partnership based on the respect and mutual benefit. i want to tell you the following. first, on the strategic track, secretary clinton and i focused on the agreement of the two leaders and exchanged views on how to deal with china u.s. cooperative partnership based on the mutual respect and the mutual benefit that we had in the practical exchange of views. >> our dialogue covered many issues including china's u.s. bilateral relations, major issues, international and regionally, and we had a group conversation. we agreed that we must act in accordance with the chinese u.s. joint statement to increase the strategic mutual trust and post exchanges at higher levels, have closer dialogue on international and regional issues and further increase the people to people exchange. we issued an outcome list of the strategic trust to cover the science technology, transport, and the climate change cooperation. i said we had a group conversation, and i did not mean that we agreed on each and every issue. however, after each round of dialogue, we successfully expanded and increased our mutual trust, and this has added to the confidence of developing our relations in the future. certainly most of us agree we must increase over strategic mutual trust and deepen our cooperation. we reaffirm that we welcome a strong and prosperous china that plays a greater role in the international affairs and it does not seek to contain china with respect to china's interest and both sides from the commitment the commitment to the role of the peaceful development to the united states interest. the china u.s. strategic dialogue is a very important outcome of the dialogue. we agreed to hold this dialogue within the framework of the strategic dialogue and held its first round of meetings this morning and the chinese dialogue will continue to be held in the future the new areas like the common interests bigger and more tasteful. certainly we agree that we will work together in the region so that we can better coordinate with each other and interact with each other. we have agreed that it's a broad enough to accommodate the interest of china and both the united states we must work together in this region work together with other countries in this region to uphold peace, stability and promote prosperity of the asia-pacific and achieve the common development in all countries in this region so that the pacific ocean will become a peaceful one. we agree we will setup a mechanism for the asia-pacific region. fourth, we both agreed that we must work globally and respond to the domestic challenges. there has been in the situation. for china and the united states it is important that we have more consultation, coordination in order to promote and safeguard peace, still the and prosperity of the world. i wish to tell the media that the strategic and economic dialogue inception has played a very important role in helping the mutual trust provision and promote the beneficial cooperation and i'm ready to work with the u.s. to further growth and make good use of the lilos mechanism so that it can better serve china, u.s. relations. how to make use of this mechanism i think we are open to suggestions and proposals from the frenzy of the media. to conclude the vice premier i would like to thank 63 clinton and geithner as well as colleagues from china and the u.s. for your hard work to ensure the success of this round of dialogue i wish to thank the u.s. side for your arrangement and thank you for the interest in this dialogue. i am looking forward to seeing you again in beijing next year and continue our dialogue. thank you. [applause] >> psychiatry clinton and geithner are here to respond to a few of your questions. first question goes to matt pennington of the associated press. [inaudible] the well will challenge and bring down the authoritarian government. and did you discuss in your discussion these issues with your chinese counterpart and how did they respond? >> first let me say that we did discuss on but even to occurring in the middle east and north africa we exchange impressions and views about how individual nations as well as the region is moving in the press for transition for changes, for political and economic reform. every nation and every region is different. i think it is very difficult to draw any overall conclusion in my discussions with the state councilor i pointed out that starting in 2002 there were a series of reports done by arab experts about the development of that region and what might have kept up with the rest of the world particularly asia. so there was a lot of exchange of ideas, but i don't think that you control any specific conclusions other than to say that the united states supports the aspirations that the people in the middle east and north africa have expressed for more freedom, for more opportunity, for a better future for themselves and their families, and we will continue to support the people of the region as they try to realize those aspirations during this transition period. >> the second question goes to [inaudible] >> i appreciate you giving me this opportunity. for the chinese side, the government employees standard sticky from policy and will continue to and as we all know, the real purpose of this dialogue or the purpose of any dialogue is to enhance mutual understanding and mutual trust. so, when this dialogue concluded today, could we say that the u.s. side now has a better understanding and better recognition of china's strategic intent thank you. >> thank you for the question, and i agree that the purpose of any dialogue is to enhance mutual understanding and mutual trust in the other. i think that we have made quite a bit of progress in the last three dialogues. this is a work in progress. i think that for both of our nation's with such different histories, cultures, experiences, development models, political systems, it is important that we continue intensive consultations, and as both of us have said, we do not expect to find agreement on every issue. we know that we approach some of the sensitive matters from a very different perspective than an hour chinese counterparts, but i do think it is fair to say and it's something 63 geithner said as well in his opening statement i do think we have a deeper understanding of the viewpoint of the other. i think we have had such an open dialogue on every issue that we have built trust because we are not keeping any issue under the table or off the agenda. we are talking about the hard issues, and we are developing these habits of cooperation across the government. in addition this is not just to task for government. we are placing great emphasis on people to people, business to business contact and experiences i was delighted at the lunch that secretary geithner and i hosted for a group of american and chinese business leaders that they had some of the same comments, even some of the same complaints about their own and other government interference with being able to maximize their business opportunities. so why do think we are reaching a much better understanding and i think that is one of the principal purposes of the dialogue. >> my third question goes to harold snyder, "washington post" >> said the trustees of a country is, a lot of the stuff of the economic issues seems to be pressing industry by industry market around the innovation issue and i'm wondering are you challenging with them the sort of core logic of the business innovation and if so what is the response on that are you battling it out policy by policy? >> we generally try not to do. sector by sector, business by business. our focus has been to try to look at the basic design of the policy across the economy and we're we see the potential risk that policy may have the effect including the innovators and foreign companies coming at a disadvantage and china to change those policies and try to pursue their objective of encouraging the developing economies through other means. the general is to try to come at the policy of the highest level and we think that has the most effect. if you look at china and the united states we have three different economic systems and the traditions approaching the economic policy and china does still have a largely state dominated economy and the government and much more active role in the direction of the economy, the finance is still fundamentally directed by the state, and china is at the early stages really even with all of the reforms the west three years making the transition to the economy where the best technology wins when the market and competition is the driving force now giving capital. they are changing and i think they recognize china will be strong for the future the have to increase the rules of the market and strength of the incentives and allowing more neutral competition and that is a fundamentally healthy recognition, and as i sit in my opening remarks you are seeing china move in that direction and the direction of policy is promising and we are very confident we are going to see substantial ongoing improvement in the opportunities that the american companies have in the chinese market. american companies operating in china and creating a building things in the united states. >> the last question is the 21st century business her gold. >> have a question for secretary geithner. [inaudible] and had dinner with chinese entrepreneurs and i know that in some of these so i mean the dialogue which the united states tries more equally to the development and how do you speak to schenectady good question and it's an important part of the conversation the last two days. let me make clear we welcome chinese investment in the united states and a very confident that if you look over the next several years you will see chinese investment in the united states continue to expand very, very rapidly. there will be good for the united states, good for china. of course that is driven by the desire of the companies to get more access to the technology and to try to expand opportunities in the market and again we welcome them. we have an open on discriminatory regime from outside the united states and we treat the company's likely to investment from any other country and we are going to continue to make sure that we preserve that open investment regime because it's important to the basic strength and dynamism of the united states. now, to be fair, we also discussed china's investment regime, the policy in place to screen and limit foreign investment in the united states and of course although we recognize china's interest in expanding opportunities in the market is worth recognizing that china's own investment regime is a much more restricted regime with a much more careful management limitations with foreign firms to invest and purchase the company's but that's changing, too and it's in the interest that change over time and i expect you will see us continue to look for concrete areas where we can reassure investors in both countries the are going to face more opportunities on the investment side within china and the united states. >> it is unfortunately all the time that we have this afternoon but we appreciate your participation. thank you. [inaudible conversations] communities along the mississippi river and its tributaries have seen record flooding in the past week to lead to a memphis saw the river crest and level just below the record set in 1937. for details on the federal gun of response, we talked to an official with the army corps of engineers. this is 40 minutes. >> we are back with teheran. she is a contingency operations stricter of the army corps of te corps ers here to to your questions and comments about the rising mississippi river, the yr rir. s that we are seeing. the latest we heard from the weather service is the er hassippi crested at around 48 feet. what is the situation on the ground right now? guest: i am with the u.s. army corps of engineers and homeland security, so that is looking at all of the disaster support throughout this country in the contingency support to the battlefield. so we're really busy right now. besides that, and i will talking about the flooding in the second, we have a lot of people that were impacted by the tornadoes that came through this of the few weeks ago. we have people on the ground that are working in alabama for debris and temporary housing. we have completed a temporary power mission and processed and sent those folks back home. we had a very wide scale water distribution center. we completed that over the weekend. we have a lot of the citizens that are trying to deal with the aftermath of the tornado for quite some time. let's talk about the flooding. this year has been an an ordinary year. the missouri river, and most recently the ohio, tennessee, mississippi. we have had in those rare verve valleys as much as six times the amount of precipitation in normally get at this time of year. the last couple of weeks with over 6% normal precipitation, there is a lot of water. all of these river systems are connected and work together, so we have a big system of reservoirs, lock and dams, levees, flood walls that we look at between us and other federal agencies, partners in the states. everyone working together to say what can we do to deal with the best we can this incredible amount of water that is coming through? last night i just got back from a couple days in the ohio river valley looking at what we're doing to help the local people in kentucky. we were over in illinois. it is just amazing the way these communities are all working together on these active efforts with the state and federal partners to deal with this the best they can. it's just really strikes me every time i am out and see what our communities do. to the we're hearing the news this morning that the water has crested. -- host: we are hearing the news this morning that the water has crested. what does that mean? guest: the crest means the highest stage that is predicted by the national weather service. it will take a while for it to go back down, because there is a lot of water. host: how long? guest: we do not know. it could be the next few weeks of a possibly into june before it starts to recede. the reason is the river is so full right now, and these backwaters that normally dream into the river, they have dreamed very slowly. but we are looking at probably going into june would still high water levels. the good news is the crest has passed memphis. host: our folks in the clear or are the folks downstream need to be concerned about what happens next? guest: the folks downstream are watching it very closely. the crest will still have to vicksburg.xper i looked at the prediction for this morning, and the crest in new orleans, that crest is expected on the 23rd of may at 19.5 feet, which is a pretty high crest for that area. it we look across the whole system cover we're seeing real low as we have not seen since the flood of 1927. in memphis the crest today is half a foot below the historic level. >> what are the worst-case scenarios as the water continues downstream? guest: there is a system along the main stem of the mississippi river. we have several opportunities to influence or to reduce the amount of flooding that can occur. the first of one of those is the old river structure that is always open. there is a control structure and an artillery structures. it is a flood way. we had to open that up last week to allow some relief to that system. the third one is the one that is outside new orleans between new orleans and baton rouge. that is putting fresh water into the salt water basin. we started opening that up yesterday morning. the last time we opened it was in 2008. normally we brought that up -- we opened up roughly every seven years. i just went to alaska and just went to washington, so i was down there the last time we opened it. host: when you open these up, what does that mean for the folks that live around them? guest: 41 a carry, the saarland's we own. there is no flooding the the cause to people by opening of bonnie carrie. -- for bonnie carrie. the next one we're looking at closely is organza. it is also a flood way. that is below that larouche. -- baton rouge. that is a correlation to go to rain. if you have a host of its richest, fishing camps, they may or may not be above the water. this would prevent baton rouge and new orleans from being flooded. this is a flood plain. the last time