Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  January 4, 2016 2:30pm-4:31pm EST

2:30 pm
themselves from the statewide or political environment. you can look at the wave of election we've seen over that. period. almost every election has been a wave election for one party or the other. missouri has a long history of electing democrats. -- thatfederal office is becoming less and less common in missouri has a big -- had a race.nate roy blunt is up for election. he has good approval ratings. ,e also has a good challenger one of the better democratic recruits. 20 years ago i would consider them a tossup because the democratic challenger has the political skill to give the incumbent the challenge. missouri is becoming a more republican state that is harder to find those conservative
2:31 pm
voters in a state like missouri who will vote for a democratic congressional campaign. host: how much do issues like the syrian refugee crisis, we have been talking about gun control, how much do those issues resonate down when it comes to the house and senate races? guest: in a conservative stateguest: it is about they do not agree with president obama's handling of issues. they do not agree with president obama, they will not agree with the democratic national nominee who may espouse many of the same positions. host: up next we have mike from island pond, vermont. like you are on with josh kraushaar. -- mike, you're on with josh kraushaar. caller: it seems to me bernie sanders' strength is that he -- he couldeen able
2:32 pm
andntially make the field beat hillary clinton. how do you think that is going to affect the layout of house and senate? will it make the difference or not? guest: the primary is a separate issue from the general election i think hillary clinton is the strongest possible democratic candidate on the ballot. as far as the primary goes, bernie sanders has a real chance to win the new hampshire primary and a credible chance to compete and perhaps defeat heller clinton in the caucuses in iowa. the problem with bernie sander'' political trajectory, after those two early states, you go to south carolina am a nevada, a lot of other states on the map where bernie sanders does not
2:33 pm
have the same appeal to minorities. he has struggled to reach out beyond the liberal white voters he has done well with. he raised over $30 million in the fourth quarter. he certainly has a strong grassroots appeal. it would be foolish to} and is off. i think after new hampshire there is a real limit to his appeal. host: let's talk about the money raised in the congressional races. who has the advantage going in? the president is a top fundraiser for the democrats. holding bothns branches of congress and also having paul ryan as the new speaker of the house was likely to be a good fundraiser for them as well, we are starting to get in.y senate candidate
2:34 pm
this is going to be one of the int expensive senate races new hampshire. kelly ayotte raised $2 million. her challenger, the sitting million. raised $2.1 we are starting to see big bucks rolling in. high-profile big senate candidates. a lot of donors to not know who they are going to support, might start shifting money to big battleground senate races. host: we hear a lot about super pac spending in the presidential race. to what extent are the super pac's having an impact? guest: super pac's have a bigger potential impact on congressional race. especially a house race were $1 million means a lot more than a presidential landscape. one development we have seen over the past couple of years is individualce of
2:35 pm
super pac's design for senate candidate as opposed to a group like american crossroads or other groups designed to spend a lot of money on behalf of candidates. support are helping creating their own super pac's outside of their own traditional and supportersts are spending money getting ads on television even though the senator or candidate themselves are not directly a part of that. host: we have jason from washington, d.c. you are on with josh kraushaar. caller: i was wanted to get your opinion on the committee on presidential debates. the committee is set up by republicans and democrats specifically designed to prevent any other person from ever getting on the presidential debate stage. i believe the threshold they come up with again for this year is a candidate has to be pulling
2:36 pm
in five separate polls, not signifying which pulls they are, at 15% levels for inclusion in presidential debates. which of course is virtually impossible unless you are on television in debates. the interesting thing standing out, there is a court case going this.inst host: let me ask, because right now we are talking about the congressional races, does this relates to the congressional races at all? caller: within the states and governor races they use the same criteria for exclusion. so in a state like virginia where a candidate was running, they used the same presidential polling methods to keep people out. in florida, adrian wiley, they kept increasing the thresholds to be included so that no matter what it was, the libertarian could never be in a televised debate.
2:37 pm
it forow difficult is libertarians and other candidates to get that visibility in these races? guest: it is difficult. interview more consequential this year. possibility to say donald trump could run as an independent candidate and i don't think any television network would want to exclude an independent donald trump candidacy from the debate stage. the caller is right that it is hard for an independent candidate to get on the presidential debate stage. i was just in kentucky covering the governor's race at the end of october. independentcredible candidate pulling your 10% in the polls but ended up not being included on many of the debates televised. if you are not getting the -- you are not getting media attention if you're not getting on television for the debates. hard to get momentum for your
2:38 pm
candidacy. host: we are talking to josh kraushaar of the national journal. we are talking about the congressional races coming up in 2016. up next we have stand from fort lauderdale, florida. morning.ood i am curious if josh could comment on the democratic primary for senate where we have .rayson against murphy it was not supposed to be a contested primary. frombox is full every day both of them. i was wondering if you could comment. guest: one of the premier primaries for the senate this year. alan grayson is one of the most pugilistic, abrasive, liberal
2:39 pm
congressman are you a hero to many outspoken progressives on democratic side of the aisle. he is someone who democratic .trategists fear as a nominee the democratic establishment supports patrick murphy, one of the younger members of the democratic caucus in the house. he has a lion's share of establishment support. the fear is that grayson could give murphy a run for his money. they're worried that grayson is known for these over-the-top attacks against opposition. with a nasty primary battle -- i think murphy is the favorite to win the nomination. if you look at the news over the last couple of months, shake up his entire campaign apparatus.
2:40 pm
a lot of top staff have left. heading into the new year if you are running the senate race, i would give murphy the advantage starting out in 2016. the bigger worry for democrats is the race would get so nasty republicans could end up benefiting. host: are there other states where the presidential primaries , especially some of the early states, will have a big impact on the primaries? host: florida is huge because of rubio. i would also add ohio. you have primaries of -- you have it democratic senate primary between ted strickland and a young up-and-coming progressive cincinnati city council or who is challenging strickland. unlikely to win the nomination
2:41 pm
but you are seeing some of the divides taking places. you have john kasich, who is running for president. is also have rob portman who in a tough senate reelection. he is preparing for a heated matchup against ted strickland. up next on our republican line we have brenda from omaha, nebraska. caller: i wanted to make a comment about what you said about party lines. you are so right. i am talking about my great-grandmother globally to my mother. i am 53. they vote democrat no matter what. i have been independent my whole
2:42 pm
year.ntil this up to the dmv, registered as a republican. i have leukemia and i am scared to death that there is a possibility that they are going to come after my health insurance. if you can answer one question for me. a texas senator that closes the house every night before they left. why isn't anybody reporting what he said about the president? thank you. guest: i'm not sure if she is referring to the texas state legislature. she is sort of a living example of the polarization in action. you have a lot of states where there were conservative democrats. many of the senators, the remaining moderate to
2:43 pm
conservative senators in the upper chamber lost in reelections in 2014 because people who identified with the democratic party -- i believe there is only one southern state legislative chamber that is still under democratic control where as 10 years ago they made up a significant share -- democrats had control of the majority of the state legislative chambers in the south. a tidal wave has taken place especially in the south. host: our next caller on the independent line is john from holyoke, massachusetts. is a little known fact that most people do not do research. a lot of smart phones in this country with a lot of stupid people. 300 something years of the conception of this country it has been ruled by european
2:44 pm
dissent. , obamadon't understand is related to cheney. all people that run this country have been run by descendents of the monarchy of the england. john mccain, cheney, the bush family. did you know that multinational corporations funded both sides of the war? ibm funded hitler. even the ford motor company funded hitler. host: do you have a question about the congressional races? caller: people so ignorant that multinational corporations have free capitalism but everything as far as profits are privatized and taxes are publicized. nothing but government and corporate terrorism to the middle class and the poor. host: let me ask a little bit. epic a lot of people are
2:45 pm
concerned about the corporate influence on elections. can you talk about that? josh. guest: conspiracy theories aside, that is an issue donald trump is making a big issue of. he is someone who has a lot of corporate influence himself. sort of running against his own class in a way. it is an issue that people say they care about but ultimately when they have something -- when it comes up in congress when there is an opportunity to say what is the most important issues you care about, campaign finance is really not one of the top issues. it is something people talk a lot about. ultimately i think people care more about their own economic situation, national security, health care. host: we want our viewers to join the conversation on our democratic line. (202) 748-8000. republicans can call in at (202) 748-8001.
