[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
INTERNET OF THINGS
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
COURTS, INTELLECTUAL PROPERTY,
AND THE INTERNET
OF THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
JULY 29, 2015
__________
Serial No. 114-38
__________
Printed for the use of the Committee on the Judiciary
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://judiciary.house.gov
______
U.S. GOVERNMENT PUBLISHING OFFICE
95-686 PDF WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan
Wisconsin JERROLD NADLER, New York
LAMAR S. SMITH, Texas ZOE LOFGREN, California
STEVE CHABOT, Ohio SHEILA JACKSON LEE, Texas
DARRELL E. ISSA, California STEVE COHEN, Tennessee
J. RANDY FORBES, Virginia HENRY C. ``HANK'' JOHNSON, Jr.,
STEVE KING, Iowa Georgia
TRENT FRANKS, Arizona PEDRO R. PIERLUISI, Puerto Rico
LOUIE GOHMERT, Texas JUDY CHU, California
JIM JORDAN, Ohio TED DEUTCH, Florida
TED POE, Texas LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah KAREN BASS, California
TOM MARINO, Pennsylvania CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho HAKEEM JEFFRIES, New York
BLAKE FARENTHOLD, Texas DAVID N. CICILLINE, Rhode Island
DOUG COLLINS, Georgia SCOTT PETERS, California
RON DeSANTIS, Florida
MIMI WALTERS, California
KEN BUCK, Colorado
JOHN RATCLIFFE, Texas
DAVE TROTT, Michigan
MIKE BISHOP, Michigan
Shelley Husband, Chief of Staff & General Counsel
Perry Apelbaum, Minority Staff Director & Chief Counsel
------
Subcommittee on Courts, Intellectual Property, and the Internet
DARRELL E. ISSA, California, Chairman
DOUG COLLINS, Georgia, Vice-Chairman
F. JAMES SENSENBRENNER, Jr., JERROLD NADLER, New York
Wisconsin JUDY CHU, California
LAMAR S. SMITH, Texas TED DEUTCH, Florida
STEVE CHABOT, Ohio KAREN BASS, California
J. RANDY FORBES, Virginia CEDRIC RICHMOND, Louisiana
TRENT FRANKS, Arizona SUZAN DelBENE, Washington
JIM JORDAN, Ohio HAKEEM JEFFRIES, New York
TED POE, Texas DAVID N. CICILLINE, Rhode Island
JASON CHAFFETZ, Utah SCOTT PETERS, California
TOM MARINO, Pennsylvania ZOE LOFGREN, California
BLAKE FARENTHOLD, Texas STEVE COHEN, Tennessee
RON DeSANTIS, Florida HENRY C. ``HANK'' JOHNSON, Jr.,
MIMI WALTERS, California Georgia
Joe Keeley, Chief Counsel
Jason Everett, Minority Counsel
C O N T E N T S
----------
JULY 29, 2015
Page
OPENING STATEMENTS
The Honorable Darrell E. Issa, a Representative in Congress from
the State of California, and Chairman, Subcommittee on Courts,
Intellectual Property, and the Internet........................ 1
The Honorable Jerrold Nadler, a Representative in Congress from
the State of New York, and Ranking Member, Subcommittee on
Courts, Intellectual Property, and the Internet................ 3
The Honorable Bob Goodlatte, a Representative in Congress from
the State of Virginia, and Chairman, Committee on the Judiciary 5
The Honorable Suzan DelBene, a Representative in Congress from
the State of Washington, and Ranking Member, Committee on the
Judiciary...................................................... 5
WITNESSES
Gary Shapiro, President and CEO, Consumer Electronics Association
Oral Testimony................................................. 7
Prepared Statement............................................. 9
Dean C. Garfield, President and CEO, Information Technology
Industry Council
Oral Testimony................................................. 25
Prepared Statement............................................. 27
Mitch Bainwol, President and CEO, Alliance of Automobile
Manufacturers
Oral Testimony................................................. 35
Prepared Statement............................................. 37
Morgan Reed, Executive Director, ACT | The App Association
Oral Testimony................................................. 43
Prepared Statement............................................. 45
APPENDIX
Material Submitted for the Hearing Record
Letter from Brian J. Raymond, Director, Technology Policy, the
National Association of Manufacturers (NAM).................... 82
Prepared Statement of Public Knowledge........................... 84
Material submitted by the Telecommunications Industry Association
(TIA).......................................................... 111
INTERNET OF THINGS
----------
WEDNESDAY, JULY 29, 2015
House of Representatives
Subcommittee on Courts, Intellectual Property,
and the Internet
Committee on the Judiciary
Washington, DC.
The Subcommittee met, pursuant to call, at 10:05 a.m., in
room 2141, Rayburn House Office Building, the Honorable Darrell
E. Issa (Chairman of the Subcommittee) presiding.
Present: Representatives Issa, Goodlatte, Chabot, Poe,
Marino, Walters, Nadler, Chu, Deutch, DelBene, Jeffries, Cohen,
and Johnson.
Staff Present: (Majority) Vishal Amin, Senior Counsel; Eric
Bagwell, Clerk; and (Minority) Jason Everett, Minority Counsel.
Mr. Issa. The Subcommittee on Courts, Intellectual
Property, and the Internet will come to order. Without
objection, the Chair is authorized to declare a recess of the
Subcommittee at any time.
Today we welcome everyone here for a hearing on the
Internet of Things. Throughout its short history, the Internet
has been transformative and a powerful tool. It has shaped
communication commerce worldwide. Technology, too, has proven
to advance at rates that only Moore's law describes with a
doubling of capacity so quickly that about the time you run out
of your short warranty, you in fact have a product that can out
perform the one on your desk.
But the Internet of Things, which broadly refers to a
network connected real world items able to exchange data with
each other and across existing network infrastructure is a
newer portion of what now becomes the future of our lives and
our communication in the 21st Century.
It is estimated by 2020 there will be 25 billion connected
things, and without a doubt, before we reach 2020, I will be
wrong, and there will be more connected things. By inventing
devices with electronic sensors, software capable of connecting
a market, we in fact have smart devices. Those smarter devices
today already include, if you choose, every light switch in
your home, the watch you wear, and products throughout the
home, whether they be speakers to hear from or in fact sensors
to control climate down to a portion of every room.
Data-driven technology is also improving the way we
understand healthcare and the introduction of new health
monitoring systems can in fact prevent, detect, and treat today
any number of afflictions. A generation ago, the insulin pump
was an amazing product, but it wasn't a true demand pump, it
wasn't connected to your physician, it wasn't in fact sensing
other environments. Today, it not only could but it soon will.
At the same time, as we talk about your home, your
lighting, your messaging, your voice, and of course, your
health and your actual biological function, issues like privacy
and data security for these interoperable technologies become,
not just something to talk about, but an area in which we in
Congress play a large and potentially destructive role if we're
not careful in the development of these technologies.
Every day in America somewhere someone is being hacked and
somewhere someone is finding out that their personally
identifiable information has been compromised. Too often it in
fact is the government who we hear it from, the government who
controls, if you will, whether or not you can further secure
your Internet of Things products or not.
A generation ago I stood with one of our witnesses at a
time in which a Member of Congress, a former FBI agent was
trying to prevent 256 encryption. He was doing so because the
FBI needed to be able to quickly crack the bad guys'
transmissions. It had needed to be able to unbundle a floppy
disk information in a matter of seconds if they were going to
deter organized crime.
Unfortunately, it meant that hackers were taking
Microsoft's operating system and quickly duplicating it and
denying them millions or billions of dollars. It took a number
of years for Congress to realize that that artificial control
was not only circumventable by exporting their software to
other countries and reimporting it, but it was ludicrous
because the bad guys were not going to limit their protection
to 256 bits.
Unlicensed spectrum within the Internet of Things is going
to be talked about again and again today. I hope my witnesses
will feel free to talk about the benefits of greater spectrum
for the Internet of Things. I would remind all panelists,
however, that the FCC is not within our primary jurisdiction,
but to unbundle these and other parts of the Internet of Things
will take a coordination between Committees that do control
spectrum, those of us who control a great deal of the privacy
requirements, and of course, the overseeing of what government
allows.
In January, the Federal Trade Commission released a report
that followed months of stakeholder roundtables focused on data
privacy and security. The report made a broad nonbinding
recommendation about how companies should address these issues
from the onset and laid the groundwork for future FTC
involvement in the Internet of Things.
When Congresswoman DelBene and I launched the congressional
caucus on the Internet of Things in January, the first
questions we received were usually what is the Internet of
Things? And why does Congress care?
To a great extent, we have laid out a number of those even
in my opening statement today, but I would be remiss if I
didn't say that the Federal Trade Commission is an agency that
has been enforcing breaches in security while in fact until
recently providing little guidance. This is yet another example
of where we in fact can come in with the heavy hand of
government but seldom with a safe haven, and that's an area in
which the Internet of Things caucus and this Committee have an
obligation to ensure that we do both.
So today we look forward to a hearing which stakeholders in
the Internet of Things marketplace and further opportunities to
deal with the challenges that Congress brings and those in
which we can bring relief.
Thank you. And I look forward to our witnesses, and I now
recognize the Ranking Member, the gentleman from New York, Mr.
Nadler, for his opening statement.
Mr. Nadler. Thank you, Mr. Chairman. The Internet of Things
is the next revolution in our increasingly wired world.
Everything from household appliances to transportation systems
can harness the power of the Internet to increase productivity,
efficiency, and consumer choice. This technology holds great
promise for consumers, businesses, and governments alike, but
we must also consider the potential threats to security and
privacy that are inherent in system relying on wireless
connection and massive data collection as its lifeblood.
Today's hearing is an opportunity to examine both the
benefits and the risks that the Internet of Things presents.
The Internet of Things has experienced explosive growth in
recent years. By some estimates, there are already 25 billion
connected devices today. By 2020, in 5 short years, there may
be as many as 50 billion.
We're already seeing many innovative uses of the Internet
of Things across various industries as well as the potential
risks that this technology may hold. For example, according to
one study, by 2020, up to 90 percent of consumer cars may have
an Internet connection, up from less than 10 percent in 2013.
