[inaudible conversations] [inaudible conversations] the committee will come to order. Thank you all for being here. I would like to thank Ranking Member whitehouse, my friend and collaborator. Its great to be here at doing this together. I was just saying to him, i told him i would tell you it would bt nice to them in his edges because hes a top question. He will take you to test. I would like to thank the witnesses for their attendance today. I would also like to highlight two empty chairs today, which i say for saved for two and find witnesses who apparently dont show your commitment to discuss these issues. One chair is for tik tok. If you dont know what tik tok is, you should. Its a chinese owned social media platform so popular among teenagers that Mark Zuckerberg is reportedly spooked. For facebook, that fear is lost social media market share. For the rest of us, the fear is somewhat different. A company compromised byif the Chinese Communist party knows where your childrenws are, knows what you look like, with their voice assembly, what theyre watching and what they share with each other. Ik tik tok claims they dont store american user data in china. Thats a nice, but all it takes is one knock on the door of their Parent Company, based in china, from a communist Party Official of that data to be transferred to the Chinese Governments hands, whenever they need it. Tik tok claims they dont take direction from china. They claimed they dont censor. In fact, inct a letter submitted day to this committee, tik tok said this, no government, foreign or domestic, moderate how we tik tok does not remove content based on sensitivities related to china or of the countries we have never been asked by the Chinese Government to remove any content, and we would not do so if asked. Thats what they say. Without objection i will enter the whole letter into the record. But thats not what former employees of tik tok say. Today the Washington Post is reporting that tik toks Chinese Parent Company impose strict rules on what could appear on the app in keeping with chinas restrictive view of acceptable speech. Former employees said Company Officials raised in beijing had the final call on whether flagged videos were approved. The former employees said their attempts to persuade chinese teenagers not to block or penalize certain videos were routinely ignored. Out of caution about the Chinese Governments restrictions. One former manager, tik toks Parent Company said this, they want to be a global company, tik tok, and numbers wise theyve had that success. But the purse is still in china. The money always comes from there, and the decisions all come from there. That issue a different story than the one tik tok has told this committee in this literature and thats a problem. Tik tok should answer for these discrepancies. Theyns should answer to the millions of americans who use the products with no idea of its risks. They should have been hereo tody but after this letter to this committee, they must now appear under oath to tell the truth about their company and its ambitions and what theyre doing with our data. The threatit isnt just to childrens privacy. Its a threat to our National Security. We dont know which i can do with this kind of social data in aggregate, what it tells china about our society. They can see who we talk to, what we talk about, where they congregate, will be captured on video. Not all of tik tok users are just kids. Some work in government or for the military. Others are celebrities or work for major American Companies, positions of influence. What does it mean for china to have a window into such users socialize . Why we believe that window open . The other empty chair belongs the company that is help open chinas window on american consumers, apple. We are accustomed to things like this one to hearing about apple as a good corporate citizen. It encrypts its messages. Limits its own Data Collection from users. It gives them privacy controls. But apples Business Model and practices are increasingly entangled with china. The fact they would rather not think too much about their china is essential to apples on applying both on the supply and the demand side of the business. Apples investment in chinese production have helped build the scientific and manufacturing capacity of americas greatest geopolitical rival. But chinese demand is even more critical to apples future and to service that the man apple is risking compromise with authoritarianism. The company hosts is chinese users icloud data in china as part of a joint venture with a Chinese Government controlled entity, g cbd. How quickly talks about encryption but where are those Encryption Keys for the data stored . China. Apple says it has control of those keys but who knows what that means, and apple isnt here to tell us. If you have family in China Business contacts there, you cannot count on encryption to keep your interactions secure from chinese authorities can. If youre a week or a chinese dissident or a protester in hong kong, apples corporate values will not too much to protect you. On in thehe midst of hong kong democracy protest, now in the 22nd we come apple pulled at from its store the top protesters and citizens stay safe during Violent Police crackdowns. Why . He because beijing push for it. Just a few days later tim