:28 pm
involvement in countries like the ones we're discussing is an important thing for the united states to be doing. >> well, mr. chairman, simply put, as i said earlier, although terrorism could be generated by poor governance in a country, it is a global public good or global public bad. it belongs to all international community. that's why it behooves us as international community to fight them wherever they are. i'm not saying that we should give a free pass. but you have to fight it and fight also the root causes. that's why foreign aid is still critical, catalytic and important in this fight. >> mr. chairman, i agree with what my co-panelist just said. and i'll simply add that in many of these countries american
5:29 pm
lives, american interests are also at stake. we may remember the initial bombings of embassies in kenya and in tanzania, that the terrorists did target american institutions, embassies and a lot of americans died in that process. and so terrorists are a threat to americans whether they are on the homeland or trying to operate overseas. because their ultimate goal is probably larger targets than the villages that get destroyed in a number of african countries. so, i think it's important to send forth the message that teaching time is worth nine and that we all threatened by this phenomenon irrespective of where it finds itself at the present moment. >> but i think that the challenge, you know, we -- you know, i think some of the debate around let's go to the middle east, isis and, you know, people
5:30 pm
act as if we're going to do away with isis in the next year or two are missing the fact that the root causes are a long, long-term -- a long, long-term issue. same is true in africa. the root causes there are a long-term issue. and i think as americans look at the resources that we have and the needs within our own country, sometimes the simple thought that we can deal with terrorism like that and maybe the lack of understanding that there are root causes within africa, within the middle east that are going to mean if this group is gone, another group's going to be coming right behind it unless we're dealing with both sides of the equation. i think people in many cases miss that point because of the dialogue that's taking place. would you all agree or disagree with that? >> absolutely, mr. chairman.
5:31 pm
it's not -- it's not instant coffee dealing with this -- the root causes of terrorism. it has started years ago. it will take some more years to deal with. and as we said earlier, it's the toxic combination of poor governance, low human development, and weak social contract that has created this. and this will take time to deal with. it's a long-term investment. and, again, if you combine -- and if we put scale into the long-term investment and combine it with good security, security has to be still there, i think we will win over time. but it will take time. it's not ani icnstant coffee b s bottle in my view. >> i agree with you, mr. chairman. i think the message can also be conveyed that first you have to stop the bleeding, and then you can use democracy and good
5:32 pm
governance to build up a lot of those societies and a lot of those countries. and the example that i've used in the past with regards to the sahel, for example, is the difference that democracy and good governance made in the situation of two countries that were both bordering countries to libya but that dealt with the post-libya crisis in a very different fashion. mali was poorly governed. the government was accused of being very corrupt. of mistreating minorities, marginalizing them and causing a lot of grievances. it wasn't able to control its borders and there was a lot of illicit activities already taking place in northern mali prior to the attacks by the terrorists -- the terrorist attacks that really peaked in 2012. on the other hand, niger republic which is a neighboring
5:33 pm
country to mali and which even shares a direct border with libya, because the government had better control of its borders, because the government had come up with a policy to integrate the population into its government processes and because the government was dealing with decentralization and allowing people at the grassroots level to make decisions that impact their lives directly, niger was better able to deal with the after effect of the libyan crisis than mali, until today niger is not a very wealthy country, but it's surviving in a neighborhood that's infested by terrorists to its northern border with libya to its northeastern border with northern mali and to its southern border with northeastern nigeria and niger is to be commended for its effort. this is one example where an african country that is not necessarily resource endowed is
5:34 pm
better able to manage its economic resources and its human capital in a way that gives people confidence that the government can respond to citizen needs and grievances and the country's still doing well today. >> well, thank you. we're way beyond time. if i could just ask one last question. this is a little bit off topic, but we had a really sort of harrowing hearing if you will about u.n. peacekeepers. and the abuses that are taking place. and i'd just like to ask in closing, when this is happening, what does that also do relative to populations and their feelings about, you know, people who are working with them to keep peace, but also how does that fuel, if it does, how does
5:35 pm
that fuel additional attraction to terrorist groups? >> it's a horrible situation. it is not a wide scale phenomenon but horrible whenever it happens it put a discredit of the -- on the good work that all the soldiers are doing in the u.n. at large. and you have seen the secretary-general condemning it strongly. >> he condemns it, but it still happens and we see almost no action taken against the peacekeepers, so condemning it doesn't mean anything to me. >> he has condemned it when it happened lately in south africa. he was dismissed the head of the mission. he has named the countries where the soldiers -- or the perpetrators are coming -- >> who has gone to jail? who has gone to jail? >> yeah. and i think once the secretary-general has named those countries that -- whose soldiers has done it, it
5:36 pm
behooves the countries to prosecute. >> you understand from my perspective that would be like us naming the terrorists as bad guys but doing nothing about it. you understand -- >> but i think -- and the secretary-general has also nominated lately a special coordinator from the u.s. to coordinate the effort of the uve u.n. to address this despicable acts. >> prosecution. prosecutions are what will end it, not naming people. not naming countries. not -- prosecution. >> but, mr. chair, you would know that the u.n. has no space for prosecuting soldiers given by contributing countries. that's why i said it behooves those countries to do the prosecution once they are named. >> yeah. >> if i might, i want to just join with the chairman. i'm not satisfied that the united nations has done everything it needs to do. i understand you don't have
5:37 pm
independent ability to do that. i understand you have the politics of dealing with all your member states. but with the peacekeepers it was very, very late at the game. and the action was not adequate. and we know that the secretary-general is very sincere and we know that the security council has taken action. but we have not seen the type of enforcement that we expect. and i think the same thing is true with the various programs under the united nations, that is the development programs are critically important. but if you're not prepared to break your partnership with a corrupt regime, then i think you are doing a disservice. i understand the humanitarian needs. i understand dealing with particularly ngo types where we can do direct humanitarian service. but contracts with governments that are corrupt need to be prepared to walk away.
