tv Discussion on the Internet of Things and Privacy CSPAN January 2, 2016 1:02pm-2:06pm EST
sponsor those children in china and family that come to the united states. >> watch c-span cities tour through england and sunday afternoon on two at american history tv. cities to her, working with our cable affiliates across the country. googles chief economist and twitters former chief counsel joins regulators. the annual technology policy aspen for him, this is an hour.
a recent report says the internet of -- things as a way to shape our surroundings. there are differing views as to whether this is a good or bad thing. transportation, energy, medicine, health care, politics, virtually every business is being affected. we have a great panel to discuss these issues. i will introduce them alphabetically. sean is the chief economist and senior director of research. she is the author of digital
destiny, how the new age of data -- transform and work with is the deputy of chief technology of the white house. his portfolio was to work on atctronic property policy the intersection of data and technology. he served as general counsel and had the public policy of twitter. she has been since the april -- since april 2014. prior to that she served in senior positions and as deputy assistant to the president and domestic policy advisor to joe biden. chief counsel of the congress committee, which has jurisdiction over privacy and data security.
and the chief economist at google, where he has been working as a consultant since 2002. he is also a professor at uc berkeley economics business. there is a 2015 distinguished fellow of the american economics association. with somet start out kind of basic questions, go down .he panel maybe everybody can give me one example, perhaps two of developments or the big data that you find most exciting and positive.
>> asking me to favorite my desk asking me to -- asking me to name a favorite device -- are starting to see things get pulled together. for the most part these devices operated in isolation. starting to see data move across devices. that is where the real potential will start to open up, whether it is help and fitness, whether you are pulling a variety of strings together. there are a lot of different areas that this technology is playing out, we are starting to the -- we are starting to see things come together. does the internet makes sense they are? when you look at something like a smart watch, right now we tend
to look at it as a device and say is this an interesting device for us to have? does the internet makes sense on the risk? the users, what is case scenario? what are the applications that make sense? to me that's the fundamental question. what will become of that -- irio? >> i think john think sean did a great job of framing the broader question. honestly it's the way all this to be morellow us efficient and effective and streamline. the shift from regulating things to regulating relatively smart, communicating over space and time. the opportunity to
take regulation that may have in a very straightforward type of regulation and move it into more adaptive and efficient regulation. is not an internet of things example, is what the fcc has done in taking technology that used to be very straightforward in terms of bands of spectrum and moving them into spaces where you can .ave unlicensed spectrum in the internet of things you look at the change from these huge mass of things. regulations toe make sure they are no longer near airports. concept ofat in your what a wind power generator is to the small airplanes that can come up in the air and communicate with an air traffic controller, then all of a sudden
-- it is fine to have those types of things near airports. that ability to change from a regulation that is relatively stupid to something that is relatively smart is what i'm sensing most. the sheer amount of jobs, opportunity, and disruption that will be created by this, the internet of things will be a market bigger than the entire economy. that is exciting. you could have companies that become less dominant. haveould have new ways to individual makers. >> it is tough to pick what is most exciting.
the potential is in orvis and we are at the beginning of something transformative. i have followed a lot of developments in the health care and education space. i am the federal trade commission are on the panel. trust is going to require security and data hearing and privacy to be a part of this discussion. >> we have auto safety under our jurisdiction. going to see great societal benefits from all this feedback. better informed about what the drivers are doing. there are huge benefits fair. ist is awesome about it there are things that don't get
mentioned a lot. little things like food when we did our showcase and hearing. one of the folks had a simple device that was tracking the freshness of the year at bars. if you are popping into aspen for a wonderful tech summit, you can log on to that, see which bars have it. that personalization is going to be another aspect of this. >> one of the most interesting things from an economic point of view is contractual innovation that these devices enable. you an example from everybody's favorite poster boy. think about a taxi, it is a one-time transaction. it is ripe for abuse.
it's not a very good system. we try to make these transactions more reliable. you do come to it with a history. the driver can look at the map on his phone. you have a much better more secure transaction. i want to use premise.com, a company funded by google ventures. if you want to know the price of pork in shanghai, you send an e-mail to premise. premise sends out a bunch of college students armed with their mobile phones. they have a timestamp. day you are delivered
with this price report on shanghai. you can do this for any kind of ad hoc gathering of information. what makes it work is that smart phone. here at thisere time, at this location, and this is how the numbers work. a greatway to see -- way to make our lives better off. >> everybody is not -- obviously there are people who have a lot of concerns. ends start at the other with how other examples of developments are concerned about the internet of things.