2:46 pm
.ndependents, (202) 748-8002 let's talk about the house races. is there a chance the democrats could regain control of the house this year? guest: there's always a chance. i remember in 2006 when i first started covering house races no one thought democrats could get the 30 seats necessary. people said the same thing about lack of competitive districts. it was a wave of election and democrats won control of the house and senate. that said i do not think we will see a wave of election in a presidential year being not enough competitive seats at this point in time for democrats to get the seats they would need to win back the majority. republicans are tied or even hold an average in the early generic allen pulls. -- generic ballot polls.
2:47 pm
a pre-substantial wave to and back control of the house. 247-188.argin of at that will require a lot of votes. let's go to our caller on the democratic line. rock,e tim from flat michigan. caller: i keep hearing about john kasich sang ohio is the new battleground state. exactly howderstand ohio is the new battleground state. it always talk about iowa, new hampshire. what makes ohio different? host: you mentioned it a little earlier. guest: i do not know if it is different but if you look at the vote in 2012, ohio was the second most competitive state in terms of margin of victory. it has always been that way. ohio has always been a state where candidates campaign the most, where they spend the most
2:48 pm
money in, where you have a chance to win the significant votes.f electoral co it is why john kasich is making the point that he will be a stronger nominee. virginia will be the states i would watch closely to see which party has the advantage. host: another midwestern state, wisconsin. he party activists are looking for someone to launch it primary challenge to paul ryan. what is the likelihood of that happening? guest: the success is unlikely. paul ryan, once you are in the leadership chair. it is easy to retarded by the tea party even though he was not that long ago one of the biggest fans of it. one of the biggest supporters. .yan may get a challenger
2:49 pm
the odds of him seriously challenged in a primary are very low. next we have bill from lubbock, texas. caller: curious if he is evident any journalistic studies. even though we are republicans, classified in a republican state, i have a lot of democratic friends. guys i have been talking to, they are very upset with president obama and his gun control executive order. these guys are telling me they are not going to go for it. even though they are democrat, they are turning away from the democratic party. i wonder if josh has ever went out and did some studies or journalistic investigation to talk to the democrats like we are talking in texas.
2:50 pm
have you ever did anything to maybe do some investigative journalism to say how the democrats are responding to this? host: how is gun control affecting democrats in the races? guest: it's not want to be popular in a conservative state like texas. 20 years ago or 30 years ago believerge gov job bush one -- there is a shift in texas that took place earlier than in other southern states. president obama, hillary clinton, they are not worried about winning texas. they know that state is likely to vote republican in the presidential election. it is not about texas. more about the battleground states, public opinion in other parts of the country. texas is a state that is very conservative on the issue of gun regulation can't come control. an issue -- gun regulation, gun
2:51 pm
control. an issue where president obama and hillary clinton are not likely to find supporters. host: we have bob from north carolina. you are on. caller: the person from holyoke that called in. i wanted to make a comment about his statement. i think it is not just the influence on politics but on the economy as a whole and the state of the world. i think jobs and security are going to be big topics in the next election. on c-span they had a gentleman speaking about isis and he wrote a book in 2004. at the give us something like -- i think it was something like the internet influence of isis in the digital age. that is very informative.
2:52 pm
i just hope that this nation and the world, we come to promote more piece and less conflict -- more peace and less conflict. a real treasure in terms of energy resources and if they took that money and put it rebuilding region, we would not have to take our taxpayers and the world and do restructuring after we get rid of the very aggressive warfare that is over there. host: i want to give josh time before his time is up. the economy, we always hear that the economy is the biggest issue on the minds of voters that we have been hearing a lot about gun control, terrorism. is the economy still a big issue? guest: the economy is almost always the number one issue. national security
2:53 pm
reach parity with that or even become a bigger issue in light of the attacks and paris and san bernadino. on the republican side that effect is more pronounced. more republican say they care more about national security and their own economic situation or the economy in general. .his is a big development it raises the likelihood that 2016 will be a national security foreign policy election which we do not see often. terrorism.r that will shape the general election. donald trump has got momentum because of tough talk and approach in the wake of paris. someone like chris christie who was a tough talking former u.s. attorney. talks about terrorism cases in new jersey. something that christie has benefited from. there is a reason he has among
2:54 pm
the most momentum of any presidential candidates heading into the new year. host: robert from tuscaloosa, alabama. you are on. caller: an episode we talk directly to the person. i see this guy talking and i'm talking with you and he still talking. do not cut me off. i'm old and slow. that is a beautiful hairstyle you have. i want to know, what do people mean when they say they're going to take our country back? if you want to take your country back you need to go back to europe and find where you were originally and take that country. republicans today are dixiecrat's. they used to be all democrats before the black people started to be able to represent themselves in the south. the reason why republicans win the seat and things is because there gerrymandered. most people in this country vote democratic. president, our best
2:55 pm
that is why he got elected twice by a large margin because young caucasian people, you call the whites, or effort in people, you call the blacks, they voted for the democrats. host: i do not want to cut you off but we only have a minute left. i want to give josh a chance to respond. guest: you have an example of the polarization. president obama's job approval rating is in the 40% range, but the people who like him like him immensely. those that dislike them dislike him immensely. the president's legacy will have a big impact in these ballot races and on the presidential race in 2016. host: josh kra
tv-commercial
2:56 pm
quick bill clinton is visiting new hampshire today, talking about her 2016 presidential campaign. we will have live coverage of the stop in exit are here on c-span, scheduled to start at 5:15, followed by calls and comments. and then visit our facebook page at any time to leave your thoughts on the clintons as they campaign around hampshire. donald trump has released his first political ads. here's a look. >> i approve this message. i'm donald trump. >> donald trump calls it radical islamic terrorism. he wants to shut down travel to the united states until we can figure out what's going on. he will stop illegal immigration by building a wall along the
2:57 pm
southern border that mexico will pay for. >> we will make america great again. >> c-span takes you on the road to the white house and into the classroom. this year the student cam documentary contest asks students to tell us what issues they want to hear from the presidential candidates. road to the-span white house coverage and get our details about student cam contra -- contests. >> tonight, gary shapiro on the major technology issues that he and why the cpa changed its name this past fall to consumer technology association. he is joined by tony ron, political technology reporter. are two point 4 million
2:58 pm
feet of square face -- 2.4 million feet of space. more innovation, more different categories than ever before. it's the future. show where solving problems, real-life problems have education. clean food, green -- clean food, clean water. >> tonight at 8:00 eastern on c-span two. >> the house hearing on the safety of cars connected to the internet and the possibility of being hacked while driving. general motors, toyota, and tesla, the hearing was chaired by john anka.
2:59 pm
>> good afternoon. i would like to welcome everyone to the subcommittee on information technology. hearing today, this meeting will come to order. without objection the chair is , authorized to declare at any time a recess. the order of business will be as follows because we have a joint subcommittee, we will have opening statements from myself, ms. kelly, and after that, we will hear from our witnesses and then, after we have heard from the witnesses, we will go into questions. with that, i will give the first opening statement. again, welcome everybody.