5:38 pm
we cannot get the type of progress. we don't expect progress overnight. so, if i can, mr. chairman, with your patience. just one quick question to mr. fuminya, and that is how would -- what would you like to see the united states do in order to respond to the perception that we give free passes to coalition partners in regards to their human rights violations? is there something specific you would like to see us do? >> senator, i think you touched on some of these issues in the first panel. i think speaking out more publicly against some of these violations, but also taking actions that can assure or reassure the vast majority of africans in these countries that when the united states says that democracy is one of its core pillars of its africa policy, that it really means it, so that there isn't a sense of leaders
5:39 pm
acting with impunity even at the highest level because then it undermines everything else. i would also mention what you discussed in terms of resources, additional resources for democracy and good governance programs or democracy support programs. and also a sense that those programs to be effective, because you were talking about changing attitudes and changing behaviors and impacting -- dealing with people who acted one way for decades and who now need to act differently, that a sustained level of support is more likely to pay dividends than short-term surgical-type interventions. because you need time to be able to create relationships of trust. you need time for people to trust that your technical assistance is nonpartisan and means well in terms of raising the well-being of citizens and put in place systems and
5:40 pm
processes that endure beyond one government and one leader. and that requires time and sustained resources. i think that would go a long way. because fortunately for the three decades that ndi and the international republic institute and other organizations have been doing this line of work, we've established relationships in these countries that could have a huge impact if the resources were available. >> thank you. i thank you, mr. chairman. >> thank you. and thank you, mr. diya, i know were speaking up regarding the u.n., it's not your area of expertise nor purview. i appreciate it. but i think you can understand where none of us at the page are particularly thrilled with the way the u.n. has handled the peacekeeping issues and caused prosecutions to take place. let me just close with this. i think, you know, look, certainly this hearing has given us a good sense of the complexities that exist. we have similar complexities in the middle east where we're
5:41 pm
dealing with countries that, you know, leave these vacuums, discriminate against various sects that are not -- that are not of their own. and so this is a challenge we have throughout the world when we're dealing wish issth issues this. but we thank you for your focus on africa. as you heard me mention to the last panel, if you would, there will be questions from members in writing. we'll close that as of thursday afternoon, if you could respond fairly briefly, we'd appreciate it. we thank you both for your expertise and knowledge and your willingness to share it with us today. with that, the meeting is adjourned. >> thank you. >> thank you. >> thank you. >> thanks for coming down. >> thank you.
5:42 pm
5:43 pm
president obama will host leaders from norway, sweden, finland, denmark and iceland as part of a nordic leaders summit. tonight the president is hosting a state dinner with coverage of the arrivals at the white house starting live at 7:00 p.m. eastern on c-span. representative darrell issa participates in a discussion on the internet of things and how to regulate what's shared over connected networks. he says there needs to be a standard for what happens with the data that's being collected. the forum also includes representatives from at&t and the federal trade commission.
5:44 pm
>> good morning, everyone. welcome to the museum. i'm amy stoddard with "the hill." we're excited to be hosting the discussions sponsored by visa on the internet of things and mobile technology. we're live streaming on the hillcom please follow on twitter and comment using th the #thehilltechforum. at this time i'll introduce our first guest for the keynote congressman darrell issa has represented the 49th district of california since 2001. congressman issa currently sits on the house committee on the judiciary and subcommittee on courts, intellectual property and the internet most recently. he teamed up with congressman
5:45 pm
susanne delbene to discuss the house internet of things caucus. please help me welcome congressman issa. thank you, congressman. >> and thank you for having a place to put my coffee. >> i know, that's key. i was actually looking for the table when i arrived. so, there are vastly different estimates about what we're going to have in the next five years between 21 billion and 50 billion connected devices. why don't we open with kind of since you know more about it than me what that looks like and how our lives are going to shift. >> well, you know, the definition of connected today is rather simple. it's a radio frequency product that's active, that transmits and receives. that's pretty much what we're looking at.
5:46 pm
most of it, a great deal of it is at 80211. these are in the low gigahertz bands. some of it we look at it, sometimes we look at bluetooth, a slave device. but we look at a connection between sort of you and me. where we're going when we have those billions is a connection between all of us that isn't just between you and me but inherently is between you and all of them and simultaneously because i'm connected to you i'm connected to all of them. that mesh network version of the internet of things, one in which everything is available based on certain rights, is the next generation of the internet of things. >> well, that sounds exciting and it sounds a little -- >> it sounds scary. >> it sounds a little scary. i was going to get to that. >> but isn't that what the internet is? i'm connected to the internet but i'm connected to everybody who is on the internet.
5:47 pm
we think of our appliances as often bound between two points. the best would be our bluetooth headset and our phone. to us that's our personal internet, but there won't be a personal internet. everything will be bound to everything and in some cases in the best cases our communications systems will aid each other so there won't be empty spots because ultimately with limited spectrum our challenge is going to be to make sure that all of us can find sufficient bandwidth for communication and sufficient signal in a crowded world to be able to message in and out and to do that we're going to have to cooperate in a way that we don't currently with radio frequency. >> right. we're going to get to that. >> i got to it early. >> i know. that's a steep challenge. how is it, including autos, going to help us? >> well, i think the automobile, if that's what you're leading to, that's the knneanderthal in
5:48 pm
the internet of things. in order to work in an automobile we think of ourselves as, one, we have to be much more robust. the fact is the amount of cars on the side of the road is rather de minimis and half of them is because they deferred maintenance or ran out of gas. so, when you look at the reliability of an automobile, it has to be technology that's extremely well tested. it has to operate in a minus 40 to plus 120 degrees and beyond or it's useless, you know, in a typical automotive environment. and so, they're coming late to the party. i always say don't look to them for the leading edge because what they're describing is something that's very doable and they're simply applying it to the automobile. that's not to disparage the automobile, because automobiles have the greatest poe -- and that includes motorcycles,
5:49 pm
bicycles and people and mobility in a sense. we have the greatest opportunity to create vast networks of information that all of us can use. and that's where this internet of things goes to the next generation. because the current generation is i say alexa and it tells me the temperature, that's great. or it plays my music. the next generation is every appliance is going to have in a sense, at least some sensing, and particularly automobiles. so, now how long is it going to take me to get crosstown new york now. to get that information in real time every automobile has to be part of a lattice network that is, in fact, producing the raw material to estimate how long will it take. and by the way, i want to be updated that the route i was on has deteriorated and an alternate route can occur. that's where software behind automobiles that become fully part of the internet of things are going to really change our lives.