>> there is a point about security privacy. people won't to feel comfortable using these technologies. we have technologies that can make things a factor like medication. not widelythey are used outside of the commercial or business world or government. they are a pain in the but to use. this will move a long way toward making these devices and for ordinary people to use. >> my biggest worry is just making sure we don't miss the opportunity. the report talks about between now and 2025, these are big .umbers of $6 trillion in value
the industrialized countries are so concluded. don't want to be so quick to introduce regulation before we know what it is. the internet of things and big data, a continuation of the trends. everything is cheaper, let's not push that opportunity overseas by regulating it to quickly here. >> let me just pose the question , do you expect that the market -- this is all very new. do you expect the market will solve the security and privacy concerns? >> it is like -- it is nice to
look at the history of garage door openers. each brand had a separate code. went to these little switches on the side of the transmitter. that was such a pain and nobody did it. with the rotating code every time you open your garage door is a different authentication. readilya technology understood and available, so we will see the same kind of generating. a country that may leapfrog the u.s., where they have established universal , identitytion program proof technology that can be standardized throughout the entire country.
>> you are in the regulatory business. do you think the market will solve the security and privacy problems? >> i know better to disagree with what markets will do. i will caveat that by saying as a lawyer and economist on the , i hung out in the village there. it is an incredibly interesting area. devices are -- it is not obvious to me that a bunch of the companies are getting in the business of having connected process, knew what they were doing when it comes to security. supply chain issues facing real consumer devices.
i saw presentations on baby where it is in 12 different baby monitors. it is not obvious to me there are sufficient incentives in the marketplace to achieve the kind of security progress we need in the time we need it. largeare going to be a number of devices that are pretty vulnerable before the marketplace catches up. >> you think we will have competition and the freshness of here but not competition and the privacy of security? >> i think that is going to be incredible to consumers. howquestion i'm raising is are we going to catch up to this phone are of a wave of devices coming out of the marketplace. car hacks are really fascinating.
i spent my time looking at and very mundane products. >> i think security is a place where there is absolutely going to be government involvement. pushing industries to come together, identify those practices, and i think where we could all agree is you don't want a specific security standard, the field just moves too quickly. you do have to recognize you
can't expect government to say we will just work it out. we have absolute faith. what we really need to focus on good government and what is the scope of government involvement in these i doological spaces? >> think that point is an important one. there is a huge opportunity for the industry to promulgate its own approach to this. all of that needs to be happening. i -- what we are doing is putting into best practices the security by design approach that is a flexible technology neutral approach that needs to be used in these new devices. countryoing around the talking about that and have a new handbook available on our website. of course we will continue to use the enforcement tool to make
sure that promises that are made to consumers and practices andnd their data are secure truthful. those are tools we can be using right now. ofit is such a great example some enforcement activities that are really helpful in pushing norms in a way that doesn't have to require a stronger regulatory enforcement. to,one thing i would point there were many companies who have been in the services business and the software business for a long time. privacy security, all kinds of conservation, the whole gamut. one thing that is tough about this transition is you are of companies that learned a lot of great lessons
in the product space and bringing them very quickly into a powerful services type marketplace. from being a product and services company to being a product company is extremely tough to make. it is everything from the types of skills you have to how you market it. you ask how the security group looks at it. points back to paul's about -- how do we transition some of the lessons that the services companies have learned to the product companies in a less painful transition? >> i think it is a fundamentally one of theoint,
pieces people need to addresses how to handle security researchers and how to handle exploits that revealed vulnerabilities. it was a pretty high profile example of an evolution on how to approach and handle this interaction. >> a goes right down to the garage door openers. how do we think about these things as security researchers can get into and play with? >> there is another interesting play, insurance companies. if we put the sprinklers every 20 feet, we will ensure this rate. they are drawing on these best practices and security standards that have a strong economic
incentive. >> is that becoming more common in the insurance sector? relatively slow to respond. think they will naturally move into that area. early on it is hard to access the risk -- hard to assess the risks. this is mostly potential. >> the market forces start to come in as more mn day activity. the deals,ome of where you are dealing with companies that have these vulnerabilities. the day it isof about monitoring and measuring the employment of sensors, which allows you to capture data that was already there but not
captured in a very systematic way. that is going to significantly change the way we price risk. able to much more narrowly define the risks and valuations that correspond to this. >> one of the things the is --ey report also noted only a very small amount of data is being used at all. that brings up two questions. is there a lot of value in the data? secondly how much does that increase the risks? >> i think it is what you count as the internet of things.
