At the same time we have is very auguste group the said forcing companies to provide a backdoor to encryption is going to result in a lot of unintended possible consequences including some of our companies will lose a competitive advantage because, for example, if we expand to include encrypted apps that it only would apply to our companies and, therefore, if our companies have to provide a set of backed away to get to this information and Foreign Companies who in the marketplace dont then you at a competitive disadvantage. They are a lot of issues that we do have two way. Speaking of that i understand you to say that is just one of the things on the table . Are that he said at another form perhaps but you think it should be expanded to include encryption apps . I dont know whether i said that but if i said it, im smarter today than i was then. I think thats something that folks are discussing but i dont know what that answer is. Thats why we havent come to dealing with a proposal. Were trying to show the humility to say we dont know what will be best. But i agree with the competitive harm one, senator. Senator. As we wrestle with the subject, and meanwhile, the companies are providing more and more encryption apps. At what point do you think well we will be prepared to take some sort legislative action that would enable you to get access to information . Ended still provide our companies with the kind of environment that they would like us to provide . I dont know. Whats the time from . I dont know because i do think this is one of those coveted problems ive ever seen in government. For the recent that of alluded to putting what you said about competitive corporate we do not want to damage the engine of innovation that is america. And so we have to figure out so how can we maximize safety on the internet and Public Safety in a way that makes sense for america. It probably makes sense weve got to forget what kind of people we want to be first what makes sense for our country. I think we have to do that in league with International Partners so we dont create a situation where america is the only mover and that causes harm to our companies. I think theres a very important aspect of what we need to do Going Forward on the going dark problem because it would be very unfair to our companies as you said if were the only country that requires a backdoor way to this information. Im glad thats on the table in our discussions with other countries. So the president s review group, that some of the people of already mentioned but they said very strongly that we should not require a backdoor way. So in these discussions is the technical, Cuba Technology companies, are they going to be at the table as we discussed Going Forward in what may be legislative action . They have to be. I think we all think no one size fits also got to figure what would work for different companies. As i said before i think that is the source of the innovation the source of the creative duty we have to harness. Thank you, mr. Chairman. Senator mikulski . Mr. Director, its very nice to see you again. Mr. Chairman, thank you for having this hearing. Theres always id like to pick up on senator heinrichs recommendation about an additional hearing on the subject from the technical and Civil Liberties folk. In a briefing materials i read from aclu, the Software Alliance come and i saw a lot of criticism of what we are pursuing here for some type of opportunity to not go dark. But i didnt see any solutions. I saw a lot of criticisms, a lot of critique but i didnt see solutions. Now i believe i can, as senator heinrich said, and others, we have tremendous technical knowhow and i believe the people of Silicon Valley are indeed very patriotic people and they dont want drug dealers and international traffickers and child pornographers to be able to get away with various things. So if we could actually get from those as well as from Civil Liberties community, how we can start working to solution, that would be great. Mr. Director, in this years appropriation funding we worked very hard to support you, when i was the chair and now as senator shelby. We have now put in 8. 4 billion to fund you for this coming year and would also put in 483 million for cybersecurity. My question to you is do you feel that those resources and the type of workforce you have disabled to be flexible enough to meet the ongoing threats . Im not being critical of what you have but as you talk about the recruitment tools of isil who are pretty talented, using twitter and other forms of social media, thats a whole different generation and its a whole different generation than the original Cyber Warriors that were hired under your predecessor. So you think you have enough resources to be able to recruit the people need to deal with this, as well as the administrator flexibility to bring in teeth . This will not be traditional agents. Could you share with us because we could have the best law in the world but unless you have the best workforce and the flexibility and the resources to hire it, we are just creating hollow opportunities. Thank you senator. I think the answer is yes and no. Yes, i believe that the senate and the congress is giving us the resources i need for next year. The money i can responsibly spend but i face a threat that continues to grow so i will be back to us for additional help but youve given us what we can recently spent recently invested i think the answer is yes, i can attract the talent. I cannot compete on if youre interested in go you dont want to work at the fbi. Someone. Want to make a difference in light of this country that they dont care about the dell. They want to be part of addressing these threats. Thats pretty exciting. Im optimistic actually. Know, once i get in and figure five to six years, start of the film six years, startup of them additional cost of living adjustment maybe i start to lose their enthusiasm but