we opened up organza was in 1973. we do not use a very often. host: when will that decision be made? guest: general walsh is the commander on the ground. he is gathering all of the engineering data and talking with our folks in with the governor and so forth, and based on the engineering data and the river flows, he will make the decision. he has not made the decision yet. what we're doing is letting people know this could happen. we have put out inundation maps. besides from organza, there are areas outside the area that will be flooded anyway. we want to let them know they could have a lot of water. host: can people follow your decision making on the facebook page? guest: yes. it is being kept up-to-date. you can get real time reports of what is going on, the decision making, as it is happening, maps, projections. i cannot emphasize enough that people need to listen to local officials. if they give evacuation orders, people need to follow it. >> the evaation oegive .. states, by the locals. they are the ones that make the decisions. >> operation watershed 2011. it is linked on our website. we have the director of contingency operations for the army corps. we're talking about their response to the mississippi floods. we are dividing the phone lines east-central in mount pacific. and we of a special line for those impacted by the floods. a lain in tacoma, washington. -- elaine in >> caller: i have a couple quick comments. i have to say this is what they did to us during hurricane cay tree that. the army corp.s destroyed the levy in the same ways they are doing now, and we see what happen with that when they pick winners and losers, i don't support that. it's malicious on the people that would be getting the short end of the stick. that's my first comment, and my second comment is i permly think that this is the hand of god at work. i mean, we're having record floods. look at the tornado that went through alabama. i mean, you know, this is -- this is ridiculous. i think people need to look at that. >> host: all right. what about the decision to blow up levies? there was resistance in missouri when you blew up a levy last monday. what goes into that decision and why do you do it? >> guest: it's so hard to make decisions like that, and that is a floodway we actually built in the early 1930s and had sections of the levy designed if we had to, to be removed. there's piping through the levies where we pumped liquid explosives in to remove those sections of the levy. we have purchased eastman's for 70 years, knowing at one time we could have to remove parts of the levy to allow that floodway to be flooded. there were 130,000 acres, mostly agriculture area that's flooded, but in doing that, there's 2.5 million angers that -- acres that were not. it's about relieving the system. >> host: what happens to the land flooded? do those folks get compensated? >> guest: i'm an engineer. there's legalities, what more can people do? the federal government is looking at that to say what type of compensation would be available. >> host: under what law is the army corp. authorized to blow up a levy? >> guest: what we're doing is operating the floodway as designed. it's a flood project and it's no coincidence there's miles of pipe through the levy to have a controlled operation. we physically removed part of that levy. it was a designed project. it's a flood way. as far as the authority, there's similar authorities, the 1937, 1944, and there's numerous flood control acts. under our authorities, for that one it's the mississippi river commission that was established in 1879, this is a system ran for a long time where the authority is with the chief of engineers and the mississippi river commission, in this case, the river commission is on the mississippi valley commander, general walsh, so in looking at all the engineering considerations as well as the river stages and the gauges, all of that, there's a very deliberate decision making that eventually led to that. you know, i was up in kentucky and illinois over the last couple of days, and there's always numerous sides to stories and numerous pins from the public which we greatly appreciate, and folks there were telling us why did you wait so long? you know, there's so many people impacted by this. the corp. of engineers, you should have removed the sections a day or two earlier. it was hard on us. we have to remember there's so many people that are impacted, you know, by all of this, and it's waiting on the set of what mother nature gave us right now, this -- which is a lot of water. >> host: john from alabama. go ahead, john. >> caller: yes, in charge of the levies on the mississippi, and when he retired, he said that the city and rail state peoplemented to move in the levies closer to open that land up for development and tax purposes and what have you, and at the army corp. of engineer had a larger budget doing that, and he said one of these days thaim find out they needed that land, and that's what's happening now is they use that land. >> host: okay. >> guest: thank you for your family's service, and, you know, you make a really good point as in what is realistic floodplain management. in other words, should you allow water, allow development on lands that you know one day can be flooded. there's lots of different ways to do that whether it's set back levies or restricting development. it's a hard call, and i think people get come place sent until they realize there could be an extreme weather event, the situation we've been in for most of this year. >> host: what is the budget for the army corp. of engineers for this response in itself? do you know how much the corp. is spending? >> right now, we're using or available funds under emergencies, and we've spent right now around $30 million, but that's for all the flood efforts, and that's everything we've done this year for red river, mississippi river, missouri river, everything that's been affected, but the amount of work is yet to come. you know, once the flood is over, we have to look at what needs restored, how do we doe that? how do we get set up for the season next year? with everything under water, we don't know the answer to that. that's ahead of us. >> host: ask for emergency supplemental to your budget? >> guest: we have to look at what we have and look within the administration of what makes sense? how do we respond? what type of work do we need to do next? right now, we have to deal with the flooding. we have several weeks ahead are with high waters. >> host: william, go ahead. >> caller: good morning. as yo know, as a native of new orleans we look at all of these events throughment prism of katrina. i had 10 feet of water in my house, been able to get my house back, but there's a great fear, and that's -- that has not begun to crush the anxiety present especially with the mention of water. used to be hurricanes, and now it's flooding. it's great the spillway started to be opened, but certainly the other areas such as the surrounding areas i think that many people here sell officially are not -- selfishly are not. this process is done sooner rather than later and this is not a political matter, but an event that affects us as people and we hope there's a greater level of cooperation this time than there was with katrina. >> guest: thank you for your call. i lived in new orleans twice, and i spent the last four years there heading up the hurricane construction program and just came to washington, d.c. recently, so i understand the caller and how people feel and a lot of my friends and coworkers went through the same type of things that james has. you know, the u.s. army corp. of germings, we are engineers, and everything we do is considering the science and the technology, the river stages, the states of the levy systems. we have to put that together and make the best decision that we can, and we work closely with elected officials because they need to know. they need to know what we think, how to make decisions, and so forth, but as we go through all of that, we end up making the decisions as the really the nation's federal engineers that owns these systems. >> host: bakersville, california, jim, you're next. >> caller: yes, good morning, ladies. the first question i wanted to ask was i was reading an article about the army corp. of engineers incorporating climate change data to see about how -- whether or not our system is set up for the new climate, and then the other question is that our levy system here in california is just -- it's a disaster waiting to happen as well as here in bakesserville. we have like isabella and the dam is just a terrible dam getting ready to break. we've had record snowfall. i was wondering when you guys are going to repair the dam? are you going to do it before it floods my house? >> guest: you asked several questions. one time in my career, i spent several years in sacramento working throughout the california area as the chief of construction operations for the chief of engineers sacramento district, so i'm familiar with the areas you mentioned. a couple of things. first on climate change, one of the things that katrina taught us is we went back and we've completely revamped our design standards especially in coastal areas, and as we are redesigning the systems, in particular, the hurricane system near completion in new orleans, a climate change is part of that design as we try to project how high and how broad levies and flood walls have to be and so forth. that's a changing art that we are actively doing. second thing is in california, which has a very delicate levy system and all types of matter of seepage problems, and in some places it's very complex to figure out where vegetation makes a difference or not in terms of the levy. that's another lesson learned we've been applies and working closely with the state of california to see how the levies need to be improved, and then for -- this was not just true in california. it's really true in a lot of places across the nation. you mentioned us -- isabell arks ave an active dam safety program. the essential core of engineers, all looking at things this way. isabella is one of these projects. it's taking time to see what the scope is on how we improve it and so forth. we are working on that right now. >> host: this is a map of across the state where there are levies in the different states. we're showing the viewers california, quite a bit of green there to show the counties with levies in that state. let's go to michigan, david, go ahead. >> caller: yes, i have a question. all of this problem is concerns about when our supposedly smart forefathers decided to live on the river. the good lord created these places with natural floodplains and we let people build on them. i live in an area in the southern part of my town covered by dikes, a natural flood floodplain, and what do they do? dam it up. when the farmers can't afford it, they put ducks on it. when the water comes down, it has no place to go other than which my area is fairly high and don't get it, but the surrounding areas that feed into it, the little towns are flooded because their water cannot go out the natural way. >> host: leaving it there, david. here's a tweet from jim who wants to know shouldn't we rethink building cities and homes near rivers? overflowing rivers is what brought rich soil to the heardland. >> guest: it's a hard decision in society. in this case, we're talking about decades of decisions, so if maybe the decision should have been differently at the beginning of the 1900s to restrict development, but you have people, and people make decisions about where to live, so when you make discussion -- decisions where to live, you have to know the risk. there's always risk no matter where you live, tornadoes, wild fires, our hurricanes, or flooding. folks do need to be as smart as they can about where to live and the local governments that think about development and what are the ramifications for allowing development. that's what we're facing now. there's numerous ways to go about it, but no matter what, it's very hard to make chose smart decisions. >> host: from los angeles, welcome to the conversation, dan. >> caller: thank you. going back for a moment to climate change, it was predicted we would have extreme weather which floods and brings storms. how can we calculate the extent and cost of this extreme weather so that to propose sufficient legislation that legislators have some guidelines. my question is have these calculations been made? who is making them, and who is listening? >> guest: okay, well, i'm not sure of -- again, you asked several questions at one time. i'll speak from the u.s. army corp. of engineer's stand point. we are designing projects and systems. we are using the effects of climate change and sea level rise as best we can in the design criteria for that. in putting together the cost of a project or a program such as the mississippi coastal improvement program, the cost of that program in those effects of climate change as best we can tell are in the cost of that. when we're asking for the appropriation necessary to carry out that work, we have that cost included in it. >> host: morgan city, louisiana, cynthia. >> caller: yeah, i'm calling on some comments. if they opened it, nine times out of ten, we're going under. that's morgan city, all the surrounding areas. we don't even know about sea walls. >> host: i think we lost you there. let's take the point, opening up to the spillway there, what happens to the city there? >> guest: okay, well there's an area that is within that floodway, and there are some structures there, fishing camps there and other dwellings, and, you know, the governor has been out speaking publicly for the last week letting people know that the flooding could occur, and they need to be aware of it and they need to do a voluntary evacuation i think is what he calls it. on our facebook page, we have an inanyone dation map trying to project the amount of flooding that could occur. should we open it up, but also in the area outside this floodway. this is the morganza floodway with smaller towns that would be flooded anyway, but subject to back water flooding. it tends to flow backwards flooding people even more. >> host: again, that website is facebook.com/operation watershed. michael, go ahead. >> caller: yes, i was calling because my husband's oping l, he live -- uncle, he lives out in missouri, closer to kansas, and i was just calling, he's called home on mother's day, and he said that it was still raining out there. i was just calling to find out how much damage they think it's going to do out there? >> host: we'll get an answer. can we predict the damage at this point? >> guest: i don't think we can because we still have high water. you know, folks stay attuned. watch the national weather forecast, see what the weather is supposed to do. looks like we're in relief now, a dry spell. as said earlier, the river crested in memphis so the water is moving downstream and looking for cresting to occur in new orleans and so forth, but with the amount of water out there, it's likely to be into june before it recedes enough and dries out so we know, you know, how the lands and how people were truly affected. >> host: an e-mail from a viewer saying i can't believe in all the years of flooding the army corp. of germings have not built permanent river beds with mechanisms to open and close to lead the over fill from the mississippi and drier states like nevada. blowing up levees sounds so 1900s. >> guest: that's a good question. i have wish i had enough money in the entire universe to do these things. seriously though, there are ways to relieve the pressure of the mississippi through try -- tritributes. there's control structures, natural floodways filling up in the mississippi, but to take it across nevada and arizona, that could be quite a challenge. i submit that's totally redoing the land use in this entire country. it's not something done lightly or easily, but i think the point is thinking about thinking about responsible floodplain management going forward. >> host: talking about the response to the flooding. karen is the operations director there. michigan, tim, you're next. >> caller: hi, thanks for taking my call. hi, karen. >> guest: hi. >> caller: i was just wondering, when you blew the levees in new orleans, were people prewarned there? >> guest: i didn't say that. that's