[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]










                    EXAMINING THE CONSUMER FINANCIAL
                     PROTECTION BUREAU'S MASS DATA
                           COLLECTION PROGRAM

=======================================================================

                                HEARING

                               BEFORE THE

                       SUBCOMMITTEE ON OVERSIGHT
                           AND INVESTIGATIONS

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           DECEMBER 16, 2015

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 114-66
                           
                           
                           
     [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                      
                           
                           
                           
                           
  
                         U.S. GOVERNMENT PUBLISHING OFFICE 

99-797 PDF                     WASHINGTON : 2016 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                         
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           
                           

                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                    JEB HENSARLING, Texas, Chairman

PATRICK T. McHENRY, North Carolina,  MAXINE WATERS, California, Ranking 
    Vice Chairman                        Member
PETER T. KING, New York              CAROLYN B. MALONEY, New York
EDWARD R. ROYCE, California          NYDIA M. VELAZQUEZ, New York
FRANK D. LUCAS, Oklahoma             BRAD SHERMAN, California
SCOTT GARRETT, New Jersey            GREGORY W. MEEKS, New York
RANDY NEUGEBAUER, Texas              MICHAEL E. CAPUANO, Massachusetts
STEVAN PEARCE, New Mexico            RUBEN HINOJOSA, Texas
BILL POSEY, Florida                  WM. LACY CLAY, Missouri
MICHAEL G. FITZPATRICK,              STEPHEN F. LYNCH, Massachusetts
    Pennsylvania                     DAVID SCOTT, Georgia
LYNN A. WESTMORELAND, Georgia        AL GREEN, Texas
BLAINE LUETKEMEYER, Missouri         EMANUEL CLEAVER, Missouri
BILL HUIZENGA, Michigan              GWEN MOORE, Wisconsin
SEAN P. DUFFY, Wisconsin             KEITH ELLISON, Minnesota
ROBERT HURT, Virginia                ED PERLMUTTER, Colorado
STEVE STIVERS, Ohio                  JAMES A. HIMES, Connecticut
STEPHEN LEE FINCHER, Tennessee       JOHN C. CARNEY, Jr., Delaware
MARLIN A. STUTZMAN, Indiana          TERRI A. SEWELL, Alabama
MICK MULVANEY, South Carolina        BILL FOSTER, Illinois
RANDY HULTGREN, Illinois             DANIEL T. KILDEE, Michigan
DENNIS A. ROSS, Florida              PATRICK MURPHY, Florida
ROBERT PITTENGER, North Carolina     JOHN K. DELANEY, Maryland
ANN WAGNER, Missouri                 KYRSTEN SINEMA, Arizona
ANDY BARR, Kentucky                  JOYCE BEATTY, Ohio
KEITH J. ROTHFUS, Pennsylvania       DENNY HECK, Washington
LUKE MESSER, Indiana                 JUAN VARGAS, California
DAVID SCHWEIKERT, Arizona
FRANK GUINTA, New Hampshire
SCOTT TIPTON, Colorado
ROGER WILLIAMS, Texas
BRUCE POLIQUIN, Maine
MIA LOVE, Utah
FRENCH HILL, Arkansas
TOM EMMER, Minnesota

                     Shannon McGahn, Staff Director
                    James H. Clinger, Chief Counsel
              Subcommittee on Oversight and Investigations

                   SEAN P. DUFFY, Wisconsin, Chairman

MICHAEL G. FITZPATRICK,              AL GREEN, Texas, Ranking Member
    Pennsylvania, Vice Chairman      MICHAEL E. CAPUANO, Massachusetts
PETER T. KING, New York              EMANUEL CLEAVER, Missouri
PATRICK T. McHENRY, North Carolina   KEITH ELLISON, Minnesota
ROBERT HURT, Virginia                JOHN K. DELANEY, Maryland
STEPHEN LEE FINCHER, Tennessee       JOYCE BEATTY, Ohio
MICK MULVANEY, South Carolina        DENNY HECK, Washington
RANDY HULTGREN, Illinois             KYRSTEN SINEMA, Arizona
ANN WAGNER, Missouri                 JUAN VARGAS, California
SCOTT TIPTON, Colorado
BRUCE POLIQUIN, Maine
FRENCH HILL, Arkansas



























                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    December 16, 2015............................................     1
Appendix:
    December 16, 2015............................................    43

                               WITNESSES
                      Wednesday, December 16, 2015

Abernathy, Wayne A., Executive Vice President for Financial 
  Institutions Policy and Regulatory Affairs, American Bankers 
  Association....................................................     7
Calabria, Mark A., Director, Financial Regulation Studies, Cato 
  Institute......................................................     9
Gingrich, Hon. Newt, former Speaker, U.S. House of 
  Representatives................................................     5
Gupta, Deepak, Founding Principal, Gupta Wessler PLLC............    11

                                APPENDIX

Prepared statements:
    Abernathy, Wayne A...........................................    44
    Calabria, Mark A.............................................    55
    Gingrich, Hon. Newt..........................................    67
    Gupta, Deepak................................................    71

              Additional Material Submitted for the Record

Ellison, Hon. Keith:
    Screen visuals displayed during the hearing..................    77
 
                    EXAMINING THE CONSUMER FINANCIAL
                     PROTECTION BUREAU'S MASS DATA
                           COLLECTION PROGRAM

                              ----------                              


                      Wednesday, December 16, 2015

             U.S. House of Representatives,
                          Subcommittee on Oversight
                                and Investigations,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to notice, at 11:03 a.m., in 
room 2128, Rayburn House Office Building, Hon. Sean P. Duffy 
[chairman of the subcommittee] presiding.
    Members present: Representatives Duffy, Fitzpatrick, 
Fincher, Hultgren, Tipton, Poliquin, Hill; Green, Cleaver, 
Ellison, Beatty, Sinema, and Vargas.
    Ex officio present: Representative Waters.
    Also present: Representative Love.
    Chairman Duffy. The Oversight and Investigations 
Subcommittee will come to order.
    The title of today's subcommittee hearing is, ``Examining 
the Consumer Financial Protection Bureau's Mass Data Collection 
Program.''
    Without objection, the Chair is authorized to declare a 
recess of the subcommittee at any time.
    The Chair now recognizes himself for 4 minutes to give an 
opening statement.
    The Consumer Financial Protection Bureau (CFPB) is 
fundamentally tasked with protecting Americans from unfair, 
deceptive, and abusive financial practices. Ironically, as a 
result of its massive data collection activities, the CFPB is 
putting all Americans, all of us, at risk.
    From January 2012 to July of 2014, the CFPB carried out 12 
large-scale data collections, including the monthly collection 
of data affecting hundreds of millions of credit card accounts, 
173 million mortgages, as well as information on 10.7 million 
consumer credit reports. Five of these data collections are 
ongoing.
    Not a day goes by that Americans are not made aware of yet 
another breach of their sensitive information. Whether it is in 
the public or private sector, vast collections of personal 
consumer data are prime targets for cyber attackers.
    Aside from the fact that the CFPB does not need to be 
collecting these vast amounts of information to carry out its 
regulatory mission, it is troubling that it has not taken more 
appropriate steps to secure this data. In fact, before this 
committee last year, CFPB Director Cordray said that he could 
not rule out the potential for a data breach at the Bureau.
    We now know--and the American people don't know--how much 
personally identifiable information, or PII, the CFPB retains, 
how that data is protected, and what the Bureau plans to do 
with all that data.
    And while the CFPB claims that it collects very little data 
that contains PII, collecting non-PII data may also endanger 
consumers. A recent study published by an MIT-led team of 
researchers found that knowing just four pieces--four pieces--
of information about a person's credit card transactions was 
enough to re-identify the anonymous credit card data in 90 
percent of the cases that they studied.
    The Dodd-Frank Act granted the CFPB expansive and intrusive 
authority with very little accountability or oversight. 
However, CFPB's data collection programs appear to exceed the 
mandates included in Dodd-Frank. Under the guise of its 
supervisory, monitoring, and examination authorities, the CFPB 
appears to have subordinated consumers' interests with its data 
collection programs.
    What is more concerning is that while the CFPB claims to be 
an information-driven agency, it seems to cherry-pick data to 
justify pursuing a politicized rulemaking agenda. From 
publishing unverified consumer complaints on its website to 
using unreliable methodologies for estimating race in auto 
lending ECOA actions, the agency has proven time and time again 
that it will present only the most convenient of ``facts'' for 
its purposes.
    Manipulating data to validate a regulatory outcome is not 
sound public policy. This is junk science. The CFPB should 
focus on responding to actual allegations of consumer fraud and 
discrimination rather than collecting data for the purposes of 
undertaking costly and abusive phishing expeditions.
    I welcome our panel of witnesses here today, and I look 
forward to hearing from them as they present their testimony.
    I now yield 5 minutes to the gentleman from Texas, the 
ranking member of the subcommittee, Mr. Green, for his opening 
statement.
    Mr. Green. Thank you very much, Mr. Chairman.
    I would like to thank the witnesses for appearing.
    And I would like to acknowledge the presence of the 
Honorable former Speaker of the House. And for our purposes 
today, because he was the Speaker, I shall refer to him as 
``Mr. Speaker.''
    I am, Mr. Chairman, antithetical to most of what you said, 
and I am also concerned about something that has occurred.
    Mr. Speaker, we--or someone owes you an apology. And 
someone owes you an apology because on the memos that I have 
received and on the witness list, you are acknowledged as the 
former Speaker of the House--as indeed, you should be--but 
there is no acknowledgement of your affiliation with the U.S. 
Consumer Coalition. And, generally speaking, this is what we do 
here.
    I have a document that I shall ask unanimous consent to be 
placed in the record.
    Chairman Duffy. Without objection, it is so ordered.
    Mr. Green. This document is dated July 23, 2015, from the 
Financial Services majority staff, and it is to the members of 
the committee, styled, ``The Dodd-Frank Act Five Years Later.'' 
And it indicates that we are having the Honorable Phil Gramm 
appear, and the case that he was a senior partner at U.S. 
Policy Metrics, and that he is a former United States Senator; 
Honorable R. Bradley Miller, of counsel with Grais & Ellsworth 
LLP, and former Member of Congress.
    So I am going to ask unanimous consent that the record be 
corrected so that it will be indicated on the memo and the 
witness list that you are, Mr. Speaker, associated with the 
U.S. Consumer Coalition.
    I ask unanimous consent.
    Chairman Duffy. If that is the case, without objection, it 
is so ordered.
    Mr. Green. I would also indicate why I have done this, Mr. 
Chairman.
    I perused quite a few articles concerning this Coalition, 
this group. It appears to be a corporate-owned and -subsidized 
synthetic grassroots organization. The activists, consumer 
organizations, know very little about it. It is a 501(c)(4). 
There is no way to ascertain who really funds it. And I think 
it is very important for us to know who is really coming after 
the CFPB. This organization has a mission statement that 
coincides with much of what has occurred here in the Congress 
of the United States of America.
    I am going to have to yield some time to the ranking 
member, but I think it is important for us to go into this. I 
have several articles that I will be introducing into the 
record.
    And having perused the Speaker's statement for today, I am 
going to assume that it is just an oversight, because nowhere 
in the statement does it indicate his affiliation with the U.S. 
Consumer Coalition.
    This oversight has occurred more than once, because it 
appears that The Wall Street Journal had to issue an 
amplification as a result. This is something that has been 
called to our attention by virtue of various sources, one being 
Media Matters.
    So, with this, I will now yield the rest, remainder, and 
residue of my time to the ranking member of the full Financial 
Services Committee, Ranking Member Waters.
    Ms. Waters. Thank you very much. I appreciate the time.
    As we sit here today to talk about the CFPB's data 
collection practices, the CFPB uses the data it collects to 
ensure that potentially harmful products do not permeate the 
market, to inform the agency's rulemaking efforts, to conduct 
critical supervisory oversight, and to return money to 
consumers who have been harmed.
    Unfortunately, my colleagues across the aisle are not here 
today to discuss data collection practices. Instead, this 
hearing is simply another blatant attempt to mischaracterize 
the Bureau's data collection activities as harmful to 
consumers.
    How do we know this? Because the chairman of this 
committee, Mr. Hensarling, previously sponsored the PATH Act, a 
bill that, if enacted, would have authorized the creation of a 
national mortgage data repository that would collect the same 
individualized, personalized data that Republicans shame the 
CFPB for collecting, and which is the subject of this very 
hearing.
    Currently, most of the data that the CFPB collects is 
public and nonpersonally identifiable. Both the GAO and the 
CFPB Inspector General have indicated that the CFPB is 
generally in compliance with data privacy and security laws.
    Nevertheless, my Republican colleagues are here today to, 
again, criticize and undermine an agency that has returned more 
than $11 billion to 25 million Americans.
    I yield back.
    Chairman Duffy. The gentlelady yields back time she does 
not have.
    The Chair now recognizes the vice chairman of the 
subcommittee, the gentleman from Pennsylvania, Mr. Fitzpatrick, 
for 1 minute for an opening statement.
    Mr. Fitzpatrick. Thank you, Mr. Chairman, for the hearing.
    And welcome to the witnesses this morning.
    Increasingly, our cyber infrastructure and private records 
are becoming targets of both state and non-state actors alike. 
I don't have to remind everyone here about the theft of 
personal information from the Office of Personnel Management--I 
suspect we all received that letter--or any of the other 
significant breaches of consumer data that have occurred.
    For these reasons, it is alarming that any organization, 
especially an agency of the Federal Government of the United 
States, would collect consumer data and store it in a single 
location, as the Consumer Financial Protection Bureau does, 
especially when, according to a GAO study, the CFPB lacks 
procedures and documentation for these collecting practices or 
security protocols to store private consumer information in a 
manner safe from hackers.
    What's more, it seems that no type of data is off limits to 
the CFPB. While Congress has not been provided a complete 
picture of these actions, we know that one of these mass 
collections yielded data on 173 million loans.
    So we look forward to the hearing, today's witness 
testimony, and we hope that it allows all of us to develop a 
better understanding of this practice and if there is a reason 
or legitimate need for these aggressive Federal practices to 
continue.
    I yield back.
    Chairman Duffy. The gentleman yields back.
    I now want to welcome our witnesses.
    And because I do want to at one point get to our testimony, 
I am not going to spend an hour relating all of the things that 
Speaker Gingrich has done. What I have realized recently, 
though, is that he is a fiction author; he wrote a great book, 
which my wife just completed. It is a page-turner. I didn't 
realize that. But I am going to stick to the basics. He was 
elected to Congress in 1978 from the Sixth District of Georgia 
and, as we all know, was the Speaker of the House from 1995 
through 1998.
    Speaker Gingrich, welcome, and thank you for being here.
    I also want to welcome Mr. Wayne Abernathy. He is the 
executive vice president for financial institutions policy and 
regulatory affairs at the American Bankers Association. 
Welcome.
    Dr. Calabria, welcome again. Dr. Calabria is the director 
of financial regulation studies at the Cato Institute.
    And finally last, but not least, Mr. Deepak Gupta is the 
founding principal of Gupta Wessler, an appellate litigation 
boutique in Washington, D.C.
    Welcome, panel.
    Each of you are going to be recognized for 5 minutes to 
give an oral presentation of your testimony.
    And without objection, your written statements will be made 
a part of the record. Once the witnesses have finished 
presenting their testimony, each member of the subcommittee 
will have 5 minutes within which to ask the panel questions.
    Just as a reminder--many of you know this--on the table you 
have three lights: green means go; yellow means you have a 
minute left; and red means your time is up. I would just note 
that if you get a question while your light is yellow, I will 
give you the leniency to finish your question as it goes into 
red, but please don't go on for a minute or two. Otherwise, I 
will just start tapping my gavel, and we will try to wrap it 
up.
    And with that, Speaker Gingrich, welcome, and you are now 
recognized for your 5-minute presentation.