thats a problem i will deal with down the road. Ive got a lot of smart what about the flexibility . You investigate breaches and a variety of things. Theres also characters and. Thats the social media world that youre not operating in. You even some modern director like director mueller he faced alqaeda. Do you have the administrator flexibility to bring on people as you need them that may not be the traditional trade routes or recruitment of fbi personnel . I think so. Theres a couple things around that im thinking about. But in the main the answer is yes. One of the things we to consider is should we look at a different career proposition for people have them come. Once people come to the fbi they never leave. They get addicted to the that may be a model of what to look at but in the main, just. You have given me the flexibility. My last question that i think perhaps its not appropriate to an open session so we have three socalled coincidences today. The fact that the technology has failed at United Airlines the New York Stock Exchange, as well as the wall street journal. I dont live in coincidence. I think coincidence is anything we dont have an explanation for this the fbi investigating these as breaches, or have you not been called in or are you not able to say . We im very troubled. That caught my attention to we are not big believers in coincidence either. We want to dig into that so we have been involved at all three contact with all three companies, understand whats going on and we didnt see any indication of a cyber breach or cyber attack. I think the wall street journal piece is connected to people flooding their website in response to the New York Stock Exchange to find out whats going on but it looks again and my business you dont love coincidences but it does appear does not a cyberintrusion involved. Thank you very much. Senator collins. Thank you, mr. Chairman. Director, you talked about the impact on terrorism cases in your counterterrorism efforts. And you said its very difficult to quantify what the impact is. By its my understanding that this morning in testimony before the Judiciary Committee that the District Attorney for manhattan said that in the past six months alone there have been 74 cases where Law Enforcement have been stymied because they were unable to get information from cell phones come is that accurate . I saw that in the written testimony of District Attorney vance commits a note in i believe it to be accurate. As i look at this problem which has ramifications that some i called have pointed out for criminal cases as well as for counterterrorism investigation, would an option be to require that companies themselves to be able to access the information to comply with a lawful court order, not the government having the keys or back door in but the company itself . Might that be a solution to this problem speak with yes and thats something the Deputy Attorney general talked about this one. Its possible to imagine a world where the companies figured out to comply with the judges orders and every company does it in a slightly different way. Yes, thats a possible outcome. Now, most companies i suspect that are involved in developing this into end encryption its a with the best of intentions. They were trying to increase the security of the data of their customers. But do you believe that there are some companies that have intentionally develop this kind of system in order to thwart their ability to respond to a lawful court order . I dont know with respect to the intent question. I know there are companies that after once they made the decision, advertised as a solution that would be immune to a search warrant. Apple did that but i do know the intention of the original change was to publish the result, if that distinction makes sense. Well, it doesnt to me because if the company is advertising that the information would be safe from a search warrant, thats very troubling to me because that to me implies an intent to keep information away from Law Enforcement despite the issuance of a lawful court order. And i think most people involved in the encryption process and developing these products would not want to thwart Law Enforcement or was is for criminal case or terrorism, but that does trouble me. I wont ask you to respond to that. I do want to switch to ask access to a different kind of situation that suggest how much we need computer, cybersecurity law. I just met with the ceo of a large bank. He relayed to me an incident where the fbi knew that his bank had been targeted for cyber attack. Heres what he told me had to happen. He said that the fbi under current law could not immediately go to the bank and invade information. First, they had to go to the bank regulators, the occ regional office. Then the information had to go from there to the occ in washington. From there it had to go to the department of Homeland Security. Then the department of Homeland Security approved the fbis contacting the bank to warn them of this imminent attack. Well, obviously, and he said this all occurred over a weekend so it was difficult to reach people. Ever cell phones involved, et cetera. Thats a terrible system. And we need to be able to empower the fbi in realtime to be able to notify a Financial Services organization, the electric grid the air Traffic ControlSystem Critical infrastructure of an impending attack. Would you agree with that . Very much. And what youve described surprises me because i think the way we operate is recalled and if theres a threat to the institution of any kind we have developed relationships with a chief information sake of a chief information second officer or im a chief information sake of the office of the uncritical backing track, maybe you can privately give me the information because its not the way i understand it works or is supposed to work. This incident really troubles me. Because by the time the information got to the proper