[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]





                           INTERNET OF THINGS

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                     COURTS, INTELLECTUAL PROPERTY,
                            AND THE INTERNET

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 29, 2015

                               __________

                           Serial No. 114-38

                               __________

         Printed for the use of the Committee on the Judiciary



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




      Available via the World Wide Web: http://judiciary.house.gov
                                 ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

95-686 PDF                     WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001      
      
      
      
      
      
      
      
      
      
      
      
      
                       COMMITTEE ON THE JUDICIARY

                   BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        JERROLD NADLER, New York
LAMAR S. SMITH, Texas                ZOE LOFGREN, California
STEVE CHABOT, Ohio                   SHEILA JACKSON LEE, Texas
DARRELL E. ISSA, California          STEVE COHEN, Tennessee
J. RANDY FORBES, Virginia            HENRY C. ``HANK'' JOHNSON, Jr.,
STEVE KING, Iowa                       Georgia
TRENT FRANKS, Arizona                PEDRO R. PIERLUISI, Puerto Rico
LOUIE GOHMERT, Texas                 JUDY CHU, California
JIM JORDAN, Ohio                     TED DEUTCH, Florida
TED POE, Texas                       LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah                 KAREN BASS, California
TOM MARINO, Pennsylvania             CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina           SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho                 HAKEEM JEFFRIES, New York
BLAKE FARENTHOLD, Texas              DAVID N. CICILLINE, Rhode Island
DOUG COLLINS, Georgia                SCOTT PETERS, California
RON DeSANTIS, Florida
MIMI WALTERS, California
KEN BUCK, Colorado
JOHN RATCLIFFE, Texas
DAVE TROTT, Michigan
MIKE BISHOP, Michigan

           Shelley Husband, Chief of Staff & General Counsel
        Perry Apelbaum, Minority Staff Director & Chief Counsel
                                 ------                                

    Subcommittee on Courts, Intellectual Property, and the Internet

                 DARRELL E. ISSA, California, Chairman

                  DOUG COLLINS, Georgia, Vice-Chairman

F. JAMES SENSENBRENNER, Jr.,         JERROLD NADLER, New York
Wisconsin                            JUDY CHU, California
LAMAR S. SMITH, Texas                TED DEUTCH, Florida
STEVE CHABOT, Ohio                   KAREN BASS, California
J. RANDY FORBES, Virginia            CEDRIC RICHMOND, Louisiana
TRENT FRANKS, Arizona                SUZAN DelBENE, Washington
JIM JORDAN, Ohio                     HAKEEM JEFFRIES, New York
TED POE, Texas                       DAVID N. CICILLINE, Rhode Island
JASON CHAFFETZ, Utah                 SCOTT PETERS, California
TOM MARINO, Pennsylvania             ZOE LOFGREN, California
BLAKE FARENTHOLD, Texas              STEVE COHEN, Tennessee
RON DeSANTIS, Florida                HENRY C. ``HANK'' JOHNSON, Jr.,
MIMI WALTERS, California               Georgia

                       Joe Keeley, Chief Counsel

                    Jason Everett, Minority Counsel
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                            C O N T E N T S

                              ----------                              

                             JULY 29, 2015

                                                                   Page

                           OPENING STATEMENTS

The Honorable Darrell E. Issa, a Representative in Congress from 
  the State of California, and Chairman, Subcommittee on Courts, 
  Intellectual Property, and the Internet........................     1
The Honorable Jerrold Nadler, a Representative in Congress from 
  the State of New York, and Ranking Member, Subcommittee on 
  Courts, Intellectual Property, and the Internet................     3
The Honorable Bob Goodlatte, a Representative in Congress from 
  the State of Virginia, and Chairman, Committee on the Judiciary     5
The Honorable Suzan DelBene, a Representative in Congress from 
  the State of Washington, and Ranking Member, Committee on the 
  Judiciary......................................................     5

                               WITNESSES

Gary Shapiro, President and CEO, Consumer Electronics Association
  Oral Testimony.................................................     7
  Prepared Statement.............................................     9
Dean C. Garfield, President and CEO, Information Technology 
  Industry Council
  Oral Testimony.................................................    25
  Prepared Statement.............................................    27
Mitch Bainwol, President and CEO, Alliance of Automobile 
  Manufacturers
  Oral Testimony.................................................    35
  Prepared Statement.............................................    37
Morgan Reed, Executive Director, ACT | The App Association
  Oral Testimony.................................................    43
  Prepared Statement.............................................    45

                                APPENDIX
               Material Submitted for the Hearing Record

Letter from Brian J. Raymond, Director, Technology Policy, the 
  National Association of Manufacturers (NAM)....................    82
Prepared Statement of Public Knowledge...........................    84
Material submitted by the Telecommunications Industry Association 
  (TIA)..........................................................   111

 
                           INTERNET OF THINGS

                              ----------                              


                        WEDNESDAY, JULY 29, 2015

                        House of Representatives

            Subcommittee on Courts, Intellectual Property, 
                            and the Internet

                       Committee on the Judiciary

                            Washington, DC.