STATEMENT OF THE HONORABLE NEWT GINGRICH, FORMER SPEAKER, U.S. 
                    HOUSE OF REPRESENTATIVES

    Mr. Gingrich. Good morning, and thank you for allowing me 
to be here. It is an honor to be with you on this important 
issue.
    I do want to say about Mr. Green's concern that if either 
he or his staff had read my testimony, they would find that on 
page 3, I describe my relationship as an adviser to the U.S. 
Consumer Coalition.
    But the subject of today's hearing is important in a narrow 
sense, in that we have an agency that is collecting more 
information about Americans' private lives than any bureaucracy 
deserves, for reasons unrelated to national security.
    But it is also important in a broader sense. Today, the 
Consumer Financial Protection Bureau is so far outside the 
historic American system of constitutionally limited government 
and the rule of law that it is the perfect case study of the 
pathologies that infect our bureaucracies at the Federal level. 
It is dictatorial. It is unaccountable. It is practically 
unrestrained and expanding on its already expansive mandate 
from Congress. And it is contemptuous of the rights, values, 
and preferences of ordinary Americans.
    The CFPB is all of these things, as are many of our large, 
destructive bureaucracies in this City--a huge problem in its 
own right. But the CFPB is an especially good symbol of these 
pathologies because of its unique structure among regulatory 
agencies.
    In the Dodd-Frank Wall Street Reform and Consumer 
Protection Act that created the Bureau, Congress--very 
unwisely, in my opinion--gave up two of its core constitutional 
powers for reining in Executive Branch agencies.
    First, the CFPB is not subject to the annual congressional 
appropriations process and instead is funded out of a fixed 
portion of the Federal Reserve's budget. So, in effect, you 
have a bureaucratic slush fund that is self-defined by the 
bureaucracies on their behalf.
    Second, its Director can be fired only by the President and 
then only under limited circumstances because Dodd-Frank 
protects him from being removed by Congress.
    For all practical purposes, this means the bureaucracy is 
free to do whatever it wants within the broadest imaginable 
interpretation of its authority without fear of losing its 
funding or its leadership. This is a very dangerous recipe for 
petty dictatorship and is completely foreign to the American 
model.
    I always remind people of Lord Acton's famous dictum: 
``Power tends to corrupt. Absolute power corrupts absolutely.'' 
Notice he drops the ``tends.'' There is no better example of 
the corruption of power than this agency, which is totally 
secret, totally unaccountable, spends a vast amount of money, 
has huge cost overruns, and is doing whatever it wants to 
whomever it feels like doing it to.
    We know this formula is dangerous because we have watched 
the Bureau's behavior over the past 4 years. We have seen the 
contempt with which it treats Congress and the American people.
    The CFPB is prohibited from regulating car dealers, but it 
has done so anyway, using absurdly inaccurate techniques--
which, by the way, in the private sector would lead to lawsuits 
over fraud--to accuse them of racial discrimination and extract 
fines from car companies and auto finance companies. This says 
your government is a bully and your government is a 
blackmailer.
    The topic of this hearing is another good example of the 
CFPB's overreach, one I also discussed in my own article in The 
Wall Street Journal last summer. The CFPB is prohibited in 
Section 1022 of Dodd-Frank from collecting personally 
identifiable information on Americans, but the Bureau is doing 
so anyway. And it is doing so on a massive scale that rivals 
the NSA's most controversial collection programs but for much 
less compelling reasons.
    The CFPB has said it aims to monitor at least 95 percent of 
all credit card transactions in the United States by 2016. 
Toward that end, the Bureau is already collecting and analyzing 
data from at least 600 million credit card accounts each month. 
That is 7 billion records in the last year alone.
    And it is not just credit card data. The CFPB is gathering 
data on 22 million private-label mortgages every month, 5.5 
million student loans, 2 million bank accounts with overdraft 
fees, and on hundreds of thousands of auto sales, credit 
scores, and deposit advance loans.
    These secretive and intrusive data-gathering operations are 
taking place without consumers' knowledge and without the 
ability for consumers to opt out. Unless they have been tuned 
in to occasional congressional oversight hearings like this 
one, consumers are entirely unaware that government bureaucrats 
are poring over their credit card transactions every month 
looking for new products to regulate.
    The CFPB is scooping up more information about law-abiding 
Americans than any government agency should be permitted to 
collect for reasons unrelated to national security or law 
enforcement.
    In fact, in a recent poll conducted by Zogby for the U.S. 
Consumer Coalition, which I happen to advise--let me repeat 
that, since it is in the record, but I just want to make sure 
for particularly Mr. Green's staff that they get it--which I 
happen to advise--so I am not secret about the relationship--
just one in five Americans said they believe the CFPB should be 
allowed to gather credit card statements without consumers' 
knowledge.
    For those of you who are concerned about the intelligence 
community's direct data collection effort, I don't see how you 
can be worried about the potential for abuse and about the, in 
fact, justified lack of transparency in national security 
agencies and not be concerned about the same dangers in this 
large and unaccountable bureaucracy armed with similar kinds of 
information.
    Think of the absurdity of being told that Homeland Security 
will not look at Facebook pages of foreigners out of concern 
for their privacy while CFPB is gathering up all of this data. 
Let me just say, certainly, if the NSA and the FBI need a 
warrant to collect such data on U.S. citizens for the purpose 
of preventing terrorism, the CFPB should need to get a warrant, 
too.
    In closing, what we have in the CFPB is an agency that is 
not accountable to Congress or the American people, an agency 
that is stretching the boundaries of its authority as far as it 
can, and a bureaucracy which for all practical purposes is out 
of control. As the American people's elected Representatives in 
Congress, this should bother you no matter which side of the 
aisle you are on and whatever you think of the Bureau's 
preferred regulations.
    It is imperative that we move toward abolishing the 
Consumer Financial Protection Bureau and, at the very least, 
subject it to an annual budgeting and appropriations process, 
in addition to restructuring its leadership to make sure it is 
accountable to Congress.
    Thank you, and I look forward to your questions.
    [The prepared statement of Speaker Gingrich can be found on 
page 67 of the appendix.]
    Chairman Duffy. Mr. Abernathy, you are recognized for 5 
minutes.

 STATEMENT OF WAYNE A. ABERNATHY, EXECUTIVE VICE PRESIDENT FOR 
FINANCIAL INSTITUTIONS POLICY AND REGULATORY AFFAIRS, AMERICAN 
                      BANKERS ASSOCIATION

    Mr. Abernathy. Thank you, Chairman Duffy and Ranking Member 
Green, for this opportunity to testify. My name is Wayne 
Abernathy. I am executive vice president at the American 
Bankers Association (ABA).
    The customers of ABA's thousands of member banks are 
affected by the actions, policies, and decisions of the CFPB. 
The Bureau has enormous authority over retail financial 
products and those who provide them, and, therefore, over the 
people who use them.
    This power comes with little more than nominal oversight 
and accountability. It would be hard to find a Federal agency 
where the gap between regulatory power and public 
accountability is greater.
    Bureau officials repeatedly assert that the Bureau is a 
transparent and data-driven agency. Public exposure and data 
are to be the checks on the natural tendency for any such 
agency to stray into arbitrary action.
    I emphasize the Bureau is governed by one person. No one in 
the agency can address him without ultimately bending to that 
one person's policy judgment, knowing that at some point in the 
discussion it will end with, ``Yes, sir.''
    We welcome this subcommittee's inquiry into the question of 
how strong a check on arbitrary behavior are the Bureau's data 
policies and practices. How much is the Bureau, in fact, data-
driven? And by which data? From which sources? And how would we 
know?
    Bureau Director Richard Cordray stated the following: ``At 
the Consumer Bureau, we are a data-driven agency. The best 
decisions will be those that are best informed.''
    The Bureau's strategic plan for Fiscal Years 2013 through 
2017 includes the following: ``We take in data, manage it, 
store it, share it appropriately, and protect it from 
unauthorized access.''
    And then this from the Bureau's website on a page titled, 
``Open Government'': ``Transparency is at the core of our 
agenda, and it is a key part of how we operate.''
    We support those statements. Bureau practices, however, 
have not lived up to these standards, and there is little to 
require that they do so. The Dodd-Frank Act extends to the 
Bureau impressive authorities for requiring information. The 
Act's oversight structure is much less impressive.
    Problematic Bureau data practices have undermined the 
effective use of data to serve as a check on arbitrary action 
and weakened the quality of policymaking, placing at risk the 
Bureau's mission to protect consumers. In my written statement, 
I discuss several examples, which I will merely list for you at 
this point.
    The Bureau evades public disclosure laws, such as the 
Paperwork Reduction Act, while cherry-picking data. In 
selective data samples, the Bureau skews results, 
mischaracterizing consumer markets. The Bureau has 
misrepresented its data gathering on overdrafts. On its 
website, the Bureau publishes unverified complaint information. 
In its arbitration study, the Bureau ignores its own data. To 
promote its policies on indirect auto lending, the Bureau has 
manufactured data that do no exist.
    I will explain briefly one of these as an example, the 
unverified complaint information.
    The Bureau publishes on its official website, at the top of 
which are the words, ``An official website of the United States 
Government,'' they publish consumer complaints that are 
unverified for accuracy or veracity.
    The Bureau asserts that, ``by adding their voice, consumers 
help improve the financial marketplace.'' But how can this be 
true if the information provided is unreliable and misleading? 
What does the Bureau offer to protect a consumer from acting on 
erroneous information published on the Bureau's own website?
    ABA offers four recommendations in our written statement. I 
would emphasize our fourth. The governance of the Bureau should 
be changed from a sole directorship to governance by a 
bipartisan commission. With a bipartisan structure, we gain 
light from a variety of viewpoints, different people posing 
different questions from different backgrounds, all more likely 
to poke and prod the data, and all of them likely to be 
intolerant of information legerdemain.
    On behalf of ABA and its member banks of all business 
models, serving hundreds of millions of people, our customers 
and your constituents impacted by Bureau decisions by the 
Consumer Bureau, I want to thank this subcommittee for this 
very important inquiry. I would be happy to respond to any 
questions you may have.
    [The prepared statement of Mr. Abernathy can be found on 
page 44 of the appendix.]
    Chairman Duffy. Thank you.
    Dr. Calabria, you are recognized for 5 minutes.