3:00 pm
the age that we live in, of new technology and communications, with all of the incredible technology that we see and take for granted every day, we are entering a new era in transportation technology. there is some of the older panelists and members and audience who remember when you used to open the hood of a car
3:01 pm
in you could take out the various parts, identify everything. now, you need almost a phd to figure out what is in their and its capabilities are just astounding. a lot of safety features in cars we did not have before but, today we are going to address the issues related to again what we call the internet of cars and look at some of the implications of that technology and i think some of this was highlighted just some time ago and i guess it was a jeep vehicle was hacked and fortunately it wasn't the folks who chose to do harm but it did demonstrate their vehicles with certain types of electronic capability can in fact be hacked and it does pose some questions. we have called together today leaders of industry and some others. i particularly want to thank the private sector partners. several weeks ago, we had a roundtable and a frank discussion of where we are in where we are going and what the
3:02 pm
industry is doing to deal with some of these issues and i think they have been most cooperative and i appreciate that and we learned a lot from that particular informal meeting. today is a little bit more formal. we do have a lot that we can -- a lot of benefits -- in 2010, 1.2 million on the world's highways. united states, some years ago, we had 43,000 per we have taken that down to 33000 and there are a lot of positive things that have been done again, through safety, technology, warning systems, a whole host of electronic devices. now, in our vehicles, that makes us safer. the positive economic benefit from connected vehicles is estimated to be $500 billion. we want to ensure that electronic systems we have in these vehicles cannot be hacked,
3:03 pm
that, in fact, we have safety provisions put in and protections for the consumer and for the public. in 2012, and i helped author the bill, we direct -- national highway traffic safety administration to complete the review and ultimately determine the needs for safety vehicles and electronic systems. we will hear from some folks today where they are in the requirement that will be crafted and put in that. we are now the year and a past
3:04 pm
the deadline be set in law. automobile makers has been setting their own cyber security standards which is the good news. the bad news is that we have a lot of variety and people going a different direction while the national highway safety and traffic safety administration continues to move forward, mandating, dictated short-range communication devices in cars -- you must make certain technology this technology hasn't been surpassed by the next -- thing
3:05 pm
that is coming up. and, it is is in technology are rapid. -- advances in technology a rapid purely spent over $500 million on testing this technology that was discovered in 1999. and, in 1999, this state-of-the-art for some of our communications was the flip phones and we have come ability over to hearing testimony from our potential witnesses in a clinch to work collaboratively. we have everyone here on this side on both sides of the aisle. we aree industry entering a new exciting era but we want to be ready for it. ranking membere for her opening statement.
3:06 pm
>> welcome to our witnesses. estimated 5are in billion devices that make of the estimated internet of things. it's not just smart phones and baby monitors that communicate over the internet. motor vehicles rely on the same methods of communication. as we see too many times, they are regularly the victims of hackers. this year a vehicle was hacked. lesson than one month later from that instance legislator demonstrated how different manufacturers vehicle could also give them the owner's home address and much more. so far, there has been no note incidence of malicious attempts to have vehicles but i have to ask the witnesses today, is that because the overall security of the vehicle computers is that good? or heavily simply been that lucky? -- or have we simply been that lucky? congress gave the national highway transportation
3:07 pm
administration the responsibility to regulate cyber security in vehicles but manufacturers and suppliers in the best position to identify weaknesses in their own products. ensuring the cyber safety of cars, trucks and motorcycles on the nearly 4 million miles of road that crisscross the united states requires partnership of government, industry, and researchers. each has an important role to play. that is why fight it especially -- that is why i find it especially troubling that according to bloomberg, one of the automobile manufacturers involved in the july hack we did 18 months, 18 months to tell federal safety regulators about the security flaw while the other manufacturer reportedly knew about the vulnerability for five years. it undermines a partnership that is a surge protector public -- that is necessary to protect the public safety from cyber security threats. that is simply unacceptable. connected automated vehicles communicate with other vehicles.
3:08 pm
they have the potential to revolutionize road safety and save thousands of lives. i agree with him. i look forward to examining these issues in more detail. i think the chairman for -- i thank the chairman for bringing this hearing. >> thank you. to recognizeike mr. heard, who has the subcommittee on information technology for his opening statement. >> thank you. today's hearing is one of a series of hearings. the i.t. subcommittee plans to emerging on subcommittees today. my first car was a toyota four runner and i like to call her shirley marie appeared i got her in the summer of 2000 and added until summer 2013. we had a lot of adventures together the wanted she cannot do is connect to the internet. flash forward to 2020, it is forecast to one in five vehicles will have some form of wireless network connection.
3:09 pm
it amounted to more than 250 million connected vehicles. a recent study predicted that the internet of things, which includes cars, could have a total potential economic impact of between $4 trillion and $11 trillion. by 2025. the report further states that the hype around the internet of things may actually understate the full potential. i agree. the hype likely does understate the full potential but only if policymakers, consumers, advocates, and other stakeholders understand the real value can be created and focus on supporting innovation and cyber security and privacy practices. i worry that overeager regulators in congress will overact to a stunt hacked it -- stunt hack with restrictive regulations and heavy-handed legislation. i look forward to hearing from our witnesses from the automotive industry today on what steps they are taking proactively to secure their
3:10 pm
connected vehicles and protect people's safety as well as their privacy. i look forward to hearing from mr. garfield on what the many innovative companies he represents are doing to ensure the same, that people are safe, that information is secure, that they can be confident to increase the benefits offered by connected vehicles. i look forward to hearing about the standards of excellence in highway safety while staying strictly within the statutory authorities and taking care not to hamper innovation. i yield back. >> thank you. i am pleased to recognize the ranking member of the subcommittee on information technology. welcome, again. you are recognized. fork you to the chairman today's important conversation. -- >> thank you to the chairman for today's important conversation. today's cars has been dubbed computers on wheels are they gather in store vast arrays of personal information about the
3:11 pm
drivers, affording greater convenience and safety but also greater erosion of privacy and security. our automakers are inventing new technologies that have made the drivers experience more enjoyable and efficient. over the air in vehicle to vehicle technology, things that were once only science-fiction can save lives and prevent accidents. with great innovation comes new questions over security challenges and how data is stored. as a number of internet connected cars grows, so does the threat of vehicle hacking. if cars are going to store personal information about where the driver lives, the route and they taken together, and where they stop, there should be assurances that the information is stored securely. and protect the identity of the driver. protects the identity of the driver. our subcommittee's review of previous cyberattacks on networks revealed that the same vulnerabilities show up again. the interconnectivity of seemingly unrelated parts of the network makes it substantially easier for a hacker to move
3:12 pm
through a network and locate sensitive personal information. it is not just computer systems that lack segmentation. seemingly unrelated components of internet connected cars do, as well. a modern car can talk to the radio, the radio can tell whether the doors are locked and the doors know whether the wench -- windshield wipers are on. one of the key topics of today's hearing from me is whether the auto industry is designing cars with operating systems that securely store personal information. as we enter this great age of tremendous technological innovation, i will focus on how automakers, congress, and regulators can work together to secure our vehicles from malicious attack and protect americans. and the data. data -- of their -- data. i yield the
3:13 pm
remainder of my time. >> thank you. thank you for yielding the time. thank you to the ranking members for calling this important hearing. the internet of things brings technology and connectivity into every corner of our lives , including our cars. with the pervasiveness of technology, security standards, and privacy protection to come or part of the never. unlike other sectors, security and privacy by designer not yet -- by design are not fully ingrained in automotive manufacturing culture, as evidence by vendors regarding cars ever security issues with wireless entry fees and hacks of cars. however, regulation can be slow, rigid, and discouraging innovation and red rushing the regulation is not my opinion the answer. but neither is a lack of accountability or standards. the advances of the industry has made in the past year, such as setting up an information sharing and analysis center and a set of enforceable privacy principles happened in part
3:14 pm
because of public and government pressure. the security and privacy in the car study act also known as the spike our study act, a -- spy car study act, a bipartisan bill sponsored by congress. is a step in bringing industry advocates e-government together to strike a balance between innovation and consumer protection. i served in the military -- i served in the reserves and i am turned to think about worst-case scenarios so there are three overarching scenarios and questions of elected post at the panel hopefully during the time today you might be of immense array. the first is, is it possible now or in the future for a hacker to remotely taking control of a car and use either as a weapon or cause an accident? second, is it possible now or in the future for a hacker to take control of a fleet of cars and use them as weapons or cause accidents? third, is it possible for hackers now or in the future to take partial control of a car so
3:15 pm
you are going to in a highway -- going down the highway and suddenly your brakes are not in your control. to know if one does a i would be curiousto know if one does a theoretical possibilities, and second, if so, looking again to mitigate that aspect? americans have a right to drive cars that are safe and keep their information audited and eyes by the comment the testimony from today's panel in the forward to asking additional questions on this issue of public importance. thank you. i yield back. >> thank you. since there are no other statements do any of the members , have quick statements? ok, the chair will hold the record open for five legislative days for any member who would like to submit a written statement. let's turn now to recognizing our panel of witnesses. firstleased to welcome the associate administrator of
3:16 pm
vehicle safety research at the national highway safety administration of the united states department of transportation, mr. harry light of global public policy at the general motors company. the vicelobenstein, president of connected services and product planning at toyota motor north america. o'connell, vice president at tesla motors incorporated. garfield at the industry and technology information council. miss khaliah barnes,
3:17 pm
the associate director at the electronic privacy information center. so, welcome to all of our witnesses. -- iht tell you in advance will swear you in in just a second -- we also try to get you the verbal statement before the committee to five minutes. chair --sk to the through the chair to have additional information put into the record. with that, we are investigating an oversight committee and subcommittees of congress. could you please stand and i will swear you in. raise your right hand. do you solemnly swear that the testimony you are about to give before the joint subcommittee meeting of congress is the whole truth and nothing but the truth? let the record reflect that all of the witnesses answered in the affirmative. thank you.