not correct. i know from living in new orleans myself there's a lot of anxiety from what happened with some of the big huer capes in the -- hurricanes in the 60s and hurricane katrina tree that and rita. that one did a lot of damage too. what happened in katrina, the levee system was there breached. we had failures of existing flood walls. when these walls gave way, the flooding had to do with those damaged flood walls. we redone the design calculations rather than just planning for an historic storm, we rebuilt the system designing for 150 storms with nuke rows tracks -- numerous tracks. there's no comparison. i'm happy to say for what we had prior to katrina treen. the systems were partially complete and despite a 12-foot surge, it performed as design. it will take time for people to realize the benefits of the system that's in place now, but it was due to floodplain walls, and we vamped the standards and put a lot of resiliency in there for a 500 year event so if they were topped again with a big enough storm, that system holds. back to the mississippi river flooding, that flooding is another resilient system. where an amount of water, the levees are overtopped and there's back waters that cannot drain out because of the amount of water. we're seeing the system is resill yept. we have our corp. of engineer folks out there 24 hours a day looking for seepage, anything that could be a vulnerable spot, and together with the local levee districts, local authorities, they do a flood fight to detect any vulnerable area with the water up there. this is a 24-hour a day operation. we do the best we can to minimize the effect to the public. >> host: florida, you're next. >> caller: good morning, good morning. i was just thinking about a pipe line with a network running all across the united states that would divert water from the swamps, everglades, death valley and used for irrigation and fires and stuff like that. >> host: all right, maria from florida, go ahead. >> caller: yes, me question is based on a question mark and an exclamation point. i was wondering why if the storms come through the ocean, inland, that why just keep building up and not letting mother nature do its course? >> host: okay, maria. >> guest: i'll answer what i think you're asking. talking about storms from the ocean, tropical events or hurricanes so depending on the water temperature, the symmetry, the conditions of the ocean is the amount of surge or the amount of water we'll see coming into the coastal area. there's a lot of things you can do, you know, to minimize the effect of that surge for people living along the coast. you hear things about elevating buildings and hardening structures and having floor tiles rather than carpet and making sure you board up the vents and wipe does. the best answer is people choose to live in a coastal area, you have to take the responsibility of the risk living there. you have to make the best choices you can to minimize the effect of the flooding when the storms come in. >> host: as the water moves down the gulf of mexico, what impact could this have if any on the oil spill we saw last spring, the bp oil spill 1234 >> guest: first, no impact. this is river flooding. we deal with the flooding, and the restoration efforts though for the environment, you know, for the effect of the oil spill are still going on. there's a big gulf oil restoration task force working in several states still working on the types of projects you can do to restore some of the environmental features as a result of the oil spill. we're talking about, we don't see a connection. >> host: any concern with oil in marshes or washed out into the ocean? >> guest: no, no. there is a concern with the utilities and with the industry and with all of the refineries and everything existing along the river. those are the types of things why you have floodways that you may have to open up so you don't have this widespread impact, you know, to industry, to people, to the major population centers and so forth. >> host: wyoming, mary? >> caller: hi, -- >> host: morning, mary. >> caller: hi. i was thinking all the flood waters you got there, i figure just get one of those pipelines that where all the drought is at and pump it out there. >> host: we talked about that earlier. chris in indiana, go ahead, chris. >> caller: yeah, i was thinking my opinion is the flood that happened in mississippi, the lady made a comment earlier that she wish she had all the money to fix all the things, well, i do too, but, you know, we don't have no money because it's very, very strange that we don't have no money bus we know where it all goes, but when we need help, do we get help? no. we don't get no help whatsoever from nobody. >> host: all right, 2011 budget ask was $4.9 billion overall for the agency. i know you're wearing a u.s. army pen, # why? >> guest: a member of the senior executive service with the army. >> host: the army engineer corp. part of the army? >> guest: yes. we have an up viedble mission -- in-- enviedble mission. we work in this country, but really work all over the world. we have a military mission supporting the armed forces, deployed 2,000 civilians to iraq and afghanistan in support of our troops. i deployed myself as well to iraq a few years ago, so our folks voluntarily go out to do construction on the ground, you know, on the battlefield in support of the nation. we do a lot of humanitarian assistance. we sent folks to new zealand to help out with the buildings affected by the earthquake in chris church. there's another team coming from u.s. army australia to help them with flooding measures at one of their airports. those are recent examples of what we do, so the army corp. of engineers is an army organization that supports the army, but also supports the air force, lots of other department of defense agencies, you know, as well as the civil-type mission we have in this country. >> host: usa today reports there's 37 million so far devoted to the flood fight along the river. baltimore, cynthia, you're next. go ahead. >> caller: yes, good morning. i'd like to say my heart goes out to them people who's involved in this mess that manmade. somebody knew that this was happening and what was going ton happen down the line, so just like he said, there's not good engineers. how can he sit up there looks like he's looking. it's disgusting. >> host: let's talk about the water going downstream, what is the army corp. considering doing, worst case scenarios with levees removed or spillways. we talked about some of them, but as it continues down towards new orleans, louisiana, the gulf of mexico, what's on the table? >> guest: there's a few places we have the ability to influences the amount of water going into the mississippi from the red river. that's why we opened it up yesterday expecting it has all the space open by the end of the week so we are relieving the water to continue down the river. the next place to influence the amount of water going into the areas is the morganza spillway. it is a spillway, gated steel gates, and you open up the gates. we're considering doing that based on the engineering, based on the river stages and the amount of flow, haven't made that decision yet, but that's another place we can do that. >> host: how much warning will the people get? >> guest: people have been getting the possibility of this for the last week, so as soon as we know to make a decision, first it's a very slow operation. in other words, you just don't open up all the gate and the water comes out. you open them slowly so aside from the advanced warning so people have time to get up if they have to, there's also black bear that we have to move, and there's other, you know, animals that live that that need time to move up, so it's a very slow opening, but as soon as we make the decision, we'll let people know so they have time to look ahead and move out and so forth. >> host: why can we only react to disasters? for instance, i read the sacramento levees are in dire need of repair. >> guest: it's all very hard, a matter of national up -- investment and war structure. we look with a lot of other country, and no matter where we are, all the things done in europe, in the netherland with some of my colleagues and in italy and russia, it takes a huge event for people to react and put better systems in place. a lot of the things we are seeing though are results of decisions made decades ago. ..ades ago. the sacramento area does have an area with the levees have been improved somewhat, but they have a long way to go, and that is one of the reasons why california is working closely with us to see what other improvements can be made and how to make them. host: let's talk about the conditions of levees across the mississippi river. what was the condition? guest: the tributary project was authorized in 1928, so we have been working on it for decades. we have a crew that does assessment along the levees. when we get close to what we see as flooding, then we ramp up efforts to look at it further. what we're seeing is the system is in good shape. we have had some areas where we have had seepage. we have been buffing up those vulnerable areas so they will be as resilience as possible with all of the river water that is out there right now, but everything we are seeing shows as the levees are in good shape. we only own about 10% of the levees in this country. it is all hodgepodge of different owners in different states are different conditions. host: do you control them? guest: no, we do not. if they're not in our system, no, we do not. there are a lot of locally- owned levies. they are owned privately by cities or counties. it is a huge network. for people to be able to put the levees up to the standards we would use, in some places that is pretty difficult. that is a lot of work and resources. it is not part of the federal system. again, the corps of officials from apple and google were on capitol hill today to testify about privacy for users of smart phones and tablet computers. privacy advocates recently criticized apple when it was revealed that the iphone collect and store up to a year's worth of location data about their users. google also faced scrutiny for the use of location data in its andrew phone software read you will also hear from justice department and federal trade commission officials at this two and a half-hour hearing chaired by minnesota senator al franken. >> it is my pleasure to welcome all of you to the first hearing of the senate judiciary subcommittee on privacy, technology and the wall. i am sorry that everyone wasn't able to get into the hearing room, but we are streaming live on c-span thankfully and thank c-span for that. and i'd like to turn over to german leahy and thank you for creating the subcommittee and giving me the opportunity to lead. the chairman has a long track record on protecting privacy, and i'm honored to join him in this effort. mr. chairman. >> thank you, senator, and i want to commend you for holding what is a very timely hearing on the privacy implications of other mobile what locations, the first hearing for the hearing on privacy, technology and allow all. and so i thank the senator for his dedicated leadership on the consumer privacy issues as the chairman of the subcommittee. i thank the doctor for his commitment to such issues, too and i appreciate both of them working together on this. throughout the three decades i have been in the senate to work to safeguard privacy rights of all americans assuring our federal privacy laws accomplish this goal at the same time addressing the needs of both law enforcement and america's vital technology industry's boom of my highest priorities is the chairman of the judiciary committee. it's why i decided to establish the privacy subcommittee and i was delighted when senator frank and said he would be willing to cheer it. it's also why am working to update the communications privacy act to read the digital age can do wonderful things for all the fuss but at the same time american consumers and businesses pay stretched to privacy like no time before. with the new technologies, social networking sites, other mobile locations there are of course many consumers. throughout the risk of the privacy like many americans in vermont where we cherish our privacy deeply concerned about the reason for the apple iphone, google and roy, and other mobile locations may be collecting, storing and tracking user location data without the user's consent. i'm also concerned with the reports of the sensitive location information may be maintained in an encrypted format making the information vulnerable to cyberspace and other criminals. in an interview this morning i heard somebody speech from the industry about how this could be a jury valuable thing for them being able to sell information to the various industries for advertising purposes and the amount of money they may make of that. as they are charging the consumer for the use of the phones and they will then make money off of that. when i raise that point they say that they can make them aware of products that might be in the location they go. i say great, we love to get a whole lot more unsolicited eds. so it's more of a one-way street and the recent survey commissioned by the privacy trustee found 38% of american smart phone users surveys identified privacy as the number-one concern when using mobile the applications and they have good reason to be concerned. the collection and use of storage of location and other sensitive personal the information is serious implications regarding the privacy rights and personal safety of american consumers. the hearing provides a good opportunity for us to talk about this and examine these pressing privacy issues and to learn more about it. i am pleased the department of justice and the federal trade commission is here to discuss the administration view of the privacy implications and i am also pleased to represent a google and apple to address the privacy implications of the smart phone, to public and other mobile a applications. and i welcome the bipartisan support the committee for the salmon in the important consumer privacy issues. i look forward to productive discussions again, senator frank ne colburn i think you both for holding this hearing. >> thank you again mr. chairman for this opportunity. i really want this expression of my pleasure doubtful if have the of -- a fundamental shift we have seen and who has our information and what they're doing with that. when i was growing up when people talked about attacking the privacy they talked about protecting it from the government. the talk about unreasonable search and seizure to keeping the government out and the rally's high at hand. from government abuse we've seen the growth from this other sphere of private entities whose entire purpose is to collect and margaret eight information about each. will we tom could we are aware where the average person is not. two months ago to stop 100 people on the street and ask them have you ever heard of epsilon, 100 of them would have said no. i certainly haven't. but suddenly when people start getting e-mails telling them your information has been compromised. don't get me wrong this isn't a bad thing usually it is a great thing. i love that i can use soltani -- google maps and the whether i had application. but there is a balance we need to strike and that means we're beginning to account for the massive shift of power personal information into the hands of the private-sector because the four amendment doesn't apply and freedom of information doesn't apply to silicon valley and while businesses may do lot of things better than the government our government is by definition directly accountable to the american people. if it cannot the dmv was creating a detailed file on every single trip you take in the past year do you think they could go one whole week without answering a question from reporters? this isn't a new trend. 25 years ago a senator named patrick leahy wrote and passed a law called the electronic communications privacy law that talked about government but also contains provisions. 