 STATEMENT OF MARK A. CALABRIA, DIRECTOR, FINANCIAL REGULATION 
                    STUDIES, CATO INSTITUTE

    Mr. Calabria. Chairman Duffy, Ranking Member Green, and 
distinguished members of the subcommittee, I thank you for the 
invitation to appear at today's important hearing.
    Let me first say that the concerns I will raise are not 
unique to the CFPB. They apply across the Federal Government.
    Let me also note that my colleagues and I at the Cato 
Institute have consistently raised these concerns regardless of 
politics or the mission of the agency. We have been vocal, 
highlighting abuses in law enforcement and national security. I 
would go so far as to say we have spent considerable resources 
trying to undo the third-party doctrine, which is the basis of 
almost all Federal surveillance.
    So, again, this is not something new to us. In fact, we 
have spent more time on the PATRIOT Act and the Bank Secrecy 
Act than we have on surveillance at the Consumer Financial 
Protection Bureau. So, again, this is not something new for us.
    Let me also say, as I detail in my testimony, the massive 
data collection at the CFPB is one of choice. There is no 
explicit mandate or requirement for this level of data 
collection. As someone who has previously managed one of the 
offices that have been transferred to the CFPB, I can say that 
the extent of this data collection is also unnecessary for it 
to fulfill its responsibilities.
    During my tenure enforcing the Real Estate Settlement 
Procedures Act at HUD, we nearly doubled enforcement, 
significantly increased enforcement action, and we did so 
without having to resort to a massive dragnet of consumer data.
    Obviously and unfortunately, some of those actions did not 
prevent the financial crisis, but I would have told you then, 
as I will tell you today, the problems with RESPA and much of 
our consumer financial protection are in the underlying 
statutes--which I greatly encourage Congress to revisit--not 
from a lack of surveillance.
    We have seen this play out in the area of national 
security, where the public is repeatedly told that if only we 
had more data, various attacks would have been avoided. Yet, 
repeatedly, the intelligence failures we witness are not from a 
lack of data. They are from an inability or unwillingness to 
connect the dots.
    Similarly, the financial crisis was met with demands for 
more data, as if the overheated housing and mortgage markets 
were not obvious enough from the aggregate data. They were 
obvious to me over a decade ago. Unfortunately, our regulators 
ignored them. And, of course, more data does not necessarily 
help you if you continue to ignore it.
    The CFPB has not been immune from this false idol of more 
data. As the GAO has reported, the CFPB has engaged in at least 
12 large-scale data collection efforts. At least three of these 
include information that directly identifies individual 
consumers. Combining this information with other sources, such 
as the other nine, could allow the information also to be 
identified on consumers. In my opinion--granted, as a 
nonlawyer--I believe these collections do not comply fully with 
the Right to Financial Privacy Act.
    Let me also state, as a former Federal employee and one 
subject to the recent OPM breach, I don't trust any part of the 
government with my data, the CFPB or otherwise. In 
consolidating all of this financial information in one place, 
the CFPB has left consumers extremely vulnerable to hackers and 
identity theft.
    Those are only threats from outside the Bureau. 
Unfortunately, the CFPB's data collection, in my opinion, also 
poses significant threats to our Fourth Amendment protections, 
which I believe apply to everybody, even financial service 
providers. As Justice Douglas observed in his dissent to the 
California Bankers case, ``A checking account may well record a 
citizen's activities, opinions, and beliefs as fully as the 
transcripts of his telephone records.'' Credit cards are 
today's checks.
    Such concerns are not simply reflections of the Watergate 
era. As recently as 2012, Justice Sotomayor, in her concurrence 
to United States v. Antoine Jones, correctly observed, 
``Awareness that the government may be watching chills 
association and expressive freedoms. The government's 
unrestrained power to assemble data that reveal private aspects 
of identity is susceptible to abuse.'' Those are Justice 
Sotomayor's words, not mine.
    Justice Sotomayor offers the example of medications 
purchased online by online retailers. Such a purchase could 
theoretically be identified within the CFPB's data card 
collections.
    For a variety of reasons, as I think this hearing has 
demonstrated across the aisle, the CFPB has become a highly 
partisan issue. I think that is unfortunate. Were it to use the 
financial records of its critics as an attempt to silence and 
intimidate those critics, it would not be the first agency to 
do so. And as an institute, at the Cato Institute, where we 
receive our donations via credit card, this is a very real risk 
and certainly one that we worry about.
    I will only quote Justice Thurgood Marshall, who sadly 
observed, ``The technique of examining bank records to 
investigate political organizations is, unfortunately, not a 
rare one.'' And as someone at the Cato Institute who regularly 
takes a stand that is occasionally unpopular in Washington, I 
certainly share in this concern.
    My suggestion would be that the CFPB end these data 
collections. I would submit that there is more than enough work 
to do actually responding to consumer complaints.
    I thank the subcommittee for their time, and I look forward 
to your questions.
    [The prepared statement of Dr. Calabria can be found on 
page 55 of the appendix.]
    Chairman Duffy. Mr. Gupta, you are now recognized for 5 
minutes for a summary of your opening statement.