5:50 pm
and not just for people that are -- that are going places. sometimes it's going to be -- i've got a dinner party, are people going to show up on time. >> and what about privacy? long will it take. i want to be updated that the route i was on has deteriorated and an alternate route can occur. that's where software behind automobiles that become fully part of the internet of things are going to really change our lives. not just for people that are going places. sometimes it's going to be people are going to show up on time u. >> but the data often is owned not by us, but by the companies that we buy the devices from? >> not really. the question of who owns the data is always yours. at some point, all of us signed
5:51 pm
away those rights. what is your right to know and understand what you're signing away. >> you have to read those little small letters. >> one of the challenges is that we have a generation that says i don't care. they don't read it. then we have a lot of legislators and tend to be the other generation and we're saying, wait a second, we have to find a way to make this document simple. how many of you have a home loan? that was a simplification of truth in lending. what we need and don't have is an industry that's developing standards for these contracts. so that i read a contract one time and it's a consumer technology association standard 101 for document release or information release. or it's standard document with one exception. that exception says that they can aggravate some information. are we going to develop standards. when i plug something into an hdmi or old fashions port, i
5:52 pm
have an expectation it's going to work a certain way because industry, private sector industry developed standards we can rely on. we need a standard of what is my information being used for. and by the way, if we say no to everything, then all the real benefits of the internet of things come crumbling down because we want that information to be available. >> can you talk a little bit more about the challenge of what your goals are. i know you and the congresswoman are ahead of your colleagues on this and a lot of educating to do and how do you make this a priority? >> well, it's interesting. we're here at the museum. first amendment is an interesting term because people don't understand that it means multiple things will leave freedom of religion out for a moment. the right to be heard and the right to privacy are both
5:53 pm
interlaced in that question. my first amendment rights include my freedom of association without big brother looking at it. so when the word encryption is used, the real question goes back to 240 years ago. what is my right to privacy? what defines my home? if my right to have a conversation, if as thomas jefferson thought we should do every generation or so, and that is conspire and tear down our government. if my ability to have that conversation is protected, as thomas jefferson thought it should be, then my ability to actually u have conspiracy talks, talk about hypothetically taking down the government with a not violent but a series of political attacks if you will. that's protected.
5:54 pm
and if one piece of free speech then all free speech is protected. so i'm one of those that understands that there's not such a thing as a little bit of encryption. you either have privacy or you don't. does the court have the right to order certain things, yes. but our founding fathers never anticipated that if i talked to the gentleman in the second row there, an hour later, they never opportunitied being able to hear our conversation. they anticipated they could talk to me and talk to him. whether they are written or oral is an intrusion that our founding fathers never anticipated. they opportunitied the ability for the court to order documents and which were public condition va yans in many ways and the individuals and compel them to
5:55 pm
answer questions honestly under a threat of perjury. they even gave them the ability to not answer. so in a sense, what many of us are trying to do, is teach new the very old. which is that let's not be so afraid of a relatively small group of people meaning us harm around the world that we give up the liberty that brought us here and caused us to have a very different life. >> in terms of regulation, you're a businessman and this is an industry that is just way ahead of the regulation. >> thank god it is. the industry will crumble. >> what's the motivation for the tech sector to secure these devices?
5:56 pm
in a meaningful way. they describe devices that will not be able to be updated over time. that it poses long-term security threats because this is just an unprecedented amount of pressure on the system, connectivity and at some point, what is the regulatory landscape that you envision that's reasonable? >> it's an interesting question. you go back to history in a way. we have had times in which we have said you become too obsolete. let's just assume you have a model t ford. now you can take your model t ford out on certain roads. but since a model t can't really
5:57 pm
keep up with interstate highway speed, we can prohibit it from going on the turnpike. if the latest product is a moped and a generation from now, that's always good for at least a little laugh, but if a generation from now that product simply can't keep up in the lanes, then we have an ability to say you can participate in the lanes that are legacy lanes, but you're not going to be part of the mesh network that we're all in. because you lack the speed, you lack the security, maybe you lack the update blt. that's one of the challenges for our industry. everyone in this room has a flat screen tv that has probably a microcomputer on board. that's really what most of these products that we use have. they are just really a computer
5:58 pm
screen with a very thin client behind them. one of the challenges for that industry, and i came out of the consumer industry, those tvs are great and they will do exactly what we ask them to do, including connect to the internet and update their time. we need an anticipation of some products being updated until their microprocesser and memory reaches a point where they can't make that next jump and have them pushed into a slow lane that lets them enjoy the utility that they can, but recognize they are going to go away. and i'm running on, but let me give you a really old example. there's probably three people in the room that are remembering.
5:59 pm
there used to be something called a citizens band radio. what happened was the fcc determined that there was ability to have more channels, so in the 1970s, they made a transition from, that the old ones couldn't be sold anymore. you should have seen the fire sale for the old ones. you could have bought the packaging would have cost you more than the product. we do have are it realize that we're going to have that and particularly when we look at bandwidth. because we're going to reallocate some to more mundane things. today i'm looking forward to 28 giga hertz communication. something that satellites are doing being used terrestrially.
6:00 pm
when i came to congress can, the idea that we would be using 5 giga hertz hadn't yet come out. the only thing we thought 2.4 could be used for was cooking food in our radar range and the police pulling us over and giving us a ticket. today we could not live without that particular frequency bandwidth because that's one of the keys to 80211. >> so this is going to depend largely on license spectrum. are we going to have enough consumers expect connectivity at a low price? can we continue to expect that long-term? >>. >> they need to fight stronger r to tell congress.
6:01 pm
the fact is cellular auctions have given us a lot of money. the cellular data if it wasn't for 80211 there isn't enough bandwidth. business models should be based on what you add in value to what is, in fact, free to the people. now that's pretty not going to happen overnight. with the exception of certain broadcast channels, most if if we don't look at what people think of technology and cellular. if we don't look at putting more and more on to existing
6:02 pm
bandwidth, we will run out much sooner. if it we auction it off to users who are trying to monetize, but in fact, are not sharing we won't get nearly the depth of use. >> thank you, congressman. appreciate it. >> i'd u like to introduce two representatives.