    The Subcommittee met, pursuant to call, at 10:05 a.m., in 
room 2141, Rayburn House Office Building, the Honorable Darrell 
E. Issa (Chairman of the Subcommittee) presiding.
    Present: Representatives Issa, Goodlatte, Chabot, Poe, 
Marino, Walters, Nadler, Chu, Deutch, DelBene, Jeffries, Cohen, 
and Johnson.
    Staff Present: (Majority) Vishal Amin, Senior Counsel; Eric 
Bagwell, Clerk; and (Minority) Jason Everett, Minority Counsel.
    Mr. Issa. The Subcommittee on Courts, Intellectual 
Property, and the Internet will come to order. Without 
objection, the Chair is authorized to declare a recess of the 
Subcommittee at any time.
    Today we welcome everyone here for a hearing on the 
Internet of Things. Throughout its short history, the Internet 
has been transformative and a powerful tool. It has shaped 
communication commerce worldwide. Technology, too, has proven 
to advance at rates that only Moore's law describes with a 
doubling of capacity so quickly that about the time you run out 
of your short warranty, you in fact have a product that can out 
perform the one on your desk.
    But the Internet of Things, which broadly refers to a 
network connected real world items able to exchange data with 
each other and across existing network infrastructure is a 
newer portion of what now becomes the future of our lives and 
our communication in the 21st Century.
    It is estimated by 2020 there will be 25 billion connected 
things, and without a doubt, before we reach 2020, I will be 
wrong, and there will be more connected things. By inventing 
devices with electronic sensors, software capable of connecting 
a market, we in fact have smart devices. Those smarter devices 
today already include, if you choose, every light switch in 
your home, the watch you wear, and products throughout the 
home, whether they be speakers to hear from or in fact sensors 
to control climate down to a portion of every room.
    Data-driven technology is also improving the way we 
understand healthcare and the introduction of new health 
monitoring systems can in fact prevent, detect, and treat today 
any number of afflictions. A generation ago, the insulin pump 
was an amazing product, but it wasn't a true demand pump, it 
wasn't connected to your physician, it wasn't in fact sensing 
other environments. Today, it not only could but it soon will.
    At the same time, as we talk about your home, your 
lighting, your messaging, your voice, and of course, your 
health and your actual biological function, issues like privacy 
and data security for these interoperable technologies become, 
not just something to talk about, but an area in which we in 
Congress play a large and potentially destructive role if we're 
not careful in the development of these technologies.
    Every day in America somewhere someone is being hacked and 
somewhere someone is finding out that their personally 
identifiable information has been compromised. Too often it in 
fact is the government who we hear it from, the government who 
controls, if you will, whether or not you can further secure 
your Internet of Things products or not.
    A generation ago I stood with one of our witnesses at a 
time in which a Member of Congress, a former FBI agent was 
trying to prevent 256 encryption. He was doing so because the 
FBI needed to be able to quickly crack the bad guys' 
transmissions. It had needed to be able to unbundle a floppy 
disk information in a matter of seconds if they were going to 
deter organized crime.
    Unfortunately, it meant that hackers were taking 
Microsoft's operating system and quickly duplicating it and 
denying them millions or billions of dollars. It took a number 
of years for Congress to realize that that artificial control 
was not only circumventable by exporting their software to 
other countries and reimporting it, but it was ludicrous 
because the bad guys were not going to limit their protection 
to 256 bits.
    Unlicensed spectrum within the Internet of Things is going 
to be talked about again and again today. I hope my witnesses 
will feel free to talk about the benefits of greater spectrum 
for the Internet of Things. I would remind all panelists, 
however, that the FCC is not within our primary jurisdiction, 
but to unbundle these and other parts of the Internet of Things 
will take a coordination between Committees that do control 
spectrum, those of us who control a great deal of the privacy 
requirements, and of course, the overseeing of what government 
allows.
    In January, the Federal Trade Commission released a report 
that followed months of stakeholder roundtables focused on data 
privacy and security. The report made a broad nonbinding 
recommendation about how companies should address these issues 
from the onset and laid the groundwork for future FTC 
involvement in the Internet of Things.
    When Congresswoman DelBene and I launched the congressional 
caucus on the Internet of Things in January, the first 
questions we received were usually what is the Internet of 
Things? And why does Congress care?
    To a great extent, we have laid out a number of those even 
in my opening statement today, but I would be remiss if I 
didn't say that the Federal Trade Commission is an agency that 
has been enforcing breaches in security while in fact until 
recently providing little guidance. This is yet another example 
of where we in fact can come in with the heavy hand of 
government but seldom with a safe haven, and that's an area in 
which the Internet of Things caucus and this Committee have an 
obligation to ensure that we do both.
    So today we look forward to a hearing which stakeholders in 
the Internet of Things marketplace and further opportunities to 
deal with the challenges that Congress brings and those in 
which we can bring relief.
    Thank you. And I look forward to our witnesses, and I now 
recognize the Ranking Member, the gentleman from New York, Mr. 
Nadler, for his opening statement.
    Mr. Nadler. Thank you, Mr. Chairman. The Internet of Things 
is the next revolution in our increasingly wired world. 
Everything from household appliances to transportation systems 
can harness the power of the Internet to increase productivity, 
efficiency, and consumer choice. This technology holds great 
promise for consumers, businesses, and governments alike, but 
we must also consider the potential threats to security and 
privacy that are inherent in system relying on wireless 
connection and massive data collection as its lifeblood.
    Today's hearing is an opportunity to examine both the 
benefits and the risks that the Internet of Things presents. 
The Internet of Things has experienced explosive growth in 
recent years. By some estimates, there are already 25 billion 
connected devices today. By 2020, in 5 short years, there may 
be as many as 50 billion.
    We're already seeing many innovative uses of the Internet 
of Things across various industries as well as the potential 
risks that this technology may hold. For example, according to 
one study, by 2020, up to 90 percent of consumer cars may have 
an Internet connection, up from less than 10 percent in 2013. 
With this technology, drivers can monitor whether their car 
needs maintenance, the safety of their driving, and even the 
fuel efficiency of various routes.
    But these features also leave their cars vulnerable to a 
cyber attack. As the New York Times described last week, 
researchers were able to track Internet-enabled cars' location, 
determine their speed, turn on and off their blinkers from 
afar, turn on and off their blinkers, lights, windshield 
wipers, and radios, interfere with navigation devices, and in 
some cases, control their brakes and steering.
    As more and more vehicles use Internet technology, it is 
vital that automakers install strict security features to ward 
off potential attacks.
    Similarly, so called smart cities are incorporating 
Internet of Things into their transportation energy and even 
waste management systems to increase efficiency. For example, 
traffic lights can be timed to maximize traffic flow and ease 
congestion in realtime. Street lamps can conserve energy by 
dimming when sensors tell them that no one is around, and 
garbage cans can signal when trash ought to be collected. 
Imagine the garbage can talking to the sanitation department.
    Such technology has the potential to revolutionize students 
that build infrastructure. I don't want to know what they say. 
But unless cities integrate strong security measures when 
deploying this technology, their infrastructure could be 
vulnerable to attack by hackers looking to do mischief or 
terrorists seeking to bring a whole city to a standstill.
    In addition to security concerns, the Internet of Things 
also raises a host of privacy implications, particularly with 
respect to consumer devices. There is no doubt that Internet-
enabled technology can improve a consumer's experience in ways 
large and small. To maximize energy efficiency, your nest 
thermostat can be controlled remotely and even adjust 
temperatures on its own once it learns your patterns.
    Amazon has introduced a Dash button which will allow 
customers to press a button and automatically reorder certain 
household supplies. But what do these companies do with the 
massive amounts of data they collect about their customers? 
What sort of notice do they provide to consumers about their 
privacy policies, and what choice do consumers have about how 
their information is used? And how will companies protect their 
sensitive information from being compromised in a cyber attack? 
These are all questions that must be considered as this 
technology continues to expand its reach.
    For another example, millions of Americans wear devices 
that track their physical activity and other health indicators. 
At least one insurance company is offering its customers a 
discount if they wear such a device and demonstrate a healthy 
lifestyle, but beyond encouraging healthier behavior by their 
customers, it is not clear how else insurance companies may 
seek to use this personal information in the future. Will it be 
sold for marketing purposes? Will it be used in a 
discriminatory manner to determine the use of suitability for 
credit or employment?
    In its examination of these important questions, the 
Federal Trade Commission made a number of important 
recommendations that we must consider. It suggested that 
companies build security into their devices at the outset 
rather than as an afterthought. It also recommended that they 
monitor connected devices throughout their expected lifecycle 
to provide security patches where possible to cover known 
risks.
    In addition, the FTC urged companies to protect consumers' 
privacy by engaging in data minimization as well as providing 
notice in choices to consumers as to how their data may be 
used. Although the FTC did not make any specific legislative 
recommendations, we should consider whether congressional 
action is appropriate at this time to address security and 
privacy concerns. If so, should we seek solutions to these 
concerns that are specific to the Internet of Things or should 
they be addressed through broader legislation on these topics?
    The Internet of Things has already led to important 
technological breakthroughs, and as it expands its reach, it 
has the potential to spur tremendous innovation. Our challenge 
is to find the proper balance between promoting this innovation 
and ensuring that our security and our privacy are protected as 
this valuable technology continues to grow.
    I look forward to hearing from our witnesses about how to 
address these challenges, and I yield back the balance of my 
time.
    Mr. Issa. Thank you, Mr. Nadler.
    I now recognize the gentleman from Virginia, the Chairman 
of the full Committee, Mr. Goodlatte for his opening statement.
    Mr. Goodlatte. Thank you, Mr. Chairman. Today we're here to 
learn more about the Internet of Things. I think this 
technology has the ability to not only improve the more mundane 
aspects of our everyday lives but transform the healthcare, 
transportation, and information technology industries.
    This new area of technology is of particular interest to 
the Judiciary Committee considering our longstanding 
jurisdiction when it comes to issues pertaining to intellectual 
property, privacy, security, cloud computing, and digital 
trade.
    The Internet of Things refers to machines containing 
sensors that connect and transmit data to other connected 
devices and the Internet. Dramatic growth in cloud computing 
over the past several years has helped enable this technology 
to reach its full potential. Without the ability for data from 
an Internet of Things device to be analyzed in realtime, the 
data itself would serve little value.
    The ability to access this information through mobile apps 
or even our cars, makes these Internet of Things devices a key 
tool to finding creative solutions for many of the problems of 
daily life in the 21st Century. Smart agriculture will help us 
to grow more food and prevent waste. Smart transportation will 
help prevent traffic jams but can also be used to monitor road 
conditions and structural components of bridges and overpasses 
to detect problems immediately.
    New wearables not only monitor the number of steps we take 
but can also include sensors that can catch and alert us to a 
potential medical emergency before it actually becomes one. As 
this Committee continues to study this new technology, it is 
important for us to keep in mind the full scope of the Internet 
of Things and be cognizant of its effects on public policy 
today and in the future.
    In particular, we need to examine the privacy and security 
implications of this technology and look into the security and 
privacy measures industry is building now and the measures they 
intend to implement as open standards are developed.
    I'm hopeful that this new technology will help fuel the 
engine of American innovation, prosperity, and creativity. I 
think we have a fantastic panel assembled today. I know all of 
the witnesses, and I look forward to hearing from them about 
this exciting new area of technology.
    Thank you, Mr. Chairman.
    Mr. Issa. Thank you, Mr. Chairman.
    And now on behalf of the Ranking Member, the gentlelady 
from Washington's First District, Ms. DelBene, will make a 
short opening statement.
    Ms. DelBene. Thank you. I want to thank my co-chair on the 
Internet of Things caucus and our Chairman, as well as the 
Ranking Member for calling this hearing on this important 
subject. When we examine the way that Internet-connected 
products and sensors are being used and what's called the 
Internet of Things from home appliances to personal wearables, 
it might be easy to conclude that the promise of the Internet 
of Things is limited only by American ingenuity, but we have an 
emerging set of challenges and opportunities to address for 
both innovators and for consumers.
    To start, we need to make sure that we update existing laws 
to reflect the way the world works today and where we are 
headed in the future. That means, for example, updating the 
Electronic Communications Privacy Act to ensure that data on a 
server is protected by the same warrant standard as a document 
in a file cabinet. For the multi-billion dollar Internet of 
Things economy to be successful, we need to be responsible 
stewards of policy.
    For example, consumers must feel they can trust their 
devices will be secure and private, not vulnerable to hacking 
or spying. Devices must be able to talk to each other, and that 
means forging a path to adoption of uniform preferably 
international standards. Regulatory agencies must find ways to 
strike the right balance between encouraging innovation and 
firmly upholding their duty to protect the public health and 
safety, particularly in the realm of connected cars.
    And as all these devices collect unprecedented amounts of 
data, they hold great promise for things like health research, 
but we must work with stakeholders to create a privacy 
landscape that Internet of Things users can understand that 
provides individuals with control over their own data.
    Again, I want to thank the Chairman and the Ranking Member 
for calling today's important hearing and setting the stage for 
what I hope will be a productive and informative series of 
hearings on the role that Congress and our Committee can play 
and create an environment where Internet of Things innovation 
can prosper and consumer protection is at the forefront.
    Thank you, Mr. Chair, and I yield back.
    Mr. Issa. I thank you, and thank for your leadership on 
this issue.
    It is now my pleasure to introduce our distinguished panel. 
The witnesses' written statements have been entered into the 
record and will be placed in their entirety, and I'd ask 
witnesses to summarize in about 5 minutes their statements so 
we can leave time for lots of questions.
    But before I introduce the witnesses formally, pursuant to 
the Committee rules, I'd ask that all witnesses stand to take 
the oath, customarily raising your right hand.
    Do you solemnly swear or affirm that the testimony you're 
about to give will be the truth, the whole truth, and nothing 
but the truth.
    Please be seated. Let the record reflect that all witnesses 
answered in the affirmative.
    Today, our witnesses include Mr. Gary Shapiro, President 
and CEO of the Consumer Electronics Association; Mr. Dean 
Garfield, President and CEO of the Information Technology 
Industry Council; Mr. Mitch Bainwol, President and CEO of the 
Alliance of Automobile Manufacturers; and Mr. Morgan Reed, 
Executive Director of ACT | The App Association
    Before I go down the row for the witnesses, I have to take 
a little bit of a personal privilege. The other three know it. 
Mr. Shapiro and I go back a long time. We were there at the 
birth of the Modern Consumer Electronics Association, and I 
once worked for him on an unpaid, highly compensated, but 
unpaid position as the Chairman. So if today I rough him up, 
remember get backs, it takes awhile.
    And with that, Mr. Shapiro.