With this technology, drivers can monitor whether their car
needs maintenance, the safety of their driving, and even the
fuel efficiency of various routes.
But these features also leave their cars vulnerable to a
cyber attack. As the New York Times described last week,
researchers were able to track Internet-enabled cars' location,
determine their speed, turn on and off their blinkers from
afar, turn on and off their blinkers, lights, windshield
wipers, and radios, interfere with navigation devices, and in
some cases, control their brakes and steering.
As more and more vehicles use Internet technology, it is
vital that automakers install strict security features to ward
off potential attacks.
Similarly, so called smart cities are incorporating
Internet of Things into their transportation energy and even
waste management systems to increase efficiency. For example,
traffic lights can be timed to maximize traffic flow and ease
congestion in realtime. Street lamps can conserve energy by
dimming when sensors tell them that no one is around, and
garbage cans can signal when trash ought to be collected.
Imagine the garbage can talking to the sanitation department.
Such technology has the potential to revolutionize students
that build infrastructure. I don't want to know what they say.
But unless cities integrate strong security measures when
deploying this technology, their infrastructure could be
vulnerable to attack by hackers looking to do mischief or
terrorists seeking to bring a whole city to a standstill.
In addition to security concerns, the Internet of Things
also raises a host of privacy implications, particularly with
respect to consumer devices. There is no doubt that Internet-
enabled technology can improve a consumer's experience in ways
large and small. To maximize energy efficiency, your nest
thermostat can be controlled remotely and even adjust
temperatures on its own once it learns your patterns.
Amazon has introduced a Dash button which will allow
customers to press a button and automatically reorder certain
household supplies. But what do these companies do with the
massive amounts of data they collect about their customers?
What sort of notice do they provide to consumers about their
privacy policies, and what choice do consumers have about how
their information is used? And how will companies protect their
sensitive information from being compromised in a cyber attack?
These are all questions that must be considered as this
technology continues to expand its reach.
For another example, millions of Americans wear devices
that track their physical activity and other health indicators.
At least one insurance company is offering its customers a
discount if they wear such a device and demonstrate a healthy
lifestyle, but beyond encouraging healthier behavior by their
customers, it is not clear how else insurance companies may
seek to use this personal information in the future. Will it be
sold for marketing purposes? Will it be used in a
discriminatory manner to determine the use of suitability for
credit or employment?
In its examination of these important questions, the
Federal Trade Commission made a number of important
recommendations that we must consider. It suggested that
companies build security into their devices at the outset
rather than as an afterthought. It also recommended that they
monitor connected devices throughout their expected lifecycle
to provide security patches where possible to cover known
risks.
In addition, the FTC urged companies to protect consumers'
privacy by engaging in data minimization as well as providing
notice in choices to consumers as to how their data may be
used. Although the FTC did not make any specific legislative
recommendations, we should consider whether congressional
action is appropriate at this time to address security and
privacy concerns. If so, should we seek solutions to these
concerns that are specific to the Internet of Things or should
they be addressed through broader legislation on these topics?
The Internet of Things has already led to important
technological breakthroughs, and as it expands its reach, it
has the potential to spur tremendous innovation. Our challenge
is to find the proper balance between promoting this innovation
and ensuring that our security and our privacy are protected as
this valuable technology continues to grow.
I look forward to hearing from our witnesses about how to
address these challenges, and I yield back the balance of my
time.
Mr. Issa. Thank you, Mr. Nadler.
I now recognize the gentleman from Virginia, the Chairman
of the full Committee, Mr. Goodlatte for his opening statement.
Mr. Goodlatte. Thank you, Mr. Chairman. Today we're here to
learn more about the Internet of Things. I think this
technology has the ability to not only improve the more mundane
aspects of our everyday lives but transform the healthcare,
transportation, and information technology industries.
This new area of technology is of particular interest to
the Judiciary Committee considering our longstanding
jurisdiction when it comes to issues pertaining to intellectual
property, privacy, security, cloud computing, and digital
trade.
The Internet of Things refers to machines containing
sensors that connect and transmit data to other connected
devices and the Internet. Dramatic growth in cloud computing
over the past several years has helped enable this technology
to reach its full potential. Without the ability for data from
an Internet of Things device to be analyzed in realtime, the
data itself would serve little value.
The ability to access this information through mobile apps
or even our cars, makes these Internet of Things devices a key
tool to finding creative solutions for many of the problems of
daily life in the 21st Century. Smart agriculture will help us
to grow more food and prevent waste. Smart transportation will
help prevent traffic jams but can also be used to monitor road
conditions and structural components of bridges and overpasses
to detect problems immediately.
New wearables not only monitor the number of steps we take
but can also include sensors that can catch and alert us to a
potential medical emergency before it actually becomes one. As
this Committee continues to study this new technology, it is
important for us to keep in mind the full scope of the Internet
of Things and be cognizant of its effects on public policy
today and in the future.
In particular, we need to examine the privacy and security
implications of this technology and look into the security and
privacy measures industry is building now and the measures they
intend to implement as open standards are developed.
I'm hopeful that this new technology will help fuel the
engine of American innovation, prosperity, and creativity. I
think we have a fantastic panel assembled today. I know all of
the witnesses, and I look forward to hearing from them about
this exciting new area of technology.
Thank you, Mr. Chairman.
Mr. Issa. Thank you, Mr. Chairman.
And now on behalf of the Ranking Member, the gentlelady
from Washington's First District, Ms. DelBene, will make a
short opening statement.
Ms. DelBene. Thank you. I want to thank my co-chair on the
Internet of Things caucus and our Chairman, as well as the
Ranking Member for calling this hearing on this important
subject. When we examine the way that Internet-connected
products and sensors are being used and what's called the
Internet of Things from home appliances to personal wearables,
it might be easy to conclude that the promise of the Internet
of Things is limited only by American ingenuity, but we have an
emerging set of challenges and opportunities to address for
both innovators and for consumers.
To start, we need to make sure that we update existing laws
to reflect the way the world works today and where we are
headed in the future. That means, for example, updating the
Electronic Communications Privacy Act to ensure that data on a
server is protected by the same warrant standard as a document
in a file cabinet. For the multi-billion dollar Internet of
Things economy to be successful, we need to be responsible
stewards of policy.
For example, consumers must feel they can trust their
devices will be secure and private, not vulnerable to hacking
or spying. Devices must be able to talk to each other, and that
means forging a path to adoption of uniform preferably
international standards. Regulatory agencies must find ways to
strike the right balance between encouraging innovation and
firmly upholding their duty to protect the public health and
safety, particularly in the realm of connected cars.
And as all these devices collect unprecedented amounts of
data, they hold great promise for things like health research,
but we must work with stakeholders to create a privacy
landscape that Internet of Things users can understand that
provides individuals with control over their own data.
Again, I want to thank the Chairman and the Ranking Member
for calling today's important hearing and setting the stage for
what I hope will be a productive and informative series of
hearings on the role that Congress and our Committee can play
and create an environment where Internet of Things innovation
can prosper and consumer protection is at the forefront.
Thank you, Mr. Chair, and I yield back.
Mr. Issa. I thank you, and thank for your leadership on
this issue.
It is now my pleasure to introduce our distinguished panel.
The witnesses' written statements have been entered into the
record and will be placed in their entirety, and I'd ask
witnesses to summarize in about 5 minutes their statements so
we can leave time for lots of questions.
But before I introduce the witnesses formally, pursuant to
the Committee rules, I'd ask that all witnesses stand to take
the oath, customarily raising your right hand.
Do you solemnly swear or affirm that the testimony you're
about to give will be the truth, the whole truth, and nothing
but the truth.
Please be seated. Let the record reflect that all witnesses
answered in the affirmative.
Today, our witnesses include Mr. Gary Shapiro, President
and CEO of the Consumer Electronics Association; Mr. Dean
Garfield, President and CEO of the Information Technology
Industry Council; Mr. Mitch Bainwol, President and CEO of the
Alliance of Automobile Manufacturers; and Mr. Morgan Reed,
Executive Director of ACT | The App Association
Before I go down the row for the witnesses, I have to take
a little bit of a personal privilege. The other three know it.
Mr. Shapiro and I go back a long time. We were there at the
birth of the Modern Consumer Electronics Association, and I
once worked for him on an unpaid, highly compensated, but
unpaid position as the Chairman. So if today I rough him up,
remember get backs, it takes awhile.
And with that, Mr. Shapiro.
TESTIMONY OF GARY SHAPIRO, PRESIDENT AND CEO, CONSUMER
ELECTRONICS ASSOCIATION
Mr. Shapiro. Thank you, Chairman Issa. This is indeed a
historic moment in my life because I've been referring to you
as boss for 25 years, and you, as Chairman, oversaw a good
portion of our freedom and our growth. And thank you, Ranking
Member Nadler, Chairman Goodlatte, and other Members as well.
The Consumer Electronics Association represents 2,000
technology companies, and we own and produce the CES, which is
held each January in Las Vegas, and is the world's largest
innovation event. The Internet of Things is a big part of the
CES now. In fact, it's so big that some 900 of our 3,600
exhibiters had Internet of Things related products at our
recent show.
And the Internet of Things, you should know, exists because
of smart phones. Over a billion smart phones have been sold,
and they contain something called MEMS, Micro-Electro
Mechanical Systems. These are tiny little devices that actually
move, and they measure all sorts of things like pressure,
temperature, location, movement, and other valuable
information.
And because of the billions of sales of these devices in
phones, now they cost just pennies apiece, and very smart
innovators are putting them together in very clever ways, and
what they're doing is creating new services rather rapidly.
They use very little energy, and they hook up to the Internet,
and that is what the Internet of Things is based on.
From garden soil moisture monitors to baby monitors, from
wearables like smart watches and fitness trackers to connected
thermostats and lights, from household appliances to connected
cars, consumers are using these devices to stay healthy, to
increase efficiency, to be secure, and to make better
decisions.
You've heard the estimates of how these are going to grow,
and they are estimates. I just swore to tell the truth, so I
can't say they're factual, but there is definite growth. We see
it ourselves. We grew 32 percent in the United States alone in
terms of connected home devices. It's already almost a billion
dollar marketplace in the United States just in the home area.