i think the example that had a dramatic effect is geo positioning systems and location identification. ronald reagan signed that into law. it has had a huge impact, not only on these examples of avoiding getting lost and avoiding congestion and doing real-time traffic management, but also on the examples like i mentioned earlier, where you get authenticated data. this person was at this place at this time. >> there is a lot of information that is proprietary. that causes us to have concern. it doesn't necessarily need to be proprietary information to an enterprise. is connected to the
internet of things, it is a more effective deployment of scarce resources. more -- it held to measure and monitor things in a more efficient way. if i have my internet connected to my sprinkler system -- and today we use a very analog method to turn off our sprinkler system, it is a plastic cup outside that tells your strickler system not to water the grass. we see this all the time. that little cup hadn't filled with water yet. if i were to pull in the information from moisture sensors deployed in a five or 50 and iadius of my home could get props that say you're sprinkler system is about to go on, but we see a storm that is approaching an hour away, dumping half an inch of rain, do you want us to leak?
early on we are going to see a that see ae prompt lot of this prompts -- see a lot of these. depending on where the moisture sensors pulling information from, there is not a lot of security risk that some of his all of a sudden going to know what the rain looks like around my home because they can already know that generally. there is a lot of opportunity in the data that doesn't need to be thought of as proprietary data to an individual. >> i think we've only picked a low hanging fruit. we only realized the value and the obvious things. eventually people are going to get around it to finding it useful. it is creating new data. data.ly you have
every g.i. joe they say knowing is half the battle. the more knowledge we have, knowledge is a good thing. that knowledge and data is going to continue to lead to good things and benefits. demo today you have something like driverless cars. when that becomes digitized they can pull and other digital type of information you most of our calendars are digitally available. whatever device i'm using to measure steps also is digitally available. we are going to start hold those things together and you talk about making better decisions, i can have my vehicle dropped me off at a certain distance from my location of autonomous lee because it knows where i need to be end when i need to be. it also knows the likelihood of me hitting singles throughout
the day. i think you will start to have those opportunities as well and that information is pulled together. >> none of us are disagreeing that there is a ton of value here. the question is who is going to capture that value, is it going to be the corporation? is an homage the society is going to be able to benefit from that? is that something that is going to be worked out in the next decade? how do we open up this data? how do we make it more beneficial? willan we make sure that be put in the place doesn't make it harder for users to get access to that data. >> i like to think of the individual consumer. very -- that is a very
powerful and enriching tool. there is also valuable information -- a bunch of people may want to sell you something or they may want to track you over time to figure out when you're most likely to be in aspen for a calm rinse. the question is should you have any role in deciding who gets that information? that data. they are often storing it. companies viewed that as something that will ultimately benefit consumer. they may have other benefits as well. at the end of the day they are looking to benefit the consumer. one of the risks we run into when looking at regulation and legislation is legislating device is as opposed to behavior
, regulating devices as opposed to actors. i think that is something we need to be cautious of. important to remember that communication is going to be from device to device. i actually have one of those. it looks at the undergrad. i'm going to modify the usual pattern. talk to ther can power company and says the price of a price for electricity is going down. the human element is out of the loop. when you look at the kinds of , theyhe utility company are using the aggregate data for the most part. they are working on your behalf in general. >> i think most individuals overestimate the value of their own data.
