This week on the communicators were going to talk with the congressional cochairs of the privacy caucus and the cybersecurity caucus in congress. First up representative diana to get democrat of colorado serves on the energy and Commerce Committee and she is the privacy caucus cochair. Representative to get when it comes to technology where do you go your personal line between privacy and security . I think that most people who are putting information onto the internet whether its their Social Security number or other information they think its going to be secure most of the time. Unfortunately as we have learned all too well last year now american and israeli secure from cybersecurity breaches. Is there a remedy of any type and what can we do to protect that information . Of course both private companies and the government trying to keep up with these hackers but we have seen attack after attack. The most recent attack of course by the office of Personnel Management but also in private industry, target, home depot and so many other private corporations have had information stolen. But we realized is we can try very hard to keep ahead of the hackers that what we need to do is think about how we minimize the need for customers to put their private information onto web sites. With the opm situation for example did they really need to take Social Security numbers for people who were to supplying for jobs and dont you really want to limit that to information that you really need . One thing is we need to really think about minimizing the amount of personal information people are putting onto these web sites to begin with and secondly then we need to customers themselves need to be educated to make sure that they understand what their rights are and that they ask the hard questions before giving their personal information. Joining a conversation is dustin foltz of the national journal. Guest thank you for being with us congressmen. You were writing a letter to the Government AccountabilityOffice Asking them to take a look at what the government and private sector are doing after data breach is how they are helping responding in helping customers. It seems as though the sense of the letters more needs to be done. Are they really not responding to data breaches they need to effectively . Guest the government and the private companies are saying that they are giving protection to customers. I think in opms case it was 18 months but the problem as number one it may not be long enough in number two and they case of it may be counterproductive. What we are saying is what could opm and these private companies be doing to do a better job of protecting customers privacys and monitoring the breaches. Opm is saying because the hacks on their systems are so massive they are asking other federal agencies to share the cost of providing those services to the affected people. Is that a fair approach that opm allow this to happen in a way that all these agencies might have to share the cost of putting that bill . To me im not so concerned about whos paying the bill. Im concerned that we give the protection to folks because there were massive amounts of data that were stolen and much of this data was highly confidential data. Social security numbers and other kinds of ada that hackers could use to really get their private information about people. Im not so concerned about whos paying for it to make sure that people get robust protection. Guest david veach legislation is something thats popular in congress and their support of both sides of making one notifying standard or companies to notify their customers after a breach. We still have not seen that legislation go very far. If thats something we could still see after this congress . I think given the events with opm added to the breaches we saw last year with so many large corporations. I think the urgency is increasing and i think perhaps this fall in Congress Comes back from the august recess we may see more of the information to bring this legislation certainly to committee. We have had some hearings in my committee but to bring it up for a markup and ultimately for passage. Many of these are pretty common sense and would seem to me they would be easy to pass. Host representative degette you represent a hightech area and the Denver Colorado regions. What do you hearing from some of the companys . Why did they feel the need to have all this information about users of their products such as access to other contacts access to their photos whenever they download an app for user service . Guest you know i think what happened is obviously from a marketing standpoint a lot of private companies have wanted to get access to as much data as they could in the past but i think what people are now realizing is when there is a breach people who you really dont want that data will get it. Those consumer groups and also companies are beginning to recognize that maybe they need to stand back a little bit and say what data do we need before we will give a credit card or before we will give access to our sites and so on. I think this is a recent phenomenon. In the past people thought well if there is a breach then we will give people credit monitoring and other types of services that now people are realizing that is not a remedy and they need to look at the front end. I want to talk about the white house framework for Consumer Privacy bill release early this year. It was introduced in privacy advocates had concerns with it. Tech companies had concerns, not great fanfare. Is the privacy bill something that could gain traction in congress and essentially what would that look like . I think people do want to look at a privacy bill but on the other hand theres a balancing that is to be made. Technology has