And these home control systems allow consumers to manage
their security systems, turn on appliances, manage heating and
cooling and lighting systems, and they also increase home
efficiency and cut bills, they can learn room usage patterns
over time, they can adjust temperatures and maximize efficiency
even when no one is home.
And while these save time and money for ordinary Americans,
there's an opportunity here to care for our aging population,
as well as the 56 million Americans with disabilities.
Assistive technology has previously been customized and costly.
Connected home products consumers are buying today provide
novel interfaces like voice control that help people with
reduced mobility and dexterity. Smoke detectors can now be
connected to lighting controls so lights can flash to a person
who can't hear, and they can light up the whole house for a
safe exit.
In today's low-cost connected home products are life
changing and sustaining for many Americans. Think about our
older loved ones. We have limited caregivers with an aging
population, and smart home devices will help seniors to live
independently and comfortably, retain their quality of life,
and they could do this with caregivers watching remotely, and
at the same time our older Americans will retain their privacy
and share just what they're comfortable sharing.
It's coming quickly in terms of the Internet of Things, but
it does face impediments. First, it requires spectrum. Wireless
spectrum is a platform on which most of these new devices
connect, and we need additional licensed and unlicensed
spectrum.
Second, the Internet of Things is changing what skills we
need to retain our Nation's competitive advantage. We need
experts and people who can analyze data and make things happen,
and we don't have enough skilled workers. That's why we are
pushing for highly skilled immigration reform.
Third, the Internet of Things requires government
restraint. It does require us to consider new challenges. There
are legitimate concerns about safety, privacy, security, but--
and important questions are being raised as to who actually
owns the data, and stakeholders, including government, can and
should be discussing these issues in a forum like this today.
As we said in our IoT filing with the FCC over 2 years ago,
consumers' adoption hinges on building trust. I just heard that
again, Congresswoman. And it's up to manufacturers and service
providers to make good decisions about privacy and security or
they will fail in the marketplace, and we are passionate that
industry-driven solutions are best to promote innovation while
protecting consumers, but we recognize and respect the
legitimate role of government to encourage transparency,
clarity, and experimentation.
CEA itself has been involved already in over 30 standards
making operations, activities that produce ANSI-certified
standards, that are focussing technical aspects of Internet of
Things, and of course, it's just beginning. But we have to be
careful of overly prescriptive mandates because that could
stymie the growth of the Internet of Things. Any government
action should be very narrow and very specific and focus on a
real harm.
The Internet of Things is huge. It's an opportunity to
change the world, and we look forward to working with this
Committee to ensure that government policies and regulations
support growth in this dynamic sector. Thank you, and I look
forward to answering your questions.
[The prepared statement of Mr. Shapiro follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you, Mr. Shapiro.
Mr. Garfield.
TESTIMONY OF DEAN C. GARFIELD, PRESIDENT AND CEO, INFORMATION
TECHNOLOGY INDUSTRY COUNCIL
Mr. Garfield. Thank you, Chairman Issa, Ranking Member
Nadler, Members of the Committee. On behalf of 61 of the most
dynamic and innovative companies in the world, we thank you for
hosting this hearing. We thank you as well for the context,
which is outside pending legislation, and as well, Mr. Chairman
and Congresswoman DelBene, for your leadership in creating the
Internet of Things caucus.
It is our firm view that the Internet of Things has the
potential to be one of the most transformative technological
innovations in human history. That is, with the right policy
environment. To ensure that I'm not accused of engaging in
hyperbolic hyperventilation, I would like to focus my testimony
on three areas.
One, why we think that's the case; two, what we're doing to
enable it; and then third, our humble recommendations on how
Congress and the Administration can be helpful.
As to the first, the Internet of Things is essentially the
digitization of the physical world through connecting sensors
into a network with computing systems. What may sound simple
has the potential to be seismic in the creation of new
industries as well as disruption of existing ones. Whether
we're talking about watches that have the potential to not only
help you to be more fit but as well to prevent catastrophic
health incidents through monitoring your heart rate, or we're
talking about windshield wipers that have the ability to
communicate with other windshield wipers and alert your car to
an impending storm or alert an autonomous vehicle to the
potential for a construction zone that's soon arriving.
There has been much discussion of the home and personal
manifestations of the Internet of Things, which are truly
exciting. It is important, however, not to ignore the
potential, the commercial deployments. Those commercial
deployments are real, tangible, and have huge potential
economic benefit.
Whether it is the deployment of sensors in our energy grid
to ensure greater resiliency and reliance, the deployment of
sensors in transportation systems to allow more efficient
delivery or in mines to ensure safety for workers, the economic
impact, much of the economic impact will come from those
deployments, which by 2030 is expected to be almost $7
trillion.
So what are we doing, as the technology sector, to ensure
that is the case? We are focused on a multi-facetted approach
that heavily emphasize security, privacy, standards as well as
investment in infrastructure. With regard to security and
privacy, we are working and innovating all the time around
those issues, making sure that security and privacy are
developed by design so that they are part of our forethought
rather than an afterthought.
We're developing bespoke solutions to ensure that both
security and privacy are tailored to the particular
environment, and as well, we're investing in innovation because
consumers demand a high security and privacy and increasing
transparency, and it's in our interest, and it's the right
thing to do to meet that consumer demand.
As well, we are moving forward on global standards that are
driven by the sector and as well that are open standards to
ensure that we have high interoperability as well as
scalability.
Finally, we're investing in the infrastructure. Mr. Shapiro
noted the need for broadband, both wireline and wireless, as
well as ensuring that spectrum is available. In reality, the
use of spectrum on mobile data, is growing by 55 percent each
year. With the Internet of Things and the digitization of
physical things, it will only grow more expeditiously, and so
spectrum will be increasingly important.
In addition to doing those things, we intend and need to
partner with Congress and the Administration to make sure that
policy is smartly developed, and there are three things that we
think it's important that Congress focus on.
One is we need a national strategy around the Internet of
Things. Much in the same way that a national broadband plan was
able to focus our attention and drive the deployment of
broadband, having a national strategy around the Internet of
Things will be incredibly helpful.
Second, we need more spectrum, as Mr. Shapiro and I pointed
out earlier. The U.S. Government is the largest holder of
spectrum, and hence, has the greatest ability to impact the
deployment of spectrum, and we hope that we can work toward
making it more efficient.
Finally, we need the exercise of restraint. The Internet of
Things is at its nascent stages, and in order to grow to reach
its full potential, it's important that we avoid mandates that
put the thumb on the scale of particular technologies versus
others.
I look forward to your question and look forward to the
testimony of my colleagues. Thank you.
[The prepared statement of Mr. Garfield follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you.
Mr. Bainwol, you only have to deal with all the questions
set up in the opening statement, so I look forward to your 5
minutes.
TESTIMONY OF MITCH BAINWOL, PRESIDENT AND CEO, ALLIANCE OF
AUTOMOBILE MANUFACTURERS
Mr. Bainwol. It's a piece of cake. Chairman Issa, Ranking
Member Nadler, Members of the Committee, thank you for the
opportunity to testify this morning. I wore a different hat the
last time I was here on behalf of another industry that was
engaging with the challenge of technology.
During my time at the recording industry, technology
upended how music was consumed, and access began to replace
ownership, revenues fell sharply, and the fundamental model of
business transformed. Now I'm with the Alliance of Automobile
Manufacturers for the last 4 years. Instead of fighting with
Gary Shapiro, I now mostly team up with him. That's easier.
That's a good thing.
Mr. Issa. Only in Washington.
Mr. Bainwol. Yeah, right. I represent the Detroit Three,
six major European manufacturers, and three major Japanese
manufacturers as well.
And for us, the impact of technology is every bit as
profound but not threatening. Quite the contrary, technology
and connectivity are ushering in a new era and some might even
say a golden age in mobility. We've seen enormous safety and
environmental gains both in recent years and over the last half
century, striking reductions in fatality numbers and emissions,
as well as increases in MPG.
The next generation of progress will come from IoT-based
technologies. Ownership patterns may evolve somewhat as ride
sharing becomes more prevalent, but the truly material impact
of technology is the convergence, the convergence of
environmental, safety, productivity, and life quality benefits
that arise from the connectivity of an IoT world.
It wasn't that long ago that when it came to cars, safety
and environmental objectives conflicted. Do you go heavy and
safe or light and green? Every parent struggled with that
choice for their teenagers. Strategies for safety centered on
surviving crashes. Now the combination of automation and
connectivity harmonizes, harmonizes safety and green. Crash
avoidance from technology that manages the car better than a
human can, fosters more efficient mobility because there will
be fewer crashes on the road generating congestion. Fewer
crashes translates into more economic productivity, more
personal time, fewer injuries, fewer fatalities, lower
emissions, and less wasted fuel. In an IoT world where
connectivity offers the promise of these truly monumental
benefits, getting to the future as fast and sensibly as we can
is critical.
According to NHTSA, about 95 percent of all traffic
fatalities result from human error or environmental conditions.
Vehicle factors account for just a fraction. Technology is so
powerful because it offers the promise of mitigating human
error as today's innovations, automatic braking, adaptive
lighting, lane departure warnings, blind spot warnings, and
tomorrow's technologies, V-to-V and V-to-X and to ultimately
self-driving vehicles all penetrate the car park.
This innovation must be embraced and seen as the answer and
not the problem, and that means working proactively to address
concerns about privacy and cybersecurity. Last year, auto
manufacturers became the first in the IoT, a non-pure play
Internet sector, to adopt a comprehensive set of privacy
principles to protect vehicle owners. The principles have a
strong lineage, building on FIPPS, FEC guidance, the White
House Consumer Privacy Bill of Rights, and suggestions from
privacy advocates. They address, among other elements,
transparency, respect for context, data security, and choice.
For the most sensitive types of consumer information that are
needed for some driver-assist technologies, geolocation, where
you're going, driver behavior, how fast you're going, and
biometrics, the privacy principles require clear and prominent
notice about the collection of such information, the purposes
of why it's collected, and the entities with which it can be
shared.
Similarly, the industry is working to stay ahead of the
threat posed by malicious hackers. Earlier this month we
announced the formation of an Auto-ISAC, Information Sharing
Analysis Center, to establish an industry-wide portal for
sharing information about existing or potential cyber threats
and vulnerabilities.