 STATEMENT OF DEEPAK GUPTA, FOUNDING PRINCIPAL, GUPTA WESSLER 
                              PLLC

    Mr. Gupta. Thank you, Chairman Duffy, and Ranking Member 
Green.
    I will make three points this morning based on my 
perspective as a former CFPB official and as an advocate for 
consumers, including in data privacy cases.
    First, privacy and the security of consumer data are 
important issues, and if this subcommittee were really 
concerned, there are real problems it could be addressing. 
There have been major data breaches recently in which credit 
card information was stolen from consumers at Target and Home 
Depot, for example.
    But this subcommittee hasn't held a single hearing on those 
real-world threats. Instead, we are having a hearing about a 
set of imagined problems that exist only in the minds of the 
CFPB's political opponents.
    In fact, if you ask the actual consumer privacy groups, 
they voice support for the CFPB's data collection efforts. And 
I believe there is a statement that has been entered into the 
record today, or will be--As one privacy advocate put it, ``The 
reason you don't hear from privacy or consumer groups is that 
the CFPB is not doing anything that concerns us, nor, for that 
matter, is it doing much differently than other regulators have 
always done.''
    Second, to the extent that it is doing anything different, 
the Bureau's collection of data is creating the kind of 
oversight and consumer protection that were missing before the 
financial crisis.
    For example, the compilation of anonymous account-level 
data--I want to stress that; it is anonymous account-level 
data--from the CFPB's credit card database has allowed the 
Bureau to study important topics, such as credit card marketing 
practices and the widespread use of forced arbitration clauses 
in consumer contracts, something Congress required the CFPB to 
study.
    Data collection is crucial to the Bureau's ability to 
identify systemic violations of consumer laws, discrepancies in 
credit score reporting, and harmful effects of checking account 
overdraft programs, to name just a few examples.
    The CFPB's data collection ensures that the agency's 
regulation and enforcement are data-driven--that is, based on 
the best understanding of market trends and empirical reality. 
That is the whole point of having expert administrative 
agencies in the first place. So unless your profits come from 
deceiving consumers, you should welcome the CFPB's data 
collection.
    Third and finally, the very existence of this hearing 
illustrates one danger that can occur when public officials 
don't base their actions on data. We have a made-up 
controversy, unfortunately, based on made-up facts.
    The CFPB is not spying on American citizens. It is not the 
NSA. It is not interested in the details of people's personal 
activities, nor would the data that the agency is currently 
collecting enable it to investigate those activities even if it 
were interested in, say, what you plan to buy tomorrow with 
your credit card for a Christmas present for your grandmother.
    In fact, the vast majority of the data collected by the 
CFPB is already public, such as data on mortgages already 
recorded in local land records or auto sales on record with the 
DMV. And most of it is aggregate data at the account level, not 
at the transaction level, designed to give the agency a picture 
of what financial institutions, not individual consumers, are 
up to.
    The GAO looked into this controversy and, in a detailed 
review, found that none of the major problems that the CFPB's 
opponents have alleged exist. Of the 12 major projects analyzed 
by the GAO, only 3 even potentially involved any personal 
consumer data, and the GAO found that the CFPB had taken steps 
to protect and secure the data it collects, and it has a system 
for anonymizing any material involving identifying information.
    And I want to correct one factual inaccuracy that I have 
heard several times already this morning. None of the ongoing 
data collections by the CFPB contains personally identifiable 
information. That is a fact that has been verified by the GAO. 
Agencies have been collecting this same stuff for years and 
nobody has complained, GAO also found.
    The story with consumer complaint data is similar. The 
Inspector General did an exhaustive review and uncovered no 
major problems. Of the 250,000 complaints examined, the IG's 
audit found an accuracy rate of 99.99 percent, an error rate of 
0.01 percent. I wish that most of the work product that 
emanated from this building, for example, could meet that 
accuracy standard.
    Meanwhile, the financial industry is collecting far more 
personally identifiable data that could open up real questions 
about consumer privacy. The JPMorgan Chase Institute, for 
example, recently released a report that pulled from a data set 
of 12 billion individual consumer transactions.
    So if we are really worried about the collection of this 
kind of data, we should be far more concerned about the private 
market that is developing for this data. And with all the real 
problems in consumer finance, I think it is unfortunate that 
the subcommittee feels the need to hold a hearing today on this 
nonissue.
    Thank you for inviting me to testify, and I am happy to 
answer any questions.
    [The prepared statement of Mr. Gupta can be found on page 
71 of the appendix.]
    Chairman Duffy. Thank you, panel.
    The Chair now recognizes the vice chairman of the 
subcommittee, the gentleman from Pennsylvania, Mr. Fitzpatrick, 
for 5 minutes for questions.
    Mr. Fitzpatrick. Thank you, Chairman Duffy, for calling 
this hearing. The hearing is critically important, given all 
the security breaches that we have been hearing about and 
reading about, not only in the private sector of the economy, 
from retailers, but, most importantly, in the public sector.
    And, in most of those cases, the average American citizen 
does not know that their information is being collected by the 
Federal Government or that their security has been breached. 
They just don't know that.
    Speaker Gingrich, you talked about the two Constitutional 
provisions that the United States Congress essentially walked 
away from in passing Dodd-Frank and creating the CFPB. And then 
you testified about all the personally identifiable information 
that the CFPB is collecting.
    I have two questions. First, are you concerned about the 
CFPB's ability to protect and secure that information from 
breaches?
    And second, when you have an agency of the Federal 
Government that essentially lacks accountability or oversight 
from the Congress, what is the interest or the vigilance that 
the agency would have to actually get down and protect that 
information? So how is the CFPB different than other agencies?
    Mr. Gingrich. Thank you for the question.
    Let me say, first of all, anybody who believes that anyone 
has the ability to guarantee security of information is totally 
out of touch with the real world. When you look at the size of 
the breaches and you look at the number of hackers around the 
planet and you look at the intensity with which people are 
trying to figure out how to do this, there is no place where 
you are going to aggregate information, unless you take it 
totally offline, that you are going to have real, true 
security.
    These systems are growing very rapidly. They are getting 
much more sophisticated, and we are going to be in a very 
different world. It is like the Wild West. This is not like 10 
years ago. And it is going to get worse.
    Second, I want to point out that in The Wall Street Journal 
article I cited a Stanford study on how to take metadata from 
telephones and connect them to get individual identity, and an 
MIT study for how to do that with credit cards. So when people 
say to you, oh, we are only gathering impersonal information, 
the fact is that is a sign they don't understand how big data 
has evolved and the fact that you can reassess and redefine 
people if you have enough data points.
    So I find it much more frightening to have government 
bureaucracies that are uncontrolled having that level of 
information and power. In the private sector, if I don't like a 
company, I can quit. That isn't how it works if you are a 
citizen and two bureaucrats show up at your front door.
    Mr. Fitzpatrick. Mr. Gupta, if a constituent of mine in 
Bucks County, Pennsylvania, had her personal information or her 
financial habits stolen in a data breach of the CFPB, how would 
you explain to her that it was necessary for the Federal 
Government to collect and store this information in the first 
place?
    Mr. Gupta. I would first explain to her that the whole 
premise of the question is false, because, as I said, none of 
the ongoing collection efforts by the CFPB involve any 
personally identifiable information.
    And that is verified by the GAO report, and it is pursuant 
to the statutory authority. The authority that this Congress 
gave the CFPB to do ongoing market monitoring expressly comes 
with a limitation which says that data cannot include 
personally identifiable information. And the CFPB, the GAO 
found, is complying with that mandate.
    So, to the extent there is any personally identifiable 
information, it is either going to be because she provided it 
as part of a consumer complaint and that information is not 
going to be information that would be damaging; it would be 
information that allows the agency to get in touch with her--
or, for example, when there is supervision and enforcement and 
the agency needs the person's contact information to get in 
touch with them to reimburse them if they have been defrauded. 
But those are really small exceptions.
    Mr. Fitzpatrick. Dr. Calabria, do you concur that my 
constituent should have no concern with what the CFPB holds?
    Mr. Calabria. I do not concur. Maybe I need to reread the 
GAO report a few times, but my read of it is pretty clear that 
at least three of those programs do have personally 
identifiable information.
    And there is also a question of, can you take the 
information in those programs and link to other programs that 
aren't personally identifiable, and I think that there is a 
very real risk there.
    Again, as I noted in my testimony, I was a victim of the 
OPM breach. And I am very touched that OPM has now made sure 
that I get at least a year of credit check free. That is very 
touching. I would personally like the Chinese to give me my 
information back and not to use it. It is kind of hard to close 
that barn door after the horse is out.
    So I think we need to be thinking ahead of time. The time 
to react is not after the breaches; the point to react is to 
not collect this level of data if you don't need it to begin 
with.
    Mr. Fitzpatrick. I think most of us who also were victims 
of those same breach would agree with you, Dr. Calabria.
    Thank you. I yield back.
    Chairman Duffy. The gentleman yields back.
    The Chair now recognizes the ranking member of the full 
Financial Services Committee, Ms. Waters, for 5 minutes.
    Ms. Waters. Thank you very much.
    Let me welcome all of our panelists here today, and 
especially Speaker Gingrich. Welcome, welcome, welcome.
    Speaker Gingrich, whom are you representing here today?
    Mr. Gingrich. I represent myself.
    Ms. Waters. What is the name of the PR firm that you work 
for?
    Mr. Gingrich. The U.S. Consumer Coalition is not a PR firm. 
It is an organization which has been raising questions. I work 
with them. I have said that publicly. I said it, in fact, in 
the testimony we submitted here. And I think the questions they 
raise are very good ones.
    But my view--
    Ms. Waters. The Coalition--
    Mr. Gingrich. --is not shaped by that. I am a 
conservative--
    Ms. Waters. Excuse me. I am not interested in that right 
now, Mr. Speaker.
    Mr. Gingrich. I apologize.
    Ms. Waters. The Coalition has hired a PR firm that you work 
for. You work for the PR firm. Is that right?
    Mr. Gingrich. We work with the Coalition.
    Ms. Waters. Do you work for the PR firm that is hired by 
the Coalition?
    Mr. Gingrich. I would have to check to see whether it is--
    Ms. Waters. Okay.
    Mr. Gingrich. But there is no question we work with the 
Coalition. We have said--
    Mr. Green. Would the ranking member yield, if you would?
    Ms. Waters. Yes, the ranking member will yield.
    Mr. Green. Mr. Speaker, I have your Wall Street Journal 
article wherein there is an indication at the end that you are 
a paid adviser to the Wise Public Affairs group. Are you 
denying this, Mr. Speaker?
    Mr. Gingrich. No, I am not denying--
    Mr. Green. That was the question that the ranking member 
was asking.
    I will yield back to the ranking member.
    Ms. Waters. Thank you very much.
    And the Coalition is funded by what industries?
    Mr. Gingrich. I don't know.
    Ms. Waters. Does the Coalition represent any other consumer 
groups? Do they advocate for any other consumer groups? Or was 
it just organized to deal with their concerns about the 
Consumer Financial Protection Bureau?
    Mr. Gingrich. My impression is that they think that the 
threat from the CFPB is large enough that that is their primary 
focus.
    Ms. Waters. I am not interested--
    Mr. Gingrich. And it is the only bureaucracy--
    Ms. Waters. --Mr. Speaker, in your impression. But is that 
exactly what they do, just--
    Mr. Gingrich. I don't know. You would--
    Ms. Waters. --the Consumer Financial Protection Bureau?
    Mr. Gingrich. --have to call them and ask them. They asked 
me to advise on one thing.
    Ms. Waters. I know that you are very smart, Mr. Speaker, 
and you wouldn't work for somebody that you didn't know who 
they are and what they do. So that is why I ask you.
    But let me just move on, because I know you understand how 
this place works. You talked about the fact that it is the only 
agency that operates in the way that it does, that it is the 
only agency that does not have to go before the Appropriations 
Committee. Do you really know and understand that to be true?
    Mr. Gingrich. That is certainly my impression, but if you 
find other agencies that have perpetual life by drawing money 
in manners that has nothing to do with the Congress, I think 
Congress ought to, frankly, then hold hearings on bringing them 
within the Constitution.
    Ms. Waters. Are you aware that, for example, the FHFA has 
one Director, appointed by the President, who can only be 
removed by the President, and does not go before any 
Appropriations Committee? Are you aware of that?
    Mr. Gingrich. I wasn't aware of that. But, as I just said, 
to the degree you would like to give us a list that we could 
suggest to Congress that they bring under annual 
appropriations, I would be happy to--
    Ms. Waters. Mr. Speaker, I know that you know how this 
place runs. You ran it with a strong hand, so I know you 
understand how it works.
    Does the FDIC go before an Appropriations Committee?
    Mr. Gingrich. I believe it is subject to congressional 
supervision.
    Ms. Waters. That is not what I asked.
    Mr. Gingrich. I believe it answers to congressional 
inquiries.
    Ms. Waters. That was not my question.
    In terms of what the President is able to do in determining 
whether or not a director continues as director--the OCC, for 
example, their director can only be fired by the President. 
Isn't that right? And the same thing with the FHFA. Is that 
correct?
    Mr. Gingrich. That is correct.
    Ms. Waters. And the Fed, they don't go before an 
Appropriations Committee. Is that right?
    Mr. Gingrich. That is right. In fact, I have favored 
auditing the Fed for that very reason.
    Ms. Waters. And the President, for example, can only remove 
the head of the SEC. Is that right?
    Mr. Gingrich. Yes.
    Ms. Waters. Okay. So I just want us to be clear when we 
compare the Consumer Financial Protection Bureau with other 
agencies.
    Some of us are very appreciative that Dodd-Frank created 
the Consumer Financial Protection Bureau, because prior to the 
meltdown that we had, the recession that we entered into, 
nobody was protecting the consumers. We had all of our 
oversight agencies who basically were supposed to be 
responsible for soundness, et cetera, but they did nothing for 
consumers.
    And so now we have the Consumer Financial Protection 
Bureau, and we have a whole effort to destroy it. The other 
side of the aisle have made this the top priority in everything 
that they do. And just as Mr. Gupta said, while we had this 
breach with Target and others, never have we had a hearing on 
any of that.
    So I am glad that you are here today, but I want you to 
share your knowledge with us and tell--
    Chairman Duffy. The gentlelady's time has expired.
    Ms. Waters. --us what you know and what you understand 
rather than--
    Chairman Duffy. The gentlelady's time has expired.
    Ms. Waters. --some of the other stuff that I am hearing.
    I yield back the balance of my time.
    Chairman Duffy. And there is none left.
    Mr. Gingrich. Can I make one brief comment?
    Chairman Duffy. Maybe you can ask--
    Mr. Gingrich. Okay.
    Chairman Duffy. I want to stick with the rules.
    The Chair now recognizes the gentleman from Colorado, Mr. 
Tipton, for 5 minutes. Maybe he will entertain the Speaker's 
request.
    Mr. Tipton. Thank you, Chairman Duffy.
    Mr. Speaker?
    Mr. Gingrich. I just wanted to comment--the gentlelady just 
pointed out that all of these various bureaucracies that were 
responsible for oversight prior to 2007 failed, and so the 
answer is, let's build another bureaucracy to look after the 
failed bureaucracies, as opposed to looking at why did all 
these bureaucracies fail. I think it is a fascinating 
difference of opinion.
    And I appreciate your pointing out that we actually should 
have a study, which Cato may already have, of all of the 
agencies that should be under congressional annual 
appropriation. I thought that was a very useful contribution.
    Mr. Tipton. Thank you, Mr. Speaker.
    Mr. Gupta, I would like to start with you, in regards to 
personal information. You made the comment that no personal 