changed over the time i have been here and the ability of more sophisticated hackers to get information has changed. But its a challenge as regulators to put a Regulatory Framework in place that would protect customers but also allow the free flow of data for corporations and government. We saw movement earlier this year on a similar topic with government surveillance. Congress passed the freedom act that limited what some of the spying programs were doing previous to hard to get the momentum and attention for these corporate and Consumer Privacy issues talking about Companies Like facebook and google lender private data they are and is a hard to get a focus and attention we didnt have this years long scandal we have seen with government surveillance . What happens i think is you get some shocking data breach of millions of customers data either in the government or in private industry and bad people have a hard time figuring out what would a legislative fix look like he so its hard to get the momentum up to come up with a Regulatory Framework that would actually prevent those types of breaches from happening. Host congressman user from the investigations subcommittee on energy and Commerce Committee and one of the things you are looking at is the Internet Corporation for the assignment of numbers and names and numbers do you agree with the president s approach to make it more of an International Body that governs the internet or do you agree with what congress did and hold back on that issue a little bit . Received breaches by china and other countries so its important to have a Robust International regulatory body that can regulate internet numbers and so on. But again this is an issue that is worth continuing oversight to see what if any changes we need to make to the rate of tort process we have now. Guest earlier this year as well the house passed two similar bills for information sharing. The senate is still figuring out what they want to do with increasing the sharing of cyberthreat data with the government in the or. There are still many privacy concerns with that as well. Is that going to be conference out in the senate . Guest i never predict what the senate will do. They have it very different pace than the house has but i think the fact we were able to pass this legislation in the house showed that there is a need so i would really hope the senate would take this up later in the fall mickey go to conference. Host Net Neutrality has been an issue that you have looked at. Now its allowed the land house of perceiving . Guest with the court ruling on net mutuality it is the law of the land and this is an issue we often joke and say Everybody Knows what Net Neutrality is that nobody can define it in the same way. The courts ruling helps give us a sense of what the law would be. A lot of the companies are completely opposed to the court ruling particularly with title ii and so theres going to be litigation. Lawsuits have already been filed and they were filed the next day actually. I think it would really be wise for congress to sit down in a bipartisan fashion and try to give certainty to what the interpretation title ii is going to mean by coming up with a bipartisan bill. I know there has been interest expressed in doing that but so far that hasnt gone very far down the road create. Host would you support a . Guest it depends on what it would look like he does that make Net Neutrality is important concept and i agree in general with what the court says but i do think there are some benefits to consumers as well as to the industry to have certainty in legislation to back up the court decisions. Again it would depend on what it looked like but i told my colleague on the other side of the aisle i would be happy to discuss getting some kind of legislation together. Guest congresswoman you mentioned china with the opm. Administration is not publicly blame them but officials have privately linked china to that hack. As a Washington Post story saying the administration decided not to publicly blame them at all and theres not going to be a direct retaliation. Is that an appropriate response to have a nationstate hack the verse confirmation of 22 Million People and have no direct response at all . I cant unfortunately really comment about that because a lot of that is classified information. Guest are you concerned that countries might see the u. S. Not responding as a way to open up and perhaps be more aggressive with their cyberattacks . Guest let me just say even though the government is saying they are not responding publicly i know that there are efforts to clearly identify and respond to those with who were participating in those Cyber Attacks. Part of it i think is making sure that we can do this in a way that will be effective for those who security was breached. Host were presented at Diana Degette cochair of the privacy caucus in congress and in member of the energy and Commerce Committee. Thank you for being with us this morning. Up next we will talk to the cochair of the congressional cybersecurity caucus. Rhode island representative jim langevin is the cochair of the congressional cybersecurity caucus. Representative sub or what is the purpose of this caucus . Guest like in a caucus a group of like minded persons concerned about an issue and we collaborate together but we also provide a forum to both groups on the hill to come in and do presentations to educate members and staff about a particular topic based on cybersecurity sorts of great for members and staff to collaborate. Host this is an issue have worked on for quite a while. How did she get interested in this . Guest i fell into this in the 2007 timeframe or so. I was chairing the subcommittee on the Homeland Security committee that had jurisdiction over