The Alliance supports cyber security bills in the House
that would facilitate threat sharing in the private and public
sectors while protecting individual security. We hope the
Senate acts soon so that we can move the bill to the President.
Mr. Chairman and Members of the Committee, the next 20
years in the evolution of the Internet is enormously exciting
and offers the possibility of amazing outcomes on the road,
strengthening the quality of life, the environment, and our
economy. We look forward to working with you to realize the
benefits of innovation and to address the challenges that come
along the way.
[The prepared statement of Mr. Bainwol follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you.
Mr. Reed.
TESTIMONY OF MORGAN REED, EXECUTIVE DIRECTOR, ACT | THE APP
ASSOCIATION
Mr. Reed. Chairman Issa, Ranking Member Nadler, and
distinguished Members of this Committee. My name is Morgan
Reed, and I'm the executive director of the App Association. I
thank you for holding this important hearing on the Internet of
Things.
The App Association represents more than 5,000 companies
and technology firms around the globe, making the software that
runs the devices you wear and the apps you love. We are current
spearheading an effort through our connective health initiative
to clarify outdated health regulations, incentivize the use of
remote patient monitoring, and ensure environment in which
patients and consumers can see an improvement in their health.
This coalition of leading mobile health companies and key
stakeholders needs Congress, the FDA, HHS to encourage mobile
health innovation and support polices that keep sensitive
health data private and secure.
Now, traditionally, this is the moment in my oral testimony
where I should recite some interesting numbers about the
industry, talk about jobs created, and niches filled, but I'd
like to break from that a little bit. I want to tell you a
story, and it's one that I know is relevant to many of you and
certainly to a huge chunk of your constituents.
Nearly everyone in this room is caring for an aging parent
or knows someone who is. Now, imagine that your parents are
fortunate, they're living in their own home but significant
medical challenges are beginning to face them. The questions
begin, do I get a home health attendant? Do we pay as much as
$12,000 a month to move them into an assisted living facility?
Do they move into my basement? How do I deal with the fact that
my parents don't want to move into my basement, and mom feels
that a home nurse is infantilizing. What do I do to help them
live at home with dignity?
Now, most of you remember Life Alert, you know the product
with the tag line, ``Help, I've fallen, and I can't get up.''
Well, that kind of device is known as a personal emergency
response system. We called them PERS. These are great devices
but incredibly limited to what they can do.
Now, imagine a far more sophisticated PERS packed with
sensors that can track blood sugar, blood pressure, heart rate,
biomarkers for medication adherence, geo fencing for
Alzheimer's patients, and much more. Sensors small enough to
fit in a watch like this one or maybe this one, and all of
those devices--yeah, I think everyone here has got one. All of
those devices connect to a loved one's phone, an alert service,
a physician's tablet, and a medical record. Suddenly, mom can
stay at home maybe another year, maybe two, maybe three, all
while managing her health. And if mom allows the data to be
sent to you, you can be part of the solution, staying in touch
and on top of her needs. And not insignificantly, your basement
gets to keep its big screen TV.
By 2050, there'll be 83.7 million Americans over the age of
65, twice the amount from 2012. Eighty percent will have at
least one chronic condition. Without question, the age group's
rapid growth will strain public and private health resources;
therefore, the picture I painted you is not a pipe dream but
rather is imperative to prevent a cataclysmic economic outcome
from this boom in aging adults.
So what's standing in the way of this dream? What is needed
to ensure that everyone can benefit from these new innovations?
Well, I have three quick messages.
One, innovation in healthcare is happening. It can lead to
lower cost, better care, and improve patient outcomes. Two, the
future of health IoT will be founded on trust, which requires
strong security and privacy measures. Three, regulatory
barriers, outdated laws, and lack of clarity around
reimbursement are a threat to the advancement of mobile health.
Congress can and in some cases must play an important role in
improving health outcomes for all Americans through innovative
technologies.
Questions about privacy, security, reimbursement, and
government regulation have met to create an environment where
companies are worried about making devices more medically
relevant, and physicians worry about the impact on their
practice and their liability. Patients and care providers must
know that their information is private and secure. Industry
best practices around the treatment of sensitive health data as
well as a commitment from government to support these practices
are important to establish trust and push this industry
forward.
Clarifications on government access to data matter as well,
including ECPA reform and the LEADS Act. As most of this health
information will eventually end up in the cloud, and Congress
should be pushing back on any government pressure to weaken
encryption.
Finally, ensuring that doctors are reimbursed for the use
of these technologies will be essential. Currently, CMS is
statutorily prevented from reimbursing certain kinds of remote
patient monitoring because of absurd geographic restrictions
and antiquated technology requirements that were state of the
art 15 years ago but haven't moved since.
Success will come when technology, trust, and means to pay
for it all come together. I ask that Congress help to ensure
that that happens now rather than see one more of our family
members moving out of the home they love because we failed to
act. I look forward to your questions.
[The prepared statement of Mr. Reed follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. And on that note, I have questions.
I recognize myself for a series of questions.
Mr. Shapiro, you're not an engineer. You're a long
recovering lawyer, but I'll ask you this question because I
think your industry is well aware of the answer.
As we sit here in air, what percentage, more or less, of
the bandwidth are we using in this room, of the entire
spectrum?
Mr. Shapiro. What percentage as us----
Mr. Issa. If we are to look at the radio waves being used,
the AM, the FM, the old bandwidth from television, what
percentage of the spectrum is actually being used as we sit
here today?
Mr. Shapiro. Well, it's all spoken for, but the actual use
is a small percent.
Mr. Issa. Less than 1 percent will actually be in these air
waves. So if we're trying--and I said I wasn't going to dwell
too much on spectrum, but if we're trying to create the ability
for almost an unlimited amount of communications between large
and small devices, isn't one of our greatest tasks to recognize
that we have allocated all the bandwidth virtually and not used
hardly any of it in any given time in any given room?
Mr. Shapiro. Yes. Now I realize you gave me a softball.
Thank you.
Mr. Issa. And you can follow up with devices that can
recognize those voids and take advantage of them.
Mr. Shapiro. Right. Thank you. So as you know, there are
two types. Actually all spectrum is pretty much the same, but
we, through the laws, categorize it differently, and we
categorize it by whether it's licensed or unlicensed. Licensed
means that someone has bought it or they've gotten it for free,
a broadcast license, and unlicensed means that, subject to good
neighbor rules, anyone can use it.
Unlicensed spectrum is very valuable because it promotes
innovation. We calculated, in a study we did last year, that
there's about $62 billion of activity created by unlicensed
spectrum, so we are advocates for increasing the amount of
unlicensed spectrum because it does allow entrepreneurs and
innovators to do really cool things that will produce economic
activity and provide benefits, but there's a lot of spectrum
that the government uses.
And what we're asking, and I know there's legislation
pending, which is simply that the government catalog and figure
out what could be available and repurposed for commercial
purposes because that alone would not only take some of the
pressure off a very crowded field right now in spectrum, but it
would also create a huge amount of economic activity, and if
sold, it will make a tremendous amount of money for the
Treasury.
Along the way, though, there is technology being developed
which allows spectrum to be split finer and finer and used, and
I know that's some of the issues involving going forward, like
we are passionate about driverless cars and all the benefits
and all the great things that are there, but we think there's
an opportunity there to look and test some of that spectrum
that's being purposed for that area and split it up a little
bit and share it, and that's what Mitch and I love to have
wonderful conversations about.
Mr. Issa. Following up with Mitch. Mr. Bainwol, there's
going to be a lot of questions about obviously whether or not
automobiles that are communicating with the Internet are safe
or not, and that's topical, but would it be fair to say that
whether or not you share the bandwidth has virtually nothing to
do with whether or not you're going to be effectively hacked on
your encrypted signals?
Mr. Bainwol. That's a question that----
Mr. Issa. That's a softball.
Mr. Bainwol. Well, it may be, and like Gary, sometimes I
can't see softballs, and I'm also not an engineer. I think I'd
say a few things. One is, as it relates to spectrum, we've
heard the message from Congress and the notion of sharing, if
we can make that work, is something that we really want to do,
and field testing is going to happen this year, in 2015, and
the notion, is to find a way to satisfy the use for spectrum
but also meet safety imperatives is something--that balance has
to be struck, and we're prepared to try to test to succeed
rather than test to fail, so we're committed to the notion.
I do want to set context, though, in terms of V-to-V. NHTSA
estimates that V-to-V could mitigate or eliminate up to 80
percent of all crashes on the road, and so the promise of V-to-
V is overwhelming. The implications for life, for injury, for
productivity are enormous, so I think the predicate for moving
forward has to be do no harm. Move forward aggressively, find a
way to share, but do no harm.
Mr. Issa. And I want to quickly follow up. The history of
data in the automobile has been one of the automobile
manufacturers having proprietary data buses, keeping them
closed, not publishing. As a representative, is that going to
be different--and it's a self-asking question or answering
question, in the vehicle-to-vehicle world, it has to be an open
standard that in fact is published so that your windshield
wipers on one vehicle talk efficiently to another; isn't that
true?
Mr. Bainwol. So I think it's both true that
interoperability matters, but I think it's also true that in a
world, a dangerous world where you have malicious hackers, that
system integrity matters a ton, and finding a balance for both
is the test.
Mr. Issa. Well, as I recognize the Ranking Member, I will
tell you at least from this part of the dais that working on
legislation that makes the penalties specific, high, and
enforceable against those who try to maliciously hack
automobiles is an area in which I believe our jurisdiction is
not only appropriate but our need for action is immediate.
Mr. Garfield. If I may add one point.
Mr. Issa. With Mr. Nadler's permission, yes.
Mr. Garfield. It's actually just the point that we have a
history of driving open consensus based standards that fully
integrate privacy and security protections and can do that in
this context as well.
Mr. Issa. Thank you. Mr. Nadler.
Mr. Nadler. Thank you, Mr. Chairman.
Mr. Shapiro, you argue for a market approach to addressing
the privacy and security concerns raised by the Internet of
Things. We all hope that companies will act responsibly and
that the market will punish bad actors, but isn't it important
that the government set forth clear rules on what is and is not
permissible?