>> we talk about privacy and security, this an add-on to just ask people what they think, if there are any significant impediments to realizing the full benefits of this revolution. one of them could be privacy and security concerns. one of them could be the .evelopment standards presumably communicating with each other. it could be the availability of spectrum. the cost considerations. if there is anybody think there are significant in the that significant impediments to go in full-scale ahead -- -- if anybody is thinking there are significant impediments to go. ahead -- to go full-scale ahead
-- >> getting back to the individual consumer, it is trapped you don't have medical devices going -- going to be trust. if you don't elect a medical devices going to be sick your you don't trust it. you heard the denial of service attack on his own house, that is pretty convenient if you are not a technical person. there are going to be these issues of trust. them another piece of it is just recognizing -- one of the big issues is we are taking something in the analog world and digitizing it. if it doesn't then close that feedback loop, if we don't make changes back into the physical changeservice -- i don't -- if i don't change my behavior than at some point the battery
dies. have a sprinkler system but don't actually connected to the internet, then when i need to replace that sprinkler system i may say i didn't really use that feature. i think you see that across the board. trust, do weout that consumersce are not adopting things because of lack of trust? >> i have and try to sit down and quantify that. i would suspect there are people who are not adopting as yet. i suspect there are people who are worried about these concerns here these high-profile anecdotes and that slows them down. and i suspect there will be people who have strange surprises when they buy a device for their home, whether it is a monitor or toaster oven or an
appliance. when they find out that device is only going to be supported for five years than in the patches are going to stop, whereas before that object may have lasted me much longer. i think there are going to be a bunch of these issues that need to be sorted out. >> i would agree to a certain degree with that. at thestep back and look bigger information age developments, why we have all the information out there? companies keep finding new value propositions, new services to offer to consumers. taken them up on it and get more information now there because we see value in it. that trend on the whole will continue. new, youhave something have some innovators out there trying something new. you are going to have some cases
where the consumer is not serve. then some brand name's come in who are concerned about privacy and security. i think as you see that development take place, the trust issue will hopefully move back in the background a little bit. one concern i too have, spectrum is an important one. styles of regulation. when you are talking about the internet of things, it is a whole other issue. think they have done a great work running into state and local regulation. difficult -- that is an area where regular policymakers are looking.
doesn't make it hard for these -- to realize that in certain sectors or across certain lines? >> i think the biggest barrier is usability. it is not costly to the producer. user in partto the because it is complex. hard to makeo darn things secure. >> there is also a problem to get more security professionals. if you were a computer security professional, please see me afterwards.
>> we need to figure out a way to print more of these and have some folks from diverse backgrounds. that is a huge thing that will drive usability. >> ordinary people are going to become more aware of this. i think the market is working. people are using proximity to -- proximity detectors. trying to find better easier ways to have identity verification. >> when we digitize something we fundamentally change the entire experience. that can be a long process. if you look at the introduction of e-commerce in the late 90's, we have been comfortable with
that. rarely do we going get a paper ticket anymore. now it is starting to have a physical layout on this a physical impact on the layout of the store. the storm fronts are becoming more warehouses. we are just at the very beginning of the impact that digitizing commerce is going to have on the physical experience we have. at --ame analogy plates same analogy plays out. we can capture data that is already there. it is going to take years or decades before we start to see it have a fundamental impact on the core experience in a purely analog environment. >> i don't mean to say consumers are distrustful. i think we are excited about wearables.
they are transformative in our lives. i think the average consumer doesn't understand what is happening with a lot of their data and doesn't understand a lot about security. are going to start understand these issues more clearly. they are going to want strong user encryption to protect their information. i think they are going to be mindful of issues that crop up. we don't really know where the lines are bit -- lines are between providing a great personalized opportunity and something that is impacting your ability to get something in the marketplace. we are very focused on this. we are going to need to continue to provide consumers with information. >> consumer preferences change over time as well. we were very forgiving of dropped calls, very forgiving of
not having good reception. i was shocked i didn't have lte at the top. we have -- we have become accustomed to having it, our preferences changed, our requirements for the services have changed. we are going to be very forgiving as consumers early on but as adoption increases and we are going to become more reliant are to bevices, we increasingly less forgiving. >> speaking of regulations, the areaanding -- in of privacy we have a light handed regulatory regime. they may depends on what sector you are in. >> a lot of people say it is a good thing.