6:03 pm
i'd like to welcome to the stage jim mccarthy. >> nice to see you again. >> that was a great conversation. thanks, everyone, for being with us so early this morning. it's fun to talk about the internet of things. we got a good high level discussion surrounding the policy. for me, the most fun part is talking with people like jim mccarthy, the executive vice president for innovation and strategic partnerships. visa is a member of tech net. i'll tell you a little bit about tech net. we represent 70 companies in the whole tech system.
6:04 pm
we represent everything from visa, which underpins so many great companies. we also have hardware and software companies like oracle and sis koe. everything you could think of and also clean energy companies that make data processing that visa does every single day work. i want to talk a little bit about the history of the visa card. i asked when was the first visa card developed. it's actual in our lifetime. >> 1958 bank of america did a little experiment called the fresno drop where they test what will become the first general purpose credit card. >> what was the growth like over the next few years? >> it was effectively most people think about banks as
6:05 pm
being innovative in the sense of internet companies, but did what u call the first experiment in the space. by 66 they are up to $2 million. that's when they decided to open their closed network. >> it's amazing. so technology fuelled all of that too. >> there are themes that carry through. you'll hear a lot of that opening the network. they talk about innovation and opening. a lot of the most successful companies will be uber and started off as small ideas that have been very disruptive. >> when you think about how much change you saw in the beginning, you think about a the last ten years of the amazing amount of growth we have seen and how people think about money, how they think about commerce in the last ten years. what's the biggest point that you would make about that? >> i love the way the
6:06 pm
congressman talked about it. to date u myself, search to purchase started off as a kid with my mom e throwing four of us in the station wagon and search started with all of us screaming up and down an aisle. now you can replace the o words with things like google to visa. the convergence is real. companies that have effectively consolidated a set of steps into one action, which is saying i want a car and everything is in there. you don't think about payment or hard handling. the car. you're finding the steps are combining and becoming easier and taking friction out of the process. effectively through software and the internet of things.
6:07 pm
>> we talked a little about autonomous vehicles and things like that with congressman issa. i would like to talk more about how it's going to impact you personally in your day-to-day life. so one of the things i'm really excited about is the olympics coming up. we remember all the great ads we hear every two years now with visa being the prime partner for the olympics. buckle up, you're a lot to get a lot of those. i'm excited about that because every two years i look forward to those ads. one of the things that visa is doing this year is rolling out a lot of cool gadgets and gear they are going to hand out to all of the people in the olympic village.
6:08 pm
i was wondering if you could talk about that. it gives us a window into this is what people will experience this year, this summer, but that's what all of us will be experiencing soon. >> so we try to use the olympics as a little mini ecosystem where we can test some things. i think the world we're all used to carrying cards. the next generation being five years, i don't think we realize how much of this is occurring as we sit here today. i brought several devices. when i think about mobile payments or devices, in between my iphone, samsung phone, these devices are all payment devices. i have u ten different ways i can pay. but the olympics is a chance to push that envelope a little further. we have sponsored athletes
6:09 pm
there. one of the things e we want to do, payment, something they do while u they are in rio. they are consumers as well. we're going to be testing another revision of internet of things, which is this ring i have on. it's an nfc ring we'll be giving to athletes to wear and do payment with. so when you think about wearables and just all the devices that will soon be able for payment, this is one of the ones we'll be tending down there. >> that's incredible. how does that work when you think about how you secure u payment? when you look at something like that, you think of the clothes you wear, watch you wear is going to be able to handle all of that data and purchasing securely. >> it's a really important point in that it's not just about convenience. clearly, electronic payment security, trust, even the privacy issue to some degree that the congressman talked about are wrapped up in that. so in the case of all of these devices that i have as well as
6:10 pm
this ring, the key concept that was introduced a little over two years ago was tokenization. we all know the credit card that was issued to you by your bank. the challenges in the connected world. i probably don't know the places that card has been stored. it's on a number of internet sites. it's on different hardware devices. so we realize that in a world that's connected, you have to assume bad things are going to happen. the pace of change, the number of devices, the number of places where there's potential compromise points is difficult to manage if you're trying to lock them all down. when they do happen, it was one where your bank issues you that one piece of plastic and one account number on all the devices i have here, we then digitally send a different credential that's unique. it's bound to that device such that we're looking for other data elements that flow across the network. to ensure that that is really that e device. it's thinking of it as a software card account number bound to that device. if and when something happens, with that device, if someone tries to take the device or steal that information, we know that it's supposed to come off that device, whether it's your ring, we'll kill the transaction if we don't see the other data.