Mr. Shapiro. Thank you, Congressman Nadler. It is
important, I think, that companies know what is legal and not
legal, but there is a--something between the two, which is what
is right and will get customers or not, and we've heard many
people talk about the importance of trust for companies, and
their brand and their reputation relies entirely upon trust.
Everyone wants privacy. Look, HIPAA was passed to protect
medical privacy, but sometimes there's different types of
information and how far it goes, and even HIPAA has some down
sides to it. There has been research that's been lost, there's
been records which have not transferred easily because of
HIPAA, so there's a trade-off that goes on. If you put too much
of a line around privacy, you're trading off opportunities for
new services that consumers will desire.
I think what companies have an obligation to provide is
transparency in what they're offering, and the consumers could
be able to make a reasoned decision about what they're willing
to give up in return for sharing some of their privacy. So it
is, I think, premature for Congress to say this is the line
we're drawing, but having the discussion is really important,
and I think that there should be a national consensus about
what should be protected and what should not and also what
consumers should be allowed to give up freely and make that
choice.
Mr. Nadler. Should there at least be notice to consumers
required?
Mr. Shapiro. In terms of giving up what you--if you are
sharing something which you shouldn't expect normally to share,
I think there should be notice, and it should be clear and
conspicuous. I think our companies have an obligation----
Mr. Nadler. So you do think that government should mandate
notice?
Mr. Shapiro. I think there's a difference--the Federal
Trade Commission has some significant jurisdiction in this
area. There's a lot of private lawyers who will be more than
happy to sue those that don't give sufficient notice. If the
law is unclear, which I do not believe it is yet----
Mr. Nadler. So the law is clear enough, the FTC should
require notice, and we should leave it at that for the time
being?
Mr. Shapiro. Well, the FTC is taking a case-by-case
approach, which has provided sufficient guidance. I don't think
there's a need yet.
Mr. Nadler. Okay. That's what I'm getting at. There's not a
need yet for Congress to do anything because the FTC can handle
it and is handling it so far.
Mr. Shapiro. I think the case-by-case approach is a good
approach because this is a quickly evolving area, and before we
foreclose new services and new information, all these great
things that are happening, rather than jump in, I think we
should take a----
Mr. Nadler. Okay.
Mr. Shapiro [continuing]. Deep breath and see our
consensus.
Mr. Nadler. Let's assume that Congress chooses to disagree
with what you just said and chooses to enact privacy and
security measures. In that case, are there any ways in which we
should treat products connected to the Internet of Things
differently from other companies that collect data or connect
to the Internet?
Mr. Shapiro. Well, I'd like to think about that answer and
perhaps provide it in writing, but my off-the-cuff answer is
that I would say the Internet of Things does allow easy
connectivity quickly and rapidly, and there is clearly
sometimes when knowledge is appropriate and permission, but
sometimes there isn't.
For example, the Internet of Things allows police forces to
monitor crowds in a public area. It allows them to monitor
conversations and see whether people are being angry or not in
a public area. It provides an opportunity to have video and see
whether there's bad people the FBI wants through identification
of not only faces but also by voice. There's a tremendous
opportunity here in many different areas.
And to me, what's most important is we let it play out a
little bit, and if we're going to legislate--or you're going to
legislate; I don't have that right--it would be very specific
and narrow and address a real problem.
Mr. Nadler. Thank you. Mr. Bainwol, in your testimony, you
reference the consumer privacy protection principles released
by the Alliance of Automobile Manufacturers.
Can you briefly describe these principles in some detail?
Briefly in detail.
Mr. Bainwol. Well, the written testimony goes into some
depth, but it focuses on things like transparency, context,
data minimization, and clearly the notion of express consent
for marketing. So we provide heightened protection for things
like biometrics, driving behavior, and geolocation.
So we think this works as a floor. We've provided it to the
FTC, so it is enforceable, and I think I'd build on Gary's
point of--and this applies to privacy and it applies to
everything else as we enter an era of massive innovation.
Mr. Nadler. We should be careful and wait for experience.
Mr. Bainwol. I'm sorry?
Mr. Nadler. We should be careful and wait for experience.
Mr. Bainwol. Well, I think the fundamental challenge that
I've got is that the pace of innovation far outstrips the pace
of regulation, and that's just a fundamental truism. We're
seeing that in the area of distraction at NHTSA, and I'll give
you a specific example.
Mr. Nadler. Well, don't, because I have other questions.
Mr. Bainwol. Okay. Sorry.
Mr. Nadler. But thank you, but especially given what you
just said, do you think that the principles you've enumerated
in the consumer privacy protection principles should apply to
all prior to the Internet of Things technology or are they
uniquely relevant to the automobile industry?
Mr. Bainwol. Well, they're based on FIPS and pretty
generally accepted notions, so I think they're more broadly
applicable, but I'm testifying today on behalf of the auto
industry, and I'm reluctant to impose my judgment on others.
Mr. Garfield. I can give you my perspective on it.
Mr. Nadler. Please.
Mr. Garfield. Which is----
Mr. Nadler. That saves me from answering other questions
since my time has run out, but go ahead.
Mr. Garfield. I'll be brief. We're talking about the
Internet of Things as if it's a single thing, but it is not. So
what are the privacy or security regime that we would have in
place for a windshield wiper versus a watch that's monitoring
you personally. So the sectoral approach that we are taking is
one that works.
In addition, we shouldn't assume that this is the wild,
wild west, and there is no one out there monitoring today. The
FTC has been very engaged in this space and is actually taking
action.
Mr. Reed. I know you're out of time, but if the Chairman
will--I want to point out something very important in the
health context. I think you are about to see some very
significant industry best practices that rise up because
ultimately what's happened right now is we aren't seeing the
kind of growth.
An interesting study came out that shows that only 15
percent of doctors are talking about wearables to their
patients, yet nearly 50 percent of doctors think their patients
would benefit from the use of those. When asked as to why----
Mr. Nadler. Why the difference?
Mr. Reed. Privacy. The questions that they have about
privacy, how it will affect them when the data comes back, and
with an aging population that's concerned about how their
information might be used for marketing or other purposes, they
hate those late night telephone calls, I think that the
industry right now is--well, I know. We are working very
closely with a lot of folks to come with some industry best
practices that give some more bright lines. We believe the FTC
will be a good enforcement mechanism for those industry best
practices, but that's where we are today.
Mr. Nadler. Thank you very much. My time has expired.
Mr. Issa. Thank you. And you didn't even get to the
questions of what does the garbage man say to the garbage can
and what does the garbage can say back.
Mr. Nadler. No, I have to do that in the second round.
Mr. Issa. I'm assuming it's you stink. That's going to cost
me. With that, we go to the gentleman from Pennsylvania, Mr.
Marino for his questions.
Mr. Marino. Thank you, Chairman.
Mr. Garfield, could you--you know, today it's estimated
that the average home has 11 WiFi devices. In my house with my
tech savvy kids, it's triple that, and I'll give you an
example.
My children have a different taste in music than I do, this
just happened last week. I am in the study, I'm listening to
this music, and the next thing I hear is, Captain Jean Luc
Picard's voice saying, ``This does not compute.'' My son found
a way to connect into my system and switch the music that I was
playing compared to what he wants to play, and tell me that he
just didn't like this music, so it's fascinating what these
kids can do with this equipment.
But be that as it may, you know, this unprecedented boom
will require significantly more wireless spectrum, I think
beyond what we realize at this point, that is commercially
available today. Could you expand on the implications of how
this might impact the connection for consumers as well as the
overall growth of the sector of the economy?
Mr. Garfield. Yeah, I think both are significant. Your
household actually sounds a lot like mine, so I empathize with
you. I agree with what my colleagues have said about the need
for more spectrum, whether it's wireless or wireline or whether
it's licensed or unlicensed. In this context, wireless is
particularly important.
Given the lack of optimization in the use of spectrum today
and how much spectrum is held by the government, I think
there's a significant opportunity both in the deployment of IoT
and economically as well to more efficiently use spectrum and
make more of it available, and so I think there's a huge
opportunity there.
The reality is that it's absolutely necessary because as we
think about all of the physical world essentially being
digitized, then the growth that we've experienced today in the
use of spectrum will certainly explode, and so it's something
that we need to plan for, anticipate, and take action to deal
with.
Thank you. We realize now that I can raise my garage door
up and down from 2,000 miles away. I can turn my lights on. But
what is to prevent the hacker, the state-of-the-art thief from
checking in on my software on my computer system in my house?
For example, when I go on vacation, I will turn the heat down.
So they could tap into my thermostat, read when the heat is
reduced over a certain period of time, come to the conclusion
even though there are lights going on and off all over the
house that no one is there. And this is open to anyone. What is
the industry doing to protect us from that?
Mr. Reed. First of all, thank you for your question, and
thank you for your work on a lot of the encryption and privacy
issues, Congressman. First off, welcome to encryption. End-to-
end encryption is a critical element of preventing that from
happening. Yes, there are technological things you can do, man
in the middle, et cetera, forms of attacks that we can run.
But, you know what, once you start getting about 256-bit
encryption, 512-bit encryption, it takes an enormous amount of
power to break it.
So one of the questions that the consumer electronics side
of the world, as well as the cloud computing side of the world
is looking at is, how do I put end-to-end encryption in every
device and make it so no one can mess with your lights, or more
importantly, other things in your house that might have a
direct impact on the people living there.
So first off, we need to make sure the government doesn't
weaken encryption. Second of all, we need to continue to see
the growth in the kinds of research around encryption that is
in some cases supported by the government.
Mr. Marino. Yeah. Anyone else?
Mr. Shapiro. Can I answer that?
Mr. Marino. Yes, sir.
Mr. Shapiro. I share Mr. Reed's comments. Also, going back
to the garage door opener, when that was first introduced it
was very primitive. And a fun thing to do, was to drive around
the neighborhood and open up other people's garage doors, or
similarly with cordless telephones. If you played it right, you
could listen to other people's phone conversations because it
was so, by today's standards, relatively primitive even though
it was novel then. As we have gotten more sophisticated, as
memory chips have grown, as encryption has grown, there are
solutions and we don't even hear about those problems anymore
so it has not been an issue.
Mr. Marino. Okay. Thank you.