    TESTIMONY OF GARY SHAPIRO, PRESIDENT AND CEO, CONSUMER 
                    ELECTRONICS ASSOCIATION

    Mr. Shapiro. Thank you, Chairman Issa. This is indeed a 
historic moment in my life because I've been referring to you 
as boss for 25 years, and you, as Chairman, oversaw a good 
portion of our freedom and our growth. And thank you, Ranking 
Member Nadler, Chairman Goodlatte, and other Members as well.
    The Consumer Electronics Association represents 2,000 
technology companies, and we own and produce the CES, which is 
held each January in Las Vegas, and is the world's largest 
innovation event. The Internet of Things is a big part of the 
CES now. In fact, it's so big that some 900 of our 3,600 
exhibiters had Internet of Things related products at our 
recent show.
    And the Internet of Things, you should know, exists because 
of smart phones. Over a billion smart phones have been sold, 
and they contain something called MEMS, Micro-Electro 
Mechanical Systems. These are tiny little devices that actually 
move, and they measure all sorts of things like pressure, 
temperature, location, movement, and other valuable 
information.
    And because of the billions of sales of these devices in 
phones, now they cost just pennies apiece, and very smart 
innovators are putting them together in very clever ways, and 
what they're doing is creating new services rather rapidly. 
They use very little energy, and they hook up to the Internet, 
and that is what the Internet of Things is based on.
    From garden soil moisture monitors to baby monitors, from 
wearables like smart watches and fitness trackers to connected 
thermostats and lights, from household appliances to connected 
cars, consumers are using these devices to stay healthy, to 
increase efficiency, to be secure, and to make better 
decisions.
    You've heard the estimates of how these are going to grow, 
and they are estimates. I just swore to tell the truth, so I 
can't say they're factual, but there is definite growth. We see 
it ourselves. We grew 32 percent in the United States alone in 
terms of connected home devices. It's already almost a billion 
dollar marketplace in the United States just in the home area.
    And these home control systems allow consumers to manage 
their security systems, turn on appliances, manage heating and 
cooling and lighting systems, and they also increase home 
efficiency and cut bills, they can learn room usage patterns 
over time, they can adjust temperatures and maximize efficiency 
even when no one is home.
    And while these save time and money for ordinary Americans, 
there's an opportunity here to care for our aging population, 
as well as the 56 million Americans with disabilities. 
Assistive technology has previously been customized and costly. 
Connected home products consumers are buying today provide 
novel interfaces like voice control that help people with 
reduced mobility and dexterity. Smoke detectors can now be 
connected to lighting controls so lights can flash to a person 
who can't hear, and they can light up the whole house for a 
safe exit.
    In today's low-cost connected home products are life 
changing and sustaining for many Americans. Think about our 
older loved ones. We have limited caregivers with an aging 
population, and smart home devices will help seniors to live 
independently and comfortably, retain their quality of life, 
and they could do this with caregivers watching remotely, and 
at the same time our older Americans will retain their privacy 
and share just what they're comfortable sharing.
    It's coming quickly in terms of the Internet of Things, but 
it does face impediments. First, it requires spectrum. Wireless 
spectrum is a platform on which most of these new devices 
connect, and we need additional licensed and unlicensed 
spectrum.
    Second, the Internet of Things is changing what skills we 
need to retain our Nation's competitive advantage. We need 
experts and people who can analyze data and make things happen, 
and we don't have enough skilled workers. That's why we are 
pushing for highly skilled immigration reform.
    Third, the Internet of Things requires government 
restraint. It does require us to consider new challenges. There 
are legitimate concerns about safety, privacy, security, but--
and important questions are being raised as to who actually 
owns the data, and stakeholders, including government, can and 
should be discussing these issues in a forum like this today.
    As we said in our IoT filing with the FCC over 2 years ago, 
consumers' adoption hinges on building trust. I just heard that 
again, Congresswoman. And it's up to manufacturers and service 
providers to make good decisions about privacy and security or 
they will fail in the marketplace, and we are passionate that 
industry-driven solutions are best to promote innovation while 
protecting consumers, but we recognize and respect the 
legitimate role of government to encourage transparency, 
clarity, and experimentation.
    CEA itself has been involved already in over 30 standards 
making operations, activities that produce ANSI-certified 
standards, that are focussing technical aspects of Internet of 
Things, and of course, it's just beginning. But we have to be 
careful of overly prescriptive mandates because that could 
stymie the growth of the Internet of Things. Any government 
action should be very narrow and very specific and focus on a 
real harm.
    The Internet of Things is huge. It's an opportunity to 
change the world, and we look forward to working with this 
Committee to ensure that government policies and regulations 
support growth in this dynamic sector. Thank you, and I look 
forward to answering your questions.
    [The prepared statement of Mr. Shapiro follows:]
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
                               __________
    Mr. Issa. Thank you, Mr. Shapiro.
    Mr. Garfield.

 TESTIMONY OF DEAN C. GARFIELD, PRESIDENT AND CEO, INFORMATION 
                  TECHNOLOGY INDUSTRY COUNCIL

    Mr. Garfield. Thank you, Chairman Issa, Ranking Member 
Nadler, Members of the Committee. On behalf of 61 of the most 
dynamic and innovative companies in the world, we thank you for 
hosting this hearing. We thank you as well for the context, 
which is outside pending legislation, and as well, Mr. Chairman 
and Congresswoman DelBene, for your leadership in creating the 
Internet of Things caucus.
    It is our firm view that the Internet of Things has the 
potential to be one of the most transformative technological 
innovations in human history. That is, with the right policy 
environment. To ensure that I'm not accused of engaging in 
hyperbolic hyperventilation, I would like to focus my testimony 
on three areas.
    One, why we think that's the case; two, what we're doing to 
enable it; and then third, our humble recommendations on how 
Congress and the Administration can be helpful.
    As to the first, the Internet of Things is essentially the 
digitization of the physical world through connecting sensors 
into a network with computing systems. What may sound simple 
has the potential to be seismic in the creation of new 
industries as well as disruption of existing ones. Whether 
we're talking about watches that have the potential to not only 
help you to be more fit but as well to prevent catastrophic 
health incidents through monitoring your heart rate, or we're 
talking about windshield wipers that have the ability to 
communicate with other windshield wipers and alert your car to 
an impending storm or alert an autonomous vehicle to the 
potential for a construction zone that's soon arriving.
    There has been much discussion of the home and personal 
manifestations of the Internet of Things, which are truly 
exciting. It is important, however, not to ignore the 
potential, the commercial deployments. Those commercial 
deployments are real, tangible, and have huge potential 
economic benefit.
    Whether it is the deployment of sensors in our energy grid 
to ensure greater resiliency and reliance, the deployment of 
sensors in transportation systems to allow more efficient 
delivery or in mines to ensure safety for workers, the economic 
impact, much of the economic impact will come from those 
deployments, which by 2030 is expected to be almost $7 
trillion.
    So what are we doing, as the technology sector, to ensure 
that is the case? We are focused on a multi-facetted approach 
that heavily emphasize security, privacy, standards as well as 
investment in infrastructure. With regard to security and 
privacy, we are working and innovating all the time around 
those issues, making sure that security and privacy are 
developed by design so that they are part of our forethought 
rather than an afterthought.
    We're developing bespoke solutions to ensure that both 
security and privacy are tailored to the particular 
environment, and as well, we're investing in innovation because 
consumers demand a high security and privacy and increasing 
transparency, and it's in our interest, and it's the right 
thing to do to meet that consumer demand.
    As well, we are moving forward on global standards that are 
driven by the sector and as well that are open standards to 
ensure that we have high interoperability as well as 
scalability.
    Finally, we're investing in the infrastructure. Mr. Shapiro 
noted the need for broadband, both wireline and wireless, as 
well as ensuring that spectrum is available. In reality, the 
use of spectrum on mobile data, is growing by 55 percent each 
year. With the Internet of Things and the digitization of 
physical things, it will only grow more expeditiously, and so 
spectrum will be increasingly important.
    In addition to doing those things, we intend and need to 
partner with Congress and the Administration to make sure that 
policy is smartly developed, and there are three things that we 
think it's important that Congress focus on.
    One is we need a national strategy around the Internet of 
Things. Much in the same way that a national broadband plan was 
able to focus our attention and drive the deployment of 
broadband, having a national strategy around the Internet of 
Things will be incredibly helpful.
    Second, we need more spectrum, as Mr. Shapiro and I pointed 
out earlier. The U.S. Government is the largest holder of 
spectrum, and hence, has the greatest ability to impact the 
deployment of spectrum, and we hope that we can work toward 
making it more efficient.
    Finally, we need the exercise of restraint. The Internet of 
Things is at its nascent stages, and in order to grow to reach 
its full potential, it's important that we avoid mandates that 
put the thumb on the scale of particular technologies versus 
others.
    I look forward to your question and look forward to the 
testimony of my colleagues. Thank you.
    [The prepared statement of Mr. Garfield follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
                               __________
    Mr. Issa. Thank you.
    Mr. Bainwol, you only have to deal with all the questions 
set up in the opening statement, so I look forward to your 5 
minutes.

  TESTIMONY OF MITCH BAINWOL, PRESIDENT AND CEO, ALLIANCE OF 
                    AUTOMOBILE MANUFACTURERS

    Mr. Bainwol. It's a piece of cake. Chairman Issa, Ranking 
Member Nadler, Members of the Committee, thank you for the 
opportunity to testify this morning. I wore a different hat the 
last time I was here on behalf of another industry that was 
engaging with the challenge of technology.
    During my time at the recording industry, technology 
upended how music was consumed, and access began to replace 
ownership, revenues fell sharply, and the fundamental model of 
business transformed. Now I'm with the Alliance of Automobile 
Manufacturers for the last 4 years. Instead of fighting with 
Gary Shapiro, I now mostly team up with him. That's easier. 
That's a good thing.
    Mr. Issa. Only in Washington.
    Mr. Bainwol. Yeah, right. I represent the Detroit Three, 
six major European manufacturers, and three major Japanese 
manufacturers as well.
    And for us, the impact of technology is every bit as 
profound but not threatening. Quite the contrary, technology 
and connectivity are ushering in a new era and some might even 
say a golden age in mobility. We've seen enormous safety and 
environmental gains both in recent years and over the last half 
century, striking reductions in fatality numbers and emissions, 
as well as increases in MPG.
    The next generation of progress will come from IoT-based 
technologies. Ownership patterns may evolve somewhat as ride 
sharing becomes more prevalent, but the truly material impact 
of technology is the convergence, the convergence of 
environmental, safety, productivity, and life quality benefits 
that arise from the connectivity of an IoT world.
    It wasn't that long ago that when it came to cars, safety 
and environmental objectives conflicted. Do you go heavy and 
safe or light and green? Every parent struggled with that 
choice for their teenagers. Strategies for safety centered on 
surviving crashes. Now the combination of automation and 
connectivity harmonizes, harmonizes safety and green. Crash 
avoidance from technology that manages the car better than a 
human can, fosters more efficient mobility because there will 
be fewer crashes on the road generating congestion. Fewer 
crashes translates into more economic productivity, more 
personal time, fewer injuries, fewer fatalities, lower 
emissions, and less wasted fuel. In an IoT world where 
connectivity offers the promise of these truly monumental 
benefits, getting to the future as fast and sensibly as we can 
is critical.
    According to NHTSA, about 95 percent of all traffic 
fatalities result from human error or environmental conditions. 
Vehicle factors account for just a fraction. Technology is so 
powerful because it offers the promise of mitigating human 
error as today's innovations, automatic braking, adaptive 
lighting, lane departure warnings, blind spot warnings, and 
tomorrow's technologies, V-to-V and V-to-X and to ultimately 
self-driving vehicles all penetrate the car park.
    This innovation must be embraced and seen as the answer and 
not the problem, and that means working proactively to address 
concerns about privacy and cybersecurity. Last year, auto 
manufacturers became the first in the IoT, a non-pure play 
Internet sector, to adopt a comprehensive set of privacy 
principles to protect vehicle owners. The principles have a 
strong lineage, building on FIPPS, FEC guidance, the White 
House Consumer Privacy Bill of Rights, and suggestions from 
privacy advocates. They address, among other elements, 
transparency, respect for context, data security, and choice. 
For the most sensitive types of consumer information that are 
needed for some driver-assist technologies, geolocation, where 
you're going, driver behavior, how fast you're going, and 
biometrics, the privacy principles require clear and prominent 
notice about the collection of such information, the purposes 
of why it's collected, and the entities with which it can be 
shared.
    Similarly, the industry is working to stay ahead of the 
threat posed by malicious hackers. Earlier this month we 
announced the formation of an Auto-ISAC, Information Sharing 
Analysis Center, to establish an industry-wide portal for 
sharing information about existing or potential cyber threats 
and vulnerabilities.
    The Alliance supports cyber security bills in the House 
that would facilitate threat sharing in the private and public 
sectors while protecting individual security. We hope the 
Senate acts soon so that we can move the bill to the President.
    Mr. Chairman and Members of the Committee, the next 20 
years in the evolution of the Internet is enormously exciting 
and offers the possibility of amazing outcomes on the road, 
strengthening the quality of life, the environment, and our 
economy. We look forward to working with you to realize the 
benefits of innovation and to address the challenges that come 
along the way.
    [The prepared statement of Mr. Bainwol follows:]
    