information is collected. Is gender an identifier?
    Mr. Gupta. Is gender an identifier? Gender standing alone, 
with nothing else?
    Mr. Tipton. How about if we included age? Would that be an 
identifier, those two together? How about ethnicity, if we 
included those three elements? Are those things that can be 
used to identify an individual?
    Mr. Gupta. I take your point, and you are right. A 
constellation of data can certainly be used to identify someone 
without their name. And the CFPB is very concerned about that. 
And that is why--
    Mr. Tipton. Interestingly--
    Mr. Gupta. --if you look at the GAO report, you will see 
that they have a data intake team that carefully, carefully 
scrubs the data before it even enters the Bureau and is 
disseminated to ensure that you don't have a constellation of 
data that can be assembled to actually identify anyone.
    Mr. Tipton. Well, interestingly, Mr. Gupta, under the CFPB, 
with the NMD, they do require the collection of gender, age, 
and ethnicity.
    Mr. Calabria, would you like to maybe comment on that?
    Mr. Calabria. Again, I would agree that only a small number 
of information is needed to identify people.
    I do want to emphasize, as I pointed out in my testimony, 
and as the Federal Reserve Inspector General pointed out, a 
significant amount of the CFPB data collection is maintained by 
contractors on cloud computing, which in my opinion--granted, 
I'm not a tech expert--leaves it particularly vulnerable to 
hacking.
    So I would certainly encourage the CFPB to bring more of 
that data--here, I am going to say it for a second: Cato 
Institute, Mark Calabria, encourages less use of contractors 
and more government employees, in this case.
    Mr. Tipton. Does the GAO report that the CFPB does not have 
the security protocols in place to be able to secure this data 
scare you?
    Mr. Calabria. That is correct. And that is a very big 
concern of mine, the security of this data.
    Mr. Tipton. If I could follow up again with you, Dr 
Calabria, for a long time, I have held the belief that with a 
lot of the regulatory bodies, the heart may be in the right 
place, but we need to be able to look at outcomes.
    And I get a general sense, going back to Speaker Gingrich's 
point, that we actually have an institution right now, through 
the CFPB, that is completely off the books. Congress has no 
real control to be able to actually control it, to be able to 
direct it.
    Do you have a sense that we have a system in place that is 
continuing to build, that is designed to be able to find and 
punish, rather than help and improve?
    Mr. Calabria. So let me first say, there is a fair amount 
of work in the psychology literature about, when people feel 
like they are wrapped up in a cause and self-righteous. And I 
think that, certainly, the CFPB's attitude is, ``We are a 
crusade. We are here to protect the consumer. We are going to 
fix the financial crisis.'' And we saw the same thing in the 
intelligence community after 9/11. When you get caught up in 
this mentality, you get blinders, you get tunnel vision. There 
is a lot of psychology research which I think clearly 
demonstrates that.
    And so what you need--and, again, I would reference one of 
the citations in my testimony from something by Cass Sunstein, 
of all people, who really argued that you need to have 
procedures and checks in place so that dissent is heard.
    And this is one of the--the value of a board is that 
somebody sits there and says--just like this committee can have 
this dialogue and this back-and-forth--is there needs to be 
this back-and-forth. And Wayne talked about, at the end of the 
day, every employee at the CFPB needs to say, ``yes, sir'' to 
Mr. Cordray, and I think that is a real problem.
    None of us have all the answers, and you lack this 
institution for this dialogue and this back-and-forth and this 
give-and-take. You need that. And other places that don't have 
this don't do well. It was mentioned that a number of other 
agencies--look at OFHEO, who was the regulator for Fannie Mae 
and Freddie Mac, and had a single director. We saw how that 
turned out.
    So, again, the attitude that you can't have this sort of 
give-and-take, I think is critically important.
    I will also note, the argument you often hear is we need a 
single director so it isn't captured by the industry. I am not 
a mathematician, but the last I checked, I think it would be 
easier to capture one person than it would to capture, say, 
five.
    Mr. Tipton. One thing that genuinely concerns me about this 
is, if we were to apply the same rules to the CFPB that they 
are trying to apply to everyone else, if we were getting ready 
to make a mortgage--and, again, go back to the comments in 
terms of identifiers about gender, age, ethnicity in 
determining and making a loan, they are collecting this data 
with no consumer knowledge. How would the CFPB address a 
private-sector entity in doing that?
    Mr. Calabria. Let me make two quick points since you are 
out of time.
    First of all, the JPMorgan example, I can choose not to use 
JPMorgan, and if I do, I can sue them if they distribute my 
data in a personal way. And, plus, they suffer. Target took a 
big hit. You don't see any of this with the Federal Government, 
in terms of these corrections.
    But, lastly, I want to say we don't have to wonder how this 
works. The HMDA is an example of where there is not personally 
identifiable information but you can link it to courthouse 
records to figure out the identity. It is not that hard.
    Chairman Duffy. The gentleman's time has expired.
    The Chair now recognizes the gentleman from Missouri, Mr. 
Cleaver, for 5 minutes.
    Mr. Cleaver. Thank you very much, Mr. Chairman.
    And thank all of you for being here. I appreciate it very 
much.
    Mr. Speaker, you may have misspoken. You said that the CFPB 
was totally secret. And so I am assuming that you weren't--and 
this is not a catch-you-wrong question. I am just--when you 
made the comment, I just wrote it down, because I didn't think 
you were saying that the CFPB was a totally secret agency.
    Mr. Gingrich. My impression is, if you look at various 
hearings and various interrogatories, that the leader of the 
CFPB has remarkably little interest in sharing with Congress a 
whole range of information, including the various cost 
overruns, including salaries, and so forth. So my impression is 
that they are a remarkably secretive operation for a non-
national-security operation.
    Mr. Cleaver. Okay. I agree with you if you use ``remarkably 
secretive'' as opposed to ``totally secretive.'' Because if it 
was totally secretive, we wouldn't have this hearing.
    Mr. Gingrich. I am happy to be amended to ``remarkably.''
    Mr. Cleaver. Thank you.
    Mr. Abernathy, do you think that it is important that we 
have evidence-based policies?
    Mr. Abernathy. Absolutely, Congressman.
    In our view, when you have an agency that is led by just 
one individual, without all of the other checks and balances 
and oversight that other agencies are subject to, you are left 
with just one check, and that is the exposure to the public, 
letting the public see what is the information that you used to 
make your decisions, and let's have a debate on that to make 
sure you are not operating in an arbitrary manner.
    I can think of no agency where that is more important than 
it would be at the Bureau to make sure that they avoid getting 
into arbitrary action. That is why we are so concerned about 
their data practices.
    Mr. Cleaver. Yes. Here is something that I am interested 
in: What county do you live in?
    Mr. Abernathy. I live in Fairfax County, Virginia.
    Mr. Cleaver. I am not familiar with the way that county 
operates, but do you believe that the county has data on your 
mortgage?
    Mr. Abernathy. I don't have a mortgage anymore. But I 
think, when I had a mortgage, they probably had some 
information.
    But what is interesting about Fairfax County is that they 
have a series of seven, I believe, elected officials, and these 
officials all are peers of one another, and they check one 
another's activities. And that prevents the abuse of data 
because they will call somebody else on it. They will say, 
Madam Chairman, or whomever, there is more information that you 
need to take into account.
    There is no one like that at the Bureau. There is no peer 
at the Bureau for the Director of the Bureau. Everybody reports 
to him.
    Mr. Cleaver. Most counties, maybe not in Fairfax, but most 
of the other counties around the country have a lot of data on 
your mortgage. They have a lot of data on--well, not on your 
mortgage, but on people who hold mortgages, a lot of data.
    The same thing, I think, holds true when you think about 
some of the commercial data that is available. The DMV, does it 
not have a lot of data about individuals who drive and about 
the machine they drive?
    Mr. Abernathy. Yes, they certainly do, Congressman. I think 
what makes the Bureau different is that they can put all these 
different pieces together.
    If you look at the authority that has been given them under 
Dodd-Frank, there is virtually nothing that a covered firm, a 
firm subject to its jurisdiction, has in terms of information 
that the Bureau cannot demand. And, in their recent data 
collections, they have been gathering in enormous amounts of 
those data and putting it all in one place.
    Mr. Cleaver. We have probably had more hearings on the CFPB 
than we have had on anything. So I think it is erroneous to say 
there is nobody looking at the agency. That is all we do. It 
has become the political punching bag of this whole Congress.
    And maybe the Speaker was right. Look at the OCC, the FDIC, 
and the Federal Reserve; they are all in the data collection 
business.
    And so, we can create this attitude that this is going to 
be a Big Brother operation and they are going to give money to 
the Taliban or whatever, and I think we are taking this stuff 
too far.
    I yield back, Mr. Chairman.
    Chairman Duffy. The gentleman yields back.
    The Chair now recognizes the gentleman from Maine, Mr. 
Poliquin, for 5 minutes.
    Mr. Poliquin. Thank you, Mr. Chairman. I appreciate it very 
much.
    And thank you, gentlemen, for coming here today. I 
appreciate it.
    I come from the private sector, and for 35 years I have 
been running small companies. And when you come from a business 
background, you have to be accountable all the time. You have 
to be accountable to your employees, to your customers, and to 
your suppliers. You have to be accountable to your board. If 
you have a product or a service that is overpriced or performs 
poorly, you are going to go out of business. Now, it seems to 
me that we should do the same thing here in government, but, 
unfortunately, it doesn't happen very often.
    When I was State treasurer up in Maine, I was on the board 
of an independent public housing authority. And shortly after 
joining the board, I realized that the executive director had a 
5-year term, appointed by the Governor, and couldn't be fired. 
The board had no authority. The executive director didn't 
report to the board. And it had a funding source that was 
independent of appropriations.
    Now, after a little bit more digging, we found out that we 
had 6,000 families waiting in Maine to come in from the cold so 
they could have a safe and warm place to live, and we had a 
public housing authority that was spending money on theater 
programs for prison inmates.
    As well as the fact that any request from the board to get 
data on how the operation was performing was just ignored. And 
then we found out that they were spending twice as much to 
build one-bedroom apartments than it cost to buy a single-
family home on a quarter-acre with a garage, two bathrooms, and 
three bedrooms.
    So we changed the law. We made sure that the executive 
director reported to the board, we put in financial controls, 
and we put business people on the board. And, by the time I 
left, the cost per unit had dropped to about 35 percent, it was 
still going down, and we helped hundreds more families.
    Now, I am looking, Mr. Gingrich, at the CFPB. And we have 
an independent organization, as you mentioned, that reports to 
nobody. The Director has a 5-year contract, and can only be 
replaced by the President. They have a revenue stream that is 
divorced of appropriations from Congress.
    And all I am asking you is, did it make sense when the 
Director showed up here 6 months ago and tried to convince us 
that it was a darn good idea to spend $216 million on an office 
building for their 1,400 employees, to rehab it, they don't own 
it, with a two-story waterfall in the building and a reflecting 
pool and a playground on the roof? Now, how can we trust these 
people to collect the sort of data they are doing here in 
America for our families?
    In our district, we had a major breach of data security 
with the largest health insurance provider in the State. 
Thousands of people in my district had their personal data 
violated.
    So I ask you, Mr. Speaker--you have a lot of experience in 
this area--what can we do to fix this? Do you trust this 
organization to collect the sort of data that they are? And if 
not, how in the dickens do you fix it?
    Mr. Gingrich. Thank you. And I have to confess, the entire 
story about the Maine housing authority is amazing and would 
almost be a study in its own right.
    Let me say first of all, just to set the record straight, 
both the Department of Justice and the Federal Trade Commission 
had consumer protection responsibilities prior to 2008. So this 
notion that magically we are going to create a new super-
bureaucracy all on top of the other bureaucracies because this 
new bureaucracy will be terrific--and you just described the 
arrogance of power.
    Since they are totally uncontrolled, and since they are 
virtuous and should not be questioned, why shouldn't they have 
a waterfall in the atrium? Why shouldn't they be able to walk 
in and look up and think, I am here to protect America on my 
terms, based on my prejudice, and applying my ideology, and 
aren't you lucky to have me as the savior of consumer behavior?
    That tells you everything about why this agency ought to be 
abolished, whether you want to break it up and put it back at 
the FTC and the DOJ, or whatever, One other thing the CFPB will 
not tell you is all of their various data-gathering techniques, 
but we are told that there are consumer data companies which 
sell information to them which includes personal data.
    Now, that should be findable, and that is the kind of thing 
we ought to say, explain to me why you think you are going to 
keep this anonymous, given modern technology and modern 
information systems?
    Mr. Poliquin. For us here today and those listening, Mr. 
Speaker, can you give us another couple of tangible examples, 
to the best of your knowledge, of how you connect data 
protection with accountability in government agencies like 
this?
    Mr. Gingrich. As I said earlier, I think anytime you start 
centralizing information into specific banks of data, you have 
to assume that you are really at high risk.
    And I would raise the question--again, we always have the 
government show up and tell us, ``Everything is fine,'' until 
the next huge data breach, and then they come back to tell us, 
``But now, everything is really fine.''
    We are in a competition in which there is a free market of 
hackers worldwide, all of whom can operate without red tape, 
without limitations, without all of our various rules and 
regulations, and bureaucratic structures that are stunningly 
slow and incompetent. I find no reason to believe this 
particular structure is going to be dramatically better than 
OPM at protecting data.
    And I think aggregating the numbers I gave you earlier, 
billions of data points in one place is really defying 
everything we have learned about the emergence of a very 
aggressive hacking culture.
    Mr. Poliquin. Thank you, Mr. Speaker. I appreciate it very 
much.
    Chairman Duffy. The gentleman's time has expired.
    The Chair now recognizes the gentleman from Tennessee, Mr. 
Fincher, for 5 minutes.
    Mr. Fincher. Thank you, Mr. Chairman.
    Mr. Gupta, would you support a five-person governing panel 
instead of the one director at the agency?
    Mr. Gupta. I would not. I think that, as Ranking Member 
Waters mentioned, there are lots of agencies that have single 
directors--
    Mr. Fincher. Okay. That is it.
    Would you support having CFPB under the appropriations 
process?
    Mr. Gupta. No, I would not.
    I think the OCC, and lots of other banking regulators, are 
not subject to the appropriations process, but they have an 
even worse source of funding, historically. They have gotten 
their funding from the entities they are regulating.
    Instead, what you have here is a stream of money that comes 
from the Federal Reserve Board, and it prevents agency capture. 
It prevents the agency from being subject to the thing that 
makes Washington broken in every respect, which is the 
influence of financial industry money.
    Mr. Fincher. Okay. And--
    Mr. Gupta. That is why you are having so many hearings, I 
assume, on--
    Mr. Fincher. What makes Washington broken is too much 
Washington and too many bureaucrats.
    I think the narrative here that we are hearing from my 
colleagues on the other side of the aisle--and no offense to 
Ranking Member Waters, she is very passionate about this; she 
just happens to be wrong--is that the American people aren't 
smart enough to make decisions on their own, so bureaucrats and 
politicians in Washington are going to tell them what to do.
    Another one of my colleagues trying to compare data 
collection at the CFPB to my county in my rural district in 
Tennessee is a joke. We look back at a lot of the reasoning 
behind Dodd-Frank and behind the CFPB, because the private 
sector was out of control, when in a lot of respects it was 
Fannie and Freddie that were influencing the private sector and 
telling banks who to loan money to.
    So, let's get to the facts. The facts are, for a lot of my 