3:18 pm
be seated. we will go right to our witnesses. let me start first with mr. beuse. the associate administrator at the national highway traffic safety administration. bring the microphone up as close as you can, so that we can hear you. good afternoon. i appreciate this opportunity to testify how national highway traffic safety administration is addressing emerging challenges associated with new, connected vehicle technology. in 2013, there were over 5.7 vehicle crashes in the united states that resulted in 32,719 deaths. the consequences of these
3:19 pm
crashes range from personal tragedies that will impact individual families forever to the billions in economic dollars that we can actually measure. our mission is to a dress these -- address these crashes in the increasing use of connected vehicle technologies we can believe can help us to that. when combined together, new technologies and such as vehicle to vehicle communication and automated technologies have the potential to dramatically change the safety picture in the u.s. however, as the chairman pointed out, these new technologies also bring new and different challenges. for example, consumers hear a lot about cyber security as it is related to things -- banks and personal information. it often seems like every day, there is a breach reported in the media. in the auto space, cyber security is taking on new visibility, showing up and -- in new tv shows, like this
3:20 pm
past weekend. we understand these dynamics. we believe that the challenges associated with connected vehicles are addressable in asia not keep us from pursuing innovation that can save lives. testing and analysis indicates that it can address up to 80% of crashes involving two or more motor vehicles. this technology promises to be transformative in could even enable a new era of safety to not only saves lives but other benefits, as well. and fully realize, this -- when fully realized, this communication technology is a symbol even beyond on vehicles. it can be deployed to other devices that would be carried by pedestrians and cyclists, thereby addressing those types of crashes. however, for it to be effective, it relies on a robust security system. and for the vehicles themselves to be secure. in exploring the potential of connected vehicles and other advanced technologies, we understand the cyber security is -- that cyber security would be essential to the public acceptance of new vehicle systems and if it filled the safety promise they hold.
3:21 pm
we modified our organizational structure, developed partnerships, adopted it and adopted a legislative approach and consider legislative actions to encourage members of the industry to take independent steps to help improve the cyber security posture of vehicles. our goal is to be ahead of potential vehicle cyber security challenges and seek ways to address them. we consulted other government agencies, vehicle manufacturers, suppliers, and the public to develop our cyber program. the approach covers various safety applications deployed on vehicles as well as those envisioned for future vehicles that may feature more advanced forms of communications and automation. however, we also believe there are tremendous opportunities in this round for proactive steps. in fact, such steps are essential. regulation and enforcement alone will not be sufficient to address the risks. cyber security threats simply moved to fastener to varied for regulation to be the only -- move too fast and are to varied for regulation to be the only answer.
3:22 pm
the auto industry can play an essential role by cooperating in establishing rigorous practices that are address the broad range of cyber threats, by reacting quickly and appropriately when such threats emerge, and by working closely with the government in independent security analysts to identify and defeat attacks. we have also given special consideration to the security systems that enable this technology. our partners have spent some time developing the network and the trusted architecture goes along with the system. while we have made significant progress, we believe that more testing is necessary we plan to undertake that. the trust aspect of the system is based upon bki. we tweet the design to balance security and privacy. we take consumer privacy very seriously and in the context of our proposed rulemaking on fears of the vehicle communication, we will address privacy as a relates to that system. the effectiveness of the tv
3:23 pm
technology also has unallocated portion of the spectrum. in light of growing demand for spectrum, special sharing has been a topic of much discussion. d.o.t. is not opposed to sharing the spectrum. toward that end, d.o.t. is working closely with that cc and -- fcc and tia, members of the industry, and other stakeholders basisthe next but i did -- on an expedited basis to test and evaluate potential sharing solutions for the 5.9 gigahertz spectrum. we are waiting for devices. under the leadership is secretary fox, the department has taken several steps that support the deployment of this technology. in august 2014, we issued in -- an advanced proposal of rulemaking in the plentiful of it up this you with a proposal and just recently the secretary announced about a program all into two for the deployed this technology. connected and automated vehicles that can sense the environment around him and communicate with -- around them and communicate with these other vehicles and with the infrastructure have the potential to revolutionize road safety and save thousands of lives. we are already laying the
3:24 pm
groundwork needed for the road ahead and look forward to working with congress, manufacturers, suppliers, and others in the administration, and the american public in this exciting transmission future. addressingard to your questions. >> thank you. let me introduce a welcome the executive director of global connected customer experience in global public policy at general motors. welcome. you are recognized. mr. lightsey: thank you. in the roughly 100 years of its existence, the automobile has impacted american life in ways unique to any other machine. it has impacted how we live and work, where we live and work, how our cities have grown, and how our country has grown.
3:25 pm
yet the machine itself remains basically what it was at the time of its inception. a gasoline combustion engine connected by a drivetrain two road driven by a , human being. we are now entering an era where all of those basic tenets will change genetically. cars will, more and more, have different modes of mobility other than a gasoline engine. they will be connected to each other in ways that will make the driving experience safer and more enjoyable. they will, more and more, really for a human being of the driving -- relieve the human being of the driving task. because we know that humans are fallible and will have crashes in cars, the automobile industry and the national highway traffic -- transportation safety administration has spent the last half century designing and building automobiles to be safer when they crash. with innovations like seatbelts, airbags, and crumple zones.
3:26 pm
today, we are designing and building automobiles to avoid collisions entirely. with technologies like forward and rear collision warning, backup cameras, lane keeping, and blind spot warnings. increasingly, these technologies allow the machine to assist in the driving task itself when the human driver does not react appropriately when quickly -- or quickly enough to prevent a crash. soon, technologies like a vehicle to vehicle communications will be deployed with the promise to and had over -- to impact over 80% of the thehes on today's roads savings in terms of lives, property damage, medical cost, and congestion will be enormous. at general motors, we are moving quickly to take advantage of these innovations. we are the first automobile manufacturer to build connectivity into our vehicles. and gm onstar has over 6 million customers in the united states
3:27 pm
in over one million customers -- and over one million customers connected on our 4g broadband platform. we have deployed many safety technologies. including announcement the deployment of vehicles with advanced rearview mirrors. and we are the only automaker that has announced a commitment to deploy vehicles with the technology into our cadillac models next year. however, we must acknowledge that with change comes challenge. we must deploy these innovations the safest manner possible. -- we must commit to our customers that we respect their privacy. the software may have more abilities that bad actors could exploit to threaten customer safety and privacy. and we must do all we can to prevent hacking.
3:28 pm
we must realize that we are competing with other technologies for other scarce resources, like spectrum. we must be able to use these resources in an efficient manner , so long as it doesn't interfere with the critical mission of our systems. if we have the freedom to innovate within these parameters, the promise of the future cannot be imagined today. thank you, i look forward to your questions. >> thank you, we will now hear from the vice president of connected services and product planning at toyota. welcome, you are recognized. >> thank you, good afternoon. it is an exciting time for the auto industry, more vehicles are being outfitted with more safety features and onboard services. we interact with these via smartphone. the truth is that we are only at the beginning of the beginning. the connected car of the future will far surpass the ones of today. to address questions about
3:29 pm
vehicle data, the industry came together and develop rentals for -- to develop privacy vehicles for technology services. these privacy principles include meaningful protections, including heightened protections on vehicle data, like the vehicle location or how someone drives. for example, automakers will not share with third parties or use -- agreed not to share with third parties for their own use or use marketing data without the affirmative consent of the owner. with these principles, the industry will protect data in the internet of things. this code of conduct is precisely the type of effort the government has encouraged from the private sector, and it should serve as a model. cyber security is a key focus. although no cyber attack on a vehicle has occurred, the auto industry is well aware that the cyber security risks that exist for other connected devices also exist for connected cars. we fully grasp the potential
3:30 pm
consequences of the successful, real-world attack. in that light, the auto industry is forming a group to exchange industry information. we are fully committed to the success. we expect initial information sharing by the beginning of the -- beginning by the end of this year. some are making the case that cyber security best practices and standards are needed. the question is, whether automotive best practices will look any different than those that guide cyber security and -- in other contexts? that being said, the auto industry recognizes that efforts to adapt best practices to the vehicle may be appropriate. that is why the industry has recently embarked on an effort to identify best practices that are being and can be applied to vehicles and to address any potential gaps. for the very same reasons that the government has refrained
3:31 pm
from mandating cyber security standards in other sectors, there is a significant risk of the government mandating standards for vehicles. industry can move quicker than government to adjust to new threats. in addition, setting specific government standards may encourage some companies to simply comply -- not to do more to protect consumers. finally, a specific approach will almost certainly have specific implications for the internet of things at large. at the internet of cars evolves, we are on the cusp of a radical transformation that will be made possible by vehicle to vehicle communications. dsrc is a technology that will allow us to overcome challenges posed by sensor technology.