6:11 pm
the original credential issued is protected. if something bad does happen, we kill that software base credential and can issue a real one in time. so everyone is protected. >> you were also talking about biometrics and the future of where that's headed. >> there's when we start to think about things and devices, there's a couple dimensions. biometric, we have seen a ramp in the capability of biometrics to identify indication in realtime u. the congressman talked about cars as an example. we do believe there's a real potential. >> namely i don't think anyone likes getting out of the car and having to dip cards to start to pay for fuel or on the case of a quick service restaurant like mcdonald's where the fds of the store has become much faster because of the payments. the car participates and can transmit payment data. but the problem is identifying the car is one thing, but identifying the driver is another thing. so we do think biometrics will become a much bigger part of the payment process where something about you identifies you and
6:12 pm
binds you to the device and the device to the payment credential. so that's all beginning to come online. but even to the concept of internet of things. we talk about things meaning cars, appliances, clothing, wearables. yet we have already done pilots where we're working with underarmour at an event where we created a retail store. we had visa employees and some clients register their hand print with some technology that's very quick and fast. you scan your fingers over a reader. then what we did was put a payment credential in the cloud. think uber. you're not carrying a device, but you have identified yourself. so the store front we created when you checked out of the store, you swiped your hand across the scanner. just this quickly. it identified me and because the
6:13 pm
payment credential was in the cloud, we authorized the transaction based on the credential you loaded. you can become the payment credential yourself. >> it's amazing. can you give us a good sense of the growth of gear like this to use payments. like how much we have seen since they have come online and where it's headed. >> the congressman talked some about this. if you think about the history of visa, starting with 60,000 potential clients in 1958 we're
6:14 pm
sitting here in 2016 with 3 billion visa cards issued worldwide. 40 million merchants on the network. 3 billion cards, 50 years later, you can see on the who royson all the connected devices, all of which are wrapped in software that allows for personalization. we get excited about the opportunity. in the case of visa, while the network has always been electronic, the actual physical device, that piece of plastic
6:15 pm
only works today where you see some telecommunication signal still plugged into a terminal that requires good electricity. the way i try to mention that and back to the opportunity at large is if you think about the map of the world, the satellite fly over where you see dark and light, our franchise is con trained by where you see light. that's the only place where visa cards would work because of the requirement for electricity to power that stripe or chip on the card. yet in a world that's moving to mobile devices. the opportunity just grows literally by magnitude. as we sit here today and because it's wrapped in software, the personalization can become much more unique and customized. the opportunity is just scratching the surface for electronic payments. ten years down the road, how do you u feel we'll be interacting with gadgets in our home? >> so the way i like to think about it, we have built a home connected set up around commerce in our one market center. we expose our preferences all the time. i told all the hotel chains. when you get to the hotel, you have to tell them i like this
6:16 pm
kind of paper. two pillows, this and that. it hasn't carried through to fully personalized experience. in the connected home, you're starting to see the capabilities. whether it's opening the door, the lights, the temperature, the music you like all coming online. it requires standards. it's still a little too hard to create that hub. but we're already seeing what that could look like where you'll see the preferences where whether it's your home or travel, effectively set up for you when you open the door. the interfaces are going to get better. so we still have to fool with the smart phone to set them up. we're seeing with human interfaces, voice becoming prevalent. more human interface in terms of natural language. whether it be chatting to something or talking to things. and more importantly the real
6:17 pm
trick is all data that you have about yourself that these machines can start to inform a better. experience through artificial intelligence. so as computing power increases, what will happen is we already have this is is your refrigerator with an egg carton when the eggs go bad. the early days of the amazon dash push a button is e me saying send those to me and it's at my doorstep the next day. soon it will be the refrigerator doing it for you based on your preferences. this is all real. it's just a matter of ease of use and mainstreaming it. >> you also mentioned back to the car that you also see the pumps being able to recognize your car and immediately just
6:18 pm
set it off. >> so it's not just limited to the current state of the arts. while some of those things still have a ways to go to the kind of reliability that you need to have a great consumer experience, we have actually created some experiments where we have taken a gas pump and for those that know the industry, the pumps are fairly closed systems. they are not iot like. so we have actually with some of our developers, we have actually been able to open up the device, turn it into a cloud based
6:19 pm
device to store payment credentials in the cloud. then identify the car. instead of using some lumtations, we actually use cameras to identify the car using license plate technology. most of you use fast pass. so using that technology, which you wouldn't think of state of the art, yet it works better than a current state of the art. when you think about it from the fuel retailer perspective, time is really money in terms of getting people through and not losing customers driving by and getting them into the convenience store. all these things are real.
6:20 pm
it's a matter of how do you continue to improve on that. >> it's such an exciting time. there's so much growth in this sector. when you think about what congress can do to pave u the way for this and make it smoother, even more secure, what would your advice to congress be? >> i thought the congressman did a great job laying it out. standards are really important. you we espn spend a lot of time talking about devices and technology. so even in the mobile payment space, we have always talked about the technology. is it going to be beacons. is it going to be qr codes. and lost in that is the consumer.
6:21 pm
the reason i would argue that to a larger degree it's been as successful as it's been, it's because we have cooperated with competitors. so mastercard, discover, we don't compete by confusing consumers and merchants. we don't swipe a visa card down, mastercard up, there's a consistency that allows the experience to be grounded regardless of the consumer choice and the merchant choice and the industry flourished. when you start to compete on closing things down, you often times lose sight of the consumer merchant benefit. as a result things slow down. standards are really important. i worry about industry. in my 17 years at visa, the one thing i refuse to do is predict the future. if we is the here and had the conversation. and yoouber is the hot flash point. if you're in the hotel business, air b and b is is the hot point for the discussion. and the technology that these companies have used and put
6:22 pm
together to solve consumer points, happened as a result of smart people testing things in the market and going back to the early days of bank a mer card. that was an experiment with the bank came up with. so in the data space, the whole business of payment u is predicated on being able to see data to take fraud out of the system. if you get some bad actors on a marketing side to this question about who owns the data, and i agree with them that the consumer owns the data. they start manipulating that there's legislation that rolls back the ability for a company to use data for good, which is taking fraud out of the system. it could have detrimental impacts as well as the convenience we have been talking about. >> i'll say we do state policy advocacy too. so we try to protect visa, and also a lot of other members from really bad legislation that's popping up in state capitols across the country.
6:23 pm
you have well intentioned legislators across the country trying to create legislation and trying to protect consumers. things that would hold us back and be detrimental to security. visa does an amazing job. if you have never seen their data processing center in virginia, it's really -- the volume and security of that fult is incredible. and your san francisco innovation center, i'm looking forward to seeing that because you get to interact in a home experience. so for all of you, thank you for being here. we're going to have a panel now. i'm so excited to get a chance to talk to you and excited to see all this in rio in realtime. thank you. [ applause ] >> i am pleased this morning to introduce justin brookman, policy director at the office of technology research and investigation at the ftc. welcome, glad you're here. i'm going to be honest.
