The committee will come to order. Thank you all for being here. Id like to thank the Ranking Member senator white house and the collaborator its great to be here and doing this together. I was just saying i told him that it would be nice to have the answers because hes a tough questioner and he will take you to task. Id like to thank the witnesses for your attendance and also highlight two empty chairs today which i say that he invited witnesses who apparently dont share your commitment to discussing the issues. One is for tiktok. If you dont know what tiktok is, you should. Its a chinese owned social media platform so popular among teenagers mark is reportedly spoofed. For facebook the fear is lost to social media market share and for the rest of us it is somewhat different. A company compromised by the Chinese Communist party knows where your children are, what they look like, with their voicewhat theirvoices sound like watching and what they share with each other. They claim they dont store american user data on china. All it takes is one knock on the door of their Parent Company from a communist Party Official from the government hands. Tiktok claims they dont take direction from china or censor in fact in a letter sent to just today to this committee, tiktok said both governments foreign or domestic direct how the moderate content. They do not remove content based on sensitivities related to china or other countries and we wouldnt do so if asked. Thats what they say and without objection i will enter the whole letter into the record. Buit is and what the employees say. Today the Washington Post is reporting that tiktoks chinese Parent Company imposed stricter rules on both code appear in keeping the restrictive view of acceptable speech. Former and he said Company Officials based in beijing had the final call on whether these videos were approved. The former employees at the attempts to persuade the team not to block or penalize certain videos were routinely ignored. Out of caution about the Chinese Governments restrictions. One former manager of tiktoks Parent Company said they want to be a Global Company and numbers wise they have had a success. The purse is still in china and it always comes from the air and decisions all come from there. That is a different story than the one they told the committee in this letter and that is a problem. They should answer for these discrepancies. They should answer to the millions of americans who use their product with no idea of its risks and they should have been here today but after this letter to the committee, they must now appear under oath to tell the truth about the company and its ambition and what they are doing with our data. It isnt just for childrens privacy but its a threat to National Security. We dont know what china could do with this data in aggregate and what it tells about the society. They can see who he talked to, what we talk about, what we congregate and capture on video. Not all of the users are kids, some work in government or for r the military. Others are celebrity or work for other companies and positions of influence. What does it mean for china to have a window . Why would he leave that window open . The other belongs to a company that has helped open the window on american consumers, apple. We are accustomed to hearings as a good Corporate Citizen that encrypts its messages and limits its own Data Collection from users and give them privacy controls, but the Business Model and practices are increasingly entangled with china effect we would rather not think too much about. Its essential to the bottom line is on the supply and demand side of the business the investment in chinese production have helped build scientific manufacturing capacity of the greatest geopolitical rival. The chinese demand is even more critical and to service the demand, they are risking compromise with authoritarianism, the hosted the users data is part of a joint venture with the Chinese Government controlled entity. They frequently talk about encryption but there are those stored . China. Apple said they have control over them but who knows what that means and they are not here to tell us. If you have family or business contacts you cannot count on the encryption to keep your interactions to or from the authorities and if you are a chinese dissident or protester in hong kong, the corporate values wont do much to protect you in the midst of the democracy protest now in their 22nd week, they pulled an apple from the store that helped citizens stay safe during the Police Crackdowns because they pushed for it. A few days later tim cook was appointed to chair the board. If you are the user you cannot be confident that the Chinese Government isnt reversed engineering the platform and the Privileged Access to it with a joint venture with apple. We see two sides of the same claim when it comes to the Data Security. The danger of the chinese platforms and trade it to the u. S. Market and the danger of american Technical Company operations in china. Thats one of the most important subjects we can discuss, how does the industry entanglements with china in peril our Data Security. I look forward to the witnesss testimony, thank you for being here and now senator white house. I welcome all of the witnesses that are here. I have a fairly long history and i can remember when the senate had pretty much close to zero interest in privacy and data they have more data than the most intrusive government in the history of humankind and they pay virtually no attention. Im delighted that that wall has come down and we now see the risk from the huge aggregations of the private data. Ive also been involved in a lot of the efforts for the cyber legislation. At one point we made a lot of progress when the bill focused on critical infrastructure. My republican coordinates for senator kyl, senator mccain who has been the chairman of the Armed Services sai so it was pry highlevel operation. We made a lot of progress and had a considerable number of conversation where there wasnt a whole lot of news and noise to be made that with people from the private sector and the defense and agencies and when push came to shove, the republican leader went to the floor and said no cyber bill is coming without the cyber bill attached to it. So that ended that effort and then along with the chairman i was the cochair of the report for the incoming president which is a very hopeful and thoughtful bipartisan cyber analyst is. When the President Trump came and i looked at the very wellversed honorable professional in the cyber space, great technician and i looked at and attorney general to come out of the senate and the upgrade we have a great opportunity here to the Political Savvy to get the real bill going and of course as you know all of that has pulled apart and none of them work for the administration any longer and i couldnt tell you why i shouldnt talk to the administration about the legislation as their appearance level of interest. I hope that we are in a good space to start doing some real work here. In closing i have remarks i would like consent to put in the record. I want to make a procedural point. In the committees we ordinarily operates one of two ways. Operate one of two ways. Say this is good to be bipartisan Work Together and agree on the witnesses of the Consensus Panel into the shape of the hearing is agreed to beforehand or you dont go that way but theres a kind of informal rule on t ground rulesr with each other. Im delighted to go forward and appreciate your leadership in this area and i want to be very cautious about the hybrid. Thank you for your work on this issue and the senators eluting to the common goal which is to have Administration Officials testifying in the committee and that is a goal i share and look forward