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] 
    
                               __________
    Mr. Issa. Thank you.
    Mr. Reed.

  TESTIMONY OF MORGAN REED, EXECUTIVE DIRECTOR, ACT | THE APP 
                          ASSOCIATION

    Mr. Reed. Chairman Issa, Ranking Member Nadler, and 
distinguished Members of this Committee. My name is Morgan 
Reed, and I'm the executive director of the App Association. I 
thank you for holding this important hearing on the Internet of 
Things.
    The App Association represents more than 5,000 companies 
and technology firms around the globe, making the software that 
runs the devices you wear and the apps you love. We are current 
spearheading an effort through our connective health initiative 
to clarify outdated health regulations, incentivize the use of 
remote patient monitoring, and ensure environment in which 
patients and consumers can see an improvement in their health.
    This coalition of leading mobile health companies and key 
stakeholders needs Congress, the FDA, HHS to encourage mobile 
health innovation and support polices that keep sensitive 
health data private and secure.
    Now, traditionally, this is the moment in my oral testimony 
where I should recite some interesting numbers about the 
industry, talk about jobs created, and niches filled, but I'd 
like to break from that a little bit. I want to tell you a 
story, and it's one that I know is relevant to many of you and 
certainly to a huge chunk of your constituents.
    Nearly everyone in this room is caring for an aging parent 
or knows someone who is. Now, imagine that your parents are 
fortunate, they're living in their own home but significant 
medical challenges are beginning to face them. The questions 
begin, do I get a home health attendant? Do we pay as much as 
$12,000 a month to move them into an assisted living facility? 
Do they move into my basement? How do I deal with the fact that 
my parents don't want to move into my basement, and mom feels 
that a home nurse is infantilizing. What do I do to help them 
live at home with dignity?
    Now, most of you remember Life Alert, you know the product 
with the tag line, ``Help, I've fallen, and I can't get up.'' 
Well, that kind of device is known as a personal emergency 
response system. We called them PERS. These are great devices 
but incredibly limited to what they can do.
    Now, imagine a far more sophisticated PERS packed with 
sensors that can track blood sugar, blood pressure, heart rate, 
biomarkers for medication adherence, geo fencing for 
Alzheimer's patients, and much more. Sensors small enough to 
fit in a watch like this one or maybe this one, and all of 
those devices--yeah, I think everyone here has got one. All of 
those devices connect to a loved one's phone, an alert service, 
a physician's tablet, and a medical record. Suddenly, mom can 
stay at home maybe another year, maybe two, maybe three, all 
while managing her health. And if mom allows the data to be 
sent to you, you can be part of the solution, staying in touch 
and on top of her needs. And not insignificantly, your basement 
gets to keep its big screen TV.
    By 2050, there'll be 83.7 million Americans over the age of 
65, twice the amount from 2012. Eighty percent will have at 
least one chronic condition. Without question, the age group's 
rapid growth will strain public and private health resources; 
therefore, the picture I painted you is not a pipe dream but 
rather is imperative to prevent a cataclysmic economic outcome 
from this boom in aging adults.
    So what's standing in the way of this dream? What is needed 
to ensure that everyone can benefit from these new innovations? 
Well, I have three quick messages.
    One, innovation in healthcare is happening. It can lead to 
lower cost, better care, and improve patient outcomes. Two, the 
future of health IoT will be founded on trust, which requires 
strong security and privacy measures. Three, regulatory 
barriers, outdated laws, and lack of clarity around 
reimbursement are a threat to the advancement of mobile health. 
Congress can and in some cases must play an important role in 
improving health outcomes for all Americans through innovative 
technologies.
    Questions about privacy, security, reimbursement, and 
government regulation have met to create an environment where 
companies are worried about making devices more medically 
relevant, and physicians worry about the impact on their 
practice and their liability. Patients and care providers must 
know that their information is private and secure. Industry 
best practices around the treatment of sensitive health data as 
well as a commitment from government to support these practices 
are important to establish trust and push this industry 
forward.
    Clarifications on government access to data matter as well, 
including ECPA reform and the LEADS Act. As most of this health 
information will eventually end up in the cloud, and Congress 
should be pushing back on any government pressure to weaken 
encryption.
    Finally, ensuring that doctors are reimbursed for the use 
of these technologies will be essential. Currently, CMS is 
statutorily prevented from reimbursing certain kinds of remote 
patient monitoring because of absurd geographic restrictions 
and antiquated technology requirements that were state of the 
art 15 years ago but haven't moved since.
    Success will come when technology, trust, and means to pay 
for it all come together. I ask that Congress help to ensure 
that that happens now rather than see one more of our family 
members moving out of the home they love because we failed to 
act. I look forward to your questions.
    [The prepared statement of Mr. Reed follows:]
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
                               __________
    Mr. Issa. And on that note, I have questions.
    I recognize myself for a series of questions.
    Mr. Shapiro, you're not an engineer. You're a long 
recovering lawyer, but I'll ask you this question because I 
think your industry is well aware of the answer.
    As we sit here in air, what percentage, more or less, of 
the bandwidth are we using in this room, of the entire 
spectrum?
    Mr. Shapiro. What percentage as us----
    Mr. Issa. If we are to look at the radio waves being used, 
the AM, the FM, the old bandwidth from television, what 
percentage of the spectrum is actually being used as we sit 
here today?
    Mr. Shapiro. Well, it's all spoken for, but the actual use 
is a small percent.
    Mr. Issa. Less than 1 percent will actually be in these air 
waves. So if we're trying--and I said I wasn't going to dwell 
too much on spectrum, but if we're trying to create the ability 
for almost an unlimited amount of communications between large 
and small devices, isn't one of our greatest tasks to recognize 
that we have allocated all the bandwidth virtually and not used 
hardly any of it in any given time in any given room?
    Mr. Shapiro. Yes. Now I realize you gave me a softball. 
Thank you.
    Mr. Issa. And you can follow up with devices that can 
recognize those voids and take advantage of them.
    Mr. Shapiro. Right. Thank you. So as you know, there are 
two types. Actually all spectrum is pretty much the same, but 
we, through the laws, categorize it differently, and we 
categorize it by whether it's licensed or unlicensed. Licensed 
means that someone has bought it or they've gotten it for free, 
a broadcast license, and unlicensed means that, subject to good 
neighbor rules, anyone can use it.
    Unlicensed spectrum is very valuable because it promotes 
innovation. We calculated, in a study we did last year, that 
there's about $62 billion of activity created by unlicensed 
spectrum, so we are advocates for increasing the amount of 
unlicensed spectrum because it does allow entrepreneurs and 
innovators to do really cool things that will produce economic 
activity and provide benefits, but there's a lot of spectrum 
that the government uses.
    And what we're asking, and I know there's legislation 
pending, which is simply that the government catalog and figure 
out what could be available and repurposed for commercial 
purposes because that alone would not only take some of the 
pressure off a very crowded field right now in spectrum, but it 
would also create a huge amount of economic activity, and if 
sold, it will make a tremendous amount of money for the 
Treasury.
    Along the way, though, there is technology being developed 
which allows spectrum to be split finer and finer and used, and 
I know that's some of the issues involving going forward, like 
we are passionate about driverless cars and all the benefits 
and all the great things that are there, but we think there's 
an opportunity there to look and test some of that spectrum 
that's being purposed for that area and split it up a little 
bit and share it, and that's what Mitch and I love to have 
wonderful conversations about.
    Mr. Issa. Following up with Mitch. Mr. Bainwol, there's 
going to be a lot of questions about obviously whether or not 
automobiles that are communicating with the Internet are safe 
or not, and that's topical, but would it be fair to say that 
whether or not you share the bandwidth has virtually nothing to 
do with whether or not you're going to be effectively hacked on 
your encrypted signals?
    Mr. Bainwol. That's a question that----
    Mr. Issa. That's a softball.
    Mr. Bainwol. Well, it may be, and like Gary, sometimes I 
can't see softballs, and I'm also not an engineer. I think I'd 
say a few things. One is, as it relates to spectrum, we've 
heard the message from Congress and the notion of sharing, if 
we can make that work, is something that we really want to do, 
and field testing is going to happen this year, in 2015, and 
the notion, is to find a way to satisfy the use for spectrum 
but also meet safety imperatives is something--that balance has 
to be struck, and we're prepared to try to test to succeed 
rather than test to fail, so we're committed to the notion.
    I do want to set context, though, in terms of V-to-V. NHTSA 
estimates that V-to-V could mitigate or eliminate up to 80 
percent of all crashes on the road, and so the promise of V-to-
V is overwhelming. The implications for life, for injury, for 
productivity are enormous, so I think the predicate for moving 
forward has to be do no harm. Move forward aggressively, find a 
way to share, but do no harm.
    Mr. Issa. And I want to quickly follow up. The history of 
data in the automobile has been one of the automobile 
manufacturers having proprietary data buses, keeping them 
closed, not publishing. As a representative, is that going to 
be different--and it's a self-asking question or answering 
question, in the vehicle-to-vehicle world, it has to be an open 
standard that in fact is published so that your windshield 
wipers on one vehicle talk efficiently to another; isn't that 
true?
    Mr. Bainwol. So I think it's both true that 
interoperability matters, but I think it's also true that in a 
world, a dangerous world where you have malicious hackers, that 
system integrity matters a ton, and finding a balance for both 
is the test.
    Mr. Issa. Well, as I recognize the Ranking Member, I will 
tell you at least from this part of the dais that working on 
legislation that makes the penalties specific, high, and 
enforceable against those who try to maliciously hack 
automobiles is an area in which I believe our jurisdiction is 
not only appropriate but our need for action is immediate.
    Mr. Garfield. If I may add one point.
    Mr. Issa. With Mr. Nadler's permission, yes.
    Mr. Garfield. It's actually just the point that we have a 
history of driving open consensus based standards that fully 
integrate privacy and security protections and can do that in 
this context as well.
    Mr. Issa. Thank you. Mr. Nadler.
    Mr. Nadler. Thank you, Mr. Chairman.
    Mr. Shapiro, you argue for a market approach to addressing 
the privacy and security concerns raised by the Internet of 
Things. We all hope that companies will act responsibly and 
that the market will punish bad actors, but isn't it important 
that the government set forth clear rules on what is and is not 
permissible?
    Mr. Shapiro. Thank you, Congressman Nadler. It is 
important, I think, that companies know what is legal and not 
legal, but there is a--something between the two, which is what 
is right and will get customers or not, and we've heard many 
people talk about the importance of trust for companies, and 
their brand and their reputation relies entirely upon trust.
