Used against defendants, it is properly noticed, defendants happened so they can say i had a right to privacy and you violated it by getting this. Flip side, where the government doesnt have to use 702, ordinary powers like they dont have to. It was ase of flynn, if used secretly, that would be a massive problem, i tonight think hat happened with michael flynn. I dont know enough about flynn right now. Waiting with baited breath right now. Host lisa, line for republicans, go ahead. Caller hi, good morning. I agree with your concerns about unfair government spying of process. Ithout due i do dont think it is fair author hat trump has tearian tendencies on this topic, that remains to be seen, with it. Ill do but id like to know what the been doing. Have can you talk about that . They e ive heard that also use technology sometimes to of people,hone calls suspects, lets say, locally, can you talk about that, please . You. Guest thank you, lisa. So the first part about trump, authortarian one thing or not, put out here, powers whoever comes next will have. Enough for concern. It should be enough for concern of everybody and should one them prove to have authoritarian we dont want them have power this invasive and road without all checks and balances. With that said, local police lot to saye is not a about 702s relation to local police. That some ossible information is filtering down to issues, but thats not necessarily where the biggest concerns lie. It is best ot identified with whether or not it shows up in court, with that aid, there are massive surveillance problems across this country that implicate ocal police or local Law Enforcement and ill give you a couple different issues and move on then. Stingrays, stingrays are very invasive technologies that dont have a whole lot of rules on the road right now. Of now that a number localitys possess these devices. A t they do, pretend to be cell phone tower. When your phone is trying to connect to its provider, it goes accesss the closest one n. Turns. Hey connect with the stingray that provides surveillance that i think most people dont realize, these are not all the time. Ing but whether or not you need a warrant to use it and need articulate who you are trying to find with it, those are Big Questions because dont have those rules in place, tonight have protections, what a local know law enforce cemetery doing with he technology and that is just one. There are plenty other examples of spying tools being in the enforcement. Host back to capitol hill in the last minutes or so we have left. Reauthorization moves forward, can you explain the spectrum of table . S on the is it possible the fisa Amendment Act could be reauthorized with no changes . If so, how long could that for, another n be five year . Guest were looking at anything from four to six year reauthorization or outside that straight sunset or straight reauthorization. Straight reauthorization without a sunset unlikely. Rdinarily very few people are willing to champion that message, everybody is massive and different than all the other ones and thats, i think, one why everybody, even people more hawkish than we are, of sunset. Upportive i also dont think there are votes for straight and weve heard house judiciary chairman bob goodlet say he doesnt think the house of representatives would support straight dont think on, i they would. The question is what reforms come out of the process. Ont demand progress letter this issue is available on their this issue is available on their [inaudible conversations] spread the committees will come to order today we receive testimony on the production of consumer data with the Credit Bureau. At equifax hearings we wanted understanding of how Credit Bureaus are regulated and protect data whether there are gaps have long been concerned about the increasing amounts of big Data Collected by companies and by government. Is critical that personal data is collected Consumer Impact is minimized and it is not harmed. The Credit Bureaus play a valuable role to assess a consumers ability and to facilitate access as with most businesses requires the most data secure you that since the of Consumer Information is safeguarded . Two weeks ago they talked about the methods they use to protect their consumer database as encryption and took it is a sham. Richard smith noted while some of the database is ingrafted at rest but that portal that was compromised was the best ways to protect us is the Data Security industry standards and Credit Bureaus. End up with sensitive Consumer Information and what rules the federal agencies play with Data Security and Credit Bureaus given that that is a Financial Institution how does Data Security and oversight compared to that of traditional Financial Institutions . I look forward to hearing from our witnesses to ensure they have those security measures in place to the oversight of Data Security at the Credit Bureau. The Equifax Breach of left with a 145 Million Consumers confused as to what can be done to mitigate damages to their identity and credit we feel starting in january equifax will offer all customers to unlock their credit file for free. For consumers to monitor their Credit Reports. Many rebated confused about which options are best but this hearing will hopefully provide additional clarity we have a shared interest to ensure the Credit Bureau takes the necessary measures to minimize the risk of another breach. Under current law if we like it or not Companies Like equifax can collect personal information from the social media of profiles to track our Grocery Store purposes even to track our daily commutes. They are free to combine and sell the the information to other data mining firms use to make decisions like what kind of car or job those like equifax rarely have to tell us how these decisions are made if they hide behind those pray for it for tight proprietary models. And if they protect people as a recent breach demonstrates the in late to work perfectly to protect consumer data with 145 million data have their data exposed it doesnt seem that corporate data. Because consumers have no place over what is over their Consumer Protection as an afterthought. Talk about those inadequate protections we cannot forget 145 Million People who through no fault of their own have the compromise we dont just talk about how we strengthestrengthe n cybersecurity and examined the effect of the Credit Bureau model to have a long history of consumer complaints with longterm effects to get a house in with those other Data Collection companies. And despite their continued failure to provide accurate Credit Reporting Services meant to give up the bonus to make the concession. And to make them even in more vulnerable and unless things change to pay a price for all of the recklessness and in some cases even giving tax dollars to do a pilot for word to what the witnesses have to say on these matters. First to give testimony of the consumer data industry association. With a private information center. Each of those recognized for five minutes and then we will proceed to questions. To the Ranking Member brown they give for the opportunity to appear before you i am a partner end of the law firm i am appearing today on behalf of the consumer data industry which is a trade association and to protect consumers. Our members include the three national Credit Bureaus. You have asked us to discuss Consumer Protections but first Important Role played by in our economy twothirds of gdp comes from consumer spending. With that Credit Reporting system to open a bank account or purchase a cell phone. More than 40 of consumers with that