96 privacy and medical records. in 1998 we passed the law protecting children's privacy and 1999 protecting financial records of of dahuk consumers have a fundamental right to know what data is being collected about. we have those rights for all of our personal information. my goal for the subcommittee is to help members understand the benefits and privacy implications of new technology, educate the public to raise awareness, and if necessary, legislative and make sure that our privacy protections are keeping up with our technology. now today in this hearing we are looking at a specific kind of sensitive information that i don't think we are doing enough to protect and its data from mobile devices, smart phones. this technology gives us an incredible benefits. let me repeat that. this technology gives incredible benefits and allows parents to see their kids and wish them good might even when they are halfway aroma of the world. it allows can talk of a lost driver to get directions but the same information that allows the responders to locate as when we are in trouble isn't necessarily information all of us yet reports suggest that the information on network mobile device is not being protected in the late edition be cured in a wall street journal it is a 101 popular applications for iphone and android smart phones found that 47 of the applications transmitted the location to third-party companies and the most of them did this without the user's consent. three weeks ago security researchers discovered iphone and ipad rollin in the latest operating system work gathering information about users locations 100 times a day and restoring it on the phone or the tablet and copying it to every computer. the american public also learned both iphone and android phones were automatically collecting certain location information sending it back to ethel and google, even when people were not using location applications. in each of these cases most users had no idea what was happening and many cases once the user is learned about it they had no way to stop it. the breaches of privacy can have real consequences for real people. a justice department report based on data shows that each year over 26,000 adults are stalked through gps device is on mobile phones. that's 2006 when there was one third as many smart phones as there are today and when i sent a letter to apple to ask the company about its users' locations was the minnesota coalition of battered women. they asked how can we help because we see case after case where a stalker or abusive spouse has used the technology on the mobile phones to stop or harass the victim's. i think today's hearing will show that there is a range of harm that can come from privacy breeches and the simple fact americans want stronger protections for this information as i started to look into these issues in greater depth and realize federal law does far too little to protect this information. prosecutors bring cases under the federal wall and rely on breaches of privacy policy to make their case but many mobile apps don't have privacy policies and some are so complicated they are almost universally dismissed once the maker of a mobile application company like apple or google get your location information in many cases under current federal law the companies are free to disclose the location information and other sensitive information to almost anyone they pleased and they can share it to others again without letting you know. this is a serious problem. and i think that's something the american people should be aware of and it's a problem we should be looking at and before i turn it over to the distinguished ranking member for am i to be cleared the answer to the problem is not ending location based services no one up here wants to stop apple or google from producing the product or doing an incredible thing that you do and i think you for testifying. you guys are brilliant. when people think of the lord burghley and they think of the people that founded and ran your company. no. what today is about is finding a balance between all of the wonderful benefits and the public's right to privacy and i for one think that that is doable. now i will turn the floor over to my friend, the ranking member senator coburn for his opening remarks. >> i wonder if what you have on your phone since the the location just to be forewarned. >> that makes me very frightened. [laughter] >> i would thank our witnesses for being here, both government and outside witnesses transparency in what we do in government and outside government when it's not fiduciary, and when it's not proprietary important for the american people as is the issue of privacy, and rather than making the decision on what needs to change - we need a whole lot more information and knowledge in terms of those of us on the legislative side before we come to conclusions about what should or needs to be done so i'm looking forward to the witness's testimony and with that i will shorten this up and hear from the witnesses rather than continue. >> i think we will begin our first panel now, and i want to introduce them. we have jessica rich from the federal trade commission. she served as an assistant director in the federal trade commission bureau of protection since 19,981st in the division of financial practices and now privacy and identity protection. she previously served as adviser to the year to draft the bureau protection and received her degree from new york university and the undergraduate from harvard university. jason weinstein is the deputy director -- deputy assistant attorney general for the criminal division of the u.s. to part of justice before joining the criminal division mr. weinstein served as the chief of the violent crime section and u.s. attorney's office for the district of maryland he was also an assistant attorney in the u.s. attorney's office for the southern district of new york. mr. weinstein attended princeton university and george washington university law school and understand that your wife is a very pregnant and you may have to leave during your testimony or ms. rich's testimony, and as chairman, there will be fine if you have to. [laughter] so ms. rich. >> [inaudible] let me turn on the microphone. that would help. i am jessica rich director of the federal trade commission bureau of protection. i appreciate you opportunity to present the testimony on mobile privacy. the fcc is the nation's consumer protection agency and privacy has been an important component of the mission for 40 years. during this time the commission employed a variety of strategies to protect consumer privacy including law enforcement, regulation, outreach to consumers and businesses and policy initiatives. just as we have protect consumer privacy in the brick and mortar marketplace on the phone, on e-mail, mail and on the internet we are committed to protecting privacy in the rapidly growing global arena. to ensure the commission staff has the technical practical ability to engage in law enforcement and informed policy development in the mobile space, the commission hired technology to work as the staff to read the agency also has created a mobile lab, the numerous smart fer devices on various platforms and carriers as well as software and other equipment to collect and preserve evidence. in addition, the commission staff has explored the key global consumer protection issues to workshops and reports. what is clear from the work of a series is the rapid growth of mobile product service creates many opportunities for consumers but also raises serious privacy concerns her. these concerns stemming from the always on a always a few personal nature of mobile devices, the invisible collection and sharing of data with multiple parties, the ability to attract consumers including children and teens to their precise location have difficulty of providing a meaningful disclosures and choices of data collection on the small screen. will enforce this of course critical to the consumer protection mission. the ftc primary law enforcement tool prohibits unfair or deceptive practice. this will apply regardless of the company's marketing offline, through the desktop or telephone or using the mobile device. in the commission testimony, we described for weeks in the cases brought under the ftc act that address practices in the mobile reena. two of the cases against to of the largest players in the ecosystem, google and trotter, highlight the efforts to challenge the deceptive claims that underlying consumer choices about how their information is shared with the parties. in google the commission alleged the company deceived consumers by using information collected to you to generate and populate the new social network. the commission's proposed settlement contains strong and injunctive relief including independent audits of the google privacy policies and procedures lasting 20 years that protect privacy of all customers including mobile users. in atwitter the commission charged the serious lapses in the company's data security allows hackers to take over the trigger accounts and a gain access to users as well as their long public mobile phone numbers. as an google, the order per text data but twitter collects through mobile devices and acquires independent audits of the trigger practices in 20 years. if either company violates its ordered the commission may obtain penalties of up to $16,000 per violation. similarly in our ongoing plural litigation the commission of chained a temporary restraining order against the defendant allegedly sent 5 million unsolicited text messages to the mobile phone of u.s. consumers. and in their weaver case the commission alleged public relations company planted deceptive endorsements in gaming applications in the mobile at store. the commission's public law enforcement presence in the mobile lurleen is still that a relatively early stage but we are moving forward rapidly depleting resources to keep pace with developing technologies. the commission staff had a number of mobile investigations in the pipeline including investigations related to the children's privacy on mobile devices. i anticipate many of these investigations would be completed in the next few months and any complaints or public statements posted a website ftc.gov. i want to emphasize by all the mobile reena presents new methods of data collection and new technologies many of the privacy concerns built what the ftc is been dealing with for 40 years it's all about ensuring consumers understand and can control data collection and sharing who ended the day that doesn't fall into the wrong hands. the ftc has the authority experience and the commitment to tackle these issues. in closing the commission is committed to protecting the consumer privacy and the mobile sere to law enforcement and by working with industry and consumer groups to develop workable solutions to protect consumers while allowing innovation. i am happy to answer any questions. >> thank you ms. rich. mr. weinstein. cemex before. i would ask the baby to wait until 11:30 which will probably be the last time it listens to anything i say. >> i think you for the opportunity to be here today. over the last decade we have witnessed an explosion of mobile computing technology from laptops and cell to tablets and smart phones americans are using more mobile computing devices more extensively than ever before. we can now bank and shop and conduct business and social is remotely with friends and loved ones instantly almost anywhere and now more than ever the world is almost literally at our fingertips. but in ways we don't often think about what we say and write and do with these mobile devices can be open to the world the devices are increasingly tempting targets for identity feeds and other criminals said the device is increase our connectivity the also pose the threat to the safety and privacy and those threats fallen to at least a different categories. so the first category is posed by cybercrime roskam cyber stalkers and other criminals to misuse the information that's stored or generated by the mobile device is to facilitate their crimes. from another corner or a read the globe the hacker's work every single day to access the computer systems in the mobile devices of the government agencies, universities, banks, merchants, credit card companies purchased a large volumes of personal information, to steal intellectual property and perpetrate large-scale data breaches of the tens of millions of americans at risk of identity theft. in addition some of these cybercrime will seek to infect the computer summer homes and businesses with malicious code to make part of the baht net in network of companies computers under the remote command and control the criminal or for an adversary who can capture every keystroke, every mouse click, password, credit card number and e-mail the we send. smart phones and tablets are in a real sense mobile computers and the link, the line between the mobile devices and personal computers is shrinking every day so these devices provided another computing platform for the cyber criminals to target the infection by malicious code. unfortunately americans were using devices separate from extensive invasion of privacy at the hands of the criminals almost every single time they turn on their computers. one of the department of justice commissions is protecting the privacy of americans and prosecuting criminals who threatening and finally the privacy to read through the dedication of the prosecutors and agents we've had a number of enforcement successes including most recently the operation in connecticut to disrupt what was believed to have an effect of over 2 million computers worldwide. as mobile devices become more prevalent in store more and more personal information about users we should expect there will be increasingly targeted by criminals. it's critical their formal enforcement has the necessary tools to investigate and prosecute those crimes which are against the privacy of all americans. the second category of the threats to privacy comes from the collection and disclosure of location information and other personal information by providers themselves. the situations may or may not be appropriate for criminal investigation prosecution. it depends on the circumstances. some may be addressed in the regulatory auction and as we evaluate we must carefully consider the clarity and scope of the privacy policies and other user agreements that govern the relationship between providers and customers. the third category of threats comes from criminals use mobile devices to facilitate all sorts of their own crimes from traditional cyber crimes and violent crimes like kidnapping and a murder as technology evolves it is critical that law enforcement people to keep pace. we must get and prosecute crimes successfully and to identify the perpetrators. what we used to call putting fingers of the keyboard and which i guess we should now call putting fingers on the touch pad. this kind of identification was already a challenge in cases involving more traditional computers where data critical to investigate the cyber criminals and child predators and other malicious actors has too often been deleted by providers before law enforcement cannot attain through the lawful process. but challenges even greater in cases involving mobile devices. although we increasingly encounter suspects who use the smart phone and tablet as they would computer many wireless providers do not maintain the record as retrace the address back to a suspect smart phone. the records are an absolutely necessary link an investigative team that leads to the identification of a suspect. thank you for the opportunity mr. chairman to discuss the challenges the department sees on the horizon as americans use of smart phones continues to grow and how the department works every day to protect the privacy of the users of computers and mobile devices. we look forward to continuing to work with congress as it considers these issues and i'm pleased to answer your questions. >> thank you. ms. rich, in the ftc's december, 2010 consumer privacy report, the commission states that certain kinds of information is so sensitive that before any of the data is collected, your store shared, companies should seek, quote, expressed affirmative consent from a customer. you identify for categories of data that are this sensitive. information about children, financial information, medical information and precise location data. first of all, why does the ftc think the company gets or shares your location information they should go out of their way to get your consent? >> we identify those