    Everyone wants privacy. Look, HIPAA was passed to protect 
medical privacy, but sometimes there's different types of 
information and how far it goes, and even HIPAA has some down 
sides to it. There has been research that's been lost, there's 
been records which have not transferred easily because of 
HIPAA, so there's a trade-off that goes on. If you put too much 
of a line around privacy, you're trading off opportunities for 
new services that consumers will desire.
    I think what companies have an obligation to provide is 
transparency in what they're offering, and the consumers could 
be able to make a reasoned decision about what they're willing 
to give up in return for sharing some of their privacy. So it 
is, I think, premature for Congress to say this is the line 
we're drawing, but having the discussion is really important, 
and I think that there should be a national consensus about 
what should be protected and what should not and also what 
consumers should be allowed to give up freely and make that 
choice.
    Mr. Nadler. Should there at least be notice to consumers 
required?
    Mr. Shapiro. In terms of giving up what you--if you are 
sharing something which you shouldn't expect normally to share, 
I think there should be notice, and it should be clear and 
conspicuous. I think our companies have an obligation----
    Mr. Nadler. So you do think that government should mandate 
notice?
    Mr. Shapiro. I think there's a difference--the Federal 
Trade Commission has some significant jurisdiction in this 
area. There's a lot of private lawyers who will be more than 
happy to sue those that don't give sufficient notice. If the 
law is unclear, which I do not believe it is yet----
    Mr. Nadler. So the law is clear enough, the FTC should 
require notice, and we should leave it at that for the time 
being?
    Mr. Shapiro. Well, the FTC is taking a case-by-case 
approach, which has provided sufficient guidance. I don't think 
there's a need yet.
    Mr. Nadler. Okay. That's what I'm getting at. There's not a 
need yet for Congress to do anything because the FTC can handle 
it and is handling it so far.
    Mr. Shapiro. I think the case-by-case approach is a good 
approach because this is a quickly evolving area, and before we 
foreclose new services and new information, all these great 
things that are happening, rather than jump in, I think we 
should take a----
    Mr. Nadler. Okay.
    Mr. Shapiro [continuing]. Deep breath and see our 
consensus.
    Mr. Nadler. Let's assume that Congress chooses to disagree 
with what you just said and chooses to enact privacy and 
security measures. In that case, are there any ways in which we 
should treat products connected to the Internet of Things 
differently from other companies that collect data or connect 
to the Internet?
    Mr. Shapiro. Well, I'd like to think about that answer and 
perhaps provide it in writing, but my off-the-cuff answer is 
that I would say the Internet of Things does allow easy 
connectivity quickly and rapidly, and there is clearly 
sometimes when knowledge is appropriate and permission, but 
sometimes there isn't.
    For example, the Internet of Things allows police forces to 
monitor crowds in a public area. It allows them to monitor 
conversations and see whether people are being angry or not in 
a public area. It provides an opportunity to have video and see 
whether there's bad people the FBI wants through identification 
of not only faces but also by voice. There's a tremendous 
opportunity here in many different areas.
    And to me, what's most important is we let it play out a 
little bit, and if we're going to legislate--or you're going to 
legislate; I don't have that right--it would be very specific 
and narrow and address a real problem.
    Mr. Nadler. Thank you. Mr. Bainwol, in your testimony, you 
reference the consumer privacy protection principles released 
by the Alliance of Automobile Manufacturers.
    Can you briefly describe these principles in some detail? 
Briefly in detail.
    Mr. Bainwol. Well, the written testimony goes into some 
depth, but it focuses on things like transparency, context, 
data minimization, and clearly the notion of express consent 
for marketing. So we provide heightened protection for things 
like biometrics, driving behavior, and geolocation.
    So we think this works as a floor. We've provided it to the 
FTC, so it is enforceable, and I think I'd build on Gary's 
point of--and this applies to privacy and it applies to 
everything else as we enter an era of massive innovation.
    Mr. Nadler. We should be careful and wait for experience.
    Mr. Bainwol. I'm sorry?
    Mr. Nadler. We should be careful and wait for experience.
    Mr. Bainwol. Well, I think the fundamental challenge that 
I've got is that the pace of innovation far outstrips the pace 
of regulation, and that's just a fundamental truism. We're 
seeing that in the area of distraction at NHTSA, and I'll give 
you a specific example.
    Mr. Nadler. Well, don't, because I have other questions.
    Mr. Bainwol. Okay. Sorry.
    Mr. Nadler. But thank you, but especially given what you 
just said, do you think that the principles you've enumerated 
in the consumer privacy protection principles should apply to 
all prior to the Internet of Things technology or are they 
uniquely relevant to the automobile industry?
    Mr. Bainwol. Well, they're based on FIPS and pretty 
generally accepted notions, so I think they're more broadly 
applicable, but I'm testifying today on behalf of the auto 
industry, and I'm reluctant to impose my judgment on others.
    Mr. Garfield. I can give you my perspective on it.
    Mr. Nadler. Please.
    Mr. Garfield. Which is----
    Mr. Nadler. That saves me from answering other questions 
since my time has run out, but go ahead.
    Mr. Garfield. I'll be brief. We're talking about the 
Internet of Things as if it's a single thing, but it is not. So 
what are the privacy or security regime that we would have in 
place for a windshield wiper versus a watch that's monitoring 
you personally. So the sectoral approach that we are taking is 
one that works.
    In addition, we shouldn't assume that this is the wild, 
wild west, and there is no one out there monitoring today. The 
FTC has been very engaged in this space and is actually taking 
action.
    Mr. Reed. I know you're out of time, but if the Chairman 
will--I want to point out something very important in the 
health context. I think you are about to see some very 
significant industry best practices that rise up because 
ultimately what's happened right now is we aren't seeing the 
kind of growth.
    An interesting study came out that shows that only 15 
percent of doctors are talking about wearables to their 
patients, yet nearly 50 percent of doctors think their patients 
would benefit from the use of those. When asked as to why----
    Mr. Nadler. Why the difference?
    Mr. Reed. Privacy. The questions that they have about 
privacy, how it will affect them when the data comes back, and 
with an aging population that's concerned about how their 
information might be used for marketing or other purposes, they 
hate those late night telephone calls, I think that the 
industry right now is--well, I know. We are working very 
closely with a lot of folks to come with some industry best 
practices that give some more bright lines. We believe the FTC 
will be a good enforcement mechanism for those industry best 
practices, but that's where we are today.
    Mr. Nadler. Thank you very much. My time has expired.
    Mr. Issa. Thank you. And you didn't even get to the 
questions of what does the garbage man say to the garbage can 
and what does the garbage can say back.
    Mr. Nadler. No, I have to do that in the second round.
    Mr. Issa. I'm assuming it's you stink. That's going to cost 
me. With that, we go to the gentleman from Pennsylvania, Mr. 
Marino for his questions.
    Mr. Marino. Thank you, Chairman.
    Mr. Garfield, could you--you know, today it's estimated 
that the average home has 11 WiFi devices. In my house with my 
tech savvy kids, it's triple that, and I'll give you an 
example.
    My children have a different taste in music than I do, this 
just happened last week. I am in the study, I'm listening to 
this music, and the next thing I hear is, Captain Jean Luc 
Picard's voice saying, ``This does not compute.'' My son found 
a way to connect into my system and switch the music that I was 
playing compared to what he wants to play, and tell me that he 
just didn't like this music, so it's fascinating what these 
kids can do with this equipment.
    But be that as it may, you know, this unprecedented boom 
will require significantly more wireless spectrum, I think 
beyond what we realize at this point, that is commercially 
available today. Could you expand on the implications of how 
this might impact the connection for consumers as well as the 
overall growth of the sector of the economy?
    Mr. Garfield. Yeah, I think both are significant. Your 
household actually sounds a lot like mine, so I empathize with 
you. I agree with what my colleagues have said about the need 
for more spectrum, whether it's wireless or wireline or whether 
it's licensed or unlicensed. In this context, wireless is 
particularly important.
    Given the lack of optimization in the use of spectrum today 
and how much spectrum is held by the government, I think 
there's a significant opportunity both in the deployment of IoT 
and economically as well to more efficiently use spectrum and 
make more of it available, and so I think there's a huge 
opportunity there.
    The reality is that it's absolutely necessary because as we 
think about all of the physical world essentially being 
digitized, then the growth that we've experienced today in the 
use of spectrum will certainly explode, and so it's something 
that we need to plan for, anticipate, and take action to deal 
with.
    Thank you. We realize now that I can raise my garage door 
up and down from 2,000 miles away. I can turn my lights on. But 
what is to prevent the hacker, the state-of-the-art thief from 
checking in on my software on my computer system in my house? 
For example, when I go on vacation, I will turn the heat down. 
So they could tap into my thermostat, read when the heat is 
reduced over a certain period of time, come to the conclusion 
even though there are lights going on and off all over the 
house that no one is there. And this is open to anyone. What is 
the industry doing to protect us from that?
    Mr. Reed. First of all, thank you for your question, and 
thank you for your work on a lot of the encryption and privacy 
issues, Congressman. First off, welcome to encryption. End-to-
end encryption is a critical element of preventing that from 
happening. Yes, there are technological things you can do, man 
in the middle, et cetera, forms of attacks that we can run. 
But, you know what, once you start getting about 256-bit 
encryption, 512-bit encryption, it takes an enormous amount of 
power to break it.
    So one of the questions that the consumer electronics side 
of the world, as well as the cloud computing side of the world 
is looking at is, how do I put end-to-end encryption in every 
device and make it so no one can mess with your lights, or more 
importantly, other things in your house that might have a 
direct impact on the people living there.
    So first off, we need to make sure the government doesn't 
weaken encryption. Second of all, we need to continue to see 
the growth in the kinds of research around encryption that is 
in some cases supported by the government.
    Mr. Marino. Yeah. Anyone else?
    Mr. Shapiro. Can I answer that?
    Mr. Marino. Yes, sir.
    Mr. Shapiro. I share Mr. Reed's comments. Also, going back 
to the garage door opener, when that was first introduced it 
was very primitive. And a fun thing to do, was to drive around 
the neighborhood and open up other people's garage doors, or 
similarly with cordless telephones. If you played it right, you 
could listen to other people's phone conversations because it 
was so, by today's standards, relatively primitive even though 
it was novel then. As we have gotten more sophisticated, as 
memory chips have grown, as encryption has grown, there are 
solutions and we don't even hear about those problems anymore 
so it has not been an issue.
    Mr. Marino. Okay. Thank you.
    Mr. Garfield. The reality is, is that a significant 
investment is being made in innovating around privacy and 
security because it's the right thing to do and because 