6:24 pm
i'm wearing a connected device today. let's start with talking about the scope of internet of things. depending on which study you referenced, by 2020 there are 28 to 30 billion devices connected. what kinds of devices are we talking about here and what does that growth going to look like? >> thanks for having me this morning to start off with. but that growth, that number various because there's a multitude of verticals that will be used. we have talked about the consumer side of things. but there's also industrial. we have automotive, health care, so there's a lot of different verticals. and that really creates a bit of ambiguity about the number. but the fact is it's going to be in the billions. it's a large number of devices for sure. >> so first, thanks for having me. second of all, standard disclaimer. these thoughts are just my own and not necessarily the thoughts of the ftc. it's a question of cost. the sensors are cheaper. the connectivity is cheaper so we have the ability to have more things than before. so ten years ago, it would have cost $100 it make a smart toaster. what are the extra concerns do
6:25 pm
we have around that? what are consumers expect out of a smart toaster? one concern is privacy. this device can collect more information about me and transmit information about me. i have young kids. i go through a lot of toast at
6:26 pm
home. so am i going to start seeing ads for bread on facebook. what sort of information. is that a good thing? i might like u that. the second is and probably the biggest is security. once you connect something to
6:27 pm
the internet, you have created an attack surface that can be attacked. it can be potentially u really dangerous. are you beginning to agree to service that toaster for the lifetime. are you going to be able to patch it. the third bucket is issue of control. is this still really your toaster? you own the toaster, but do you
6:28 pm
have control of the software. is it going to be supported. both on security and if there's some can sort of cloud tig that powers this toaster to remember my personal toast settings, what happens if those servers get turned off. so what do consumers expect out of this. we're still in the early days of figuring out how these things are going to work. >> those are all things we're going to unpack as we go through this discussion. what sort of impact is the fact that there are lots of different ways to connect to these devices to the internet having all three of those buckets. what are the implications that there are a ton of different ways of connecting? >> i think they came out with a study a year ago where they talked about the 50 billion devices, which they estimated. and maybe 10% was connecting over some sort of cellular network. 50% connected over wifi and the rest was short range
6:29 pm
communication protocols. what that means is single device can connect over different technologies. we have a multitude of devices connecting over different technologies. so security becomes very important because the way you implement security on a cellular network is different from implemented on a wifi network. security becomes a big concern. it becomes worse with the different types of devices and connectivity. >> yeah, that's right. it creates more attack surface. so my phone here can connect through bluetooth, wifi, microphone, there's all sorts of ways it can be attacked. the mobile phone area, even that is really hard to get security right. i paid full price. i'm not going to run let alone i
6:30 pm
don't really know. so we're doing a study of mobile phone security. because of this very issue. whose responsibility is it to update the software on this phone. is it google because it's an android phone? is it t mobile, who configures a lot of software. is it ti, whoever makes a chip on here. i have no idea. when all these internet devices are created by four or five different companies with many different ones providing software for it, it does make the security picture a lot more complicated. >> as was mentioned earlier, most of these devices are low cost, low power. so the ability to put that on
6:31 pm
there, that adds another piece of complexity. >> so what expectation do consumers have to continue to provide support for a given device. are those expectations being met right now? >> i think it depends on the vertical again. as he was mentioning on the side, everybody is switching every couple years. so i think even apple are okay updating their phones for a few years and then they are done. you take something like where the average life cycle is around 17 years. those are kept safe and secure throughout the life cycle. >> the thing about the refrigerator, if that's powered by the cloud, refrigerators should last 15 years. there's a story about how samsung decided to create a screen on the device where it phoned home to gog l and bring
6:32 pm
up your calendar on your fridge. and that's kind of cool. but then google changed the api and now it's just a blue screen of death on your samsung refrigerator. they didn't have the relationship to update the software. thinking through these issues, we're still in the early days. how do you make sure that you can deal with the fact that you're supporting google software that you have various ways to connect to the internet. people are constantly probing and trying to find holes in. both white hat and gray hat researchers. and how u you u think about that going forward, security and internet of things is not quite there yet. even when companies informs like millions and millions of dollars into it, it's still very challenging. it's cheap and easy to connect
6:33 pm
something, but security is hard. security is expensive. how people grap wl that is a real challenge. >> you have both hinted at the fact that what the security standard is, what is considered adequate protection is going to vary from vertical to vertical and device to device. >> sensitive information from a kid. smart barbie can probably not kill people. it's absolutely right that every device does not need to have perfect security. we're still in relatively early days of us thinking of the reasonable standard. our job is to enforce what a reasonable standard is. so far we're mostly picking the low hanging fruit. we brought cases against baby monitors that just had their
6:34 pm
software misconfigured so anyone in the world could watch the baby monitor. this is a problem. the people are familiar with a search enjoy for the internet of things. you can just see connected devices that have open ports. you can find a lot of websites that just collect all the exposed cameras in the world. some of which intended to be open, but a lot of them probably not. >> it's not a lot of standards around it. so we're seeing a lot of deployments move to the cellular sector because it has bullet in security. >> so there's some regulatory in it? >> so it's going to get stronger as we move forward. it's going to get stronger. as it sits currently with all the different connectivity options, getting a connection is a closed loop from the device to
6:35 pm
rather than running it through the open internet where the attack surfaces are just huge. sglz they rbt traditional software manufacturers. >> absolutely. you'll be surprised with some of the products people bring to and e we want to sell this. they had no experience building these devoices. even major manufacturers, there was a hack a couple months ago one of the big three in detroit. their mobile app was hacked and you could pull off user credentials and use it to unlock your condo. >> two years ago it was 3-d tv. and then wearables. they have been fairy successful. one of the main things was internet of things. i u think there's a lot of system of the products like
6:36 pm
connected pregnancy test. the bluetooth pregnancy test. maybe it's very good. b maybe there could be value there. but i think there's this trend to connect everything and i'm sure it's always well considered. so the security side is one thing. the privacy side too. so another example in the news from last year around this time was people read the privacy policy and it sounded like they were listening to everything they did. samsung listens for voice recognition. people are luk, what? is it really listening to every single word i say? advertisers. someone else. all the stuff that i watch. so one more plug. we're having a workshop on smart tvs in december. we're going to be looking into these issues. we have a fair amount of apprehension and uncertainty about what some of these devices are doing. >> is there a gap in between
6:37 pm
sort of consumer expectation for how data will be collected and used and the box that they are ticking on the prief si poll su terms and agreement? >> there's been a lot of discussion. they should be detailed and provide transparenty. i think even then sometimes kind of hard to get a sense of what is going on. i think a lot of times lawyers are by nature risk a know what's going on. ftc has said put it in the privacy poll su, but data collection can be so surprising that even putting it in paragraph in terms of the service isn't going to be sufficient. so shocking or normal expectations. sears said install the tool bar. why not? they said the privacy policy, by the way, everything you do in
6:38 pm
your browser is going to be phone homed to sears and we'll watch what you do. it also has the poem to collect information about me. do people understand that this new tv i bought with me could be sending to, i don't know, advertisers, someone else? all the stuff that i watch. so one more plug for ftc. we're having a work shop on smart tvs december this year. we're going to be looking into some of the issues. there is a fair amount of apprehension and uncertainty about what the smart devices are doing. >> is there a -- is there a gap in between consumer expectation for how the data is collected and used and the box they're ticking on the privacy policy terms and agreement that of
6:39 pm
course, i'll go through 300 pages of this. i'll accept this. >> there's a lot of discussion about how privacy policies are imperfect. they should be detailed and provide information about what is going on to those who happen to read them like regulators or advocates. then you get a consumer going to read that and doesn't know what is going on. put it in the privacy policy, but sometimes data collection can be so surprising that even putting it in parra graph 40 of the terms of service or privacy policy and so contrary to the
6:40 pm
case in 2010 or so, again, sears. sears installed the tool bar. why not? they said deep in the privacy policy. by the way, now everything you do in your browser is going to be phoned home to sears. and wall what can you do. >> i think the ftc said, no that's what a tool bar might do. you have an affirmative obligation to say up that front. here in the i.t. space because expectations are changing all the time we're still trying to figure out and what we still expect our smart tv to do about us. fitbit has a nice privacy policy but a lot of times you don't have a way to find out what's going on but it's going to be a challenge to balance evolving expectations. >> let's talk about the control issue that you mentioned earlier.