friends on the left, they see the private sector as a problem, 
and everything should be done in Washington and by bureaucrats 
and politicians. This is a slap in the face to the American 
people. They are smart enough to figure out what works and what 
doesn't, and they don't need people in Washington doing it for 
them.
    Mr. Abernathy, if the CFPB were to use this data 
irresponsibly, are you concerned with a lack of accountability? 
And how would we rein them in? They are almost untouchable.
    Mr. Abernathy. That is a serious problem, and that is one 
of the things that we believe this hearing is bringing out, is 
the fact that all you have to act as accountability for the 
Bureau is the public exposure of the data that they claim that 
they rely upon. And yet, when we look at the decisions that 
they have made, rather than relying upon the data to drive what 
they do, they cherry-pick the data through processes that they 
don't reveal to the public, in order to silence debate rather 
than to foment debate by basically saying, this is what the 
data tells us we have to do; therefore, there should be no 
discussion.
    In one case, they have actually demonstrated the value, and 
that is with regard to their arbitration study, where they did 
put the data out for people to look at, and the data actually 
disprove the assumptions they make in their study, but it 
encourages a broad discussion by the public. And that is what 
we need.
    Mr. Fincher. Dr. Calabria?
    Mr. Calabria. I want to make a couple of points, but first, 
I want to go back to the funding issue.
    Let's remind ourselves that the CFPB is funded in the same 
way that the Federal Reserve itself is funded. And I think it 
is widely accepted that the Federal Reserve fell down on the 
job before the crisis despite being outside of the funding 
process.
    And of course, as we know, Mr. Greenspan, Mr. Bernanke, and 
Mrs. Yellen are not accepting campaign contributions from Wall 
Street. That is not why they screwed up. They screwed up for a 
number of reasons. Of course, you could try to say, well, they 
screwed up because Mr. Greenspan has some crazy ideology and 
whatever. That is actually an illustration of why you don't 
want one single powerful person, because how will you know that 
person is not going to get the check and balance?
    And, in fact, the only way we know that there were 
discussions about subprime lending at the Federal Reserve is 
because Ned Gramlich, one of the Board Members, forced that 
conversation. And that was a conversation that was at least 
had, which would not have been had if it was a single director.
    So, again, let me clearly state for the record so that we 
don't have to go back over this topic, the CFPB is not the only 
part of the Federal Government or our financial regulatory 
structure that is broken. I think we can accept that. I don't 
subscribe to the two-wrongs-makes-a-right theory of policy. So 
just because something is broken over at agency ``A'' does not, 
in my opinion, justify us to leave something broken at agency 
``B.''
    Mr. Fincher. My time is expiring. Let me just say this in 
closing.
    Hopefully, a Republican Administration will take over in 
2017, and my friends across the aisle will be singing a very 
different tune at that time, but let's remember that, to your 
point, two wrongs don't make a right. We need to call this out 
for what it is. And if Republicans were doing it, it would be 
wrong also. But let's fix this.
    And, please, my friends on that side of the aisle, give the 
American people some credit. They are smarter than Washington.
    I yield back.
    Chairman Duffy. The gentleman's time has expired.
    The Chair now recognizes the gentleman from Arkansas, Mr. 
Hill, for 5 minutes.
    Mr. Hill. Thank you, Mr. Chairman. And thanks for calling 
this hearing.
    It is certainly good for me to see my old friend, Wayne 
Abernathy. We served so long ago on the Senate Banking 
Committee staff, Mr. Speaker, that there was no TV in the 
Senate. That is how long ago it was. Many moons have passed.
    I feel like Rip Van Winkle when I come back to Washington 
after 25 years and see this kind of behavior. And this isn't 
the first time we have talked about a subject like this at a 
hearing. FINRA proposed a proposal called CARDS, where they 
would sweep up every brokerage account in the country and every 
brokerage transaction and organize it in a way that it would 
not be identifiable so that they could just look at it.
    And my whole problem with things like this is just because 
you can, doesn't mean you should, in these massive data 
collections, when a simple sample would do just as well in 
trying to look for a trend analysis.
    And, further, our whole regulatory system has been based on 
looking at institutions and looking at the activities of that 
institution on a small-scale basis and making determinations 
about, did the executives of that institution do a good or a 
bad job with regard to consumer legislation or prudential 
regulation. That has not been the sweeping 170 million loan 
records, for example, that are now in the hands of the CFPB.
    In my district in Arkansas, this spring has been taken up 
by working 70 cases of IRS identity theft. And it is all we 
talk about in my office: identity theft problems with 
federally-stored data. So I have concerns about that.
    Mr. Gupta being here, it reinforces, I think, why I ran for 
Congress, and why I was glad the people of Arkansas elected me 
to Congress. Because once again, I feel like you are the chief 
apologist for an intrusive, Big Brother, Big Government 
solution.
    We have had hearings, sir, in this room on the Target 
breach. We had retailers and bankers testify about those 
breaches. And we have bills moving in the Energy and Commerce 
Committee in this House and in this committee, Financial 
Services, to deal with that. So don't make the assumption that 
we have not had data breach discussions in--
    Mr. Gupta. And I commend you for those efforts. Those are 
good efforts.
    Mr. Hill. Thank you.
    And, also, you stated that this committee is making up 
facts, when, in fact, I think The Wall Street Journal was quite 
clear, and I commend the staff of this committee. In the made-
up-fact arena, it is the CFPB and their auto finance 
investigation that has gotten the world record for made-up 
facts in their most recent efforts.
    So I would like to get some thoughts, Mr. Speaker, on this 
issue of why the CFPB claims it needs all this information in 
order to understand the markets it regulates. In my opening 
comments, I talked about how individual firms and individual 
prudential managers deal with markets, and that is how we have 
traditionally regulated it. And they have collected 87 percent 
of the credit card market. They have collected 95 percent--it 
is trying to get 95 percent of all the credit card accounts.
    What do you think is any justification for that, when one 
could just do a survey of credit card vendors for a small 
sample to meet any analysis, it seems to me, that would have a 
public policy benefit? Could you comment on that for me, 
please?
    Mr. Gingrich. Thank you.
    Look, Friedrich Hayek, in ``The Road to Serfdom,'' made the 
argument that, once you start toward centralized planning, you 
inevitably coerce, and that the centralized planners think of 
themselves as virtuous and as having a fact-based approach to 
life, when, in fact, they are like the rest of us. They have 
ideologies, they have things they like, they have things they 
don't like.
    It is very funny, in a sense. This is a monster which, if 
Democrats thought about it, they would rush to create a 
bipartisan board. Imagine you have a President Cruz or a 
President Trump and they decided to appoint their version of 
this kind of collection agency, and that person was now in 
total charge of gathering the data they wanted to gather so 
that, let's say, instead of being antigun, as the current group 
is, they decided they were pro-gun, and so they decided that 
you really ought to have lots of credit if you are a gun 
dealership and so forth.
    You need to understand, when you put total power in one 
person's hands and they can operate in--not total secrecy but 
surprising--
    Mr. Hill. Remarkable secrecy. Yes.
    Mr. Gingrich. --remarkable secrecy, you are creating a 
natural pattern that leads to very dangerous behavior, for this 
reason: The government always, in the end, is about power and 
the ability of the state to coerce. And when you have people in 
darkness who are able to exercise the power of the state, they 
apply their prejudice and their ideology. And that can destroy 
normal people because the government is so big and so powerful.
    Mr. Hill. Thank you, Mr. Speaker.
    I have Fourth Amendment concerns about this process, as I 
did on CARDS. It is not the direction we should be going in 
regulation in this country.
    And I yield back.
    Chairman Duffy. The gentleman's time has expired.
    The Chair now recognizes the gentlelady from Ohio, Mrs. 
Beatty, for 5 minutes.
    Mrs. Beatty. Thank you, Mr. Chairman, and Ranking Member 
Green.
    Let me first say thank you to the panelists for being here 
and that I am also proud to associate myself with the comments 
from my ranking member of the Financial Services Committee, 
Congresswoman Maxine Waters.
    Mr. Chairman and to the witnesses today, certainly this is 
an important topic. When I received my overview with the name 
of the topic today that we were going to look at, consumer 
protection and data security, it kind of puzzles me, as we have 
witnesses here, that we don't have anyone here who is actually 
from the agency that we are talking about, and that we have 
certainly discussed--which probably are important, for us to 
hear our different views from our witnesses--that go far beyond 
what I think we should be discussing at hand. We are talking 
about the establishment and how it was established 5 years ago. 
We are talking about the budget. We are talking about 
everything but the real issue of what this hearing was 
scheduled to do, which I think is unfortunate and a disservice 
to me and to our constituents.
    I would also be curious as to your expertise, starting with 
you, former Mr. Speaker. Can you tell us your expertise as a 
cybersecurity expert? I know that you are here as yourself, as 
you commented. I also know that you are a paid public affairs 
consultant with the Wise Group.
    So tell me what your expertise is in this area.
    Mr. Gingrich. I wouldn't classify it as expertise, but I 
have worked on data issues and on cyber issues for over 25 
years. As Speaker of the House, I had a substantial amount of 
involvement. I have this year spent time out at the National 
Security Agency looking at their things. I served for 6 years 
on the Defense Policy Board, and cyber was part of that.
    And I can tell you, as a historian, all you have to do is 
clip out of the newspapers the increasing frequency of cyber 
activities, the increasing frequency of hacking, and the 
stunning inability of the American Government to protect 
itself, and I think that doesn't require any massive level of 
expertise.
    I do think it would be wise for the subcommittee to arrange 
for a number of people who have cyber capabilities to come in 
and explain why this is a dangerous thing. And it is dangerous 
at two levels. Remember, it is about a mass data collection 
program. So it is dangerous at two levels. We are talking about 
breaches and hacking. It is also dangerous because the truth 
is, in the age of metadata, you can identify individuals from 
supposedly anonymous information. And you may want to have a 
hearing and bring in people from places like Carnegie Mellon 
and MIT and go through this.
    But I will assure you I have spent time with the Army Cyber 
Command, I have spent time at NSA. I am not personally a cyber 
expert, but I think--
    Mrs. Beatty. Okay. Thank you.
    Mr. Gingrich. --I am reasonably knowledgeable.
    Mrs. Beatty. I am going to move on because of my time.
    So based on that, and your clipping out articles and 
reading them, and your past experience, let me ask you this: 
Some have commented that the CFPB is particularly vulnerable to 
hackers because of their heavy reliance on cloud-based 
computing. Can you tell me how you feel about that and why? And 
what better practices, from your reading and the experience you 
have said, would be better? Give me something specific.
    Mr. Gingrich. I think if you talk to people at the Pentagon 
and at the--
    Mrs. Beatty. No, I mean in your opinion, not whom I should 
talk to about it. You are here today.
    Mr. Gingrich. No, I understand.
    Mrs. Beatty. I want to hear from you, not--
    Mr. Gingrich. Okay.
    Mrs. Beatty. --who I can call or who the Republicans can 
bring in. You have shared that you have this experience, and 
you have probably been the most critical. And so I want to be 
able to discern and be able to separate, is this predisposed 
from articles I have clipped out on you and what you have said 
that is clearly coming with some predetermined ideas against 
the organization and Mr. Cordray.
    So let's keep this in the context and give me some 
specifics that you have. You are sitting here today, not the 
folks that may call or may come here in the future, so let's 
hear from you.
    Mr. Gingrich. Okay. And I would say, then, three things.
    One, I believe if you aggregate this kind of data, you 
always have the potential to identify individuals. And I would 
be glad to provide you technical experts who will explain that.
    Two--
    Mrs. Beatty. So, in other words, you don't have any that 
you can give me. I can call those folks or wait for my 
colleagues to bring in a real expert who is sitting here taking 
my time up to hear it. Thank you very much.
    Let me go to the second gentleman.
    Can you answer that question, please?
    Mr. Abernathy. Thank you, Congresswoman.
    Our testimony is focusing on the policymaking process, and 
the problem that you have when you have a single director with 
nobody who can engage that--
    Mrs. Beatty. No, that is not my question, about the single 
Director.
    I'm sorry. My time is--
    Mr. Abernathy. That is what our focus is--
    Mrs. Beatty. --up. I yield back.
    Mr. Abernathy. --and our testimony is about.
    Mrs. Beatty. Okay. But that wasn't my question to you. So 
let's be clear on that.
    Mr. Abernathy. Right.
    Chairman Duffy. The gentlelady yields back.
    The Chair now recognizes the gentleman from Illinois, Mr. 
Hultgren, for 5 minutes.
    Mr. Hultgren. Thank you all for being here.
    Speaker Gingrich, it's good to see you. One of my favorite 
memories of serving over the last 5 years was being with you 
and your wife in Tampico and Dixon, Illinois, for Ronald 
Reagan's 100th birthday. So I appreciate you being here. 
Certainly, he is a hero of mine, and I appreciate the work you 
have done talking about him as well.
    But I want to get to what I see as a very important subject 
here. I am troubled by all the stories that we have heard of 
what happens to consumer financial information when it gets 
into the wrong hands and how aggressive people are in trying to 
get this information. Our government should be held to the 
highest standard when it comes to protecting personal 
information it holds on the American people.
    On October 15th, the CFPB released its final rule to expand 
data collection under Regulation C, the Home Mortgage 
Disclosure Act, or HMDA. The final rule requires covered banks 
and credit unions to collect 48 unique data fields on each 
mortgage loan they make. This is more than double the number of 
data fields covered lenders are currently required to collect.
    Some of the new fields include applicant or borrower age, 
credit score, automated underwriting system information, unique 
loan identifier, property value, application channel, points 
and fees, borrower-paid origination charges, discount points, 
lender credits, loan term, prepayment penalty, nonamortizing 
loan features, interest rate, and loan originator identifier.
    I think we can all agree that this is a lot of information. 
And while some of this information is not directly related to 
the borrower or terms of the loan, this data can still be 
revealing. I understand regulators and the public make use of 
this data, but I am also concerned that it could pose privacy 
risks for homeowners.
    Speaker Gingrich, if I can direct this first question to 
you, I think we all remember the Office of Personnel Management 
data breach, and I think we have heard some testimony today 
about how the CFPB's data security controls may be inadequate.
    In light of the incidents like OPM and others within the 
government, how can we assure the American people that their 
personal information is safe?
    Mr. Gingrich. First of all, you can't.
    Second, you reminded me that I got one of those letters, 
among 21 million people, which said my data had been breached, 
and it said, gee, if you want to do something, call this 
number. I couldn't imagine anything useful. What were they 
going to do? Say, we don't know exactly who breached it, we 
don't know exactly where it is, and we don't know exactly how 
it will be used? It is just nonsense.
    Mr. Hultgren. Yes.
    Mr. Gingrich. The fact that you can live through this, you 
can watch this scale of failure, and then have some other 
bureaucrat sublimely tell you, ``Oh, we are safe,'' they 
don't--my first point is they don't know. If you are not 
offline, you are, by definition, potentially hackable.
    And this is a major crisis for the whole government. This 
is not something that--I have worked with John McCain, the 
chairman of the Armed Services Committee in the Senate, who is 
very worried that we are not able to innovate rapidly enough 
inside our bureaucracies to keep up with the private-sector 
revolution worldwide. And it is always worldwide. It is 
Estonians, it is Romanians, it is Russians, it is Israelis. And 
so, we need to understand the threat.
    I think that is a significant thing, and I would encourage 
the committee to get people from places like Carnegie Mellon 