consumers are demanding it. So that explains, in part, the 
shift that you have seen that both Gary, Mr. Shapiro and Mr. 
Reed have articulated.
    Mr. Marino. Okay, just let me know when you have a device 
where I can block my son from changing my music as----
    Mr. Reed. I can help you with that.
    Mr. Marino. Thank you. I yield back.
    Mr. Shapiro. It is called handcuffs.
    Mr. Reed. Wow, that is primitive. Yes.
    Mr. Issa. Mr. Marino, did you get to your question of the 
launching of your trade secrets bill today?
    Mr. Marino. Here?
    Mr. Issa. No, you didn't. Okay. Well, Mr. Collins will be 
announcing it, so hopefully you will get to talk on that next.
    I'm sorry, did I mention that there will be an announcement 
on trade secrets bill today? Okay. Did anyone not hear that? 
Thank you.
    We now go to the gentlelady from California, Ms. Chu.
    Ms. Chu. Mr. Bainwol, I recently read an article about two 
security researchers that were able to wirelessly hack into a 
Jeep Cherokee, first taking control of the entertainment system 
and windshield wipers, and then disabling the accelerator. They 
were able to slow down the car to stop on a busy highway. This 
experience reminds us that connectedness flows in both 
directions and that hackers could actually manipulate these 
devices for evil if they so chose.
    What specific best practices does the industry have in 
place to ensure that something like this does not come about 
and how are automobiles being designed to prevent exactly this 
from happening? And what role do you see the Federal Government 
playing in this scenario?
    Mr. Bainwol. And I have 5 minutes? Great questions, and the 
Jeep hack of a week or two ago, obviously, received enormous 
national attention. I'm struck here about the need to both take 
the threat very seriously, and we do, but also not to get 
caught up in the sensationalism that sometimes accompanies a 
story like this. So both things are true.
    Our companies are designing and building to meet security 
risks from the very start. That's point one. They are working 
with government, with academia, with third-party security 
technologists to address the hack risk, and the hack risk is 
real. It's palpable, and we need to address it and we need to 
take it very seriously. We have also formed an ISAC, and this 
began more than a year ago. And the ISAC is a mechanism for the 
industry to voluntarily share risk and how to address those 
risks. So there is a mechanism that is in formation for 
specifically this challenge.
    The risk here from a governmental side is the one that we 
touched on before, and that's what's the touch? How heavy a 
touch should there be? And in a world in which innovations 
happen so rapidly, how do you make it work so that it is not 
rigid? And that's a challenge. I think what you have done thus 
far is to facilitate sharing of risk threat and that's great 
and we hope that moves forward.
    Ms. Chu. Okay, Mr. Garfield, you stated that connectivity 
and communications between vehicles must be secure and 
reliable, especially for safety applications. That's something 
that Congress, the Department of Transportation, the Federal 
Trade Commission and other government stakeholders should 
oversee to protect consumers. You are referring there to the 
consumer's physical safety.
    But when it comes to another kind of safety, which is 
privacy, and data security, you urge the Federal Government to 
essentially take a wait-and-see approach, and asking that if we 
should only step in, if industry fails at self-governance. So 
what in your mind is the difference between these two kinds of 
safety that would warrant such a divergent approach?
    Mr. Garfield. I guess two points. Our suggestion is not 
that the government do nothing. Our suggestion is that the 
government exercise restraint, and that the approach that has 
been taken today on privacy, that is sectorially driven, that 
includes monitoring and enforcement by the FTC is working. In 
the first instance, there is a significant market failure that 
may not be being met and so immediate action is clear. In the 
second instance, that is less clear. I guess the third and 
final point is the point that we have all made about the 
innovation that's taking place in this space, not only around 
IoT, but around ensuring that we are driving privacy and 
security by design at the very beginning of these processes is 
actually making significant headway and we worry about the 
unintended consequences of legislation at this stage.
    Ms. Chu. Mr. Shapiro, you acknowledge in your testimony 
several important concerns about privacy and the collection of 
data, and then go on to state that industry-driven solutions 
are the best way to promote innovation. But how do we rely on 
the industry to self-govern, and avoid the problems implicit in 
the fox guarding the henhouse? And I ask the question 
particularly in the context of one concern you raised which is, 
who owns the data from these devices? Isn't the industry 
incentivized to claim ownership over the data?
    Mr. Shapiro. Thank you for that question. It is true that a 
lot is going on vertically. We have our own wireless health 
company group that is focusing on creating rules that everyone 
can live by. In part, because it's the right thing to do; in 
part because there's Congress, which will probably or a 
government agency will do it if they don't. But there are 
already free-market solutions which are happening quickly in 
different other verticals.
    For example, in the automobile, hundreds of thousands, if 
not millions of consumers are already choosing to give up their 
data to insurance companies in return for a lower insurance 
rate. So the insurance company is essentially monitoring how 
fast they drive and what they do and what kind of driving they 
do because the consumers feel it is valuable to give up that 
information. That's informed consent. It's a free market 
decision, et cetera.
    Also there's solutions coming up for parents. If they want 
to give the kid the keys to the car, they have the ability to 
monitor their children now with many different solutions that 
are coming out quickly.
    My point is not that it is not a legitimate area for 
government conversation. It's that there's so much happening 
from an innovation point of view, that there's different 
directions that we can go in. And if industry goes in the wrong 
direction, we are fully confident that the government will be 
there saying this is wrong, and consumers will be there, trial 
lawyers will be there. Even in the distracted driving area 
where the Federal Government has stepped in rather vociferously 
and said to industry, you know, you should really do everything 
you can to ban a driver from using any product while in that 
driver's seat. There's at least 80 different solutions and more 
developing every day which basically cut down on distracted 
driving through monitoring lanes, through monitoring the head 
falling asleep, watching your eyes, or even technology produced 
locally which monitors your cell phone as a driver and figures 
out if you are not paying attention to the road.
    Mr. Issa. Would the gentlelady yield for just a followup 
question very quickly?
    Ms. Chu. Certainly.
    Mr. Issa. I think, Ms. Chu's question, though, was who owns 
the data? And wouldn't you agree that, in fact, data which 
comes from an individual inherently government does have a role 
in defining what rights they have to retain, protect, or 
retrieve their own personally identifiable data, which I think 
was your question, wasn't it?
    Ms. Chu. That's true.
    Mr. Shapiro. Well, then I blew the answer.
    Mr. Issa. It was a good answer, it just wasn't quite to 
that question.
    Mr. Shapiro. I would say, obviously, a consumer that 
creates data should have some rights in that data. The question 
is the service provider, if they do own data. And this goes 
into a lot of areas of the Internet and not just the Internet 
of Things. If there are apps providing services, et cetera, 
what is the tradeoff that's involved? And I think it's fair to 
say there should be transparency as to who is using the data. 
As to who actually owns it and can retain it, I guess I would 
say that depends on the level of personal information in the 
data. I think whether or not you are using your windshield 
wipers, for example, is a type of data that can be easily 
collected and shared to provide information on where it's 
raining without a lot of consumers saying that's fine, as 
opposed to something much more personal when you get into the 
health sphere where you should, of course, own and determine 
what happens with your data.
    Mr. Issa. Thank you. I think that will at least start a 
dialogue that will continue. The gentleman from Texas. Mr. Poe.
    Mr. Poe. I thank the Chairman. Gentlemen, thank you for 
being here. I'm going to try to break this down and try to keep 
it less complex, very simple. The issue is privacy. The time of 
the Dick Tracy watch is here. In fact, our gentleman here on 
the end has two Dick Tracy watches. I don't even wear a watch, 
so that will help you in the answers, I hope.
    Mr. Issa. Ted, what time is it?
    Mr. Poe. It's up there and I can't even see the clock. So 
anyway, the data that is stored, is stored by a provider and 
it's information about an individual. The privacy of that 
individual is paramount to me, and I think the law, the 
Constitution, the right of privacy.
    And it has to be protected by Congress because it's a 
constitutional right. Privacy. Congress needs to set the 
expectation of privacy for individuals that have shared their 
information with different entities, and I'm concerned about 
the privacy of the individual two ways: One, the provider or 
the service provider sharing it with other nongovernment 
agencies. And the service provider providing that information 
to the government. Especially the government. I think there 
should be--we should update the ECPA law, which right now, 
information stored on the cloud for 6 months is private. But 6 
months and 1 day, the government can have it. There is no 
expectation of privacy; absurd protection of the constitutional 
right of privacy for 180 days only.
    I don't think that we should leave it up to the FTC to set 
the guidelines or the FCC, or the FEC, or any other government 
agency to determine what the right of privacy should be.
    So I'm not through asking the question yet. So how do you 
know the answer already? Anyway, should not we in Congress 
update the ECPA law to provide whatever rules we think should 
be provided so that citizens know that the government, to get 
this information, and you can use geolocation and all other 
information, has got to have a search warrant based on the 
Fourth Amendment of the Constitution before they order you to 
give the government that information about the citizens out 
there in the fruited plain.
    Shouldn't we be proactive to do that, or are you 
recommending that we just wait for all of these different 
things to happen out there, and try to solve them, get the 
lawyers to sue and all of these things before we get the right 
of privacy, or should Congress be proactive? I have been 
working on this for years, and we haven't been able to get 
anywhere with updating the ECPA law so that people know the 
expectation of privacy that the government knows you cannot get 
that information without a search warrant. Should not we do 
that, Congress do that? And it's kind of like a yes or no 
answer on that.
    Mr. Reed. Yeah, the reason I was coming in there is because 
I wanted to say amen. The reality of the situation is, yes, 
ECPA reform is absolutely essential; 289 cosponsors. This is 
something the Committee absolutely has to do.
    Congressman Marino was here, Congresswoman DelBene is here 
as well with the LEADS Act that you cosponsor. We absolutely 
need these kinds of legislation to move forward so we know what 
we can tell our customers, what I will protect, how I will 
protect it, and when I will be forced to share it. Absolutely.
    Mr. Poe. And a person may not be a customer for this very 
reason. Well, I like all this stuff out there. This is 
wonderful, but I don't want the government getting it. And 
right now you say, well, then maybe they can have it, maybe 
they can't have it. How about the rest of you?
    Mr. Reed. Yes.
    Mr. Poe. Got an amen here on the right. Good.
    Mr. Garfield. We support ECPA reform; strongly support ECPA 
reform.
    Mr. Shapiro. I think you are totally right to distinguish 
between what government has a right to, and what private 