6:41 pm
it's legal for the owner of a car to take his own oil and consumers and tinkering with your transmission is writing code? >> yeah. you're right. michigan passed -- is considering passing a law about hacking a car. it's a criminal offense. >> with very stiff penalties. >> that's right. and hacking a car that veers off the highway, sure, that sounds bad but it is now changing your oil packing a car, right? this is an issue like last year gm and john deere filed comments to the copyright office stressing that you may own the physical car or the tractor but we own copyright in all the stuff which is increasingly more and more of the car is all the stuff inside. do you have a right to repair your car? do you have a right to configure
6:42 pm
your car in new ways and there are safety concerns there. maybe we don't want people to be tinkering with software they don understand. and on the other hand a car is a very personal thing. this is my car i should be able to do with it what i want. there's going to be conflict between normal expectations and what people have always done with their own stuff and the fact that increasingly their stuff is run by algorithms and often cloud data processing that may be completely opaic and not changeable to them. >> people are been doing it for decades now. people have been messing with them to increase the speed limit and stuff that's been going on. it is going to be a complex issue.
6:43 pm
because some of these systems are very critical. that's where encryption and software comes into place and thing versus changed for the last 5 or 10 years and two generations where the technology has evolved so much that we can try to keep some of these software records very private. from both software as well as a hardware level. so there's certain pieces where consumers we get it put there's also the technology piece. >> talk to me about the implications therefore for security research. even going beyond specifically cars is the industry evolving in such a way in the regulatory environment that surrounds it evolving in such a way that's friendly to white hack hackers that are identifying and reporting flaws? >> it is and i don't want to say
6:44 pm
it's easier but when companies and developers and ecosystems are still thinking of the traditional security. so they're thinking intrusion prevention systems but those clearly translate into iot so it's easier to break into iot device which is is bringing hackers into the field which is a good thing because we're able to quickly identify and patch issues and jason mentioned it and this is, you know, my personal opinion, the ability to update your soft data on any device is going to be the most important security function that you can have because the fbi, he said there's only two types of companies.
6:45 pm
ones that's already been hacked and one that's going to get hacked. that's true for iot devices. these long life spans someone is going to find a way to break into it so we have to continue to evolve that security functionality for the devices and the ecosystem and the only way to do it is to be able to update the software on that device. >> i do think there's some legal challenges to white hat hackers out there. we still have laws that are written not necessarily for this environment. like the computer fraud and abuse act. that's been very broadly written law that can be interpreted in a lot of different ways. interrupted in cases like just lying and in materials of service on facebook or my space
6:46 pm
can be considered like hacking, right? and should people -- should there be that cloud of suspicion that i'm going to serve jail time for doing something that i think should be seen as in many cases a real public benefit. the dmca has provisions in it that i think could chile jitment research into security holes. and these are things that i know on the way of legitimate researchers are trying to make the iot work more efficiently. and they embraced external researchers. google and book and a lot of the companies will pay researchers if you find them to get them addressed in a meaningful way. there's a positive trend and there's been research about how the companies that do that do tend to have better security results. now can one of these guys in the side aisle that has a new connected whatever, can they afford that sort of thing?
6:47 pm
maybe not. these may not be scalable for a lot of devices but for a lot of companies it does make sense to encourage folks to come to them with a problem. >> that brings us to standards. there's no security standards where you can say this product meets certain security requirements so we can allow them in the apartment. it's developing something and that doesn't apply to your health care product. it's going to be very interesting and different verticals and different pension devices. >> it's like security standards and inner on rablt standards and i think it's a concern. if i buy the samsung smart hub if, i ride the htc smart hub for my smart washington machine will they talk to each other? will they be an incentive to try to push me into having the htc
6:48 pm
connected home and like i'm not a competition lawyer. this is something that i think about so the basic infrastructure can be very expensive. and htc plugs in the wall. and connectivity and i think that people don't really know what to effect for buying a smartphone these days. there will be another challenge about how all these devices can talk to each other. right now it's unlike the web which is built on open standards and you can go to any website that you want and i think there's competing prone tear standards in the iot space and again they're evolving and they could evolve in inner operable ways and there's uncertainty now about how this is going to end up. >> the common protocols, google has thrown out wave and qualcomm set up a bunch of companies but
6:49 pm
they're still discreet. >> they still don't talk to each other. you can have a bunch of manufacturers talk to each other and doesn't comprise most of the ecosystem. >> there's an incentive to create a closed platform. how big of a concern is that. >> i'm not on the competition side. i can see an economic incentive. you would want anyone to buy major products that you want and i can see the incentive of not talking to other products but the example will be that and then maybe if you try to make it too closed and people are not going to adopt it. that's probably something that folks are wrestling with right now about how those two competing concerns. >> the other side is you have two to three talking to each other so they have to establish
6:50 pm
a level of trust between that mesh network and to be able to talk to each other. so again these devices may be secure before they're deployed.e they're deployed on a wide scale. today, it's a very nascent technology or field, iot. there's not a lot of use cases. connected pill box, connected water bottle which tells you how much water you had. i can remember that stuff. i don't need that device. the bluetooth pregnancy test. stuff like that. when we actually see valuable use of these items, devices, that's when interoperability needs to -- >> critical. >> one more thing, that message is probably the most important message. step one, get security right. then keep getting security right because it's a constant struggle in its heart. >> well, gentle help, that's all
6:51 pm
the time we have for today but i thank you for both of your comments. that was terrific. appreciate your time. take care. you all can step out now. i'd like to turn things back over to a.b. to close it out. >> thanks, everyone. this brings us to the own of program this morning. on behalf of the hill and sponsor, visa, i'd like to thank our live audience for joining us and those who tuned in on the live stream, if you missed any of thirs the full event video will be available on thehill.com shortly. thanks, everybody, and have a great day.