one of the things mentioned in this conference a couple times is the potential or actual shift ftcesponsibilities from the to the fcc as a result of the open internet order. a lot of what goes on his basically retrying -- basically redraw buying -- basically redrawing regulatory lines. if there is going to be a substantial shift of responsibility toward the fcc, which the ftc doesn't really have. presumably a lot less expertise in the area than the ftc.
do people think are going to be the repercussions of that? answer first. to >> i am happy to. everything i have said in my colleagues have said, we think the common care exemption ought to be repealed. i stand by that. >> i think it would be incumbent upon both of those agencies to to make sure done
we are using it consistently. the ftc has a 100 year track record. i think it is entirely possible to have different enforcers. ftc is enforcer and ftc has regulator. sharing authority and trying to use it consistently. it is incumbent upon us to making sure we are consistent. helping us understand these issues. we have been studying them in detail. it has led us to the conclusion that privacy design and security design are good technology neutral approaches.
saying those are the right kinds of paradigms, regardless of what part of the government is articulating it. >> whatever the desirability, you don't think it is working, particularly that the common carrier exemptions? >> with the largest republican majority and resin -- and representatives we have had, the likelihood we are going to bring government oversight in any area -- i think we would generally agree something like privacy, the ftc approach, which is more betterment based, is a approach than the regulatory one. there are a number of potential concerns on what the fcc may or
may not do. it is going to create privacy. an internet platform versus all the information they collect. is there something specific about that relationship with the platform provider? we are six years into the administration. the good folks at the ftc, the democratic control and a number of democratic congress and
offices, you don't have agreement on one party on what privacy should look like. it gets more complicated. it is an area without objective harm where we need to try cautiously. >> historically in the united states we have used this sector-based approach to solve privacy concerns. essentially we have different ways of trying to approach protecting information. we actually had this incremental approach on this issue over the last several decades. not something we are
familiar with in this country. >> there was a nice piece in the new york times about hit the -- about hi pa. people were saying we can't do that, it is for bid and. it is easier to say no as an excuse. let me tell you how to do it legally. it was a huge difference. used of regulation can be as a cover to avoid taking any risks or avoiding doing anything you are not 100% absolutely sure is covered. >> i would also agree -- the one thing i would emphasize is
year over year investment and security policies. i know it is part of a regulatory issue and market issue. i'm wondering is data breach notification a big enough incentive to force companies to invest in data security. every dollar you put into data security, you take it from research, development, product management, bigger salaries, dividends. approach government can take to better and sent companies to invest in a call we have datasure security.
i speak because i don't think we have enough of it. experiencing the downstream effects of it. when someone enters bad data, it pollutes out the database and we have to deal with it. is data security also ended to end? are they not enough and we need more? >> i think we have very poor data, or data that it is hard to answer that question. let's take two recent examples. there is the target break-in. where is the follow-up?
how many credit cards were used in legally? family you took the words out of my mouth. these reported highly cost events are not nearly as costly as were reported in the initial news story. the were costly for company, which goes to your point. when you are trying to do appropriate cost benefit analysis you have murky data on what the cost looks like. this,the consumer side of essentially we are our own first line of defense when it comes to our information being breached. we believe there is such a thing as perfect security.
we understand there are going to be problems and vulnerabilities. you all play a very important part of that, as you have mentioned. president has been trying to streamline and improve the identity theft protection and remediation resources available to consumers. i would advocate for -- i don't think consumers have the information they need to protect themselves. >> what are the effects of the data breach? >> it is their right to remediate. >> we have a lot of hands up. >> any individual breach is hard to establish. i think there are huge costs.
a lot of the market is borne by the consumer directly. most of that gets handled between the different merchant classes. there are branded costs. the numbers we have seen brought to us are in the billions. you take a look at the the government breaches, the irs is talking about $5 billion. think notification is alone enough as an incentive, given the problem can be used to grow. it doesn't seem to be shrinking. think establishing a national therity standard and having ftc and force that would be a
big additional step forward. that soas you correct it can grow with technology. >> we think that would be important. when you look at the state law they tend to be lacking. >> one more question and then go to the side of the room. >> you said something that the chairman said last year, that the ftc doesn't have rulemaking authority. the ftc has grants of rulemaking authority. areas where they chose not to do cost of -- cost-benefit analysis. it is difficult to use for very good reasons. the ftc of used that authority quite successfully.