Mr. Garfield. The reality is, is that a significant
investment is being made in innovating around privacy and
security because it's the right thing to do and because
consumers are demanding it. So that explains, in part, the
shift that you have seen that both Gary, Mr. Shapiro and Mr.
Reed have articulated.
Mr. Marino. Okay, just let me know when you have a device
where I can block my son from changing my music as----
Mr. Reed. I can help you with that.
Mr. Marino. Thank you. I yield back.
Mr. Shapiro. It is called handcuffs.
Mr. Reed. Wow, that is primitive. Yes.
Mr. Issa. Mr. Marino, did you get to your question of the
launching of your trade secrets bill today?
Mr. Marino. Here?
Mr. Issa. No, you didn't. Okay. Well, Mr. Collins will be
announcing it, so hopefully you will get to talk on that next.
I'm sorry, did I mention that there will be an announcement
on trade secrets bill today? Okay. Did anyone not hear that?
Thank you.
We now go to the gentlelady from California, Ms. Chu.
Ms. Chu. Mr. Bainwol, I recently read an article about two
security researchers that were able to wirelessly hack into a
Jeep Cherokee, first taking control of the entertainment system
and windshield wipers, and then disabling the accelerator. They
were able to slow down the car to stop on a busy highway. This
experience reminds us that connectedness flows in both
directions and that hackers could actually manipulate these
devices for evil if they so chose.
What specific best practices does the industry have in
place to ensure that something like this does not come about
and how are automobiles being designed to prevent exactly this
from happening? And what role do you see the Federal Government
playing in this scenario?
Mr. Bainwol. And I have 5 minutes? Great questions, and the
Jeep hack of a week or two ago, obviously, received enormous
national attention. I'm struck here about the need to both take
the threat very seriously, and we do, but also not to get
caught up in the sensationalism that sometimes accompanies a
story like this. So both things are true.
Our companies are designing and building to meet security
risks from the very start. That's point one. They are working
with government, with academia, with third-party security
technologists to address the hack risk, and the hack risk is
real. It's palpable, and we need to address it and we need to
take it very seriously. We have also formed an ISAC, and this
began more than a year ago. And the ISAC is a mechanism for the
industry to voluntarily share risk and how to address those
risks. So there is a mechanism that is in formation for
specifically this challenge.
The risk here from a governmental side is the one that we
touched on before, and that's what's the touch? How heavy a
touch should there be? And in a world in which innovations
happen so rapidly, how do you make it work so that it is not
rigid? And that's a challenge. I think what you have done thus
far is to facilitate sharing of risk threat and that's great
and we hope that moves forward.
Ms. Chu. Okay, Mr. Garfield, you stated that connectivity
and communications between vehicles must be secure and
reliable, especially for safety applications. That's something
that Congress, the Department of Transportation, the Federal
Trade Commission and other government stakeholders should
oversee to protect consumers. You are referring there to the
consumer's physical safety.
But when it comes to another kind of safety, which is
privacy, and data security, you urge the Federal Government to
essentially take a wait-and-see approach, and asking that if we
should only step in, if industry fails at self-governance. So
what in your mind is the difference between these two kinds of
safety that would warrant such a divergent approach?
Mr. Garfield. I guess two points. Our suggestion is not
that the government do nothing. Our suggestion is that the
government exercise restraint, and that the approach that has
been taken today on privacy, that is sectorially driven, that
includes monitoring and enforcement by the FTC is working. In
the first instance, there is a significant market failure that
may not be being met and so immediate action is clear. In the
second instance, that is less clear. I guess the third and
final point is the point that we have all made about the
innovation that's taking place in this space, not only around
IoT, but around ensuring that we are driving privacy and
security by design at the very beginning of these processes is
actually making significant headway and we worry about the
unintended consequences of legislation at this stage.
Ms. Chu. Mr. Shapiro, you acknowledge in your testimony
several important concerns about privacy and the collection of
data, and then go on to state that industry-driven solutions
are the best way to promote innovation. But how do we rely on
the industry to self-govern, and avoid the problems implicit in
the fox guarding the henhouse? And I ask the question
particularly in the context of one concern you raised which is,
who owns the data from these devices? Isn't the industry
incentivized to claim ownership over the data?
Mr. Shapiro. Thank you for that question. It is true that a
lot is going on vertically. We have our own wireless health
company group that is focusing on creating rules that everyone
can live by. In part, because it's the right thing to do; in
part because there's Congress, which will probably or a
government agency will do it if they don't. But there are
already free-market solutions which are happening quickly in
different other verticals.
For example, in the automobile, hundreds of thousands, if
not millions of consumers are already choosing to give up their
data to insurance companies in return for a lower insurance
rate. So the insurance company is essentially monitoring how
fast they drive and what they do and what kind of driving they
do because the consumers feel it is valuable to give up that
information. That's informed consent. It's a free market
decision, et cetera.
Also there's solutions coming up for parents. If they want
to give the kid the keys to the car, they have the ability to
monitor their children now with many different solutions that
are coming out quickly.
My point is not that it is not a legitimate area for
government conversation. It's that there's so much happening
from an innovation point of view, that there's different
directions that we can go in. And if industry goes in the wrong
direction, we are fully confident that the government will be
there saying this is wrong, and consumers will be there, trial
lawyers will be there. Even in the distracted driving area
where the Federal Government has stepped in rather vociferously
and said to industry, you know, you should really do everything
you can to ban a driver from using any product while in that
driver's seat. There's at least 80 different solutions and more
developing every day which basically cut down on distracted
driving through monitoring lanes, through monitoring the head
falling asleep, watching your eyes, or even technology produced
locally which monitors your cell phone as a driver and figures
out if you are not paying attention to the road.
Mr. Issa. Would the gentlelady yield for just a followup
question very quickly?
Ms. Chu. Certainly.
Mr. Issa. I think, Ms. Chu's question, though, was who owns
the data? And wouldn't you agree that, in fact, data which
comes from an individual inherently government does have a role
in defining what rights they have to retain, protect, or
retrieve their own personally identifiable data, which I think
was your question, wasn't it?
Ms. Chu. That's true.
Mr. Shapiro. Well, then I blew the answer.
Mr. Issa. It was a good answer, it just wasn't quite to
that question.
Mr. Shapiro. I would say, obviously, a consumer that
creates data should have some rights in that data. The question
is the service provider, if they do own data. And this goes
into a lot of areas of the Internet and not just the Internet
of Things. If there are apps providing services, et cetera,
what is the tradeoff that's involved? And I think it's fair to
say there should be transparency as to who is using the data.
As to who actually owns it and can retain it, I guess I would
say that depends on the level of personal information in the
data. I think whether or not you are using your windshield
wipers, for example, is a type of data that can be easily
collected and shared to provide information on where it's
raining without a lot of consumers saying that's fine, as
opposed to something much more personal when you get into the
health sphere where you should, of course, own and determine
what happens with your data.
Mr. Issa. Thank you. I think that will at least start a
dialogue that will continue. The gentleman from Texas. Mr. Poe.
Mr. Poe. I thank the Chairman. Gentlemen, thank you for
being here. I'm going to try to break this down and try to keep
it less complex, very simple. The issue is privacy. The time of
the Dick Tracy watch is here. In fact, our gentleman here on
the end has two Dick Tracy watches. I don't even wear a watch,
so that will help you in the answers, I hope.
Mr. Issa. Ted, what time is it?
Mr. Poe. It's up there and I can't even see the clock. So
anyway, the data that is stored, is stored by a provider and
it's information about an individual. The privacy of that
individual is paramount to me, and I think the law, the
Constitution, the right of privacy.
And it has to be protected by Congress because it's a
constitutional right. Privacy. Congress needs to set the
expectation of privacy for individuals that have shared their
information with different entities, and I'm concerned about
the privacy of the individual two ways: One, the provider or
the service provider sharing it with other nongovernment
agencies. And the service provider providing that information
to the government. Especially the government. I think there
should be--we should update the ECPA law, which right now,
information stored on the cloud for 6 months is private. But 6
months and 1 day, the government can have it. There is no
expectation of privacy; absurd protection of the constitutional
right of privacy for 180 days only.
I don't think that we should leave it up to the FTC to set
the guidelines or the FCC, or the FEC, or any other government
agency to determine what the right of privacy should be.
So I'm not through asking the question yet. So how do you
know the answer already? Anyway, should not we in Congress
update the ECPA law to provide whatever rules we think should
be provided so that citizens know that the government, to get
this information, and you can use geolocation and all other
information, has got to have a search warrant based on the
Fourth Amendment of the Constitution before they order you to
give the government that information about the citizens out
there in the fruited plain.
Shouldn't we be proactive to do that, or are you
recommending that we just wait for all of these different
things to happen out there, and try to solve them, get the
lawyers to sue and all of these things before we get the right
of privacy, or should Congress be proactive? I have been
working on this for years, and we haven't been able to get
anywhere with updating the ECPA law so that people know the
expectation of privacy that the government knows you cannot get
that information without a search warrant. Should not we do
that, Congress do that? And it's kind of like a yes or no
answer on that.
Mr. Reed. Yeah, the reason I was coming in there is because
I wanted to say amen. The reality of the situation is, yes,
ECPA reform is absolutely essential; 289 cosponsors. This is
something the Committee absolutely has to do.
Congressman Marino was here, Congresswoman DelBene is here
as well with the LEADS Act that you cosponsor. We absolutely
need these kinds of legislation to move forward so we know what
we can tell our customers, what I will protect, how I will
protect it, and when I will be forced to share it. Absolutely.
Mr. Poe. And a person may not be a customer for this very
reason. Well, I like all this stuff out there. This is
wonderful, but I don't want the government getting it. And
right now you say, well, then maybe they can have it, maybe
they can't have it. How about the rest of you?
Mr. Reed. Yes.
Mr. Poe. Got an amen here on the right. Good.
Mr. Garfield. We support ECPA reform; strongly support ECPA
reform.
Mr. Shapiro. I think you are totally right to distinguish
between what government has a right to, and what private
parties can exchange with each other. So when the government
says we have been burned as an industry pretty seriously to the
tunes of billions of dollars of sales in Europe, and other
countries are using the fact that our government took
information, is a total competitive disadvantage now to say
that cloud servers and things like that should not be based in
the United States, you know, that they are not secure,
government can take the information and it has been very
harmful to the U.S. technology industry and it has been used
against us.