3:32 pm
enabling vehicles to identify collisions at a greater distance or around the corner. it spurred an extensive collaboration on between dot and the industry on dsrc. due to the spectrum crunch, we support the prospect of sharing spectrum, if they can be proven that no harmful interference will impair dsrc's safety of life mission. a proposal has been offered that has the potential to accomplish this goal. the developer and the auto industry has recently proceeded to validation testing, and we remain confident it will remain a workable solution. in closing, i'd like to provide two final observations. first, the internet of cars ecosystem is evolving. technology companies, telecommunication providers, insurance companies, and others will continue to introduce pots
3:33 pm
-- products and technologies designed to directly communicate with vehicles. as the ecosystem evolves, responsibility for protecting against cyberattacks and preserving consumer privacy should evolve to include all relevant players in this space. second, there is a number of agencies seeking to oversee or influence cyber security and privacy related to the internet of things, either broadly or with a narrow subset. the resulting cacophony of proposals is exceedingly difficult to manage and prioritize. without consolidations of these efforts, clarification of the roles, and better coordination, the opportunities provided will almost certainly suffer. thank you for the opportunity to testify before you. >> well, thank you. we will recognize the vice president of business development for tesla. welcome, sir. you are recognized.
3:34 pm
>> good afternoon. we appreciate the opportunity to come here today, and for the opportunity to speak. tesla is known for being exceptionally safe. we have been awarded the highest possible safety rating, five stars, not just overall, but in every category. safety is a watchword at tesla. automotive injury and fatalities have fallen as result of safety improvements such as airbags, energy absorption, and to maintain the pace of fatality rates, vehicles need to increasingly use computerized systems to avoid crashes, with particular opportunity in the vehicle space. two examples leading to significant safety benefits, compared to non-connected vehicles, are the following. the first would be automatic emergency braking.
3:35 pm
a vehicle feature which attempts to avoid accidents by applying brakes. tesla is one of 10 manufacturers committed to making this a standard feature. we have delivered on this promise. the same technology is applied to autopilot functionality, where improvements are constant, as vehicles effectively learn from varying road conditions and share those through the fleet with connectivity. the recall rate in general is about 70%. for a given vehicle that warrants a recall, about 7% will get repaired. connected vehicle technology offers a significant opportunity for us to do better. modern vehicles are heavily software-controlled, and software changes alone can often resolve a safety issue. in 2013, we became aware of a hazard relating to incomplete third-party installation.
3:36 pm
after the change was identified, we were capable of identifying and solving the third-party fault. the software solution was automatically delivered to the entire fleet. in contrast to the industry average, recall uptakes of 70%, we can achieve update rates nearly 100% in a short amount of time -- measured in days. precautions and concerns as we go forward, the first precaution is to ensure that any update to a vehicle is updated by the manufacturer. this can be achieved by using cryptography, a technology referred to as signing. the second is to strongly isolate networks from the mechanical system.
3:37 pm
if it has network conductivity, the processor should not have direct elections to the mechanical systems -- steering, acceleration, brakes, gear selection. we do not have gear selection, that is a separate matter. some implement this with a gateway technology. a third precaution is to use encrypted protocols for the vehicle. this ensures privacy of the integrity of the data. with respect to regulation, we have rapid innovation for safety. tesla vehicle safety already significantly benefiting from investments in conductivity, we expect success to only continue, as the full potential of connected vehicles are realized. overzealous or premature regulation does not allow for innovation or creative solution can deter safety innovation. any move in this direction must be considered carefully, only to the extent necessary, in our view. thank you for the opportunity.
3:38 pm
we will welcome any questions. >> i would like to recognize the gentleman with iti. >> thank you, chairman mica, members of the committee. on the half of 65 of the most dynamic companies in the world, we thank you for hosting this hearing. it is perfectly timed before 42 million americans get on the road to engage in thanksgiving commutes. i would suspect that 5-10 years from now, the cars in the commute will look quite different. i will focus my testimony on the issue, which is the transformation that is occurring, the innovation that is taking place, in that space first. second, what we are doing to ensure we accelerate deployment in a secure and safe way. it is often said that it is difficult to appreciate history when you are experiencing and
3:39 pm
living in the middle of it. from my conversation with our companies, we are living in an innovation renaissance. the convergence of almost ubiquitous broadband exponential improvement in computational processing comes with almost unlimited storage, and it is transforming mobile computing. that includes the original mobile technology, which is the car. we see that manifested today in advanced driver systems, whether that is adaptive cruise control or automatic braking -- which i have in my car. we will see that in the future, whether it is vehicle to vehicle or in autonomous vehicles. our companies are working hard to deploy technologies to make those types of vehicles available, sooner rather than later. whether that is dedicated short-range communications, advanced lte or or 5g wireless, is a number of panelists have
3:40 pm
noted, it is in the early days. it is impossible to tell which will work effectively. what we do know is that there will be radical, transformative improvements in safety, access, as well as how we view our cities. the other panelists have spoken about the safety issues. i will not repeat that. but think about all the people today who are not able to drive because of a disability or because they are too old or too young. through connected vehicles, or autonomous vehicles, those people will have access to transportation in a way that they do not today. similarly, when we do not have to think about cars being parked all the time, the way we think about our landscape in our cities will change dramatically. our companies are investing billions of dollars to bring that to the market, sooner rather than later. and our partnering with any companies on this panel, we will make this possible.
3:41 pm
and as well, working with the public sector to enable that. a big part of our work is ensuring that consumers have confidence in the safety and security of those vehicles. and security will become even more prominent in the future. for us, we have long experienced working on cyber security , whether it is protecting networks to the cloud or everything in between, increasingly, the norm is redundancy at the software and hardware level, so it is not a latch-on later on. that means you can build into a chip set. the encryption protocols to adapt if the encryption is circumvented. we are advancing that work.
3:42 pm
nist has taken a collaborative approach and coming with a framework of standards and best practices, while allowing sufficient flexibility for innovation. there is still work left to be done. and that speaks to the role that congress can play. a number of members of the panel have pointed to the number of efforts and initiatives that are being undertaken in this space. congress can play an important role in bringing order to that cacophony, as mr. logan identified. second, there is really a need, and ranking member duckworth made this point, for a national information of thing strategy. there is so much work taking place in this space, but not much of it is well coordinated in a strategy that serves economic security and safety
3:43 pm
interests. finally, once we look at what is being done and develop a strategy, there is an appropriate place for regulation to deal with market gaps. and we would advocate the approach that has been taken by nist in developing a regulatory framework, is the appropriate approach. thank you. >> thank you, we recognize, waiting patiently, the associate director at the electronic privacy information center. welcome. >> thank you, chairman mica. ranking member kelly and duckworth, i am the associate director for the electronic privacy information center. we are an independent nonprofit research center focused on human rights issues. we thank you for taking time to consider the important privacy implications of the internet of
3:44 pm
cars. new vehicle technologies offer a variety of new services to american drivers, and are quickly being implemented by american car companies. but these new technologies also raise substantial privacy and security concerns that congress needs to address. as cars become more technologically sophisticated, they collect a lot of personal data, including physical location, destination, text messages, and phone records. most car companies and other companies, including google, failed to inform consumers of their data collection practices. few give consumers true control over the data. auto companies also use personal driving information for various, but vague purposes -- which leaves consumers in the dark over who has access and why. this is often retained for years, if not indefinitely.