to doing it legal for the full cooperation. Now let me turn to introduce the witnesses. The Corporate Vice president of security and trust microsoft. There he leads engineers, lawyers, policy advocates, managers, business professionals, data analysts. He joined microsoft in 1995 and filled several roles in the Legal Affairs department. Mr. Carters Deputy Director of the program at the center for strategic and international studies. His research focuses on International CyberSecurity Policy issues including Artificial Intelligence, and privacy, data localization, Financial SectorCyber Security and Law EnforcementTechnology Including encryption. A fellow at the National Security program at the center for the new American Security studies. Before joining, ms. Frederick helped create and lead the Global SecurityCounterterrorism Analysis Program analyst team lead for the headquarters Regional Intelligence Team in california and prior to this book served as an Intelligence Analyst and spent six years in the counterterrorism at the department of defense. Senior technologsenior technolor the Heritage Foundation as the first senior fellow for technology, National Security and science policy his research focuses on the intersection of technology and National Security, the particular interest in Artificial Intelligence, autonomous weapon systems and intelligence issues and prior to joining cummings was the National Security adviser to senator ben zacks. Thank you for being here and i will swear you in the fourth week of testimony. If you would please rise and raise your right hand. Do you swear or affirm the testimony ithattestimony is thee whole truth and nothing but the truth, thank you. Now we will hear your Opening Statements. Thank you for the opportunity to testify today. I will comment on the work to combat criminal and nationstates Cyber Attacks and how we must Work Together in new ways to combat these attacks. The frequency and the success continues to grow and its estimated the Global Financial impact last year was a trillion dollars and the nationstate attacks continue to increase in number and sophistication and impact. For more than a decade, microsoft has fought back. But we have learned the best protect our customers when we were collaboratively with the government and others in the sector. The government has lawenforcement resources the private sector cannot match but the private sector has access to the site and the technological resources governments cannot match so we must work collaboratively. Today Microsoft Digital crime unit truly unique in the private sector conducts business email compromise crime and continues to lead the world in the efforts to shut down criminal but thats working closely we have now taken down 17 rescue includes 2,500,000,000 devices from these criminaletwos. Lawenforcement faces unique challenges in combatingse thats why we were strong supporters of the cloud act which modernized how the data can be accessed appropriately by Law Enforcement. We applauded the agreement announced between the United States and United Kingdom implementing the act and encourage the department of justice to continue their efforts to negotiate and conclude additional cloud act agreements. Despite the past success, we have not seen lawenforcement partner on the takedowns if youre concerned to rewaryouared recognition structures and the agencies do not today provided the incentives to devote more n. We Hope Congress will provide new incentives to prioritize the disruption and dismantling of criminal networks. In addition, we see increasing nations stayed attacks causing harm to citizens and enterprises around the world. We have used the disruption techniques that we pioneered to disrupt these actors intent on destroying democracy. We have disrupted the groups operating in russia, china, iran and north korea and we will continue to do this important work. Descriptiothe description is imt so is improving cybersecurity hygiene. Unpatched systems are exploited by our adversaries so we strongly promote prompt installation of security updates. We advocate for the use of the multifactor authentication and develop cuttingedge Security Services like microsoft. We can combat and defend that feels the need to reduce how many attacks are launched against our civilian enterpris enterprises. Longterm solutions for protecting cyberspace require clear and binding commitments that are acceptable to the behavior. This problem cannot be solved by government or the private sector acting alone. Multistakeholder solutions are essential to combat what is necessarily a multistakeholder problem. Thats why last year microsoft was proud to join in supporting the call for trust and security in cyberspace, a voluntary commitment to mine foundational security principles including from cyber attack, critical infrastructure, elections, the public core of the internet and intellectual property. The call has been endorsed by more than 65 governments in over 500 enterprises and organizations. Unfortunately the United States is not yet an obstacle. For the sake of the security of american citizens, those around the world endangered deescalating of the attacks online, microsoft continues to encourage the United States to join this landmark multistakeholder commitment. The private sector and government must Work Together to invent 21st Century Solutions to the uniquely 21st century threats. Microsoft stands ready to do our part. Thank you and i look forward to your questions. Distinguished members of the subcommittee, thank you for the opportunity to participate on this important topic. Threats remain one of the most important risks facing the nation. Companies that collect and use data face threats from malicious cyber actors and restrictive government policies. The lack of u. S. Leadership on global issues of cybe cybersecu, Data Governance into digital Law Enforcement has been in a difficult position caught between the need to secure data against lawful and unlawful of use and demand of access to data. They are growing fast. The attack is more of their lives move online and proliferate has created vulnerabilities that can be exploited by malicious actors and the Cyber Capabilities have become as tabs in the arsenals of the government. And the gray market and the capabilities has grown up to need that. Both administrations repeatedly demonstrated a lack of resolve to impose meaningful consequences on the nationstate violates the behaviors and engage in Cyber Attacks against the u. S. Cybercrime has also become an epidemic. In 2018, csi has estimated the cost was more than 600 billion. Nearly 1 of gdp. Of 35 from 2014. The cyber activities are largely consequence free. Only 0. 3 of the reported Cyber Attacks in the United States result in an arrest in cyber crime is a massively underreported crime, the attacks are one of many threats to private and Sensitive Data into the challenge for the companies is the growtcompanysince the grl exploitation of the data by governments. Countries wish to enforce the law and protect the citizens as they defined both of the goals and expect companies to do business to enable them to do so. The problems arise when they lack appropriate government mechanisms and when they lead to the Technology Platforms in the global populations they serve into thand the government inteny utilized commercially available technologies from the oppression and exclusion. U. S. Companies and u. S. Government developed a range of technologies and policies to combat the challenges. They utilize Technical Solutions like unrecoverable encryption for the data to be an accessible even with the legal order. U. S. Government has also helped companies protect data for example for the Electronic Communications act prevents companies from disclosing the contents of communicati