categories because the misuse of the data can have real consequences for consumers, so in the case of location data, as you mentioned and your colleagues mentioned, it can -- if it falls into the wrong hands it can be used for stocking. teens and children have a lot of mobile devices and so we are often talking about teens and children information and their location. location can't just tell you where a person is a particular time. it's collected over time and you can also know what church somebody has gone to, what political meeting they've gone to, when and where they walk to and from school, so that is sensitive data that require special protection. >> when i use my smart phone, a lot of people can and do get a hold of my location, my wireless company, companies like apple and google as well as the mobile labs that i have on my phone. my understanding is that in a variety of cases on the current federal law each of those entities me be free to disclose my location to almost anyone devotee please without my knowing it and without my consent. is that right? >> that's right mr. chairman. the statute made reference to the pitcher manly he wrote 25 years ago does provide in the instances that covers the provider and that is a separate question it places a great deal of restrictions on the ability to share that information but virtually no legal restriction on the ability to share that with other third parties. there may be types of restrictions you're talking about other than location like health care data covered by other particular privacy laws but if you talk about location data there is no restriction. the company is not covered that is it's not considered to be an electronic communication provider or provider of the service there's no restriction at all. the company's free to share with whoever they want. mr. weinstein, one of the features of the mobile market is you have a lot of different entities and developers, advertisers, companies like apple and google with large amounts of information about cruisers. outside of any assurances they make to the customers or the requirements of financial records to the companies in this have to meet certain data security standards? in other words, what is to prevent them from getting hacked >> i'm not aware mr. sherman of any legal requirement that the company that is in possession of your personal data whether we are talking about location data or financial data or other data buffer e.u. longline, secure that data in any particular way. my understanding is that essentially is a decision made by the company based on its own business practices and assessment of risk. one of the arguments that you often hear when we talk about the data retention because there's also no requirement the company maintains data for any particular length of time and impact the ability to investigate and solve crimes and when we talk to privacy groups about the need for data retention for some reasonable period of time to get the data it needs to protect privacy what you often hear is if the company's are required by law to store the data for some length of time that will put them at greater risk of being hacked and it's an open question certainly not one for the congress to consider whether it is appropriate to impose requirements that the data be secure in some way to reduce that risk. >> thank you. before i turn to the ranking member i want to introduce a few key pieces of testimony into the record and introduce joint testimony from the and so the coalition and the network to end domestic violence and testimony for the national victims of crime and health and law enforcement can use this technology it also cites the case is both stalked by their partners through their smart phones. these are extreme cases but i think there is no clear statement on how this technology presents clear benefits and also very clearly privacy threats and how we need to be very careful in the space and would like to turn to the ranking member senator coburn. i hope he will hang around and listen to the second panel life and is in congress a lot of times we talk past each other and when we are observing us talking past each other we learn something if we are an outside observer and when we hear both sides of this today it will actually accentuate the ability to solve the problems in front of last threat i want to thank you for your testimony and have a question directed to both of you and i'd like you to just individual the answer to both of you demonstrated that under the surgeon law as we have on the books today you can do a lot in terms of addressing the privacy issues. my question for you is in your opinion, what else do you need in terms of statute to actually facilitate your ability to protect the privacy of the individuals in this country without diminishing the benefits we're seeing from this technology? the legislation in this area in your report. we did discuss some key protections we think should be applied in the industry, across the industry including mobil the we believe would protect privacy while also allowing innovation to continue, and that first is basically companies should have private designed meaning the very early stages of developing products and services they need to give privacy serious thought so they develop the products and services in a way that maximizes safety to consumer data. that means not collecting more data than is needed, not maintaining it walker then it's needed, providing security for it, making sure it's accurate. those things if implemented early can be done in a way that still permits innovation and the business function. >> can you do that through regulation now? the demand for regulation? >> we used section 5 of the ftc act that is unfair deceptive practice to bring enforcement against companies under certain circumstances that don't do those things. the second piece is streamline and easy to use choice for consumers and that would be streamlined making it easier particularly important on the mobile devices where we have seen we don't see the privacy policy as it was mentioned in "the wall street journal" article and when we do it may take 100 clicks to get through the terms of service to find that we would encourage the use of icons and ways to make it easier to exercise choice about things like sharing data with third parties. >> like riding in plan hinglish? and then the third pieces of course greater transparency overall which means it to have privacy policies they should be written in a simple way so they are able to compare and potentially a consumer should be able to access the data companies have on them. as we believe it's implemented those protections what achieve greater protection and also allow innovation. >> the question i would have for you is do you have the ability to implement that now under the ftc? >> those are policies some of which can be implemented under the ftc act in some are forward-looking. >> would you mind submitting which are rich so that can guide us in addressing where we think we might need to go? mr. tribble? >> senator coburn, if there are four or five things the justice department thinks the congress should consider but most are not particular to mobile devices. the reason they are not all specific to mobile devices is think it's important for the prospective the threats you see in terms of cybercrime is on mobile devices are just new variations on old problems. when someone puts now we're in your computer because the attached to an e-mail that is a threat. if someone uses an android as a does this old school cybercrime with of the technology so what we need to protect the privacy is the same to be able to fight cybercrime generally. that being said, number one, there are a number of further fixes to 10:30 you can be on that contained in the identity theft enforcement restitution act we believe are appropriate and would strengthen penalties and deterrents and make sure there's more significant consequences for cybercrime. we anticipate they will be a part of the cedras security package which i told center white house a month ago was eminent in that it is to hook these instead of weeks and the cyber stalking statute requires currently that and the defendant be in different states and that hampers the ability to use the statute. cyber stalkers are people harassed or cyber or other means write down the street not necessarily across the state lines. ford is data retention. we think that there are ought we don't have a specific proposal there are undoubtedly a reasonable period of time that congress can require providers to maintain data to solve crimes against policy that balances the need of the law enforcement and privacy and industry. the fourth is the data for each recording. as we see every week we see a new article in the newspaper about another significant breech with this sony or epsilon and it highlights the fact that there's no legal requirement federally although there's a number of steve laws there is no comprehensive requirements that require state and supporting to the customers or law enforcement. the fifth which is mobile devices the one i alluded to in my remarks and that is among the data that isn't even maintained kalona retain this data that would allow us to trace back the address for the smart phone at the time that a criminal conversation or criminal conduct occurred. the last piece, and then i will stop, is not a particular proposal but something we encourage congress to consider because privacy generally. as i alluded to there are no legal -- there are sycophant legal restrictions on the ability to share data with law enforcement and there are no restrictions certainly on the ability to share the information for any purpose other wise and they wish to consider whether the problem starts that balance with the privacy balance in the consumers and providers engaged in commerce with. >> thank you, senator coburn knute and the chairman. >> mccaul i'm going to be introducing a bill very shortly to update the electronic kuran occasions privacy act. i think it's a very important act and it doesn't apply to the mobile a applications currently available, and that can be bad for consumers and also for the law enforcement. let me just point out the privacy requirements apply to the providers and other electronic communications service providers or remote computing service providers but if google or apple or other application providers collect data they might not fall into either of the definitions am but that would mean the government could obtain the location of the sensitive information collective without getting a search warrant i would mention the search warrant information earlier when i spoke the might be able to do it without. does this apply the providers over the changes we should make. speed the answer i would give is the same answer if you gustnado but mobil a petition providers but about verizon or google or apple for that matter as companies provide a broad range of services they may be pursued a provider of electronic communication for one service it provides remote computing service for another prevoyance some other service it provides commesso a company like verizon is its communications services it would be a company like apple might be for the mobile backup service google might be for the global box and it would be four congenial. soa mobile of provider could be neither one. a lot of it depends on not the nature of the company with the nature of the particular service. >> does that mean we have a gap we should be addressing in the new legislation? >> as they expand the range of service there are going to be gaps and companies or their more traditional or newer companies that provide services that don't fall in one of the two categories, and so why don't have a particular proposal but we certainly would be happy to work with you to explore where the gaps are and how they should be filled. >> i suggest something where law enforcement come and get all this information without a search warrant, without going through the court? >> company is not covered and then we can get the stored data using a subpoena or other legal process in search warrant wouldn't be required to read in most instances. >> you mentioned sony and the breach which as i read more and more about its more and more frightening. on three occasions the judiciary committee has reported a comprehensive data privacy and security among other things establishing national standards for notifying consumers about data breaches involving their personal information to get this passed. but if there's been a data breach you wouldn't have to rely on the good grace of the company as a result of the breach. the security breaches so that they could look at whether it affects our criminal law ways and national security and i will ask ms. rich is similar question. >> its vital oil law enforcement if we don't know about a breach we can't investigate and if we find out too late and begin investigating the trail may have gone cold. there are as i think you know 47, 46 or 47 stat laws the breach reporting but only if you require the victim to low - delete comer for the law enforcement. some of our biggest identity theft cases which i testified in front of the crime of the community a month ago, were made possible because we got early reporting from the companies and good cooperation from the victim companies through the investigation and the was critical to follow the trail and find the hackers and the people who stole personal data. the two things the law enforcement needs to be able to have a shot at making the cases are prompt dictum reporting and if there is customer notification we certainly should be the opportunity to delete the notification where appropriate if they need to dictate. but we think that a breach of reporting is vital to our jobs and we anticipate in this that there be a did a breach proposal that's maintained in it. >> ms. rich? >> the ftc has long supported legislation to require the the the breach notification and data security. we play a complementary role to the department of justice in that they pursue the hackers, the militia folks who get the data, but our perspective is it's extremely important to also shore up the protections of those companies that have the sensitive data. it's always going to be criminals but it's important that companies secure themselves so they are not easy targets and we believe legislation requiring the notification and security is vital to that mission. >> thank you. and again, chairman frank and i think you for holding this hearing. i think it's extremely important, and i would want to some budget matters now but i appreciate -- >> please do that. thank you mr. chairman. cementer blumenthal? >> thank you, senator frank and for your leadership and again, senator leahy for your championing many of the privacy issues over decades literally and provide a model of that kind of leadership for us. and i want to thank the witnesses for being here also apple and google and the consultants that we have in this profoundly important hearing, and what ever the kind of challenging questions we may ask i would hope that we are all on the same side of this cause because right now what we face in my view is literally a wild west so far as the internet is concerned. we can debate the legal nice and technicalities of the ftc statute that prohibits unfair and deceptive practices don't provide the kind of targeted enforcement opportunity that i think is absolutely necessary, and i know the department of justice is going to be seeking additional authority which is absolutely necessary in this one area pertains to young people, children, which we haven't discussed so far today but which obviously raises very discreet and powerful and important issues so let me begin with ms. rich. do you think the present statues sufficiently protect children who are 13 and under when we talk about marketing, vocational information, other kind of privacy issues? >> we do have a very strong law. the act applies to children 12 and under. and we are undertaking a review of that right now and haven't reached the result. one of the reasons we are reviewing is to see if it's keeping up with of the technology and we haven't reached the end of that but in the workshop we had on that there was a fair amount of agreement from industry and consumer groups alike that that statute is sufficiently flexible to cover a lot of the mobile technologies and activities across the broad swath of technologies. >> and do you agree mr. mr. weinstein? >> my 4-year-old is better with my iphone than i am and it's terrifying to think about what threats, online threats will be of there by the time he's old enough to be using my iphone with permission. and so i think that as we move into this space in the legal changes we made the technology neutral and one of the geniuses is it's been able to be flexible and adaptable free period of 25 years the technology changed but i do think that anything the congress can do to protect kids in particular in this space is a worth the effort. >> let me ask ms. rich, referring to your description of privacy by design. in addition to the requirement that senator leahy is supporting that there be a notification and i strongly support the requirement. i can get as a basic fundamental protection. shouldn't there be some requirement that the company's design and safeguard this information when they structure the systems? and also potentially liability if they fail to sufficiently safeguard that information. liabilities we provide incentives for companies to do the right thing. >> absolutely. 