facilitates in addition to fasting and fair and impartial access to the apartment rental and other essentials services. And under the fair Credit Reporting act to the at impartiality. Of consumer privacy. The most recent revision of this scheme was the addition of the supervisory agency. The first agency not just examining Credit Bureaus but those that contributed into the Credit Bureaus. That continuous supervision begins in earnest in early 2012 have produced a proactive approach to compliance management for consumers for many years to come. Credit bureaus are subject to federal and state laws and because of the key role they played the Banking System also subject to very specific private Data Security requirements. Credit bureaus are required to ensure they only provide Credit Reports to legitimate people for legitimate purposes. It goes beyond contractual certification including Due Diligence from the customers with the continuous monitoring. Also requiring disposal of Credit Reporting information. In addition the safeguard rule as referred to by the chairman to develop better implement comprehensive antiquity programs. And then to maintain reasonable procedures with sensitive personal information. Those and notify consumers so because of their Important Role they are subject to private contract contractual data requirements. To handle credit card information required they comply with that Data Security standards to invalidate such compliance with a Third Party Audit of the security procedures to have a great deal less sensitive customer information they are required by the regulators to conduct regular information security. Each of the three national Credit Bureaus each year. And to share that consumers in businesses with the National Credit reporting system they give for the opportunity to testify will afford to todays dialogue. Thanks for the opportunity to duty to speak with you today. We are in independent Nonprofit Research organization founded 1994 to focus public attention on privacy issues. Arab light to begin to save the equifax data reach is one of the most serious in our nations history. On par with the office of Personnel Management 22. 5 million the breach shows the security of American Families and even our nations security there is no simple solution but in my testimony today i outline the steps i believe congress can take with the data breach. And to save it equifax preacher is remarkable and with the delay of that welldocumented security flaw. More than four months past two installed Critical Software updates and precisely the information the individuals rely upon to open Bank Accounts and get car loans and vice telephones including Social Security numbers and drivers license information and also of the data that criminals use to commit Identity Theft and financial fraud. Equifax is clearly responsible for their breach. And with Hitachi Software foundation and also worth emphasizing equifax chose to collect the personal data because consumers did not provide this information to equifax. And alas Security Strategy with the 145 million Credit Reports to cause of unprecedented harm to have access to credit card numbers consumers can council cancel accounts and change numbers but it is not so easy to change your Social Security number i dont think it is possible to change your data curve. The victims will be exposed to lead in the theft and financial fraud which is already an enormous problem for American Consumers. It is reported almost 400,000 cases of Identity Theft in 2016. And that the cost of the economy per year. Credit reporting agencies in need of reform. And with those steps that could be taken to establish accountability and transparency and with that information to impact the financial future. This means to have a nationwide credit freeze or more precisely in the disclosure of Credit Reports to beyond the optician basis to recognize the value of the American Economy but the consumer should decide if it is there interest to disclose to a third party they should not have to jump through hoops to put on the blocks in freezes to restrict access they should make the affirmative decision. And you should not have to pay to be told there is fraudulent activity on your account. That problem with Credit Monitoring Services so this makes no sense whatsoever. So the consumer should be notified. And with the contents of the Credit Report. So they know who is receiving information and. Chairman and credo and Ranking Member in the committee thank you for the opportunity i am in adults of Security Policy and in this role of a research and analyze what the policy implicatiimplicati ons and management. But my testimony will have an element of cybersecurity. And to address Data Security. And increasingly used catch phrase that all companies are Technology Companies for all companies are dated companies this concept of the death play the Important Role to allow companies to complete compete and thrive in the marketplace. But this also creates risks for corporate leadership to adequately control the risk is objective. The Data Security involves rich Risk Management managing the risks to repair security is the goal they need to understand the vulnerability is they have the consequences. Cybersecurity to discover reformation about that. Those that could craft that message in legal teams to help with those compliance requirements and with those corporations upon others depending on the entity. There would be a delay between the discovery of the attack in the public notification because analysis needs to be conducted of how old they were breached or compromised. And with that business part and that forensic investigator and how they would share information with that phase. And for that extent of the breach but maybe they could ocher, currently. Congress could consider Data Security they could explicitly for the safeguards rule as problem data via the ftc the dialogue created live Credit Reporting agencies come to a greater understanding to allow for those to correct the Security Posture and congress could regulate the retention of data regardless of the type of affinity congress can establish what could be collected how that must we stored so congress did record to identify and disclose to consumers those elements the power is used will provide consumers with Additional Information that may affect the market place for go figure for the opportunity to testify today in the forge your question. I want to inform the question the senators we have a vote and we will keep the hearing running so we will adjust our attendance in you can make plans accordingly. The question is for the whole panel i only have five minutes. This is each reach number there has been a lot of discussion around the security of the Social Security number that should be used as the identifier Going Forward to we need to get rid of it as a personal identifier . How can we ensure such has a drawback . If we eliminate Social Security number we will have to have some other unique identifier to allow those to know who theyre dealing with. My name is andrew smith there are tens of thousands of me but if you look at a Bankruptcy Court record if there is no identifier how you know which one . With simple identification not authentication not that i truly am who i say i am benghazi identify your they do have a role to play whether we need another identifier we are willing to work with you on that to get to the right results for consumers. 84 the question many committees urged the we have never argued for replacement the key point it serves the important purpose that is why it was established and that is wher