parties can exchange with each other. So when the government 
says we have been burned as an industry pretty seriously to the 
tunes of billions of dollars of sales in Europe, and other 
countries are using the fact that our government took 
information, is a total competitive disadvantage now to say 
that cloud servers and things like that should not be based in 
the United States, you know, that they are not secure, 
government can take the information and it has been very 
harmful to the U.S. technology industry and it has been used 
against us.
    And under the Fourth Amendment, yes, it is about as clear 
in the Constitution as you can get about the government must 
have only--will not do unreasonable searches and seizures, and 
that's been interpreted--ECPA needs an update. I agree with 
that.
    On a private basis, I think it's a much more complex 
discussion. The reasonable expectation of privacy is set by the 
Supreme Court, is almost like the definition of obscenity in a 
way. It changes with time. It changes with community, and it 
changes with technology. And I think your reasonable 
expectation of privacy in some data, if you are out in public 
and I'll use the windshield wiper example again, is not perhaps 
the same as perhaps other data, and that's a much longer 
conversation.
    Mr. Poe. In the privacy era, it goes into whether it's 
voluntary, whether you volunteer to give that information to 
another person. And that's a different--I'm interested about 
the government, the Federal Government, State government, local 
government, which all right now can seize that information in 
the cloud without a warrant. And the person involved doesn't 
have notice about it. One more comment.
    Mr. Bainwol. I'm in on the government side. I would note, 
as Gary indicated, and this is on the nongovernmental side, 
that data is necessary to provide services that consumers want. 
So whether it's the insurance example, we plug in, I'm one of 
those consumers. I know exactly how my kids drive because I get 
a report every month from the insurance company that tells me 
how fast they are driving, how fast they are braking, when they 
are driving. And as a parent, that's a useful thing and it's a 
disincentive for them to drive poorly. So that's a good thing, 
and I wouldn't want to get in the way of services like that 
that are pro-consumer.
    Mr. Poe. All right. I yield back to the Chairman.
    Mr. Issa. I thank the gentleman, and we now go to the 
gentlelady from Washington's First District, Ms. DelBene.
    Ms. DelBene. Thank you, Mr. Chair. Thanks to all of you for 
being here. I want to follow up a little bit on the Electronics 
Communications Privacy Act conversation here. Myself and 
Congressman Poe and Congresswoman Lofgren have also sponsored 
legislation that would also create a warrant standard for 
geolocation information as well as electronic communications.
    And when we talk about issues of making sure there's a 
legal framework to protect information, and so that consumers 
feel like they understand what's happening with their 
information, and law enforcement is clear on how they would 
access information, what do you think about expanding that to 
include geolocation and the international issues that we face 
in terms of access to information? Anyone? Or I guess I will 
start with Mr. Reed.
    Mr. Reed. Well, first of all, thank you for your support of 
the LEADS Act. Thank you for your introduction. It's a very 
valuable thing to figure out how we move forward. I know we are 
all Americans here and we are in America, but one of the things 
to realize from my members who are developing the applications, 
is just how much our opportunities are overseas.
    And so when the issues that you raise about U.S. Government 
access to that data start harming our sales, it hurts jobs here 
in the United States. So I think you're precisely right. This 
is an issue that Congress has to step in on. It can't be done 
through industry best practices or standards. And so the 
question of geolocation, once again, is something that we will 
have to work both with you and with law enforcement because law 
enforcement does have a duty to work and protect the citizenry.
    The problem comes when I have to tell a customer, I don't 
know about the answer to the question of when I have to hand 
over that information. The difference between the Sixth Circuit 
and the Ninth Circuit and this idea that I have to tell my 
customer I don't know, is enormous.
    I think the other element that should be raised on this is 
how other countries look at what's happening.
    If the United States Government says we have access to any 
cloud data, at any time, on any person, any way we darn well 
please, regardless of where the data is stored or who it's on, 
we have to expect that Russia will want the same privileges 
from our companies; that China will want the same privileges 
from our companies. And so legislation like what you're 
proposing is what we need because we need to have a strong 
stance that we can look at those countries and say, no, I won't 
hand over that information without some better legal authority. 
So thank you very much.
    Ms. DelBene. Mr. Garfield.
    Mr. Garfield. Yes, your question also gives us another 
opportunity to raise something that Congress can do in this 
area which is legal redress. The lack of legal redress rights 
in the United States is something that creates great challenges 
internationally, and this Committee and Congress generally has 
the opportunity to do something and so that's another step that 
can be taken that would help internationally.
    Ms. DelBene. Folks, also, you were earlier talking about 
encryption, and we have been having a conversation recently 
about whether there should be a backdoor for law enforcement 
access to encrypted data, and whether that should be mandated. 
If such a policy were mandated by the Federal Government, what 
would, you know, the impact be specifically on user data and 
what do you think the impact would be for your customers?
    Mr. Garfield. I think the impact would be quite negative 
both here and internationally for a host of reasons. It's 
important to keep in mind that security is a part of advancing 
privacy. And if you create any kind of door, it won't only be 
used by those who you intend it to be used by. And so I think 
in many respects you create a Pandora's Box of challenges that 
would be highly problematic for both privacy and security 
interest and is something that should absolutely not be done.
    Mr. Bainwol and I both worked in the recording industry 
years ago, and one of the things we realized was rather than 
fighting technology, the best solution is to poyne the use of 
technology, and I would suggest for the Federal agencies in 
this context, those answers may hold some merit in this context 
as well.
    Mr. Reed. We learned hard lessons. I feel like we are a 
little bit of deja vu right now with the Clipper Chip reducts 
here that we are facing. The reality is is that over 40 of the 
leading security experts have already come out and said, the 
idea of the government mandating or creating a, as the FBI 
director said, a front door into our devices and our systems, 
is an anathema to the idea that we want to create by telling 
our customers and our users that we have secure systems. So we 
have done this dance before. It was already figured out to be a 
mistake. I'm disappointed that we are having to revisit it 
again when we know the answer. And that is, end-to-end 
encryption with as few openings as possible is the best 
solution we can provide to all citizens in every country.
    Ms. DelBene. As you may know, we have a piece of 
legislation to prevent there from being such a backdoor.
    Mr. Shapiro, did you want to add something?
    Mr. Shapiro. Yeah, I think we are all Americans and we 
sympathize with law enforcement in what they are trying to do 
and so it is a different question. It is not that black and 
white. But I think history has shown that having given 
government a backdoor is not the best approach as technologies 
evolve quickly.
    On the other hand, as Americans, when a super crisis 
evolves, I think you will see companies step up and try to help 
government. I think we saw it in Boston in the bombing where 
technology companies worked very closely to try to find out who 
it was that did this dastardly act, and I think we have to 
recognize there's some flexibility and does not require an act 
of Congress to say that there must be a backdoor. If there is a 
backdoor and everyone must have it, it gets not only having the 
technology industry very uncomfortable, but our consumers very 
uncomfortable.
    Ms. DelBene. Thank you. My time is expired. I yield back, 
Mr. Chair.
    Mr. Issa. I thank the gentlelady and I thank her for her 
important questions. With that, we go to the gentleman from 
Georgia, Mr. Johnson.
    Mr. Johnson. Thank you, Mr. Chairman. Thank you for hosting 
this very important hearing.
    Mr. Garfield, your testimony mentioned the desire of the 
industry to be free from new regulation without becoming a wild 
west of privacy. Earlier this year the Federal Trade Commission 
reinforced this message in its staff report on the Internet of 
Things, where it recommended, among other things, that 
companies build privacy and security into the designs of their 
connected devices.
    Last Congress I introduced the APPS Act, a commonsense 
approach to an urgent problem that would protect consumers 
without disrupting functionality or innovation through a safe 
harbor, and other mechanisms to promote trust through self-
regulation. I viewed this legislation as reinforcing of the FTC 
staff recommendations on privacy and security for connected 
devices, and I plan to reintroduce the APPS Act during this 
current session of Congress.
    Privacy is an issue that should unite us, not drive us 
apart. In an always-on ecosystem where over 25 billion 
connected devices store and transmit information about 
consumers, it's time that we have some rules of the road. What 
steps will private industry take to keep Congress informed and 
address legislative concerns regarding security and privacy of 
these emerging technologies?
    Mr. Garfield. Thank you for your question, Congressman 
Johnson. The point you made at the beginning about the FTC's 
recommendations, particularly around privacy and security by 
design, I think are, in fact, is occurring. The industry is 
spending billions to invest and innovate around privacy and 
security, in part, because it's the right thing to do, but also 
because consumers are demanding it.
    As well, we are advancing, as Mr. Bainwol pointed out, 
sector-specific principles around privacy and security as well. 
And so there is much action happening right now in this space 
and we are committed to making sure that Congress is fully 
aware of the steps that the private sector is taking to advance 
those issues. It is in our business interest to be aligned with 
both you and consumer interest around these issues.
    Mr. Johnson. Thank you. Mr. Bainwol, I want to focus on the 
portion of your testimony regarding advanced driver assistance 
systems. I understand the benefits that you're explaining about 
these systems, the sensors that provide braking assist, and 
adaptive cruise control. I understand newer software will go 
far beyond just those actions. My concern revolves around the 
encryption of this technology. If these systems are being 
operated on a broad range of wireless communication 
technologies between vehicles, how are these frequencies being 
protected?
    Mr. Bainwol. I will give you an answer, and I will come 
back to you with a vetted engineer's answer. So V-to-V is based 
on DSRC which is a technology that was built for the purposes 
of communications between vehicles. And I will come back to you 
again with the specifics of the security that is embedded in 
that.
    We are obviously not at a point of full deployment. This is 
being tested. There has been an expansive test out of Ann Arbor 
over the last several years. It has been tested abroad. And the 
fundamental point I would make is that the benefit stream here, 
if you do a cost-benefit analysis here, the benefit stream is 
absolutely enormous. And yes, we have got to address the cyber 
risks and the security risks, and they are being dealt with 
from the design phase on up. But in terms of the security 
embedded in DSRC, I will have to come back to you.
    [The response from Mr. Bainwol follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    