34 cases against companies just in the last five or six years against companies that failed to secure data and we believe it is vital to hold companies accountable for that. >> what about the private runback? >> the commission hasn't taken a position on legislation or by the reduction to this gimmick because we have testimony from professor john savage of brown university, who said to us, and i'm quoting, computer industry insiders have solutions to many cybersecurity problems but the adoptions are weak because the security is expensive and there is no requirement 80 adoptive until the disaster strikes to estimate what me correct something said. the commission has taken a position on the the security threat i was a little confused by the question. we strongly support data security absolutely, which includes civil penalties. >> thank you. >> my time is expired and i will be submitting some additional questions for the record. thank you both. >> senator whitehouse. >> thank you, chairman franken. a quick question, both of you have had a chance to look into you might call it the dark side of the internet, the dark underbelly of the internet, and you were also -- you use it and have families who use it so you have the experience of the regular american dealing with the internet and a certain measure of confidence in it and have a heightened awareness based on your professional obligations. based on that, how well informed do you believe the average american is about the danger and hazards that lurk out there on the internet, and is it significant in terms of things as simple as willingness to download patches and get up to date with commercial technology to protect yourself, setting aside other responses the public might have if they were well informed. can you quantify a little bit how well-informed you think the average american is that these risks. >> we believe that consumers have no idea of early years of sharing that go on behind the scenes. so, for example, many consumers may like the location services and they may want to share their location information to obtain them. what they don't realize is that their location data as well as the vice be flowing into service providers, advertisers, to all sorts of other parties in the chain, and we believe that that's why when a certain high-profile security breaches have been its companies like epsilon who were service providers behind-the-scenes people were shocked because they have no idea that their data was there. >> i think with the large population that we are talking about, i think that there's going to be great variation but i venture to say that this is based on the professional and the vast majority of people are not as informed as they should be and if nothing else comes out of the heightened awareness that apple and google media frenzy has created and the subcommittee interest has generated i think will be the people focused more on these issues. the fact is in these situations not the criminal enforcement matters but the highlight the need for everyone to be more vigilant. providers can take steps to make sure their user agreements and privacy policy transparent. >> if you don't mind, earlier in common use it the traditional dichotomy if you will between the legitimate communication or application and something that is infected with mao where and is a law enforcement problem if it could be discovered. we are now in a new area kind of between the two where the product might actually be something that doesn't doesn't describe. it 21 everywhere to the canary fast food restaurant and say come on in for a big mac or whatever it may be. and that might be something somebody else would want to read it also might be something somebody would really not wanted all. i think part of the concern here is if you're living an application for example launch a smart phone you know that you are loading one dimension of the act. you don't know what else is being attached on to that, and what should the ftc be doing in a way of the disclosure requirements to make sure that when you load a nap, whoever put that out on the menu for people to choose has fully disclosed that all of the elements are in it and it's not just a trojan horse to attract you with a particular thing when its real purpose is to find out information about the cells. where are you in terms of getting that transaction overseen and with the rules are by what to call privacy by design in your earlier statement. .. >> they pull information off the whole device and share with third parties. that's the privacy by design piece. >> from your point of view, the trojan horse analogy for some apps is a fair one? >> yes. >> okay. thank you. >> thank you, senator whitehouse, and i have one more question for ms. rich and the ranking member has one more question. ms. rich, in your testimony, talking about the screen and signing off on privacy agreements or -- anyway, in your testimony you emphasize the ftc's ability with accepted trade practice and when an iphone user activates a phone, they have to great to a software license agreement, and that tells users they can withdrawal their consent to apple east collection of information at any time by turning over location services button on their phones. i'll add a copy of that agreement to the record. as a turns out until a week ago, turning off the switch did not stop the collection of location information by apple, so i guess my question to ms. rich is is that a deceptive trade practice? >> well, i can't comment on a specific company's practices, but i can say if a statement is made by a company that is false, it is a deceptive practice. similarly, as we've shown in our cases, if there's a misleading statement and some sort of disclaimer in fine print, that could be a deceptive practice. there's a lot we could do under our deception authority to challenge the types of practices you're talking about, although i'm not going to comment on the specific company. >> thank you. ranking member? >> mr. chairman, i just have one comment. we have to be very careful on this idea of security because the greatest example i know is we spend $64 billion a year on i.t. in the federal government, and on top of that spend tens of billions on security and we're breached daily. we should not be asking the standard that ce can want even live up to at the federal government, so the concern is an accurate one, but i think we have to work on what that spharnd would be, whether it's a good faith effort or something, but to say somebody is liable for a breach of security when we all know, almost every system in the world can be breached today, we need to be careful with how far we carry that, and that's all add. >> we agree there's no such thing as perfect security and used a reasonableness standard. many of the types of practices that would prevent breaches are things like not collecting more data than you need. >> yeah, i agree. >> basic. >> senator, another question? >> yeah, just to follow up on senator coburn's observation. as with any liability or accountability, legal responsibility, there's a duty of care, and that duty of care can impose reasonable measures that common sense or technology would provide the means to do, and so i guess my question is why not some liability to ordinary consumers imposed through federal law that would impose accountability for a standard care availability under modern technology with the kinds of reasonable approach, sensible responsibility? >> yes, senator, we agree with you. in the data security sphere, it's reasonable security. it's having a good process assessing risks and addresses those risks. it's not perfection. >> and why not also require remedy in the case of a breach where that kind of accountability is imposed, for example, insurance or credit freezes, credit monitoring, as a matter of law so that what is increasingly becoming standard practice is imposedded on all companies, even provide the incentive to do more? >> absolutely. that's important both to address what's happened to consumers and provide effective deterrence. >> you agree mr. feinstein? >> i'm trying to stay in my lane, but i'll make the general observation. there is no perfect system. cybersecurity, true cybersecurity requires a multilayered approach, requires laws that breaches be reported. it undoubtedly requires providers to take as much of an effort to protect their systems, requires some public-private partnership, and i think the proposals that will be in this package you'll be receiving address that issue and it requires, i think, better work by everybody involved. >> well, we look forward to the package, and to the package that you'll be receiving in hopefully a very short time. thank you. >> thank you, senator, and i want to thank ms. rich and good luck, and congratulations with the new baby. we'll now proceed to the second panel of this hearing. i think i'll introduce our panel as they are making their transition to the table just to move things along. well, maybe i'll -- seems to be a little chaos here, a little -- we'll take a little moment of pause to think about the first panel and all the issues that were raised and thoughts expressed. [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] all right, now i'd like to introduce the second pam of witness -- panel of witnesses, and i thank you all for being here. ashkan soltani is a technology researcher and consultant specializing in consumer privacy and security on the interpret with more than 15 years of experience as a technical consultant to interpret companies and federal government agencies, most recently, worked as the technical consultant on the "wall street journal's" what they know series investigating digital privacy issues, has a masters' degree in information science and a ba in computer science from the university of california san diego. justin brookman is the director of the project on consumer privacy at the sent r for democracy and technology, also the bureau at the new york attorney regime's office and the internet bureau is one the most active law enforcement groups working on interpret issues. he received his jd from the new york university school of law in 1998 and his ba in government and foreign affairs from the university of virginia in 1995. dr. bud tribble is the vice president of software technology at apple. tribble helped design the operating system for mac computers, the chief technology officer for the son netscape alliance earning a ba in physics at the university of california san diego and an md and ph.d. in biophysics and physiology at the university of washington seattle. alan davidson is the drekder of public policy for the americas at google, previously associate directer for the center of democracy and technology and a computer scientist looking at alan and hamilton where he helped design information systems for nasa's space station, freedom. he has an sb in math mat ticks and computer and an sm in computer technology from mit and a jd from yale liewl. jonathan zuck is the president of the association for competitive technology representing small and mid-sized information technology companies before joining act, zuck spent 15 years as a professional software developer an an i.t. executive. he holds a bs from john hopkins university and a masters in international relation from the school of advanced international studies of the jap hopkins university. i want to thank you all for being here today. please give your opening statements. we'll start from my left and your right, mr. ashkan soltani. >> chairman franken, ranking member coburn, distinguished members of the subcommittee. thank you for the opportunity to testify today. my name is ashkan soltani, a technology researcher and specialize in security and privacy on the internet. i represent my own views and not my previous employers. mobile devices are powerful computing machines, but mobile devices introduce unique privacy challengers. consumers carry phones with them from their homes, offices, day care, to the store. a devices location is determined by gps, information about nearby cell towers and access points and other tech necks. while the accuracy varies, the results insights are sensitive and personal in all the cases. the trail of the where abouts over a course of days, it's easy to know br you work, live, and play and that reveals who you are as a person and how you spend your time. this is why many consumers are surprised by the stories of how their mobile devices correct their location information and other data. with the exception of gps, exposes that information to multiple parties. it includes wireless care, at&t and verizon, google, and even the content provider delivering the information about the location. researchers including myself confirmed smart phones send location information quietly in the background to apple and google servers effectively even when the device is not used. the collection happens automatically unless the user is made aware of the practice and elect to turn it off. it's a default behavior when you purchase the devices. they keep a copy of historical location information on the device. until recently, apple's iphone retained your location history for about a year, storing security on the phone and any device the computer was backed up to. anyone with access todd file would be able to obtain a record of your location and there's no way to disable it. many mobile smart phones platforms like apple allow third parties to develop applications for the device, productivity software, e-mail, facebook, and, of course, games. as reported in the "wall street "wall street journal" last year, many apps transmit location information and unique identifiers to the outside parties. if a user opens an app, not only does the app learn information about the user, duh the down treem partners. this is surprising to most consumers since they don't have a relationship with the downstream partners. this information isn't limited to just location. upon installation, many apps have access to a user's numbers, text messages, and locations. disclosure about information are ineffective or completely absent. many are vague or too confusing to understand, and they rarely mention specifics about data retension or information sharing practices, things we care about. nowhere near half the apps lacked policies. to conclude, in order to make meaningful choices, consumers need to increase transparency on who is collecting information about them and why. clear definitions should be required for sensitive categories of information like information and other identifiable information. software developers need to provide consumers with meaningful choice and effective opt-outs allowing consumers to control what information they share for what purpose. only with trust and control can consumers take full benefit of what these mobile technologies have to offer. thank you for allowing me to testify, and i look forward to answering your questions. >> thank you. mr. brookman? >> thank you very much. thank you for the opportunity to testify here today. there really could not be a more timely topic for the first hearing of the subcommittee than the issue of mobile privacy. consumers are enthese yays tickly