my question is about economic analysis. consumers might be concerned about privacy and therefore may not adopt certain technologies. we have heard that rationale from policymakers in washington. i have to say i think we can do a lot better. you have a bureau of economics that can dig into a lot of those questions. substantivea conversation about the trade-offs. the commission for whatever reason doesn't seem to be interested in using the bureau of economics on these issues. my question is can we get more substantive analysis, and what we do support in terms of using the resources you have? to really get them to work on
the bureau consumer protections issues. and to get them to work on privacy and data security. it uses the bully pulpit and is actually being informed by economic analysis on what the trade-offs are. then i take issue with your characterization that it is not currently informed by economic analysis. experience, they are deeply engaged in the process. we have had economic points of view presented. we put them in the iot reports. one of the things very useful on thee ftc does is rely strength of economic analysis to try to inform policy and discussion.
we make sure we have technologists at the table informing us as well, because they provide an equally -- equally valuable and important expertise. therere was a lady back who came all the way from australia. she hasn't had a chance to ask her question. >> as you can probably tell from the accident from australia. for thene question panel. it seems to me we have the problem of all these startups creating these devices we are going to be sprinkling throughout our lives. they are often using platform services. they have not given up too much security and privacy. what we have is potential data
change reliability. we don't understand how our data and risk is split and how we are going to manage that from a control point of view. i would love an answer on that. let me just art by saying that i think one of the problems that we had within the federal government with respect to the small startups, there has been a real mismatch between the tools that we have and the receptors at those startups. we are used to organizations that are impacting 100 million people having a bunch of attorneys and offices in washington dc that can talk to regulators and have this discussion. you mentioned products by design. we will love that somebody
within each of these organizations that was thinking privacy by design, that is not there. at the same time, the startups are not in the position right now to be thinking about their scale.on the 100 million when they are starting to have that impact, this was in the case when twitter was growing, they had much bigger problems, servers going all of -- down all of the time. trying to figure out ways where we can have engagement between the government and regulatory space, and though small startups in a more positive way, is a huge issue that needs a lot more. wouldugh small startups love to get a large modulate -- modularization system. they do not have the internal expertise, and i think i were evolve standard will
into you can use that kind of off-the-shelf security to have something that is solid. is always surprising to me the number of small startups i -- even though they do not have a lawyer in the place. they want to do the right thing and are looking for guidance. that is a tremendous way that the ftc has chosen to provide a positive start -- for the startups. the love all of the credit ftc does. i would say that this is an important thing. we have an entire group that does degradation material for -- aggregation material for consumers. they try to take some of these complicated topics and put them into english.
i saw the security handbook as well. you do not have to be a lawyer or a small ceo of a start up and understand what we are talking about with security by design. we are not stopping there. we are also going out and trying to have workshops and discussions with this community so that they know we are there. our staff has an open door. they encourage people to call and ask questions. >> unfortunately, we are out of time. i'm like to open the panel up for discussion. [applause] please keep your seats. >> here are some of the featured programs this new year's weekend. on american history tv on c-span3, this evening at 6:00,
author and historian -- assassination of president abraham lincoln and john f. kennedy, highlighting these similarities and differences between both tragedies. at 10:00, the 1965 with the president of the year with daniel, who as assistant labor secretary, offered a report on the causes of black poverty in the united states. >> i believe what president johnson said in his howard university speech, you cannot keep a man in chains in prehistory and say you can take them off and make them like everybody else. people have to be given the opportunity to compete with effective results. i believe we should make a special effort. >> sunday night at 9:30, a visit to pershing park in washington dc to hear about proposed designs for a new world war i memorial for its upcoming 100 anniversary. for a complete holiday schedule,
go to www.c-span.org. >> a former police chief and state legislators from baltimore , south carolina, illinois, new york, and st. louis recently discussed race relations and police accountability. this is from the national black caucus of state legislators annual legislative conference held this year in los angeles. this is one hour and 20 minutes. >> i appreciate being able -- i know all of you, just with the purposes of the record, i would like to acknowledge who is on the panel. we will proceed by way of posing some questions, asking our panelists to talkbo