cyber and we looked at cybervulnerabilities. One of the biggest things that came to my attention was a vulnerability the Safety Systems that like regulating turbines on the electric grid or sewage human facilities and Idaho National adds a significant vulnerability that allows a hacker to take control and the Safety Systems and cause them to do things that would cause harm to the quitman grade for example in Idaho National labs found a way to cause a turbine to basically spin out of control and blow itself up and they demonstrated that on the video that i am the committee saw when it was released to a news publication and it showed how this generator will itself up to it came to our attention very quick leap and to see how significant are these vulnerabilities and unfortunately found it was significant then and its significant now and the challenge is growing. Its not a problem that is going to go away. Host im sure you have seen the news reports about the cars that have been hacked while on the road while driving. Is the administration are private businesses doing enough to protect us from hacking cybersecurity threats . Guest in my pena no, not enough and i would put it in this context. Is problem is never going to go away. Its a challenge that we have had to deal with for the longhaul. The internet was never built with security in mind. Unfortunately our enemies and adversaries hackers have used these vulnerabilities for their own purposes and we have a country that is more to pendant than any country in the world that have made this incredibly vulnerable. What we need to do is bring it down to something that is more manageable. Unfortunately the congress which could be doing more and should he doing more and have been pushing it to do more hasnt been doing enough raid we have. Most important of which is information sharing legislation that passed the house a couple of times that we are waiting or the senate to get their act together quite frankly and pass their own information sharing bill. Host dustin fultz. Guess that the senate has indicated majority whip said they would like to do before recess. The differences in the senate bill are different than the house passed companion bills earlier this year. Will there be a conference to bring us together . The Senate Passed the bill on the Conference Committee and an identical bill that goes back to both houses and voted up or down in this case and it goes to the president for signature. We havent gotten that far yet. For your viewers so they will understand the reason why information sharing is so important is allows us to communicate threats back and forth. What the government know knows some of the private sector knows and allows us to patch systems work trip and attacks before they can be carried out. Right now there are legal prohibitions with the government sharing threat information with the private sector and legal prohibitions. Acting as agents of the government and thats not allowed. What we want to do was is allow those barriers to be removed so you can share information on threats very narrowly defined talking about technical types of information. The various hacks that have taken place out there if we could broadly share that information when one hack occurs in one place hopefully it Networks Data we can likely share that on the ability and more broadly affect everyone. Unfortunately we havent had that legislation yet rated. Host are the privacy reliability concerns . Guest anytime you are dealing with Network Security we have to be mindful of her texting private and Civil Liberties. I believe very confident that the house bill out of the House Intelligence Committee and when passed the Homeland Security committee both of which have passed the floor with strong bipartisan support and strong right to see protections in their. Privacy was involved with the drafting and for the most part have signed off. I think its as close as we can get to perfect and im proud to support it and confident that there are strong Civil Liberties protections in their as well. We will make sure that those Civil Liberties protections are in there. One of the criticisms from security researchers is the government increasing his share of data could backfire. When you have so much data in a wide repository thats allowing allowing can be a bad thing and information sharing wouldnt have prevented a hack. Guest i dont believe that and its about the threats or the malware that would be used. Those are the things we want to prevent in the first place if not the malware itself and by sharing that information not the data but the threats that we want to share. Guest does the senate need to do more to assuage the privacy concerns . Guest once they vote on something, i cant comment on it but it seems like they are to passing something on the floor. They tried to do it in the Defense Authorization bill amendment that unfortunately democrats didnt support it. It would allow for any amendment to that theyll. They need to bring up the bill. Lets amend that were necessary to make it stronger and protect privacy and Civil Liberties concerns. Lets get something to conference a week and get to the president. Guess i would like to turn to the opm hat. Reports are coming out that the government privately linked it to china but now it appears officials are saying they are not going to publicly blame china at all and not going to directly retaliate for these hacks on the opm service that let to the personal information data of 22 Million People fingerprinting there will be a direct response. Can a country hack so much data and not get linked . Guest the outrage that the attack happened in the first place and was so successful in no one is going to be held accountable or prosecuted for it the problem is of