embracing these devices and offer an array of functionality making our lives better. however, many of the issues frustrating consumers in the online space are height ped in the mobile environment opposed to websites, apps access a far broader range of information with content information, access to a camera or microphone and precise location information. at the same time, the tools that consumers have to see and control how apps share their information are weaker than the web. i've been invited here today to discuss the existing laws that govern data and whether the framework is adequate to safeguard consumer information, and the short answer is no. there is no comprehensive privacy law in the united states. there are a few sector specific laws that govern relatively small sets of consumer information, and in the mobile space, it's fair to say there's a patchwork data system that applies laws, but does not offer meaningful protections. there were protections over consumer data, the communications agent and the associated rule are required carriers to get customer's permission to sell information around phones with who you can call and whatnot. however, a cell carrier branched out with data plans and they did not extend rules to the information services leaving the treatment of information about the new use of mobile services unregulated. furthermore, the rule never applies to most of the players in the modern app phase like operating system and providers and app makers and others. it's expanded the relatively narrow rules which at wop point effectively covered everything and no longer offers protections for consumers # in the mobile space. there's more statutes that apply and do not consistently protect consumers here. one of the privacy acts we discussed that covers government access to information but has protections around certain companies. unfortunately, the definitions of the law were written in 1986 well before the modern app ecosystem developed and it's covering some apps, but not all or extend to apple or google. the law does not map well mobile privacy issues and not consistently. if it did apply to all the players without additional rules or require transparency, companies could just bury permissions to share data. timely, some tried to apply criminal issues to privacy issues. last month, it was reported the u.s. attorney from new jersey was investigatinging apps for transmitting information bout accurate disclosure. i'm sympathetic to the goals. i think it's not the ideal approach to view this as a broad criminal statute designed to combat hacking and protect financial information and protect privacy. i mat not like when companies share my information and that should be protected by law, but i don't think people should necessarily go to jail for it. assuming none of the laws apply, the tfc's prohibition of unfair practices. the ftc fought cases in this area, but the bar is still very low. it's merely companies can want affirmatively lie how they treat your data. many company's response are not to make recommendations at all and why policies are legalistic and vague. how companies get in trouble is make a statement on what they are doing. the mobile space as emphasized, many app makers only a small percentage offer a few privacy statements at all. it's not possible to now how the data is stored an shared. we want a privacy law requires companies to say what they do with data, to give choice around secondary transfers and secondary uses and get rid of it when they are done. furthermore, for sensitive information with religion, sexual sexuality, and health. we believe an enhanced regulation of the principles include k opt-in consent should govern. thank you very much for allowing me to testify, and i look forward to your questions. >> thank you, mr. brookman, and by the way, for all of you your complete written testimonies will be made part of the record. mr. tribble? >> good morning, chairman franken, ranking member coburn, and members of the subcommittee. i'm bud tribble, vice president of software technology for apple. thank you for the opportunity to further aplain apple's approach to mobile privacy, especially location privacy. i'd like to use my limited time to emphasize a few key points. first, apple's deeply committed to protecting the privacy of all of our customers. we adopted a single comprehensive privacy policy for all products. this policy is available from a link on every page of apple's website. we do not share personally identifiable information without our customer's consent and require all third party application developers to agree to specific restrictions protecting our customer's privacy. second, apple does not tract user's locations. they have never done so or have plans to do so. our customers want and expect their devices to quickly and reliably determine their locations with shopping, traveling, or finding restaurants. using a phone's location using just satellite takes minutes. iphones can use cell tower location data on the phone in come combination by which is sevenble by the iphone. apple main tapes a secure crowd source data base con tapes information with known location of towers and hot spots that apple collects from millions of devices. it's important to point out during the collection process, an apple device does not transmit data associated with that customer. this information is used to determine the location of cell towers and wifi hot spots for the crowd source data base. third, by design, apple gives customers control over collection and use of location data on all devices. apple built a master location services switch into the ios operating system making it extremely easy to back out of location services. they are switches off in the setting screen. when the switch is turned off, the device will not collect or transmit location information. equally important, apple does not allow any application to receive device information location without first receiving the user's consent through a popup dialogue box. it is mandatory and can want be overriden. customers may change their mind opting out of services for individual applications at any time with on-off switchesment. carnets can use -- parents can use controls to prevent their chirp from accessing certain apps. we respond quickly and dlictly to concern -- deliberately to concerns that arise. there's a place where we store and use the crowd sourced data base. the purpose of the cache is to allow it to reliably determine a location. they are addressed in detail in my written testimony. i want to reassure you that apple has never tracked an individual's actual location from the information residing in that cache. furthermore, the location data on the iphone is not the past or present location of the iphone, but rather the location of cell towers surrounding the location. apps do not have access to the cache on any phone at any time and the cache was not encrypted, it was protected from access by other apps on the phone. moreover, cache location information was backed up on a customer computer and may or may not have been encrypted, depending on what the user settings were. while up vest gaiting the cache, there was a bug that caused the cache to be updated from the crowd source services even when the switch was turned off. this was fixed and other issues including the size and backup of the cache were addressed in our latest free software update released last week. in addition, if our next major software release, the location information stored in the device's local cache is encrypted. let me state again apple is strongly committed to give issue customers clear and transparent notice, choice, and control over their information, and we believe our products do so in a simple and elegant way. we share the subcommittee's concern about the collection and misuse of my customer data, particularly location data and appreciate this opportunity to explain our approach. i'd be happy to answer any questions you may have. >> thank you, mr. tribble. mr. davidson. >> thank you, senator franken, senator coburn, and members of the subcommittee. thank you for this opportunity to testify at this important hearing before the new subcommittee. mobile devices and location services are now used routinely by tens of thousands of americans and create enormous benefits for the society. those services will not be used, and they can cannot succeed without consumer trust. that trust must be built on a sustained effort by our industry to protect use of privacy and security. with this in mind, at google, we made our location services opt-in only treating information with the highest degree of care. google focuses on privacy protection throughout the life cycle of a product starting with the initial design, the privacy by design concept discussed at the last panel. we subscribe to the view by focusing on the user, all else will follow. we use information where it provides our users and use transparency and security. we are particularly sensitive with location information. as a start, on our android mobile platform, everything is opt-in. here's how it works. when i took my android out of the box, the first screen asks me in plain language to affirmatively choose whether or not to share location information with google. a screen shot of the process is included in the testimony and on the board over here. if the user doesn't choose to turn it on at setup, the phone will not send any information back to google's location servers. if they opt in, if the user opts in, all information is anonymous and not traceable to a specific user or device and users can later change their mind and turn it off. beyond this, we require every third party application to notify users it's accessing location information before the user installs the app. the user has the opportunity to cancel the installation if they don't want information collected. we believe that this approach is essential for location services. highly transparent information for users about what is being collected, opt-in choice before the location information is collected, and high security standards to protect information. our hope is that this becomes a standard for the broader industry. we are doing all this because of our belief in the importance of location based services. many of you are already experiencing the benefits of the services, things like seeing realtime traffic, maps for your commute, finding the local gas station, and it's not just about convenience. these services are lifesavers. they can help you find the nearest hospital or police station and where to fill a prescription at one in the morning for a sick child, and we only scratched the surface of what is possible. for example, google is working with the national center for missing and exploited children to explore receiving amber alerts to those in the vice president-elect of the alert, and others may be able to tell people in the path of a storm or guide them to an evacuation route in the hurricanes. these promising new services will not develop without consumer trust. the strong privacy and security practices i've described are a start, but there are several privacy issues requiring the attention of government, problems industry can't solve on its own. as a start, we support legislation to protect consumers online and offline and support action to support data breach notification rather than the patchwork laws that exist. a critical area for congress and particularly for this committee is the issue of access, government access to a user's sensitive information. we live now under a 25-year-old surveillance law, epca. most americans don't understand that data stored on line doesn't receive the 4th amendment protections given to that same information on a doask top or know that the information collected by their wireless carry yes, year can be obtained without a warrant. a group of companies and public interest groups are seeking to update the laws to meet the needs and expectations of the consumers. we hope you review its work. in summary, i say we strongly support your involvement in the issue, appreciate the chance to be here, look forward to work with you to build trust in these innovative new services. thank you. >> thank you very much, mr. davidson. mr. zuck. >> chairman franking, ranking member coburn and distinguished members of the subcommittee. i'm the president of the association for competitive technology, and i want to thank you for holding this important hearing on privacy in the emerging mobile mart place. as a representative of more than 3,000 small and medium-sized i.t. companies and a software developer myself and the spokesman for the people who write applications for the devices, i want to encourage you to treat the issue of privacy generally in the mobile market place in a hole lis tick -- holistic manner. the science of the processing is known best with faces where we recognize a face and not see it as two eyes, a nose, and a mouth. you have to watch a commercial for a mobile device like an ipod to understand the face of mobile computing is the applications. these ads showcase the more than hundreds of thousands applications available for these devices, some of which we heard about in previous testimony today allowing you to find out where you are, find services and products close to you, ect., and these are exciting and dynamic applications that have been made available to users and many users use them today. location-based services and advertising offers unique opportunities for businesses as well. searching for a particular product receives an ad from a small business. these ads reach potential customers at the exact time of the purchasing decision made for a smaller cost than a newspaper or tv ads big stores can afford. this dynamic market vailinged today at $4 billion is projected to be the size of $38 billion by 2015. application developers are enjoying a kind of renaissance brought by the lower cost of entry and distribution and consumer-facing applications. the applications we enjoy are made by small businesses, over 85% are made by small businesses, and not just in silicone valley. the next time chairman frappingen you draw a mab, you can reflect that over 70% of the applications come from outside california, including in places like minnesota and oklahoma. this is a national phenomena with international implications for economic growth and recovery. we have the opportunity to meet the president's goal to double exports and we are in a period of experimentation and new services with a focus on the cogs mother, one benefit of small businesses leading here, they cannot afford to ignore their customers. when approaching the issue of data privacy, i think it's imperative as we heard earlier to remember there's a lot of data. to focus on a new data collection is to cut off our nose despite the face. there's more data incoming location data in large company data bases than others could hope to collect in a lifetime. to focus on a certain type of data collection in the new market would necessarily discriminate against small businesses responsible for so much economic growth in the mobile sector and leaving larger players largely untouched. timely, there's -- finally, there's laws in place with consumer protections and concerns. whether it's fair trade practices at the state or federal level, there's vehicles in place to address transgressions and others are used in privacy issues. while i don't agree with all the recommendations made, i would agree that any approach to privacy legislation needs to comprehensive and focus on data itself and answer questions and not a particular technology platform. there is legitimate concern among american consumers about the privacy. we heard from chairman leahy consumers are concerned about privacy. one of the ongoing frustrations of small businesses is they find themselves time and time again doing the time without really having done the crime. it's as though once a week there's a big company news like the sony play station debacle, episilon, the issues really causing the concern and fear moping customers, -- among customers, not the prospect of one more ad to their phone. despite that fact, the rules created up evidentbly -- inevitably affect small businesses. the ftc wants to use the google bug settlement going forward for everyone in the industry. they brought it to the doorstep and the level of integration makes them immune