people at the bank it is nothing short of a miracle that the cyber attack had not already occurred. Thank you, mr. Chairman. Senator warner. Thank you, mr. Chairman. Director comey good to see again and let me add my colleagues comments to my colleagues that the good work you on your college do. I think again even if this is a one off the notion is that clarity and a single point of contact speaks volumes about the need at least take forward legislation this committee passed a in a bipartisan way and at least take it first appeared i think it would be a significant step forward. I have some technology background. Ive had some conversations with companies in the i. T. Space and encryption space who once theyve created some of this entity, or i think in a sense they are starting to understand potential problems that are being created. Can you speak to any of that in terms of a recognition under the guise of either privacy or Better Business protections of a growing recognition within particularly the i. T. Community that this is the very much a doubleedged sword and theyve created a monster that is not controllable . Yes, thank you, senator. I meant what i said. I think are good people. Its not their job to worry about Public Safety as i dont think its something thats front and center for the. Particularly the isil threat and how real it is and everywhere has focus. We are having productive conversations. They dont want people to die. I dont want kids to be today. These are regular folks and so thats what im excited about the prospect of harnessing that innovation. They are good people who want to have successful businesses and they want to protect the country. Again, im not an naysayer. I know your people people writing papers us at its june its just too hard and why do. I dont agree people of Silicon Valley are saying lets see what he can do. In a way that protects that which we have built at the country in which we live. Mr. Chairman, i want to say a series of these companies in virginia, with a 100 plus military personnel and their families names were published in an attempt to intimidate a think it woke up into commonwealth of virginia how very real and how obscene some of the actions that the isil group is in terms of threatening people. Let me move to senator mikulski asked a question im hoping about three events today at hope you will get back to us but i want to raise another issue that i think theres been a great deal of confusion around and concerned about the opm breach. We are literally runs into the snap a continued to get a series of different answers in terms of numbers that ive been disappointed by the opms reaction and post a breach in terms of assuring those federal employees current and past both in terms of what action that could will take to protect them Going Forward and something subcontractors the of in using how illequipped they have been, not the topic, but if you can perhaps give more clarity about the overall scope of that within the confines of the context of this public hearing. Theres an awful lot of people listing for the adventures. Is something have to approach carefully and discerning. And i know that the administration opm in particular is working and is as close to offering a public and more detailed accounting of what we think was lost but it is an enormous breach and a huge amount of data that is personal and sensitive to federal employees, former federal atlas, people who apply for federal employment was available to the adversary. We have to assume that it was looked at and or expelled. Were talking about millions and millions of people expected affected by this. The challenge is as much as im sure the adversary has much fs 86 epic my fs 86 list every place ive ever lived since i was 18. Every for travel ive ever taken from all of my family their addresses. Its not just my identity that is affected. Ive get siblings, ive got five kids, all of that is in there. So the numbers quickly to far beyond the number of federal employees which is millions over the last 20 years. So it is a very very big number. It is a huge deal. I understand active investigation but i also know we are now running on 60 plus days, more than you since the first reach and the lack of single answer or even some sense of the answer over all from the administration is troubling. Thank you, mr. Chairman. Senator mccain. John, turn on the microphone, would you . Is true that you stated on several occasions that i this poses overtime a direct threat to the United States of american . Yes. And that is the case today speak with yes. Everyday theyre trying to motivate people here to kill people on their behalf. Behalf. And every day that they take advantage of this use of the internet, which youve described, by going to unbreakable methods of communicating, the more people are recruited and motivated here in the United States and other countries to attack the United States of america, is that you . Yes, sir. So this is not a static situation. This is a growing problem as isis makes very effective use of the Internet Companies that direct . Thats correct. This is more than a conversation thats needed. Its action thats needed. And isnt it true that over time the ability of us to respond is diminished as the threat grows and we maintain the status quo . I think thats fair. So we are now and ive heard my colleagues with all due respect, talking about attacks on privacy and our Constitutional Rights, et cetera, but it seems to me that our first obligation is the protection of our citizens read against attack, which you agree is growing is that if you . With respect to i agree that is our first responsibility also aagreed no, the status quo is not acceptable if we support the assertion that our duty is to protect the lives and property of our fellow citizenry as our first priority. To you agree with the . I agree that this is something wicked to get what to do about. So now we have