cook was appointed to chair the board at the Business School or if youre an american user of an ios you cant t be confident tht the Chinese Government isnt reverse engineering the platform due to their privilege access to it via their joint venture with apple. With apple and tiktok we see two sides of the same coin when it comes to Data Security, the danger of chinese tech platforms entry into u. S. Market and the danger of American Tech Companies operations in china. Thats one of the most important subjects we can discuss at todays hearing, how does the withindustry entanglement china imperil our Data Security . I look for to the witnesses testimony. Thank you for being here and now senator whitehouse. Thank you, chairman. I welcome all of the witnesses who are here. I have a fairly long history with this issue in the senate and i can remember when the senate had pretty much close to zero interest in privacy and data, so long as the data was held in private sector hands. We would get quite animated about many data that our National Security apparatus might have access to. When, by contrast, arrive at platforms had more data on americans in the most intrusive governments in the history of humankind, and we paid virtually no attention to it. Im delighted that that wall. Hs come down and that we now see the risks from the huge aggregations of private data in private hands as significant. So delighted this is a topic. Ive also been involved in a lot of the efforts for cyber legislation. At one point back we made a lot of progress on a bipartisan bill focusing on critical infrastructure. My republican coordinates were senator kyle who was is numbero on the republican side, senator mccain who was then chairman on the armed services, so it was a pretty highlevel operation. We made a lot of progress. We had a considerable number of conversations where there wasnt a wholele lot of news and noiseo be made, but a lot of good hearts and sincere work with people from the private sector and from our defense and intelligence agencies. And when push finally came to shove, the republican leader went to the floor and said, no cyber bill is coming without repeal to obamacare attached to it. That ended that effort. Then along with chairman mccaul i was the culture of the report for the incoming president , which is a very helpful and thoughtful bipartisan cyber analysis. And when President Trump came in i looked at tom bossert who i think is a very wellversed, honorable professional in the cyberspace, great technician, and i looked at an attorney general who would come out of the senate and the bee and i had come out of the senate and i thought great, we opportunity between the substantive knowledge of tom bossert and g Political Savvy in the Senate Sessions and coats to get a real bill going. And, of course, as you know all of that has fallen apart. None of them work for the administration of any longer and i honestly couldnt tell you who i should t go talk to in the administration about cyber legislation, so low is their apparent level of interest. I hope we are finally in a good space to start doing some real work here. In closing i have remarks and i would i like to ask an incentive to put them in the record. I want to make a procedural point year ask unanimous consent particularly in the judiciary committee, we ordinary operate one of two ways. I do say this will be a a bipartisan and the Work Together and we agree on the witnesses, there are consensus panels and the shape of the hearing is agree to before hand, or you dont go that way. You got a partisan way, kind of an informal rule that one side pic so many witnesses, the other gets the opposite. The minority doesnt think its views of being fairly expressed or they can call witnesses of their own and you get a the fight panel but often very interesting. This is a bit of a hybrid. Until last week we had bipartisan agreement on two panels, and all of that changed rather rapidly. Im not going to get too excited about all this because the chairman has expressed an interest in trying to make sure that the administration witnesses whom we have scheduled will be rescheduled, and hope is true. The panel that actually is here is a panel that was agreed to in bipartisan fashion, but i do believe if were going to be doing is bipartisanwe hearings then we should see that through all the way to the hearing and not follow the bipartisan path down until the week before and then change to having sudden unexpected changes made. I just want to flag that, mr. Chairman, because i think you and w i have done good work befe and of what to make sure our ground rules for the chair and Ranking Member for these hearings are clear with each other. I am delighted to go forward with this hearing. I appreciate your leadership in this area and i just want to be very cautious about the hybrid. We are a bipartisan hearing into the last minute we are not, waiting business. Thank you. Thank you for your lawn work on this issue and the sender is alluding to a common goal of both share which is g to have government was senator whitehouse putter, Administration Officials testify in this committee, and that is a goal that i share and i look forward to doing with senator whitehouse, and we hope for their full cooperation. Now let me turn to introduce the witnesses. Mr. Tom burt as