to consequences. who is likely to be affected by a law affecting the transfer of information to third parties? a small business that has to form partnerships in order to provide services in an every-changing market place or a huge company buying the third party and sur dumb venting the rule. the hole is more than the sum of its parts and nowhere is that more true than in the mobile marketing place. i. i want to encourage you to step back from the headlines of today and look at privacy in a holistic manner. thank you, and i look forward to your questions. >> thank you all for being here today and for your thoughtful testimony. mr. tribble, last month i asked apple in a letter why they were building a comprehensive location data base on ipads and storing it on people's computers when they synced up. apple's reply is added to the record, but this is what steve jobs said, "we build a crowd source data base of wifi and cell tower hot spots, but those can be over 100 miles away from where you are. those are not telling you anything about your location." yet in a written statement issued that same week, apple explained that this very same data will "help your iphone rapidly and accurately calculate its location or as the associated press summarized it, the data helps the phone figure out its location," apple said, but steve job says that's not telling you anything about your location. mr. tribble, it doesn't appear to me both statements could be true at the same time. >> senator -- >> this data -- does this data, i understand you're anticipating my question. i'll just ask it. [laughter] does this data indicate anything about your location or doesn't it? >> senator, the data that's stored in the data base is the location of as many wifi hot spots and cell phone towers as we can have. that data does not actually contain in our data bases any customer information as ail. it's completely anonymous, only about the cell phone towers and wifi hot spots. however, when a portion of the data base is downloaded to your phone, your phone also knows which hot spots and cell phone towers it can receive right now so the combination of the data base of where are those towers and hot spots plus your phone knowing which ones it can receive right now is how the phone figures out where it is without the gps. >> okay. mr. ashkan soltani, consumers are hearing this a lot from both apple and google, and i think it's confusing. apple basically said, yes, a file has location, but it's not your location, and when it separately came out that both iphones and android phones were automatically sending certain location information to apple and google, they both said, yes, it's location, but it's not your location. tell me, whose location is it? is it accurate? is it anonymous? can it be tied back to individual users? >> thank you, senator. that's a great question, so, yeah, in many cases, the location that the data refers to is actually the location of your device or someone near it. while it's true in some rural areas, this can be up to 100 miles away, and practice for average consumer, it's actually much closer in the order of 100 feet according to a developer of this technology, sky hook. if you refer to figure three of my testimony, you can see an example of this location as identified by one of the wi-fi data base. in the senate lobby just out here i tested it, and the dot on the left refers to my location determined by the exact gps, and the dot on the right determines my location based on this wifi location technology, and it's 20 feet from where i was sitting on the bench. considering where you want to slice it, i consider that my location. the file in the data base has time stamps that indicates what time i accessed the points. they trace a trail about you, and finally to the degree that this data contains identifiers that sent back. ip addresses. we heard earlier the gentleman from the department -- the doj, he was claiming that ip addresses are necessary to identify criminals vis-a-vis they use computers and it's identifiable and it's hard to call this anonymous. making the claims are not really sincere. >> because basically if you have i mean, this location in your ill illustration, you can see your in the building. >> or near it. >> yeah, and so -- well, let me ask mr. brookeman the -- brookman the same question. my wireless company is like apple and google and the mobile apps i have on my phone all can and do get my location or something very close to it, and my understanding, mr. brookman is that in a variety of cases under current law, each of those entities may be free to disclose my location to almost anyone they want to without my knowing it, and without my concept; is that right? if so, exactly -- how exactly can they do this? >> i think that is correct. so as i mentioned before, the default law in this country for sharing data is you can do whatever you want. the only thing you can't do is what you previously promised not to do with that data. if someone like apple or google said, hey, give this location data to google map, we promise to the to share it with an advertising partner. under that scenario, they are prohibited from sharing it, otherwise for most players in the space, it's hard to merrick a legal argument -- make a legal argument they need an affirmative requirement not to share data. >> thank you. one last question because time is running out. your two companies run the biggest app markets in the world, and both companies say you care deeply about privacy, and yet, neither of your stores requires that apps have a privacy policy. would your companies be willing to commit to requiring apps in your stores to have a clear, understandable privacy policy? this would by no means fix anything, but it's a simple first step showing your commitment on this issue. mr. davidson? >> thanks. it's a great question. i -- i would be happy to think about it. it's an extremely important issue that you raise about application privacy. at google we tried to maximize the openness of our platform to allow lots of different small businesses to develop applications. we have relied on a permission's based model at google so before an application gets access to information, they get permission from the users. i would just say i will take that issue back to our leadership. i think it's a very good suggestion for us to think about. >> mr. tribble? >> yeah, i think that's a great question. what we do currently is we require contractually third party app developers to provide clear and complete notice if they're going to do anything with the user's information or device information. if you want to be an apple developer and put an app in the app store, you sign an agreement with apple that says you're going to do that. now, it doesn't specifically require a privacy policy, but what i'll say is that probably a privacy policy in this general area is not enough, and i agree with the earlier panel that what we need to do because people may not read a privacy policy is put things in the user interface making it clear to people what is happening with their information, and apple thinks this way. for example, when an app is using your location data, we put a little purple icon up next to the battery to let the user know that. we say that in the privacy policy too and the app should say that too, but we put something in the user interface to make it even more clear to the user. we have an arrow showing if an app uses your location in the last 4 hours, so -- 24 hours, so transparaphernalia sigh is beyond the -- transparency is beyond the privacy policy and it's information in the app itself and feed back to the user about what's happening with their information. >> okay. thank you. just very -- yes or no mr. soltani. isn't it true that there is no mechanism for cell phones to notify users their apps can disclose information to whomever they want? >> it's true. >> thank you. >> let me defer to senator, i have a meeting i have to take for five minutes, and then i'll be back in. >> okay, great. >> senator? >> thank you, mr. chairman. thank you, senator coburn. i want to focus on really the very broad area or issue of trust that mr. davidson raised which i think goes to the core of much of what you do with the consent and acquiesce of consumers and the practice and goal of building wireless network maps, both apple and google are engaged in that business activity, are you not? >> yes. >> yes. >> and in particular, mr. davidson, i want to ask questions about the google wifi experience scandal, debacle, all three terms used to refer to it, in particular as you well know and now we all know, for three years, google interpreted and collected bits of user information payload data, e-mails, passwords, browsing history, and personal information while driving around taking pictures of people's homes on the streets for the street view program. the company first denied that it was collecting this information, did it not? >> it did. we did not know that we were. >> and then it denied that it was collecting it intentionally, is that true? >> i think we still believe we were not collecting it intentionally. >> and, in fact, did this personal data and the interpretation and downloading is con contemplated by a app that's submitted to the patent office, does it not? >> i'm not certain on the details of the app. >> you were provided with a copy i think. maybe you could have a look at it. >> is that what this is in okay. >> do you recognize the document? have you seen it before? >> i have not seen this document before, but i'm probably roughly -- i have not seen this document before. >> are you familiar with the goal that it describes of, in fact, pinpointing the location of wireless routers to construct a wireless network map by intercepting and downloading the payload data in precisely the way that google denies having done? >> no, i'm not -- i apologize, i am not familiar with that aspect of this or really anything relating back to this patent's content. >> are you aware that this process may have been used in this street view program to collect private confidential information and use it to construct the wireless network route? >> that would be -- i would be very surprised. i think we have tried to be very clear about the fact it was not our policy to collect this information or the company's intent to collect the content or payload information. i think we've been specific about the fact that we never used that information. as you indicated, people at the company were quite surprised and honestly embarrassed to find out we had been collecting it. we've said before, this was a mistake that we did not intend to collect this information, and we tried very hard to work with regulators to make sure we're now.cc the responsible thing. we have not used it, and we are working with regulation on what to do with it, and in many cases destroyed it. >> why would the company then submit a patent application for the process, that very process that it denies having used? >> i'm sorry i can't speak to the specifics of this. we were not aware this was a topic for today's hearing, but i will say regimely we submit -- generally we submit patent applications if many, many thicks that are fairly speculative. we do hundreds of applications a year, certainly scores, and it's not surprising at all in this important area, we would be looking for innovative ways to provide location-based services, but it was certainly as we have said publicly, a mistake and never intended to collect payload information. >> well, in fact, the payload information would be extremely valuable in constructing this wireless network map, would it not? >> i'm not sure we'd say that. what's important is basically having the identification of a hot spot and a location which is what -- which we were collecting, and that's what we've used to create this data base as others have, and it's not obvious that small snip bits of a few seconds of whatever happens to be broadcast in the clear from somebody's home at any given precise second when you pass by with a car is necessarily that valuable, and we never intended to collect it. >> would it be valuable in your opinion, mr. tribble, to have that kind of payload data in constructing a wireless network map? >> i'm actually not sure how valuable -- >> turn your mic on. >> yes, senator, i'm not sure how valuable it would be. we don't collect that or use that in our mechanisms for geolocating, and, in fact, i checked with the engineering group, and they said they are not sure how you would do that. they probably vice president seen the path -- haven't seen the path, so i can't specifically answer the question. >> do you have an opinion as to whether payload data would be useful in strengthening the location network or map? >> i'm not a technologist. i don't think it would be. the interesting fact is here is a wireless access point and may sense it's sending information out technologically, but i don't believe the content of that communication would be valuable at all. >> i would concur with justin. i think the small differentiation is what you are referring to is whether the header information, which is not necessarily -- there's a question whether it's pay payload data. there's the question of the hot spot collecting the header information of the identifier for that hot spot, and i think that's the question whether that's payload data. i feel it's not payload data, but that remains to be determined by others. >> turning back to mr. david sop, what are the plans google has to use or dispose of the information that has been downloaded and collected? >> we are in active conversation with many regulators including your former office in the state of connecticut, but regulators around the world. some asked us to destroy the data, and we've done so. some of them continue their up -- investigations. we will answer all questions for a regulator interested in this fully. we intend to dispose of the data in whatever form regulators tell us we should. >> do you agree collection of the data violates privacy rights and it may, in fact, be illegal? >> i think our position was that it is not -- it was not illegal, but it was not our intent either, and it wasn't what we -- how we expect to operate our services. >> if it was not illegal, don't you agree it should be? >> i think this raises a really come complicated question to what happens to things broadcasted in the clear and what the obligations of people are in hearing them, and i think it's a comp csh complicated question and an important question. we have to be careful about it. the law appropriately says, regulates k i believe it regulates the use of that information, and we have no intention to use it. >> i will have additional questions, mr. chairman, my time has expired, and i appreciate your indulgence. in the meantime, i want these patents to be made a part of the record. >> absolutely. the ranking member. >> thank you, mr. chairman. this is for apple and google. you both have requirements for people who supply apps for your systems. how do you enforce the requirements you place on them specifically? how do you know they are keeping their word? how do you know they are not using data differently than agreed to? how do you know? >> yes, senator. so, apple cureuates the apps in the store. they are in the apple app store. as i mentioned, we have requirements for the app developers. what we do is we look -- we examine apps, look at them, not the source code, but run them, try them out, we examine them before we even put them into the app store. if they don't meet our requirements, that's -- >> i understand that, but once they are in the app -- >> once they're in the app store, we actually do random audits on applications. we have 350,000 apps, we don't audit every single one like the federal government doesn't audit every tax return, but we do do random audits and examine the network traffic produced by that application to see if it's properly respecting the privacy of our customers. if we find an issue through that means or through public informations, a blog, or a very active community of app users, we will investigate, and if we find a violation of our terms incoming privacy terms or specific location hand handling terms, we will contact during the investigation and hopefully get them to fix it. if not, their app is removed from the store within 24 hours, and we will do that. now, in fact,