3:45 pm
the very real possibility of remote car hacking poses substantial risk to security. connected cars can be taken control of, including breaks, steering, and car locks. they can provide access to the physical location, using built in gps navigation systems. which can facilitate crimes such as stalking, harassment, and car theft. congress must enact meaningful safeguards to protect privacy. last year, a group of 20 automakers, including general motors and toyota, signed a pledge voluntarily for security. it is no substitute for federal data security regulation. the pledge fails to provide substantial privacy protection, lacks any meaningful enforcement, and supports the status quo of the wholesale collection of sensitive driver
3:46 pm
data. to protect the privacy and security of american drivers, congress will need to do more. first, congress should act on pending legislation. 2015 should establish federal standards for connected cars, in consultation with the ftc, to develop privacy regulations for driver data. it provides a good framework for meaningful safeguards. there is also the house draft bill that would require car companies to develop modest privacy policies for the collection of driver information. the house draft falls short of providing robust privacy protection. it would not require manufacturers to actually develop or even implement privacy-protecting measures. instead, the company could only inform drivers about whether the company chooses to take various
3:47 pm
privacy-protecting measures. it also immunizes scrutiny for developing the policy. the draft would broadly criminalize vehicle hacking, including for research purposes. the senate bill comes much closer to safeguarding the interest than the house draft. in fact, we would oppose the house draft, which would be a step backwards for americans concerned about privacy and security. second, congress should establish fines for hacking connected cars, but only when there is malicious intent. this will permit research to discover vulnerabilities. third, congress should grant authority to issue privacy rules. the spy car act of 2015, with its emphasis on civil fines for offenders, provides a type of privacy and security safeguards that drivers need.
3:48 pm
as congress moves forward, it is critical that this agency has rulemaking authority. the rules should incorporate practices detailed in the consumer privacy bill of rights, which is a sensible, comprehensive framework for privacy protections that provide some standards and would help establish fairness and accountability for the collection and use of driver information. every day without car privacy and protection places countless drivers at risk for having their personal information, or worse, their physical safety, compromised. congress must act swiftly. thank you for the opportunity to testify this afternoon. i would be pleased to answer your questions.
3:49 pm
>> we will go right into your questions. first, with a national highway traffic safety administration, in 2012, when i helped craft the legislation, i put a section 31-402. electronic systems performance. it said specifically, not later than two years after an accident, that was july. i give you august of 2012, the secretary shall complete an examination of the need for safety standards, with regard to electronic systems and passenger motor vehicles.
3:50 pm
and has a couple of criteria. upon completion, the secretary should submit a report to the committee. i see i screwed up. i should've put the department of transportation in here, too. they don't have one, but we have commerce in the senate. at energy and commerce in the house. have you completed that report? >> no, mr. chairman. that is still under review. what we have done, which is unprecedented, we put the entire research program that we developed in consultation with other government agencies and the private sector -- >> so it is not -- i guess i just put these things in the law and we forget them. it should've been until july, we give you august until 2014, november? ok? so we are a bit behind? >> agreed. >> is there a draft? >> i tried to get a draft from the committee.
3:51 pm
they said they did not have one. this is from either committee. can you submit joint subcommittees here a draft? >> i am not sure if i can. >> not sure if you can? >> the work that has been done -- >> we want to see it. you can, and you will. you will have it here in 10 days. that is the way we operate here. you did not comply. we do not have any penalties now, do we, if someone hacks a vehicle? >> that is correct. >> the law is still favoring the senate side as far as testimony. -- as far as privacy, your testimony. but we have seen that they can be hacked. that is also correct?
3:52 pm
so far, no one with mal intent has been hacked. but you could probably stop an engine. you could disable brakes or steering, because they have electronic components. would that be a good assumption? i am not technologically competent. >> that is correct. you would be able to disable that. >> congress has enacted, i have to put blame on us, then we gave a lot of money -- maybe. >> if i may, to suggest the implication of that suggests that nothing is being done, when in fact, much is being done. >> it is not that nothing is being done. we give certain directives. i was going to get to the question of them working with you all. and you did talk to them, which sets standards and have pretty good reports back.
3:53 pm
both everybody has participated? have you participated with him? >> yes, mr. chairman. we embrace the framework. we adopted that into our -- >> both of those federal agencies, or with the private sector, or in a group? >> we had discussions with both. >> and you? >> yes. we've all had discussions. >> to be factually, perfectly accurate, i'm certainly -- we are absolutely involved in an ongoing basis. i cannot testify to the involvement. >> i commend you for coming together as an industry, working -- and i don't want to imply that nothing has been done. but my job is to give certain directives to agencies. i am not here just to look good. i know i do.
3:54 pm
[laughter] >> yes, you do, mr. chairman. >> but my job is to hold their feet to the fire. when you put something into law, some of the newer members will find out around here, i put things into law three or four times and they still do not comply. but we won't go there today. we gave you a lot of money. we spent about $500 million in taxpayer funds testing the dedicated short range radio communication devices. what is it currently doing to address the potential issues with security credential management systems? where are we on that? >> those funds are jpo funds, joint program office. >> is that under you? >> it is not. it is now part of the office of the secretary. >> it is under dot?
3:55 pm
ok, but they have had half $1 million. what is the result there? >> what the department is doing is putting the sort of hardware behind that system. what has been done to date has been a lot of hard work, smart people coming up with design. now we feel we must build this to see the vulnerabilities and do large-scale testing. >> do you have any idea where? i am told some of what you have done is actually sliding behind the advances in technology. and how much more money, how much more time will it take? do you know? >> i think that is why the secretary of transportation is putting it out for public comment in 2016. >> so that is not until next year? >> i guess in two months, he asked us to accelerate that. which we have.
3:56 pm
>> we spent a lot of money, and we don't see a lot of progress. and when would you have your final report, the report that i requested here? it is in draft, you are going to give us the draft? when will you have that finalized? >> i can get back to you on the record with that, sir. >> within the next 10 days? >> absolutely. >> i want a firm date, and i want it made part of the record. >> absolutely. >> sorry, i don't mean to be demanding. >> sir, i understand your frustration. >> again, we expect the agencies to act responsibly. right now, just my final question. cars can be hacked with electronic systems.
3:57 pm
we do not have in place either a standard or ability to stop that. i guess that is the simple way to put it. is that correct? >> mr. chairman, thank you. gm has invested a lot of time and effort into making it as difficult as possible to hack into cars. as i indicated, we embraced the framework. >> that is an individual effort. we applaud you for that. but my question is that we really don't have a standard, we don't have the ability to prevent that development? do we? >> we have the ability to implement things as a business. >> general motors cannot be hacked? >> i cannot say they cannot. but we are making it difficult. >> you are individual. i am asking if we have a standard. we do not, as far as i know. >> we are trying to be
3:58 pm
proactive. >> but again, the question was -- and i applaud each of you. tesla will tell us they are five-star and all of that. but my question was, is there a standard developed? is there protection in place, the answer is? >> we have begun working as an industry to establish -- >> but we don't have that in place, mr. o'connell? >> there is sort of a difference between hard access and wireless hacking. we have seen the former, people with access to a vehicle then being able to modify certain access. it has happened on isolated cases. i am personally unaware of any wireless hacking.
3:59 pm
>> there are no protections or standards? >> none that we are aware of. >> congress has not held any agencies to the fire. >> i would just point out in the written testimony, key examples of computer scientists and other researchers finding ways to wirelessly hacked into vehicles. >> there is a difference between developing standards and their being laws. there are standards being developed around cyber security. and there are laws in place that would punish someone. be it the digital millennium computer act or anything else. the question is, are there laws mandating particular standards? i would argue that mandating a
4:00 pm
particular standard be the absolute wrong approach. >> we don't have that. but we still don't have industrywide standards or protections. i'm unpacking a host of things we are for today. >> mr. chairman? on the last question, the industry group just recently -- within the last week -- has developed a set of voluntary industry best practices. we are just looking at. i wanted you to know that was out there. >> usually, things happen before the hearings. [laughter] >> thank you, mr. chairman. i want to speak to the sector-specific sharing analysis centers, which are nonprofit member-driven organizations formed by critical infrastructure owners who share information between government and industry.