and MIT. Let's meet everybody's concern about the level of 
technical expertise. And I think you will find that they will 
tell you, ``You should be afraid. You should not be 
reassured.''
    Mr. Hultgren. I believe you are right. I just had a 
briefing this morning with the Department of Energy on 
cybersecurity--and some real concerns, real threats, real 
experts who are frightened--having nightmares, they talked 
about what could happen. And we see this as just as widespread.
    I am going to ask a question, just a yes-or-no question, 
Speaker Gingrich, Dr. Calabria, and Mr. Abernathy, the CFPB's 
final rule did not explicitly state which of this new data 
would be made publicly available. It seems to me a study on the 
privacy risks and the opportunity for public comment would be 
appropriate, just as Speaker Gingrich was talking about.
    Mr. Speaker, I think you have already answered. Would you 
agree that this is a good position? I think you would say 
``yes.''
    Mr. Gingrich. Yes.
    Mr. Hultgren. Mr. Abernathy?
    Mr. Abernathy. I agree, Congressman. Thank you.
    Mr. Hultgren. Dr. Calabria?
    Mr. Calabria. Yes.
    Mr. Hultgren. Let me jump back and focus on Dr. Calabria 
and Mr. Abernathy. Do you have any thoughts on why the CFPB 
chose to go well beyond the new reporting requirements in 
Section 1094 of Dodd-Frank? The CFPB loves to say they are 
data-driven in their policy, but doesn't the increased 
reporting of this data raise more privacy issues?
    Mr. Abernathy. That is one of the serious concerns when you 
look at the more than two dozen additional data segments that 
the Bureau asked for. And yet, there really is inadequate 
discussion as to why they need this data, and what they would 
do with it. We need that kind of public debate before they do 
the rule rather than afterwards.
    Mr. Hultgren. I agree.
    Dr. Calabria?
    Mr. Calabria. And I would certainly agree with that.
    Let me say, even before this, from what was publicly 
available for HMDA, you could link to courthouse records and 
identify individuals with that data even with the preexisting 
databases.
    Mr. Hultgren. Yes.
    I only have a couple of seconds left.
    This feels like such an overreach at such a risky time. I 
think it is absolutely the wrong direction to go, for CFPB to 
be doing this, and we need to do more to make sure it doesn't 
happen.
    Mr. Chairman, I yield back.
    Chairman Duffy. The gentleman yields back.
    The Chair now recognizes the gentlelady from Utah, Mrs. 
Love, for 5 minutes.
    Mrs. Love. Thank you, Mr. Chairman.
    I have to tell you, you have an idea of how dangerously 
powerful some of these regulatory agencies are before you get 
here, but I can't tell you how shocked I am, getting here and 
realizing the casualness, where we talk about collecting 
people's private information, the casualness in saying, ``It's 
okay. Don't worry about it. We're here to protect you. We know 
everything. We're bigger minds than you are, and we can handle 
things for you.'' It is absolutely shocking to me, the amount 
of power these regulatory agencies have over the American 
people.
    I have a couple of questions. As I have gotten into 
learning a little bit more about the CFPB, I have several 
concerns, but I want to focus, first of all, on some of the 
data collecting, which raises privacy concerns, and, second of 
all, what is being done with that data.
    These are the questions--by the way, that is not just 
coming from me. They are coming from my constituency. So I do 
this work on behalf of them.
    We have learned that the way that the CFPB uses data and 
interprets the data was highly suspect and that the result, the 
supposed redress that the CFPB imposed on the marketplace, was 
not correlated with actual harm. There was a lot of guesswork 
involved, and the guesswork resulted in the CFPB imposing more 
requirements on the auto lending market, which results in 
higher costs and less choices for the consumer.
    So, now, in addition to the auto sales, the CFPB has also 
been collecting data, as we have heard today, regarding credit 
reports, credit cards, mortgages, student loans, payday loans, 
overdraft fees, and other financial data. Over the past year 
that I have been here on this committee, I have been 
investigating some of that activity, specifically in regards to 
payday loans and overdraft fees.
    So my question for the panelists is: What other CFPB 
actions do you see on the horizon? What other disappearing 
options, as you would say, for services that consumers, when 
they are looking at it, need to worry about losing?
    Mr. Abernathy. If I may, Congresswoman--
    Mrs. Love. Yes.
    Mr. Abernathy. --one of the areas we are particularly 
concerned about is the ability to serve the market for short-
term and small-amount loans. Our estimate is that there are 54 
million customers each year in the market for small loans, 
short-term loans--these are loans for less than a year--and the 
Bureau is on the verge of decreasing significantly the access 
to those kinds of resources.
    They have the payday lending rule that they are about to 
come out with that, estimates are, will eliminate 80 percent of 
that market in one decision. We are concerned that they are 
looking at overdraft, where a number of people who have bank 
accounts use the opportunity to overdraw their account a little 
bit to be able to obtain immediate short-term credit for a 
variety of needs, from a vacation to a major emergency that 
takes place at their home.
    And yet, we have looked at the way they exposed data on 
this. One data segment that they put forward indicated that, in 
their view, the median average overdraft is $24, for which 
people paid $34. If they actually look at what happens with all 
of the data for an institution, they would discover that the 
amount of credit that customers receive versus what they paid 
for it for overdraft is something like 7 to 8 times the amount 
of the fee.
    But by manipulating the data in ways that no one can really 
get at and challenge, they end up promoting policies that could 
choke off the opportunity for overdraft to be a source of 
credit for millions of people.
    Mrs. Love. So far, what I have seen is the people that they 
have vowed to protect are the ones who are being hurt the most.
    And I just want to say--because I am not here to 
necessarily change the minds of my colleagues, because a lot of 
the minds have been made up, on both sides of the aisle. I am 
here to make sure that we are transparent and we give a fair 
warning, a warning to the American people, that if we continue 
to allow this to happen, the only people who are at risk are 
them, are the American people.
    Let me just say right now, this is a fair warning that if 
we are not vigilant, if we do not cry out and make our voices 
heard that this is, first of all, unacceptable, and second of 
all, we are smart enough to make decisions in our homes and for 
ourselves--and if we do not do something now, then the only 
people who are at risk, who have the risk of losing everything, 
are the American people.
    I yield back.
    Chairman Duffy. The gentlelady yields back.
    The Chair now recognizes the gentleman from Minnesota, Mr. 
Ellison, for 5 minutes. Welcome.
    Mr. Ellison. Let me thank the Chair and the ranking member 
and thank the panel. I really appreciate having time to discuss 
this issue today.
    Mr. Gupta, I would like to ask you a question, if I may. 
You made the comment, unless your profits come from deceiving 
consumers, you should welcome the CFPB's data collection. Could 
you explain what you meant by that?
    Mr. Gupta. Sure. Thanks for the question.
    The reason we have the CFPB in the first place is because 
we had a massive regulatory failure, right? We had a financial 
crisis that resulted from all sorts of fringe lending that was 
entirely unchecked. People were asleep at the switch. You 
didn't have anyone who was looking out for consumer protection. 
The Federal Reserve Board was looking out for other things, and 
consumer protection took a backseat.
    And so we created a single agency that is the voice of the 
American consumer. It is actually standing up for American 
consumers and trying to prevent the kind of practices--those 
practices didn't just harm people who had subprime mortgages, 
right? They threatened to harm all of us. They threatened to 
tank the American economy and the world economy.
    So, unless your business model is based on unfair and 
deceptive practices, the kind of thing that the CFPB pursues in 
its enforcement actions and its regulations, you should have no 
concern about transparency and about the CFPB having that data 
and using it as a tool to do better consumer protection.
    Mr. Ellison. Thank you.
    So, honestly, I have to admit something. When I first saw 
the panel lineup, I thought to myself that my friend, Mr. 
Gingrich, has a Ph.D. in history and he may know a lot about 
that, but what does Newt Gingrich know about big data? I was 
just a little surprised by that choice.
    But it turns out that you actually do know a lot about big 
data, because--let me put it like this. Republicans, in 
general, claim that they have collected more than 300 terabytes 
of voter data, including more than 725 billion data points on 
nearly 200 million American voters. This information is matched 
to individuals in voter data files, which also contains 
personally identifiable information--home address, phone 
number, email.
    Not only are Republicans collecting massive amounts of 
voter data, some Republicans even rent out the data to other 
campaigns. Well, they rent that data to a list of brokers that 
lease data to marketing firms and other private entities. For 
example, the Presidential campaign for Newt Gingrich, Newt 
2012, reported getting $17,000 in the most recent FEC reporting 
cycle, even though that campaign dropped out of the primary 
more than 3 months before.
    A separate company, Gingrich Productions, also uses a list 
broker to sell personal information via TMA Direct. For the low 
price of $120 a month, you can get access to nearly 500,000 
individuals' personal information who were never before on the 
market.
    So I did have my doubts about whether our panel was 
qualified to offer opinions on such a complex topic, but, 
clearly, clearly, Speaker Gingrich, you do know something about 
making money off big data.
    So I guess my question is, if it is okay for you to sell 
big data with personal information, why can't the CFPB rely on 
anonymous data to protect consumers?
    Mr. Gingrich. Look, that is a great question. As often with 
you, it was a brilliant setup.
    It is true that we have carefully studied the 2008 and 2012 
Obama campaigns. And it is true that, while we are still behind 
them in gathering metadata and while we don't have quite the 
ties they have in Silicon Valley and at major intellectual 
centers, we are doing everything we can on the Republican side 
to be at least as good as the Obama team at using metadata. So 
I appreciate your recognizing that, while we are second, we are 
working hard to catch up.
    Second, the big difference--and you put your finger on it: 
I can't go to somebody and threaten to cut off their bank 
loans. I can't go to somebody and threaten to put them in jail. 
People who happen to be on my list voluntarily signed up to get 
information from Newt Gingrich and can voluntarily get off the 
list without having a bureaucrat call and threaten them.
    If you look at the power of the government--which is 
always, in the end, coercion--and you imagine random 
independent bureaucrats who aggregate to themselves the right 
to decide what my consumer choices should be, that is real 
power. We don't have real power. We are just a private company 
doing private things in a free market. And that is why I am so 
frightened to see this much power in the government.
    Mr. Ellison. And making a good penny at it in personal 
data.
    Thank you, Mr. Gingrich.
    Chairman Duffy. The gentleman yields back.
    The Chair now recognizes the ranking member of the 
subcommittee, Mr. Green from Texas, for 5 minutes.
    Mr. Green. Thank you, Mr. Chairman.
    Let me start with a few questions, and I would like for you 
to raise your hands if these questions apply to you.
    If you are in any way, now or ever, connected to the U.S. 
Consumer Coalition, would you kindly raise your hand?
    Let the record reflect that Mr. Gingrich has raised his 
hand.
    If you are now or you have ever been paid by the Wise 
Group, if you would raise your hand--the Wise Public Affairs 
group.
    Thank you.
    And, Mr. Gingrich, since you have raised your hand both 
times, I would like to know a little bit more about the Wise 
Public Affairs Group. But before I get there, I want to go back 
to something that you and I have broached earlier, and it has 
to do with your statement.
    Because, in your statement, you do indicate that you are an 
advisor, in an advisory capacity. But I was hoping that you 
would do what was done when The Wall Street Journal had to 
issue its additional statement, and that is indicate that you 
were a paid advisor to the Wise Public Affairs Group. Because 
you well know that the Wise Public Affairs Group owns and 
operates the U.S. Consumer Coalition.
    So I was disappointed that this was not called to our 
attention. As has been indicated, this is not the first time 
this has been done. You pride yourself in transparency, but, 
for some reason, you didn't reveal this money connection. You 
were willing to reveal that you just happen to advise, but you 
are making a profit based upon this advice because you work for 
the Wise Group.
    If I have misstated this about your working for the Wise 
Public Affairs group and also being connected to the U.S. 
Consumer Coalition, would you kindly raise your hand again? 
Because I would like to hear from you if you have.
    Let the record reflect that what I have said, per Mr. 
Gingrich, is accurate.
    And this is why we bring this up, Mr. Gingrich: Because 
this U.S. Consumer Coalition is out to emasculate the CFPB. It 
has published its intent in terms of what it would like to do 
to the CFPB.
    There are many of us who are of the opinion that the CFPB 
serves a meaningful purpose. And we are of the opinion that in 
serving this meaningful purpose, the CFPB has done a good 
thing. The CFPB makes it possible for consumers to receive 
restitution after they have been harmed. And it is unfortunate, 
but I think it is fair to say that if the rule that you would 
have us adhere to were implemented, then there are many 
consumers who would not receive the benefits that they have 
received already.
    The personally identifiable information of which we speak 
is not by law permitted to be used for market monitoring--not 
by law. It can't be used. But it can be used for enforcement 
activities, which means if you find out that a consumer has 
been harmed, you can take that personally identifiable 
information and you can then contact that consumer and say, 
``You have been harmed,'' as was done with the $4.5 billion in 
relief that was given in debt collection, $50 million of it in 
civil penalties, I might add; $2 billion to consumers related 
to credit card enforcement, $140 million for civil penalties; 
$125 million to consumers for auto finance enforcement, 
defrauded, taken advantage of, $25 million of it in related 
civil penalties; $115 million in relief for mortgage lending 
enforcement, $55 million of that in civil penalties; $20 
million in relief to consumers for student lending enforcement, 
$2 million related to civil monetary penalties; $19 million to 
consumers for payday enforcement activities, over $10 million 
in related civil monetary penalties.
    So if we decide that we are no longer going to allow the 
CFPB to aggregate information for enforcement purposes, we now 
take away these dollars that are going to consumers, because we 
won't be able to find out who they are and contact them. I 
suppose there is some nebulous way that someone would conclude 
that we could do this, but the truth of the matter is that 
enforcement activities benefit seniors.
    The CFPB is in the business of helping people, and this 
would eviscerate it to the extent that it would be emasculated, 
if not eviscerated, such that it could not continue its 
enforcement activities and return moneys to seniors who have 
been harmed. ``Senior citizens'' is a more appropriate term--
consumers.
    I yield back.
    Chairman Duffy. The gentleman yields back.
    The Chair now recognizes himself for 5 minutes.
    Now, taking a page from the ranking member, would the 
panel--would you raise your hand if you are surprised that 
former Speaker Newt Gingrich is fighting for limited government 
and more transparency in government? If you are surprised by 
that, raise your hand.
    Mr. Gupta, you are not surprised by that. It is consistent 
with everything this man has done.
    Mr. Gupta. No. I am surprised that he is paid by the 
financial industry--
    Chairman Duffy. No, no, that wasn't my question. You are 
not surprised that he is fighting for limited government and 
more transparency.
    What I find unique is that my friends across the aisle want 
to do everything to attack the former Speaker, when this is 
consistent with his life's work.
    We are talking about big data and abuse of power. And I 
commend the Speaker for coming in and lending his voice to this 
very important issue.
    Now, a question to the panel: Do you all agree that 
American consumers are at risk of having their data taken from 
the collection at the CFPB?
    Mr. Abernathy. Yes, sir.
    Chairman Duffy. Mr. Calabria?
    Mr. Calabria. Yes.
    Chairman Duffy. Mr. Gingrich?
    Mr. Gingrich. Yes.
    Chairman Duffy. Mr. Gupta, do you agree with that?
    Mr. Gupta. I would say of course there is a risk, but no 
more than with any other agency--
    Chairman Duffy. Of course, there is--
    Mr. Gupta. --and less so than with the private sector.
    Chairman Duffy. So, Mr. Gupta, is there another agency out 
there that goes by the ``Consumer Financial Protection 
Bureau?''
    Anyone? Yes or no?