Corporate Vice president of Customer Security and trust at microsoft. Elite engineers, lawyers, all certificates, project managers, business professionals, data analysts and cybercrime investors to manage cybersecurity. He joined microsoft in 1995 and is held several roles in the corporate external and Legal Affairs department. Mr. William carter steph curry director of thehe Technology Policy program at the center for strategic and international studies. His research focuses on International Cyber and Technology Policy issues including Artificial Intelligence, surveillance to privacy, data localization, cyber conflict and deterrence combine agile sector cybersecurity and Law Enforcement and Technology Including encryption. Ms. Cara frederick is a fellow of the technology and National Security program at the center for a new american security, see nas. Before joining cns she helped create a late facebooks Global Security counterterrorism analysis program. She was also the team lead for facebook headquarters rachel Intelligence Team in menlo park, california. Write a facebook she served as a Senior Intelligence analyst for u. S. Naval special warfare command and spent six years at the counterterrorism analyst at the department of defense. Mr. Klon kitchen is a Serum TechnologyResearch Fellow at the heritages foundation. As their first senior fellow protect old compassion security and science policy to his research focuses on the intersection of technology and National Security with particular interest in Artificial Intelligence, autonomous weapon systems, space and intelligence issues. Prior to that he was National Security adviser to senator ben sasse. Thank you all for being here. In keeping with the tradition of the committee i will swear you in before beginning test one. Please raise and rise please rise and raise your right hand. [witnesses were sworn in] thanknd you. And now well hear your opening statements. Mr. Burt, we will start with you. Chairman hawley, Ranking Member whitehouse and members of the committee thank you for the opportunity to testify today. In my comments oh focus on the work that microsoft does to combat criminal and nationstate Cyber Attacks and i will discuss what government and the private sector must Work Together in new ways to combat these attacks. The frequency ofmb success that cybercrime exploits continues to grow. Its estimate the Global Financial impact last year was 1 trillion. Nationstate attacks continued increase in number, sophistication and impact. For more than a decade microsoft passport back. We have learned we best protect our customers when we worked collaboratively with government and others in the private sector. Government has Law Enforcement and intelligence resources that the private sector cannot match but the private sector has access to data and technological resources that governments cannot match. So we must work collaboratively to find solutions. Today Microsoft Digital crimes unit truly unique in the private sector combats this is email compromise crime and continues to lead the world in our efforts to shut down criminal botnets. Working closely with Law Enforcement and private sector partners we have not taken down 17 botnets, resting close to 500 million devices from these criminal networks. Law enforcement faces unique challenges in combating these borderlessss crimes. Thats why we were strong supporters of the class act which modernize crossborder data can access appropriately by Law Enforcement. We applaud the agreement recently announced between the United States and the United Kingdom implementing the cloud act and we encourage department of justice to continue their efforts to negotiate and conclude additional cloud act agreements. Despiteag a pass success we have not seen Law Enforcement partner with us on recent botnets takedowns. We are concerned reward and recognition structures in our Law Enforcement agencies do not today provide the incentives to devote more and stronger resources to activities that protect victims but do not yield arrests and convictions that we Hope Congress will provide new incentives for Law Enforcement toen prioritize the distraction and dismantling of criminal networks. In addition, we see increasing nationstate attacks causing significant harm to citizens and enterprises around the world. We have used the botnet distraction techniques that we pioneered to disrupt these nationstate maligned actors who are intent on destroying democracy. We have disrupted groups operating from russia, china, iran, and north korea, and will continue to do this important work. Disruption is important but so is improving cybersecurity hygiene. E. Unpatched systems are exploited by our adversaries, so we strongly promote a prompt installation of security updates. Updates. We advocate for use of multifactor authentication and we develop cutting edge Ai Security Services like microsoft offender atp. We can combat and we can defend, but we also need to reduce how many attacks are launched against our civilians and enterprises. Longterm solutions for protecting cyberspace require clear and Binding International commitments that define acceptable online nationstate behavior. This problem cannot be solved by governments or the private sector acting alone. Multistakeholder solutions are essential to combat what is necessa