4:01 pm
not necessarily in the automobile industry, but other areas. can you talk about what mechanisms or organizations have been instituted? and also by the industry, to ensure -- >> sure, there is been quite a bit of work. we were at the forefront to encourage the development and we are pleased it is up and running right now. there are additional steps that are probably necessary. one is clarifying the role it will have interaction with the agency. and how that group will be expanded to other sectors, including suppliers. >> i would like to speak to the suppliers portion of it. this is something that has come up in my work on the armed services committee on military equipment. cyber security is something of great, great potential harm to
4:02 pm
our military. and one of the things i found out was for military weapons platforms, something as critical as the new fighter jet, there is not complete security of the supplier network. can any of the three gentlemen from the automobile manufacturers here talk a little bit about what you have done to secure or safeguard or inshore -- ensure that there is a plan -- that your supplier network is one you can trust? i have in my congressional district a chip manufacturer that has been identified as a problematic company that engages significantly in both corporate espionage and in governmental and intelligence espionage, as well. what are you doing -- i am assuming you don't make your own chips. but what are you doing to make sure your supply network is secure? >> thank you, ranking member. gm has invested substantial resources and time into the cyber security issue.
4:03 pm
in fact, we created a global organization to end cyber security products and services. -- end-to-end cyber security products and services. that organization is headed by our chief product cyber security officer, who reports to the senior management of the corporate company -- including the ceo and the board at regular intervals -- about cyber security products and services. that includes our supply chain. and we have requirements that our suppliers must meet. we audit them on those requirements. and we test their products. and we have those products as part of security by design. from the very beginning, all the way through to production of
4:04 pm
those products, those products are tested by both internal and external experts. >> for cyber vulnerabilities? testing andtration other techniques that are common and standard. >> for toyota, cyber security is paramount. we also use industry-standard best practices, risk assessments, multilayers. we have cyber security teams embedded in our activities, from the day we put pen to paper through development, and even through the operations. one thing i also want to mention is that we have also invited automotive suppliers to participate in that. we are bringing them and so we can share information with them, as well. >> mr. o'connell? >> a couple of thoughts.
4:05 pm
many of them are consistent with my colleagues, the general robustness of the system. a couple of things differentiate tesla. one is are concerned with being an industry leader in the electric vehicle space, we have a unique concern about the integrity of our operations. because as a new industry entrant we are uniquely subject to these risks. that said, we take a systems level approach, especially in software development, but also on the vehicle side, we have a much higher degree of vertical integration. many of our software systems are designed from the ground up, rather than relying on outside providers. with respect to our chip technologies, to my knowledge largely, we are sourcing from domestic sources.
4:06 pm
but we are wholly focused on the vulnerabilities, as any silicon valley company would be. >> i'm out of time, chairman. >> i always appreciate your questioning and insightfulness. i want to recognize my colleague from the great state of texas for five minutes. >> thank you very much, mr. chairman. i appreciate the opportunity. and i cannot say your name correct -- am i pronouncing your name correct? >> yes. >> tech companies like google, uber, intel are making an autonomous vehicle overall. and technologies that do not rely on dsrc at all. what steps are you taking to support this type of innovation, which is one of the reasons why the u.s. leads globally in intelligent transportation systems? >> with respect to the automated
4:07 pm
vehicle technologies, we could not agree more. we think there is a future for both connected and automated. we are pushing hard on both. you see recent examples by the secretary on emergency braking, we just included that technology into our new car assessment program, one of the most visible in terms of consumer information. the other thing we have done is encouraging industry to make that technology standard, slowly meeting trying to get them to a place where it is a standard feature on all vehicle models, without regulation. that is a september announcement that just happened. likewise, on connected vehicle technology, we believe that it is a mandate that is necessary to get the market to go. >> so, how are we going to tie this in with the proposal to
4:08 pm
mandate dsrc in all like vehicles? are you going to require companies to put dsrc on top of their own technologies? are we forcing a standard on folks that they may not be ready for? >> that is what the proposal is meant to find out. if you look at the approach of the department, it is trying to get it out of the research phase and ready to deploy. as for these difficult questions, we certainly believe it is ready to deploy. we believe the technologies are complementary. >> all right, thank you very much. i want to visit a little bit about what you guys are doing at tesla. you take a different approach to determining security issues. you basically have a bug bounty and employ white hat hackers. can you talk about what you do, and why is that a good thing? and how it is working?
4:09 pm
>> sure, our approach is really consistent with sort of software development -- the silicon valley approach -- to hardening software over the course of time. it relies on a system of incentives, whereby we encourage folks to test our system, both professional and informal environments. and we reward them when they identify vulnerabilities. this is consistent with the incentive system that i think generally works in the human environment. but we find it works very well in most software environments. it is working very well for us, as well. it allows us to rapidly identify problems and rectify them and implementnnections, the solutions. >> the u.s. supported a global standard at 77 gigahertz.
4:10 pm
we are looking locally at a whole different frequency range, around 50 gigahertz. is this an example of one hand not talking to the other? would we not be better off with one international standard? >> i'm not exactly familiar with that issue. i do know on the radio side of things, we have worked very hard to make sure we have the same standards on both sides of the atlantic, so to speak, so we can have one set of hardware. >> mr. lowenstein, would you like to address that? >> we fully support the idea of sharing spectrums. there has been deployment in the japanese market near the 5.8 gigahertz band. we think it is important to protect this bandwidth in the u.s. dsrc provides life-saving services. >> is there a technical reason it would not work at 77 gigahertz, like the rest of the world?
4:11 pm
>> i'm sorry, i am not a technologist. i will have to pass on that. >> if i might, it speaks to the point you are making earlier about all the disparate efforts in this area. and why an agency that is focused on standards and standard development globally has to be part of this conversation. am out of time. i look forward to a second round of questions. >> now, i would like to recognize the ranking member of the i.t. subcommittee. my friend from the great state of illinois, robin kelly. >> thank you, mr. chair. the promise of internet-connected vehicles is that they bring greater levels of convenience and safety. but that same connectivity means that these computers on wheels faced the same threats and vulnerabilities as other computers. mr. garfield, given the volume
4:12 pm
of successful compromises of corporate and government networks, in your estimation, how likely is it that we will see hackers, instead of just researchers, hacking connected cars? especially in light of the testimony? >> it is hard to the future. -- it is hard to predict the future. but i think the likelihood is real, and that it is likely. i think the information that mr. o'connell shared about the approach in the software industry on taking an agile approach, where we adjust and integrate robustness, so we are not compromised completely, is the proper approach. >> is there anything that keeps you up at night, any scenario that concerns you the most? >> generally, i sleep quite well. [laughter] but i think part of my worry is that all of the great things we have been talking about will be a dream deferred.
4:13 pm
because our policy apparatus will not be as agile as our software development to keep up with these shifts. so i get the instinct to act. and we should act. what we are suggesting is that we act in a strategic and coordinated fashion to make sure that shared interests are achieved. >> mr. o'connell, mr. logan, when you think of new features you are going to add to your cars, is there anything -- not that you would do it on purpose -- that you would add that could be negatively compromised? as you are getting more connected, i guess? >> yes, as we have said, we certainly embrace all of the tenets that mr. garfield has spoken about. and we incorporate security by design, defense in depth strategies throughout our reviews. and so, from the very beginning
4:14 pm
of any service or hardware, it begins to go through the design cycle for our automobiles. cyber security posture, that particular element is being evaluated. the risk of being assessed, and appropriate measures are being taken to mitigate that -- into the lifecycle of the vehicle, itself. >> for toyota, the safety and trust of our customers is paramount. as i mentioned on the telematics side, we employ the same best practices that have been mentioned here today. we include our cyber security experts in the very beginning. they provide feedback to us that we implement. i think as we go forward, we will continue to expand on that. we also look forward to working as an industry to develop best practices we can all employee.