    Mr. Gupta. No.
    Chairman Duffy. So the one that is here to protect 
consumers is also an agency that is putting consumers at risk 
with the data that they collect, right? Yes or no?
    Mr. Gupta. No. It is a--
    Chairman Duffy. You just told me that they were--
    Mr. Gupta. It is a false construct, because--
    Chairman Duffy. No, it is not a false--listen--
    Mr. Gupta. --the risk in the private sector for this data 
is far greater--
    Chairman Duffy. That is not--
    Mr. Gupta. --than it is with the CFPB.
    Chairman Duffy. No. I--
    Mr. Gupta. And what the CFPB--
    Chairman Duffy. I am going to reclaim my time.
    Mr. Gupta. --is doing is no different than--
    Chairman Duffy. As the Speaker pointed out, there is a big 
difference between the private sector and Big Government. If I 
choose to go get a license at the DMV, it is government, they 
have my information, I know that. If I shop at Target or Home 
Depot, they have my information, and I know it.
    Does the American consumer actually know that the Consumer 
Financial Protection Bureau is collecting their information? Do 
you think they know that?
    Dr. Calabria?
    Mr. Calabria. I don't believe they do.
    Chairman Duffy. Okay.
    Mr. Abernathy, by chance, does the Consumer Financial 
Protection Bureau ask the people whom they claim to protect if 
they can collect their personal information?
    Mr. Abernathy. No. They go to the institutions with which 
people have voluntarily entered into a business relationship 
and then gather up all of that data and bring it into the 
Bureau.
    Chairman Duffy. So they don't ask them, do they?
    Mr. Abernathy. They don't.
    Chairman Duffy. The very people they claim to protect, they 
don't ask for permission to collect the data. And they put 
those very people they claim to protect at risk by housing the 
data.
    Dr. Calabria?
    Mr. Calabria. If I could--I guess I should be careful, as a 
nonlawyer, but I would remind the committee that the Fourth 
Amendment does not apply to the private sector. You can choose. 
What the Fourth Amendment does is constrain the government. And 
that is what we should not lose sight of here.
    Chairman Duffy. I think that is a very good point.
    Another concern that I have, I think, Mr. Gupta, you made 
the point that this agency is better. It is better because it 
is not subject to, I think you said, lobbying and outside 
forces. They can do the goodwill of the people without being 
subject to the people. Is that basically your point?
    Mr. Gupta. No. I mean that all agencies should be held 
accountable, and the CFPB is accountable. We have had countless 
hearings about that.
    Chairman Duffy. No, no--
    Mr. Gupta. We talk about it--
    Chairman Duffy. I Chair the Oversight Subcommittee. We have 
asked for countless documents specifically on this. And if they 
don't turn them over to us, do you think that they are 
accountable?
    Mr. Gupta. I do. They are--
    Chairman Duffy. So if they don't give me all of the 
documents--
    Mr. Gupta. If there is another agency that has had to come 
up to the Hill and testify more than the CFPB over the past 
couple of years, I am not aware of it.
    Chairman Duffy. So, on that point, maybe, Mr. Gingrich, 
would the model be better, then, if the EPA, the DOJ, the 
Department of Health and Human Services, the Department of 
Education all weren't subject to appropriations, if they would 
just come and give us a few lip-service hearings a couple of 
times a year? Would democracy be better off if we followed Mr. 
Gupta's set of ideas?
    Mr. Gingrich. Look, I understand why people who want to 
coerce and control the American people want to ensure that the 
Congress can't represent people in an effective way. If you 
think about the logic of that, it is perfect.
    But I want to go back to something that your ranking member 
said that I am confused by. If, in fact, the CFPB doesn't know 
about individuals, how did all that money get back out to 
individuals? And how do we know it got to the right 
individuals? And isn't it the case that, in fact--I am told 
that in the auto loan problem, they actually ended up paying 
white Americans for racial discrimination because, in fact, 
their algorithms were wrong. So you can't have it both ways.
    And the idea of trying to stop 2007 and 2008 makes some 
limited sense--although the problems weren't bureaucratic; they 
were judgment. But the idea that we leap from that, which would 
be a focus on the big banks, to deciding that we are going to 
look at everything anybody does in America based on the whim of 
one bureaucrat in a hidden institution which is remarkably 
secret, to go back to that term--
    Chairman Duffy. And I want to--
    Mr. Gingrich. --I think is just wrong.
    Chairman Duffy. My time is up, but pursuant to clause 4(d) 
of the committee's rule 3, the Chair recognizes himself for an 
additional 5 minutes. And I will also then recognize the 
ranking member after I am done for an additional 5 minutes.
    To that point, Speaker Gingrich, I would agree with you. 
Personally identifiable information is taken by the CFPB, 
contrary to Mr. Gupta's prior testimony.
    You would now agree, Mr. Gupta, that the CFPB does collect 
personally identifiable information, correct?
    Mr. Gupta. I think a lot of things are being--
    Chairman Duffy. Yes or no?
    Mr. Gupta. --conflated here. You have to be clear.
    Chairman Duffy. Mr. Gupta--
    Mr. Gupta. The ongoing data collection that is being talked 
about--
    Chairman Duffy. I am going to reclaim my time. These are 
very specific questions.
    Mr. Gupta. --does not include personally--
    Chairman Duffy. I am going to reclaim my time.
    Mr. Gupta. --identifiable information.
    Chairman Duffy. A very simple question: Does the CFPB 
collect personally identifiable information?
    Mr. Gupta. Not as part of the--
    Chairman Duffy. Yes or no?
    Mr. Gupta. --ongoing market monitoring. The only extent--
    Chairman Duffy. So I am going to translate that for the 
American people. The answer is: Yes, they do.
    Mr. Gupta. Only through the Consumer Complaint Database and 
through the supervision process. Those are the only ways in 
which any--
    Chairman Duffy. So you are--
    Mr. Gupta. --personally identifiable information comes in.
    Chairman Duffy. I don't care about--
    Mr. Gupta. And it is scrubbed before it is used by the 
Bureau.
    Chairman Duffy. --the parameters, Mr. Gupta, by which you 
indicate they collect. They do collect. And GAO in their study 
said, under arbitration cases, they collect personally 
identifiable information; deposit advance products, they 
collect personally identifiable information; and storefront 
payday loans, they collected personally identifiable 
information.
    So they do collect it, and they do put the American 
consumer at risk. That is when they have the information, and 
that is not even talking about how we can reverse-engineer the 
data points that they do have--
    Mr. Gupta. Mr. Chairman, if I may--
    Chairman Duffy. --to subject the American people to cyber 
attacks.
    Mr. Gupta. Those three examples are the only ones that they 
found. The arbitration study was mandated by Congress. There is 
no other way to do it if you don't get the arbitration cases--
    Chairman Duffy. I am going to reclaim my time. That is very 
different than what you tried to first say to this committee, 
which was that it wasn't collected, and to now your clarified 
statement, it is collected.
    Dr. Calabria?
    Mr. Gupta. No, what I said was that--
    Chairman Duffy. I am done with--
    Mr. Gupta. --none of the ongoing market monitoring--
    Chairman Duffy. Thank you, Mr. Gupta.
    Mr. Gupta. --collections include personal information.
    Chairman Duffy. Dr. Calabria?
    Mr. Calabria. I just wanted to make two quick points.
    One was on the notion of oversight. If we said that somehow 
Jamie Dimon is responsible to JPMorgan because he appeared in 
front of his board twice a year, we would think that was 
ridiculous. If we said that he was accountable because he 
appeared before his regulator twice a year, we would say that 
is ridiculous. So the notion that hearings are somehow what 
constitutes accountability, and that is sufficient for an 
agency, I think is, with all due respect, absurd.
    But, more importantly, I want to get to the notion of--we 
had a financial crisis. It was painful. Everybody agrees with 
that. Mr. Gupta lists in his testimony a number of things on 
the first page that the CFPB has done. Not one was the cause of 
the financial crisis.
    In fact, when the CFPB had an opportunity to deal with the 
cause of the financial crisis in its qualified mortgage rule, 
it punted. It gave up on checking credit, it gave up on 
downpayments. Congressman Frank sat before this dais a year-
and-a-half ago and said that the most important part of Dodd-
Frank, the mortgage rules, were essentially gutted.
    So, essentially, if we want this agency to actually do 
something about the financial crisis, we have to recognize the 
financial crisis was not caused by payday lending, it was not 
caused by arbitration clauses; it was caused by shoddy 
mortgages. And, again, in that instance, the CFPB--
    Chairman Duffy. By chance--
    Mr. Calabria. --completely punted.
    Chairman Duffy. --from the GSEs?
    Mr. Calabria. Yes. Again, GSEs are exempt. FHA is exempt. 
We have basically said, anybody who had anything to do with the 
crisis, with the exception of mortgage brokers--
    Chairman Duffy. Is exempt.
    Mr. Calabria. --is exempt from the CFPB. So let's not 
pretend that this agency has almost even a loose connection to 
the financial crisis.
    Chairman Duffy. I find it hard to wrap my head around the 
fact that, if you are accountable to the American people by way 
of the Congress and through appropriations, if you disclose not 
just the data that you collect but the purpose for that data--
for what are you using it?
    The NSA has been very clear on the parameters on which they 
use the data points that they collected on phone records. Tell 
me if you disagree that the CFPB has not set out bright 
guidelines for how this data is going to be used. They have 
told us a few of the things it will be used for, but, Mr. 
Abernathy, would you agree that they haven't been clear on how 
and the limitations in which this data can be used?
    Mr. Abernathy. That is one of the most significant concerns 
we have, that they gather in enormous amounts of information, 
keep the data in house, and then they parse out only the pieces 
of it that will establish the positions that they have already 
taken.
    It is like being in a court case where the prosecutor says, 
here is the information I am going to share, which shows that 
you are guilty, but you don't have access to the other 
information I have that might tell a different story.
    Chairman Duffy. Thank you.
    And I want to go to Mr. Gingrich, Speaker Gingrich, for one 
quick second before my time expires.
    The CFPB, whether you like it or not, has been empowered to 
make rules. And I want to make sure that the rules that they 
make are good rules, that they actually help the American 
consumer and they help the American people.
    But, Mr. Gingrich, do you think that they could obtain good 
data by way of sampling as opposed to bulk data collection? I 
know that you in campaigns have looked at a lot of polling data 
that is pretty representative of the country as a whole. Could 
we have the same impact if we were sampling as opposed to long-
term bulk data collection?
    Mr. Gingrich. I think it depends on what you are trying to 
accomplish. If what they want to know is if there are patterns 
that should be looked at, you could do all that by polling.
    But what you are seeing--if you just think about the logic 
of what they are now doing, what you are seeing is an effort to 
assimilate all of the consumer behavior of the United States 
into one analyzable system for the purpose of a group of 
bureaucrats making a decision about whether or not it is an 
acceptable behavior.
    Now, that is a very practical thing if you are in their 
shoes. They would like to have the entire economy at their 
fingertips so they have control so they can decide which parts 
of the economy are inappropriate. I think that is really, 
really dangerous.
    Chairman Duffy. And my time has expired.
    I now recognize for an additional 5 minutes the ranking 
member, Mr. Green.
    Mr. Green. Thank you very much, Mr. Chairman.
    Let's go to you, Mr. Gupta. Now, Mr. Gupta, would you make 
the distinction between market monitoring and the supervisory 
activities with reference to enforcement?
    Mr. Gupta. Yes. Would you like me to elaborate on that?
    Mr. Green. Is the CFPB allowed to collect identifiable 
information for market monitoring?
    Mr. Gupta. It is not. The Dodd-Frank Act makes that 
illegal, and the GAO found that the CFPB is obeying the law.
    Mr. Green. And if someone has information to the contrary, 
if you have information indicating that the CFPB is collecting 
identifiable information for the purpose of market monitoring, 
would you kindly raise your hand?
    All right, Mr. Abernathy.
    Mr. Abernathy. One of our concerns is that we don't know 
what the Bureau is collecting--
    Mr. Green. But you don't know--
    Mr. Abernathy. --and what they are using it for.
    Mr. Green. But my question to you is--
    Mr. Abernathy. We don't know.
    Mr. Green. --do you have any evidence of it actually 
happening?
    Mr. Abernathy. No one in America--
    Mr. Green. You don't have any evidence of--
    Mr. Abernathy. --knows what the Bureau--
    Mr. Green. So you will now use conjecture and speculation 
to in some way skew this issue such that people would be 
confused.
    That is what this hearing is all about: confusing the 
American people so that they will now want to end the CFPB that 
happens to be a benefit to them.
    And Mr. Gingrich has gone so far as to say in his testimony 
that it is imperative that we move toward abolishing the 
Consumer Financial Protection Bureau--abolishing it, which, by 
the way, is the same desire of some of these entities that he 
works for.
    It is important for the American people to know who is 
working on their behalf. And you can confuse the American 
people with enough of this rhetoric that we have heard today, 
and they will be absolutely opposed to an entity that benefits 
them, has sent back all of this money to them, some $11 billion 
in relief to consumers. This would all be evaporated. It would 
just go away. They wouldn't have an opportunity to get the 
money back that they overpaid or the money that they suffered a 
loss with reference to some kind of fraud or scam. They would 
just be scammed. They would be defrauded.
    The personally identifiable information is used so that we 
can send the money to people.
    Mr. Gupta, do you agree with this?
    Mr. Gupta. I agree wholeheartedly.
    Mr. Green. And, also, we might add that, as we go through 
this process, it is very interesting that there seems to be a 
sort of a stealth campaign that is taking place under the 
radar--entities that can't be properly identified; you don't 
know who is on the board of directors, if there is a board of 
directors; massive amounts of money going to a 501(c)(3); an 
entity indicates that it is going to spend over a million 
dollars to take out certain Members of Congress. All of these 
things are happening just to make sure that the CFPB is 
emasculated and eviscerated if possible.
    This is unbelievable. I agree with the ranking member; it 
is hard for me to get my mind around some of the things that 
are going on here. The people of this country are absolutely 
being fed bad information. Yes, they are intelligent; yes, they 
are smart; yes, they can sift the sand and find pearls of 
information, but they can't do it if they are getting bad 
information.
    And that is what this is all about, which is why we have 
put so much emphasis on what has happened with reference to 
this stealth organization, this mystery organization.
    And, to this end, I would like to correct one thing. I said 
501(c)(3), and it is a 501(c)(4) organization. And there is so 
much more to be said, but I do want to add into the record a 
news article styled, ``Gingrich-Connected PR Firm Issues 
Baffling Response to WSJ Disclosure Failure.'' And this is 
where the amplification had to take place.
    And I would also want to note that, in this Mother Jones 
article, there is an indication that the Wise Public Affairs 
Group set up this Coalition, this Consumer Coalition, so-called 
Consumer Coalition, and that the members of the staff seem to 
double as members of the Coalition.
    Does anybody know of any board of directors, any member of 
a board of directors associated with this Coalition? If you 
know of a board member, raise your hand.
    No one seems to. It is a mystery.
    I yield back the balance of my time.
    Chairman Duffy. The gentleman yields back.
    I want to thank our witnesses for their testimony, and for 
the rigorous debate that took place today.
    The Chair notes that some Members may have additional 
questions for this panel, which they may wish to submit in 
writing. Without objection, the hearing record will remain open 
for 5 legislative days for Members to submit written questions 
to these witnesses and to place their responses in the record. 
Also, without objection, Members will have 5 legislative days 
to submit extraneous materials to the Chair for inclusion in 
the record.
    Without objection, this hearing is now adjourned.
    [Whereupon, at 1:00 p.m., the hearing was adjourned.]

                            A P P E N D I X



                           December 16, 2015
                           
                           
                           
                           
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                          
                           
                           
                           
                           
                           
                           
                           
                           
                          [all]