And under the Fourth Amendment, yes, it is about as clear
in the Constitution as you can get about the government must
have only--will not do unreasonable searches and seizures, and
that's been interpreted--ECPA needs an update. I agree with
that.
On a private basis, I think it's a much more complex
discussion. The reasonable expectation of privacy is set by the
Supreme Court, is almost like the definition of obscenity in a
way. It changes with time. It changes with community, and it
changes with technology. And I think your reasonable
expectation of privacy in some data, if you are out in public
and I'll use the windshield wiper example again, is not perhaps
the same as perhaps other data, and that's a much longer
conversation.
Mr. Poe. In the privacy era, it goes into whether it's
voluntary, whether you volunteer to give that information to
another person. And that's a different--I'm interested about
the government, the Federal Government, State government, local
government, which all right now can seize that information in
the cloud without a warrant. And the person involved doesn't
have notice about it. One more comment.
Mr. Bainwol. I'm in on the government side. I would note,
as Gary indicated, and this is on the nongovernmental side,
that data is necessary to provide services that consumers want.
So whether it's the insurance example, we plug in, I'm one of
those consumers. I know exactly how my kids drive because I get
a report every month from the insurance company that tells me
how fast they are driving, how fast they are braking, when they
are driving. And as a parent, that's a useful thing and it's a
disincentive for them to drive poorly. So that's a good thing,
and I wouldn't want to get in the way of services like that
that are pro-consumer.
Mr. Poe. All right. I yield back to the Chairman.
Mr. Issa. I thank the gentleman, and we now go to the
gentlelady from Washington's First District, Ms. DelBene.
Ms. DelBene. Thank you, Mr. Chair. Thanks to all of you for
being here. I want to follow up a little bit on the Electronics
Communications Privacy Act conversation here. Myself and
Congressman Poe and Congresswoman Lofgren have also sponsored
legislation that would also create a warrant standard for
geolocation information as well as electronic communications.
And when we talk about issues of making sure there's a
legal framework to protect information, and so that consumers
feel like they understand what's happening with their
information, and law enforcement is clear on how they would
access information, what do you think about expanding that to
include geolocation and the international issues that we face
in terms of access to information? Anyone? Or I guess I will
start with Mr. Reed.
Mr. Reed. Well, first of all, thank you for your support of
the LEADS Act. Thank you for your introduction. It's a very
valuable thing to figure out how we move forward. I know we are
all Americans here and we are in America, but one of the things
to realize from my members who are developing the applications,
is just how much our opportunities are overseas.
And so when the issues that you raise about U.S. Government
access to that data start harming our sales, it hurts jobs here
in the United States. So I think you're precisely right. This
is an issue that Congress has to step in on. It can't be done
through industry best practices or standards. And so the
question of geolocation, once again, is something that we will
have to work both with you and with law enforcement because law
enforcement does have a duty to work and protect the citizenry.
The problem comes when I have to tell a customer, I don't
know about the answer to the question of when I have to hand
over that information. The difference between the Sixth Circuit
and the Ninth Circuit and this idea that I have to tell my
customer I don't know, is enormous.
I think the other element that should be raised on this is
how other countries look at what's happening.
If the United States Government says we have access to any
cloud data, at any time, on any person, any way we darn well
please, regardless of where the data is stored or who it's on,
we have to expect that Russia will want the same privileges
from our companies; that China will want the same privileges
from our companies. And so legislation like what you're
proposing is what we need because we need to have a strong
stance that we can look at those countries and say, no, I won't
hand over that information without some better legal authority.
So thank you very much.
Ms. DelBene. Mr. Garfield.
Mr. Garfield. Yes, your question also gives us another
opportunity to raise something that Congress can do in this
area which is legal redress. The lack of legal redress rights
in the United States is something that creates great challenges
internationally, and this Committee and Congress generally has
the opportunity to do something and so that's another step that
can be taken that would help internationally.
Ms. DelBene. Folks, also, you were earlier talking about
encryption, and we have been having a conversation recently
about whether there should be a backdoor for law enforcement
access to encrypted data, and whether that should be mandated.
If such a policy were mandated by the Federal Government, what
would, you know, the impact be specifically on user data and
what do you think the impact would be for your customers?
Mr. Garfield. I think the impact would be quite negative
both here and internationally for a host of reasons. It's
important to keep in mind that security is a part of advancing
privacy. And if you create any kind of door, it won't only be
used by those who you intend it to be used by. And so I think
in many respects you create a Pandora's Box of challenges that
would be highly problematic for both privacy and security
interest and is something that should absolutely not be done.
Mr. Bainwol and I both worked in the recording industry
years ago, and one of the things we realized was rather than
fighting technology, the best solution is to poyne the use of
technology, and I would suggest for the Federal agencies in
this context, those answers may hold some merit in this context
as well.
Mr. Reed. We learned hard lessons. I feel like we are a
little bit of deja vu right now with the Clipper Chip reducts
here that we are facing. The reality is is that over 40 of the
leading security experts have already come out and said, the
idea of the government mandating or creating a, as the FBI
director said, a front door into our devices and our systems,
is an anathema to the idea that we want to create by telling
our customers and our users that we have secure systems. So we
have done this dance before. It was already figured out to be a
mistake. I'm disappointed that we are having to revisit it
again when we know the answer. And that is, end-to-end
encryption with as few openings as possible is the best
solution we can provide to all citizens in every country.
Ms. DelBene. As you may know, we have a piece of
legislation to prevent there from being such a backdoor.
Mr. Shapiro, did you want to add something?
Mr. Shapiro. Yeah, I think we are all Americans and we
sympathize with law enforcement in what they are trying to do
and so it is a different question. It is not that black and
white. But I think history has shown that having given
government a backdoor is not the best approach as technologies
evolve quickly.
On the other hand, as Americans, when a super crisis
evolves, I think you will see companies step up and try to help
government. I think we saw it in Boston in the bombing where
technology companies worked very closely to try to find out who
it was that did this dastardly act, and I think we have to
recognize there's some flexibility and does not require an act
of Congress to say that there must be a backdoor. If there is a
backdoor and everyone must have it, it gets not only having the
technology industry very uncomfortable, but our consumers very
uncomfortable.
Ms. DelBene. Thank you. My time is expired. I yield back,
Mr. Chair.
Mr. Issa. I thank the gentlelady and I thank her for her
important questions. With that, we go to the gentleman from
Georgia, Mr. Johnson.
Mr. Johnson. Thank you, Mr. Chairman. Thank you for hosting
this very important hearing.
Mr. Garfield, your testimony mentioned the desire of the
industry to be free from new regulation without becoming a wild
west of privacy. Earlier this year the Federal Trade Commission
reinforced this message in its staff report on the Internet of
Things, where it recommended, among other things, that
companies build privacy and security into the designs of their
connected devices.
Last Congress I introduced the APPS Act, a commonsense
approach to an urgent problem that would protect consumers
without disrupting functionality or innovation through a safe
harbor, and other mechanisms to promote trust through self-
regulation. I viewed this legislation as reinforcing of the FTC
staff recommendations on privacy and security for connected
devices, and I plan to reintroduce the APPS Act during this
current session of Congress.
Privacy is an issue that should unite us, not drive us
apart. In an always-on ecosystem where over 25 billion
connected devices store and transmit information about
consumers, it's time that we have some rules of the road. What
steps will private industry take to keep Congress informed and
address legislative concerns regarding security and privacy of
these emerging technologies?
Mr. Garfield. Thank you for your question, Congressman
Johnson. The point you made at the beginning about the FTC's
recommendations, particularly around privacy and security by
design, I think are, in fact, is occurring. The industry is
spending billions to invest and innovate around privacy and
security, in part, because it's the right thing to do, but also
because consumers are demanding it.
As well, we are advancing, as Mr. Bainwol pointed out,
sector-specific principles around privacy and security as well.
And so there is much action happening right now in this space
and we are committed to making sure that Congress is fully
aware of the steps that the private sector is taking to advance
those issues. It is in our business interest to be aligned with
both you and consumer interest around these issues.
Mr. Johnson. Thank you. Mr. Bainwol, I want to focus on the
portion of your testimony regarding advanced driver assistance
systems. I understand the benefits that you're explaining about
these systems, the sensors that provide braking assist, and
adaptive cruise control. I understand newer software will go
far beyond just those actions. My concern revolves around the
encryption of this technology. If these systems are being
operated on a broad range of wireless communication
technologies between vehicles, how are these frequencies being
protected?
Mr. Bainwol. I will give you an answer, and I will come
back to you with a vetted engineer's answer. So V-to-V is based
on DSRC which is a technology that was built for the purposes
of communications between vehicles. And I will come back to you
again with the specifics of the security that is embedded in
that.
We are obviously not at a point of full deployment. This is
being tested. There has been an expansive test out of Ann Arbor
over the last several years. It has been tested abroad. And the
fundamental point I would make is that the benefit stream here,
if you do a cost-benefit analysis here, the benefit stream is
absolutely enormous. And yes, we have got to address the cyber
risks and the security risks, and they are being dealt with
from the design phase on up. But in terms of the security
embedded in DSRC, I will have to come back to you.
[The response from Mr. Bainwol follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Johnson. Okay, if end-to-end encryption is being
utilized, how will law enforcement access the information
stored within a vehicle? Do you have an answer to that
question?
Mr. Bainwol. So we would require a warrant of some sort.
This is, again, this is the point that Mr. Poe was making
earlier.
Mr. Johnson. Okay, I'm sorry, go ahead.
Mr. Bainwol. And so we are very careful and our principles
articulate very specifically that the information will not be
shared with entities unless there's a compelling, specific
reason.
Mr. Johnson. But there will be an ability to counter the
encryption or to kind of a backdoor, if you will, for lack of a
better term.
Mr. Bainwol. Yeah, I'm going to have--I'm not an engineer,
and this is a zone that I'm not going to be able to give you a
great specific answer on, so let me come back to you in writing
shortly.
[The response from Mr. Bainwol follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Johnson. All right, thank you. And I yield back.