4:15 pm
>> you did not ask me, but i sleep well at night, too. [laughter] for two reasons. one, i know that we are employing within tesla some of the industry's best. the other piece that gives me peace at night, we are working in context of open innovation. whereby it is not -- the integrity of our system is not wholly reliant on tesla, but looks outside to improve the system and rapidly implement them. >> thank you. lastly, your testimony talked about some of the statistics
4:16 pm
of dying on the highway. mr. garfield, your testimony references a tremendous economic and societal benefit that could be derived from autonomous vehicles. in your opinion, what could congress and the federal government be doing? what more can we do? >> thanks for asking. there is certainly important work for congress. there are so many different agencies working on the internet of things. connected cars are a part of that. congress can play a great role in bringing clarity on a path forward. and filling gaps where they exist. for example, the representative spoke about the spy act that is going through the house. trying to bring order to all the work going on. we think that would be quite valuable. >> thank you. i yield back. >> now i like to recognize the gentleman from north carolina,
4:17 pm
mr. walker, for five minutes. >> about five or six years in the early 1990's, i worked in the auto industry on the retail side. i can look back on those 20 years and see how much paperwork on the dealer side was required then. and how much is required now. the last thing we want is more federal regulations on these men and women who are working hard to provide jobs out in the industry. so i do have a couple of questions, though, to make sure we are headed the right direction. what role, if any, and the internet of cars can be filled by the federal government? i would like to hear your thoughts on that. >> one of the things we are doing is try to ensure proactive steps from the get-go. it has been mentioned about security by design. we think that is paramount. one of the things we have been doing all along, we saw this
4:18 pm
coming, that in order to see the vision of the future with automated and connected vehicles, we really have to start focusing on that. we have been pushing and prodding as best we can to get that to happen. >> in your opinion, do you really need a specific regulator? auto specific best practices here? or is the national institute voluntarily setting the right approach? can you address that? >> it really might be all of that. right now is kind of a two-pronged approach, working with the auto industry on a set of best practices. but as a regulatory agency, we have to keep in mind that that is our job. if there's a need, we will do so. >> fair enough. does the federal trade commission currently have
4:19 pm
jurisdiction under section five to police the privacy policies, to the extent they connect personal information from these devices? that is probably more directed at the ftc. but we have been working very closely with the ftc on privacy issues. >> ok, does the department of transportation or the nhtsa have particular expertise that would warrant them -- to answer your response -- to oversee the privacy responses related to the devices? >> we do have privacy experts. that is one thing we will be referencing in our rulemaking. we have expertise. >> is there a certain timeframe, date, a conference, or meeting you will be addressing this? >> sure, what we will be doing on b2b medications, we will have -- what we will be doing on
4:20 pm
communications, we will have more on that. >> last question, most of the technologies and development are independent of the dsrc. what is the nhtsa doing to enable further adoption, to not hamper the innovation that we are seeing? >> we are using all tools at our disposal, including regulations, where appropriate. it really is an era where we see life-saving technology, we want to get it deployed as soon as possible. >> in your testimony, you notice the sensitivity of the information connected by the vehicles. and did a great job sharing that. but just to review, can you describe what kind of be collected?ght and what entities would be collecting it, other than the manufacturers? >> thank you for your question. one example is location information, which can reveal an individual's patterns or habits. there is also the collection of
4:21 pm
biometric information, credit card information, with certain telematics placements in the car. individuals can, in the car, speak into their system for a text message -- that is audio. there is also text messages looking at the privacy policies of certain manufacturers. it is an almost endless list. -- almost endless amount of outside entities. most of the time, manufacturers do not specify the various third-party entities they give information to. we know in certain contexts that it is marketers. we know there is an increased market for insurance companies to gain additional access. and without sufficient legal requirement, law enforcement could also gain access. >> thank you, very well articulated. >> i have just a few questions and seconds left. regarding connected vehicles, in what countries are we seeing the
4:22 pm
most innovation on this right now? can you go down the line? i yield back after that. >> i think there is certainly a globally competitive part of the industry. the united states leads in terms of the deployment of the advanced technology. but i think this is rapidly changing. and i think the proper policies need to be in place to ensure that this innovation continues in the u.s. >> thank you, i agree. we are moving very quickly in the u.s. to adopt these kind of technologies. although, in countries like japan, the technologies have already been put into place. >> i won't refer to our unique regional hubris, but i think the most advanced efforts are taking place in the u.s. i like to see us on the leading edge of this. >> thank you. yield back. >> you are recognized for five minutes. >> i want to thank the ranking
4:23 pm
members for this hearing. mr. o'connell, you can talk about the hubris of the bay area as long as you want to. [laughter] representing that area of the country. i request statement for the sin of democracy and technology be entered into the record. >> without objection. >> and maybe toyota and general motors, the whole issue of independent researchers -- mr. o'connell has talked to tesla's advocacy for such comments. could you tell me if toyota and general motors have the same feeling that they will allow for independent researchers to help them to make sure the software is working properly? i say to someone in the context of what has happened, vis-à-vis volkswagen. can you respond as to whether you agree with mr. o'connell? >> we generally agree with this
4:24 pm
approach. we have a specific relationships with certain groups of security researchers and academics. as i said, they perform valuable services for us in terms of testing the vehicle software and the systems on the vehicle to help us design and make them better, so that hacking them is more difficult. we are looking very hard at security vulnerability programs. whether or not it is exactly like the one tesla described will be determined. but we should be rolling that out very quickly. we want to know if our software has more abilities. we want to know that, both from folks within the company and outside the company. >> mr. lowenstein? >> we try to welcome information from so-called white hat hackers. we have regular communications, regular relationships. we attend the same conferences they do.
4:25 pm
we also do employ third-party cyber security testing on some of our systems, to ensure that we have all the most up-to-date information. and we are patching any vulnerabilities we might find. >> switching to privacy, the privacy principles are exciting to look at. but giving mrs. barnes' concerns, we had very spirited debates for opting out of third-party data. the industry lobbied heavily against it. within the language you have in the privacy agreements you have come up with, and the value you place on it, and the concerns that have been expressed here today as well, can you provide a comprehensive list of all the data currently tracked and store in your vehicles? can you provide that information, and can you
4:26 pm
provide it to the committee -- borrowing on the chairman's earlier comments -- within a couple of weeks? >> our relationship with the customer is the most vital thing we have in the company. we respect the privacy of our customers. and we want to protect their information. i will say that before we disclose any information to any third party, we get specific affirmative consent from our customer to do so. >> mr. lowenstein? >> we also follow a similar process, we want to be very transparent on the data we are collecting, and how we are using it. for instances where location-based services are used, we asked for affirmative consent of the consumer. because though sometimes provide -- those services sometimes provide life-saving services like crash notification. >> appreciate that, mr. o'connell? levels of protection,
4:27 pm
including the opt out. people have the option to not share any of their data with us. anonymizeshare it, we the data and we aggregate it as such that you cannot that's the intent is to increase principally safety of the vehicles. and secondarily, but if great concern, the utility of our vehicles to drivers and customers. could commentou on the industry's privacy standards in your view and that related to other tech privacy protections. >> in general, the privacy norms in the united states are driven by different standards. which also is at the heart of
4:28 pm
the regulation in this area which over time has become more expensive, not just to deal with expectations that are explicitly articulated, but those that are normative. >> mr. chairman, i yield back. >> i would like to recognize myself for five minutes. can you take 30 seconds and tell is? at dsrc >> dedicated short-range radio connections. >> how is it going to be used? >> to send basic safety messages between devices. >> this is being developed by the department of transportation? >> a whole host of alphabet soup. agencies, suppliers, manufacturers. >> here is my concern. dod and va spent over half $1
4:29 pm
billion trying to get two electronic health records to work together. after four years they said this is really hard, we'll have to go to separate areas. now we talk about being in industry where you have so much private sector investment, why are we even thinking about the federal government getting involved in doing this? a standard hasn't developed out of the private sector. the thing is probably going to work a little bit better, do you have some opinion on this? >> we do. >> i would like to hear them. >> our view is, and i shared it implicitly in my testimony, is that there are complementary technologies being developed, including advanced lt and 5g that we can't tell which will prove most effective. so we think having the ability for all of those, including dsrc to advance but without a thumb
4:30 pm
on the scale, including for the department of transportation. >> why do we think that department of transportation should be doing this? and why this is going to be helpful in the concert of interconnected cars? i appreciate you talking with the safety concerns related misconception about the proposal level. we are writing a proposal to make sure everything is needed to support communication between vehicles. at some point in the future, data comes in that shows there is not the technology that can meet the safety potential -- >> i think -- i think tesla is doing it. i think gm has even tinkered with this. i think the cat is out of the bag. >> none of those comments came in. not one person responded back saying this technology shouldn't be mandated.

26 Views

info Stream Only

Uploaded by TV Archive on