    Mr. Johnson. Okay, if end-to-end encryption is being 
utilized, how will law enforcement access the information 
stored within a vehicle? Do you have an answer to that 
question?
    Mr. Bainwol. So we would require a warrant of some sort. 
This is, again, this is the point that Mr. Poe was making 
earlier.
    Mr. Johnson. Okay, I'm sorry, go ahead.
    Mr. Bainwol. And so we are very careful and our principles 
articulate very specifically that the information will not be 
shared with entities unless there's a compelling, specific 
reason.
    Mr. Johnson. But there will be an ability to counter the 
encryption or to kind of a backdoor, if you will, for lack of a 
better term.
    Mr. Bainwol. Yeah, I'm going to have--I'm not an engineer, 
and this is a zone that I'm not going to be able to give you a 
great specific answer on, so let me come back to you in writing 
shortly.
    [The response from Mr. Bainwol follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    

    Mr. Johnson. All right, thank you. And I yield back.
    Mr. Issa. I thank the gentleman. You know, I have had two 
of you gentlemen tell me about how you are not engineers, but I 
want to talk about something for a moment that's a little 
complex, and then make it simple.
    In the aviation space, collision avoidance of all sorts has 
been around for a long time. It started with the large 
commercial scheduled aircraft and then little by little has 
come down. One of those technologies, ADS-B is, in fact, 
mandated now in just a few years for all aircraft. And it's a 
cute name, I have said it forever, but now I have to say it's 
automatic dependent surveillance broadcast, ADS-B, or ADS-B 
out.
    Now, that technology, in short, says, here is where I am, 
and it sends it out to everybody. The FAA regulates it. Other 
aircraft while they are sending out where they are, receive 
where you are. It makes for a very exact GPS-based within a few 
feet of knowing exactly where you are, and of course, which way 
you are going, how fast, making a collision almost an 
impossible thing to do if you're simply monitoring the product 
which has alerts.
    The question and I want to make sure I ask it to Mr. 
Bainwol and others, when the FAA, having jurisdiction over 
this, they made a decision that only those who send out a 
signal can, in fact, receive a signal. So today, systems that 
cost anywhere from 6- at the very low end, plus installation, 
to hundreds of thousands of dollars, equipped in aircraft, they 
communicate by sending out and receiving information where 
others are.
    Mobile devices, devices that could be bought for a matter 
of a few hundred dollars that only receive are blocked from 
receiving that information. Meaning that as you roll out a new 
technology, and Mr. Bainwol, clearly these kinds of 
technologies are what big auto is looking at rolling out, 
countless millions of automobiles will not be equipped with 
those systems for decades to come. The 1965 Mustang or any of 
the classic cars that Congressman Juan Vargas has, will not 
ever been equipped with them.
    Can you comment on the need to make sure that any standard 
allows for aftermarket retrofitting of products that to the 
greatest extent possible enjoy the benefits of newer technology 
brought to market in new automobiles?
    Mr. Bainwol. I'm happy to comment. There is a challenge in 
the auto space with fleet penetration. The average age of a car 
is 11 years old. So when you introduce a new technology, it 
takes a long time to wind it's way through the entire fleet.
    Mr. Issa. Not with Mr. Shapiro's aftermarket products.
    Mr. Bainwol. So, in the example of antilock braking, it 
took 30 years to go from introduction to 95 percent 
penetration. So you're point about fleet, penetration I think, 
is a valid one.
    And in the case of these technologies that offer such value 
to society, I think you raise a legitimate point that we have 
to find a way to fill the gap now. The truth of the matter is, 
in part that gap is filled with this phone that Gary peddles so 
brilliantly. Just to give you an example----
    Mr. Issa. I'm not sure Gary wants to be called a peddler, 
but he appreciates you calling many of his members peddlers.
    Mr. Bainwol. So Waze is a wonderful app, okay, and it's 
crowd-source based, and it provides many of the benefits that 
V-to-V provides, but not with the same absolute standard of 
certainty. So we have got to find a way to fulfill the 
marketplace. And I think the app world does a good job of 
bridging that, and then ultimately to fill the fleet. And so I 
think your point is a valid one and we have got to find a way 
to make it work.
    Mr. Issa. Thank you, and Gary, just Mr. Shapiro, the 
question more was as new innovative items come out of the OEM 
market and new fleet, and there's an ability to get, perhaps, 
some but not all of those benefits, government, at least in the 
case of aviation, has blocked the ability of thousands of small 
pilots, pilots with a Piper Cub made before you and I were 
born, in which your mobile device can be put on board today are 
blocked from knowing that there's a fast mover heading for them 
because the FAA has saw fit to block it unless you are sending 
a signal. That's really the question of enabling as much 
benefit from potentially low-cost handheld devices.
    Mr. Shapiro. Mr. Chairman, as a member of the flying 
public, I never quite understood that decision, and I'm glad 
that it's being rectified and albeit after dozens of years.
    Mr. Issa. It is being rectified. All aircraft in a matter 
of a few years will have ABS, or I'm sorry, ADS out. However, 
today somebody can carry a few hundred dollar product and if it 
were allowed to receive the signal, they would be part of 
knowing where a fast mover is, and avoiding it even if they are 
not putting out that signal.
    Mr. Shapiro. Well, I am thrilled to hear you are focusing 
on it because I fly almost every other day, but----
    Mr. Issa. And the Cessna 150 needs to know.
    Mr. Shapiro. Sir, the reason I have been so excited for 
years about driverless cars is the level of death and injury 
that's caused by cars is so huge, and of course we all drive 
them, they are necessary.
    But it can be avoided. We are on the verge of this 
technology and several car companies and Google have proven it. 
And it would be an absolute tragedy if it was delayed in any 
way because an aftermarket was not allowed to develop to move 
it along. And I think that you are absolutely correct in 
indicating that we will get there in two different ways: One, 
the car manufacturers themselves will do everything they can to 
get this technology in the public hands, but along the way as 
we have seen with almost every other automotive technology, 
including I might add, car security, the aftermarket is 
quicker. It can get greater penetration and provide 
competition.
    And what my concern is about some of the privacy 
discussions is when it comes to matters of losing your limb and 
losing your life which is what we are talking about with 
collisions in cars, it is a little less important to have 
privacy than it is in some other areas. So the privacy 
discussion is important. I don't want to denigrate it, but when 
it comes time to our physical safety, it takes a backseat.
    Mr. Bainwol. I just need to address----
    Mr. Issa. Mr. Bainwol, just remember, the two of you did 
take a picture earlier standing next to each other smiling.
    Mr. Bainwol. This is not to contradict Gary, but just to 
clarify. So Gary used the words about fatalities in cars as the 
cars are killing people. I just want to clarify, 95 percent, 
maybe 98 percent, maybe 99 percent of the fatalities on the 
road are a result of both environmental challenges and human 
error. The car itself works rather beautifully, and the 
critical point that we would both embrace, is that----
    Mr. Issa. I certainly think Mr. Shapiro was talking about 
antilock brakes, traction control, all of the items that have 
come out that have reduced the death rate in all-too-flawed 
drivers.
    Mr. Bainwol. We are very proud of those technologies. We 
want to see them move into the fleet as rapidly as possible, 
and those technologies are the answer to human error which is a 
huge problem.
    Mr. Issa. Thank you. And Mr. Reed, since you were given 
credit for the development of those apps, your members wanting 
to be able to develop apps depend on either an open standard or 
in the alternative, being able to, if you will, hack in order 
to create interfaces because otherwise you're locked out of 
interfaces with the automobile and other products. Isn't that 
true?
    Mr. Reed. So open standard would be a significant part of 
how this moves forward.
    Mr. Issa. Or published standards.
    Mr. Reed. But I also think you will end up with published 
standards, and you will also end up with what I believe will be 
interfaces where I won't have to hack it. There is the 
connotation to hack which is a little odd.
    What will end up happening is, is that APIs will be 
published by the car manufacturers that will allow me to the 
tie into the existing system, or I will do it through the 
phone, and the phone manufacturer will have done a deal with 
the auto dealer and then I will have a secure, safe, API 
platform that I can build out the apps on.
    So I'm actually quite hopeful about the connected car. And 
I think that's a place where you are going to see an explosion 
of apps that will be really helpful and beneficial, especially 
those with kids in the back seat.
    Mr. Issa. Well, earlier on I mentioned in the opening 
statement that we do not have in this Committee the 
jurisdiction over the bandwidth necessary for many of your 
products. We do, however, have a mandated seat at the table in 
consultation with the Ways and Means Committee and with the 
Administration in trade. Under Trade Promotion Authority for 
both the European trade and the TPP in the Pacific.
    I would like any of you that want to comment on the 
importance of global standards of getting the Internet of 
Things to, in fact, be embraced in a way around the world that 
allows either for economy of scale, or consistency of service, 
and I will go right down the line on that. Mr. Shapiro.
    Mr. Shapiro. Global standards are nice, but they are not 
essential. We have seen in technology that politics and ego 
often play as to whose country's standards, you know, there's 
several----
    Mr. Issa. I wasn't necessarily only talking about 
standards. I was also talking about the access that trade 
promotion is intended to have, the acceptance without tariff 
for barrier of American products.
    Mr. Shapiro. Okay. So standards is one issue, but the fact 
is, is that trade promotion is good. The ITA is great. We are 
very excited with the direction things have taken in the last 
month. It's positive. Obviously, to the extent that these 
devices get out there, and they are improving people's lives 
and saving lives, it is an important thing.
    If there's an international low tariff approach, that's 
always preferred to one which is country-by-country, high 
tariff.
    Mr. Issa. Mr. Garfield.
    Mr. Garfield. I think the opportunity that you highlighted, 
that trade agreements provide for driving global consensus-
based standards that help to advance scaleability and 
interoperability, are a net positive; hence, our strong support 
for Trade Promotion Authority and ultimately the trade deals 
that will emanate as a result of that.
    Mr. Bainwol. With a complex blend of membership, sometimes 
trade gets tricky for me. But I would say----
    Mr. Issa. Some of your members are for it, and some are 
against it, and you are with your members?
    Mr. Bainwol. It's more complicated than that. But the 
notion of harmonization is absolutely a valid one.
    Harmonization has been around for 100 years as a concept, 
but we are building to different standards all around the 
globe, and that ends up upping the cost of the product for 
consumers all over.
    And a new car is safer than an old car so we can reduce the 
cost of a product through harmonization. We are getting more 
people into newer cars and that's safer and that's good for 
everybody.
    Mr. Reed. Two quick points. Every single one of your 
Members of this Committee has a company in their district that 
is selling an app overseas. Guaranteed. We see about 20 percent 
of all the apps in China, are actually from U.S. companies, 
which is huge. If you pay attention to the China market it's 
hard, which brings me to the second part.
    Our one concern about standards is that we are finding some 
countries are dipping their toe into the idea of creating 
quote-unquote, ``domestic open standards'' that are slightly 
tweaked from the United States, and these are strictly barriers 
that they are putting up to protect domestic manufacturers, 
domestic app developers. We have seen it in the WiFi space, 
around the globe. We are seeing tweaks to standards strictly to 
protect domestic production.
    And so we would support your perspective on improving trade 
and improving those standards so that they are available to 
all.
    Mr. Issa. Thank you. And on that note, with no further 
questions, this will conclude today's hearing.
    I want to thank all our witnesses. Without objection, 
Members will have 5 legislative days to submit additional 
written questions for the witnesses, and additional materials 
for the record. That also leaves our witnesses 5 days, if you 
could please, to provide additional material, including that 
which some of you promised to give to our Members. And with 
that, we stand adjourned.
    [Whereupon, at 11:42 a.m., the Subcommittee was adjourned.]
    
    
    
    
    
    
    
                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                 [all]