Mr. Issa. I thank the gentleman. You know, I have had two
of you gentlemen tell me about how you are not engineers, but I
want to talk about something for a moment that's a little
complex, and then make it simple.
In the aviation space, collision avoidance of all sorts has
been around for a long time. It started with the large
commercial scheduled aircraft and then little by little has
come down. One of those technologies, ADS-B is, in fact,
mandated now in just a few years for all aircraft. And it's a
cute name, I have said it forever, but now I have to say it's
automatic dependent surveillance broadcast, ADS-B, or ADS-B
out.
Now, that technology, in short, says, here is where I am,
and it sends it out to everybody. The FAA regulates it. Other
aircraft while they are sending out where they are, receive
where you are. It makes for a very exact GPS-based within a few
feet of knowing exactly where you are, and of course, which way
you are going, how fast, making a collision almost an
impossible thing to do if you're simply monitoring the product
which has alerts.
The question and I want to make sure I ask it to Mr.
Bainwol and others, when the FAA, having jurisdiction over
this, they made a decision that only those who send out a
signal can, in fact, receive a signal. So today, systems that
cost anywhere from 6- at the very low end, plus installation,
to hundreds of thousands of dollars, equipped in aircraft, they
communicate by sending out and receiving information where
others are.
Mobile devices, devices that could be bought for a matter
of a few hundred dollars that only receive are blocked from
receiving that information. Meaning that as you roll out a new
technology, and Mr. Bainwol, clearly these kinds of
technologies are what big auto is looking at rolling out,
countless millions of automobiles will not be equipped with
those systems for decades to come. The 1965 Mustang or any of
the classic cars that Congressman Juan Vargas has, will not
ever been equipped with them.
Can you comment on the need to make sure that any standard
allows for aftermarket retrofitting of products that to the
greatest extent possible enjoy the benefits of newer technology
brought to market in new automobiles?
Mr. Bainwol. I'm happy to comment. There is a challenge in
the auto space with fleet penetration. The average age of a car
is 11 years old. So when you introduce a new technology, it
takes a long time to wind it's way through the entire fleet.
Mr. Issa. Not with Mr. Shapiro's aftermarket products.
Mr. Bainwol. So, in the example of antilock braking, it
took 30 years to go from introduction to 95 percent
penetration. So you're point about fleet, penetration I think,
is a valid one.
And in the case of these technologies that offer such value
to society, I think you raise a legitimate point that we have
to find a way to fill the gap now. The truth of the matter is,
in part that gap is filled with this phone that Gary peddles so
brilliantly. Just to give you an example----
Mr. Issa. I'm not sure Gary wants to be called a peddler,
but he appreciates you calling many of his members peddlers.
Mr. Bainwol. So Waze is a wonderful app, okay, and it's
crowd-source based, and it provides many of the benefits that
V-to-V provides, but not with the same absolute standard of
certainty. So we have got to find a way to fulfill the
marketplace. And I think the app world does a good job of
bridging that, and then ultimately to fill the fleet. And so I
think your point is a valid one and we have got to find a way
to make it work.
Mr. Issa. Thank you, and Gary, just Mr. Shapiro, the
question more was as new innovative items come out of the OEM
market and new fleet, and there's an ability to get, perhaps,
some but not all of those benefits, government, at least in the
case of aviation, has blocked the ability of thousands of small
pilots, pilots with a Piper Cub made before you and I were
born, in which your mobile device can be put on board today are
blocked from knowing that there's a fast mover heading for them
because the FAA has saw fit to block it unless you are sending
a signal. That's really the question of enabling as much
benefit from potentially low-cost handheld devices.
Mr. Shapiro. Mr. Chairman, as a member of the flying
public, I never quite understood that decision, and I'm glad
that it's being rectified and albeit after dozens of years.
Mr. Issa. It is being rectified. All aircraft in a matter
of a few years will have ABS, or I'm sorry, ADS out. However,
today somebody can carry a few hundred dollar product and if it
were allowed to receive the signal, they would be part of
knowing where a fast mover is, and avoiding it even if they are
not putting out that signal.
Mr. Shapiro. Well, I am thrilled to hear you are focusing
on it because I fly almost every other day, but----
Mr. Issa. And the Cessna 150 needs to know.
Mr. Shapiro. Sir, the reason I have been so excited for
years about driverless cars is the level of death and injury
that's caused by cars is so huge, and of course we all drive
them, they are necessary.
But it can be avoided. We are on the verge of this
technology and several car companies and Google have proven it.
And it would be an absolute tragedy if it was delayed in any
way because an aftermarket was not allowed to develop to move
it along. And I think that you are absolutely correct in
indicating that we will get there in two different ways: One,
the car manufacturers themselves will do everything they can to
get this technology in the public hands, but along the way as
we have seen with almost every other automotive technology,
including I might add, car security, the aftermarket is
quicker. It can get greater penetration and provide
competition.
And what my concern is about some of the privacy
discussions is when it comes to matters of losing your limb and
losing your life which is what we are talking about with
collisions in cars, it is a little less important to have
privacy than it is in some other areas. So the privacy
discussion is important. I don't want to denigrate it, but when
it comes time to our physical safety, it takes a backseat.
Mr. Bainwol. I just need to address----
Mr. Issa. Mr. Bainwol, just remember, the two of you did
take a picture earlier standing next to each other smiling.
Mr. Bainwol. This is not to contradict Gary, but just to
clarify. So Gary used the words about fatalities in cars as the
cars are killing people. I just want to clarify, 95 percent,
maybe 98 percent, maybe 99 percent of the fatalities on the
road are a result of both environmental challenges and human
error. The car itself works rather beautifully, and the
critical point that we would both embrace, is that----
Mr. Issa. I certainly think Mr. Shapiro was talking about
antilock brakes, traction control, all of the items that have
come out that have reduced the death rate in all-too-flawed
drivers.
Mr. Bainwol. We are very proud of those technologies. We
want to see them move into the fleet as rapidly as possible,
and those technologies are the answer to human error which is a
huge problem.
Mr. Issa. Thank you. And Mr. Reed, since you were given
credit for the development of those apps, your members wanting
to be able to develop apps depend on either an open standard or
in the alternative, being able to, if you will, hack in order
to create interfaces because otherwise you're locked out of
interfaces with the automobile and other products. Isn't that
true?
Mr. Reed. So open standard would be a significant part of
how this moves forward.
Mr. Issa. Or published standards.
Mr. Reed. But I also think you will end up with published
standards, and you will also end up with what I believe will be
interfaces where I won't have to hack it. There is the
connotation to hack which is a little odd.
What will end up happening is, is that APIs will be
published by the car manufacturers that will allow me to the
tie into the existing system, or I will do it through the
phone, and the phone manufacturer will have done a deal with
the auto dealer and then I will have a secure, safe, API
platform that I can build out the apps on.
So I'm actually quite hopeful about the connected car. And
I think that's a place where you are going to see an explosion
of apps that will be really helpful and beneficial, especially
those with kids in the back seat.
Mr. Issa. Well, earlier on I mentioned in the opening
statement that we do not have in this Committee the
jurisdiction over the bandwidth necessary for many of your
products. We do, however, have a mandated seat at the table in
consultation with the Ways and Means Committee and with the
Administration in trade. Under Trade Promotion Authority for
both the European trade and the TPP in the Pacific.
I would like any of you that want to comment on the
importance of global standards of getting the Internet of
Things to, in fact, be embraced in a way around the world that
allows either for economy of scale, or consistency of service,
and I will go right down the line on that. Mr. Shapiro.
Mr. Shapiro. Global standards are nice, but they are not
essential. We have seen in technology that politics and ego
often play as to whose country's standards, you know, there's
several----
Mr. Issa. I wasn't necessarily only talking about
standards. I was also talking about the access that trade
promotion is intended to have, the acceptance without tariff
for barrier of American products.
Mr. Shapiro. Okay. So standards is one issue, but the fact
is, is that trade promotion is good. The ITA is great. We are
very excited with the direction things have taken in the last
month. It's positive. Obviously, to the extent that these
devices get out there, and they are improving people's lives
and saving lives, it is an important thing.
If there's an international low tariff approach, that's
always preferred to one which is country-by-country, high
tariff.
Mr. Issa. Mr. Garfield.
Mr. Garfield. I think the opportunity that you highlighted,
that trade agreements provide for driving global consensus-
based standards that help to advance scaleability and
interoperability, are a net positive; hence, our strong support
for Trade Promotion Authority and ultimately the trade deals
that will emanate as a result of that.
Mr. Bainwol. With a complex blend of membership, sometimes
trade gets tricky for me. But I would say----
Mr. Issa. Some of your members are for it, and some are
against it, and you are with your members?
Mr. Bainwol. It's more complicated than that. But the
notion of harmonization is absolutely a valid one.
Harmonization has been around for 100 years as a concept,
but we are building to different standards all around the
globe, and that ends up upping the cost of the product for
consumers all over.
And a new car is safer than an old car so we can reduce the
cost of a product through harmonization. We are getting more
people into newer cars and that's safer and that's good for
everybody.
Mr. Reed. Two quick points. Every single one of your
Members of this Committee has a company in their district that
is selling an app overseas. Guaranteed. We see about 20 percent
of all the apps in China, are actually from U.S. companies,
which is huge. If you pay attention to the China market it's
hard, which brings me to the second part.
Our one concern about standards is that we are finding some
countries are dipping their toe into the idea of creating
quote-unquote, ``domestic open standards'' that are slightly
tweaked from the United States, and these are strictly barriers
that they are putting up to protect domestic manufacturers,
domestic app developers. We have seen it in the WiFi space,
around the globe. We are seeing tweaks to standards strictly to
protect domestic production.
And so we would support your perspective on improving trade
and improving those standards so that they are available to
all.
Mr. Issa. Thank you. And on that note, with no further
questions, this will conclude today's hearing.
I want to thank all our witnesses. Without objection,
Members will have 5 legislative days to submit additional
written questions for the witnesses, and additional materials
for the record. That also leaves our witnesses 5 days, if you
could please, to provide additional material, including that
which some of you promised to give to our Members. And with
that, we stand adjourned.
[Whereupon, at 11:42 a.m., the Subcommittee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]