6:52 pm
6:53 pm
president obama will host leaders from norway, sweden, finland, denmark and iceland as part of a nordic leaders summit. tonight, the president is hosting a state dinner with coverage of the arrivals at the white house starting live at 7:00 p.m. eastern on c-span. the wife of a vietnamese political prisoner testified on capitol hill about the plight on her husband, a human rights attorney who was detained by the vietnamese government in december 2015. he faces 3 to 20 years in prison on charges of conducting propaganda against the state. subcommittee chair representative christopher smith called on president obama to seek his release and address human rights issues in vietnam as conditions for any trade
6:54 pm
agreement with the country. president obama will travel to vietnam later this month as part of an asian trip that includes the g7 summit in japan. >> hearing will come to order, and good afternoon to everyone. among the potential partners in the trans-pacific partnership, or tpp, vietnam is the only country that bans independent religious groups. the only country considered one of the world's worst violators of internet freedom, vietnam harbors severe child labor and forced child labor violators and regularly jails and tortures those who speak out for human rights. political inclusion or the right to practice their religion. there are, today, over 100 prisoners of conscience in vietnam.
6:55 pm
nyuye sprks van dai called for greater democratization in vietnamese society. he was detained again and brutally beaten last december for continuing his work. his arbitrary detention undercuts any claim that the current vietnamese leadership can become a trusted u.s. partner. prior to his arrest, i had the privilege of meeting with him in hanoi at his lawful office in december of 2005. i was deeply impressed with his passion of truth, defense of yuflly recognized human rights, his faith, his extraordinary courage and his deep and abiding love for vietnam. he's truly a patriot. nguyen van dai's wife, vu minh khanh is with us today to speak on his behalf and other prisoners of conscience in vietnam. her testimony is especially timely because president obama will travel to vietnam at the
6:56 pm
end of this month. a steady stream of state department officials are going to vietnam prior to the trip. in fact, assistant secretary for democracy, human rights and labor, tom melanoski is in vietnam today. the administration should not try to whitewash vietnam's record prior to the president's trip but must make absolutely clear an unequivocal statement in support of democracy and free speech advocates, disfavor religious and ethnic minority groups and human rights defenders. the unconditional release of nguyen van dai an other prisoners of conscience should be a precondition of the president's visit, however, if the president goes without any conditionality, i appeal, this subcommittee appeals to the president to demand the immediate, unconditional freedom and release of nguyen van dai
6:57 pm
and others. doing so will send a clear message about u.s. interests to the vast majority of vietnamese, some 6 6 % who were born after the vietnam war ended. the administration should also make clear to the communist leaders in hanoi that further expansion of trade an security partnerships, lifting of the ams embargo is unacceptable until there is significant verifiable and irreversible improvements in human rights in vietnam. unfortunately for the past seven-plus years, the administration has failed to deliver such messages to victims of abuse anywhere. no tough message was delivered in cuba, for example, despite an escalation of arrests and abuse. the administration seems eager to proceed with lucrative trade
6:58 pm
and to lift the ban on lethal arm sales to vietnam without imposing any real conditions. that would be a colossal mistake. the administration surely will justify extending these generous benefits by arguing that lifting the trade barriers and expands diplomatic ex-gaugeme diplomatic engagement with vietnam will bring about human rights and other positive advances. such arguments have long been discredited, however. in china, for example, or more recently in bahrain. and there's evidence such arguments failed miserably in vietnam as well. in 2007, after the united states lifted its longstanding objection to vietnam's membership in the world trade organization, hanoi responded by launching the first of three waves of arrests that jailed more than 100 dissidents. and introduced sweeping new laws restricting freedom of association, assembly and the internet. in short, vietnam's wto
6:59 pm
membership allowed the communist government free, made it free, to jail, torture and to abuse. the pressure was off. why would they not do so again? the communist leadership in hanoi will take our benefits, our trade benefits, our security commitments and continue repressing those seeking political reform and universal freedoms. the business of the communist party of staying in power and repressing those who may challenge their power. they will not embrace human rights improvements or the rule of law unless it is a condition of better relations with the united states. vietnam needs the u.s. markets and security commitments much more than the united states needs vietnam's markets and security cooperation. the administration should demand additional protections for human rights, internet freedom and a rule of law as a condition of u.s. assistance.
7:00 pm
not doing so is shortsighted, misguided and fails to achieve long-term u.s. interests. and it throws the victims under the bus. one way to send an important message about u.s. policy priorities is to pass the vietnam human rights act, hr-2140, which i have reintroduced in this congress and is now awaiting further action in the house and senate. i would note parenthetically past iterations i've introduced the vietnam human rights act in previous congresses had passed the house three times only to be ignored in the senate. the bill stipulates the united states cannot increase nonhumanitarian assistance to vietnam until the president certifies that the government of vietnam has made substantial progress in establishing human rights protections. the american people should not have to subsidize torture or underwrite the jailing of journalists, religioea

7 Views

info Stream Only

Uploaded by TV Archive on