All right. The task force will now come toward her. Financial services, threats, challenges, and opportunities. The chair will recognize itself for four minutes for an Opening Statement, thank you everyone for joining us today for what should be a very interesting hearing of the task force to explore the j dangers of threats for ai. Ai is making it easier for criminals to religion is criminals activities and how we can safeguard one of the most important things in our account economy which is already the preventative right is an important problem in Financial Services in 2018 alone, almost 15 billion is asserted to have been stolen from consumers online. This does not include more indirect future cost of having a compromised identity. Today, criminals have lots of tools at their disposal, to get sensitive Consumer Financial data. And, there is a complicated situation a member of Congress Finds themselves in that we go to briefings like the one i have just seen from ms. Walraven. Just how massive the problem is and the techniques that are available. We realize that mentioning them in public is not a wise thing to do, so this puts us in a tough situation. But, i urge all of my members on the committee here, and the staff interested to get those briefings, from members who are testifying today, to just see how big a problem this is, because it is costing us probably a lot more than that 15 million. And, there is a large number of tools criminals are using today, random malware attack, these cyber intrusions are only becoming more sophisticated. The story of a voice synthesizer, ai enabled voice synthesizer used to generate fake instructions from what an employee thought was his boss to move on somewhere where it should not have been moved. That sort of attack is going to accelerate with the technology, as it gets more advanced and widely deployed. The stakes in this are enormous. With simply a name and address and Social Security number criminals use stolen identities to steal credit card and bank account numbers, of changing fraudulent refunds, the list goes on. Financial services behind 25 percent of Malware Attacks had banks and other Financial Service organizations which is more than any other industry. In addition to the billions of dollars that Financial Institutions are spent each year on Cyber Security they also spent over 25 billion per year on antimoneylaundering and know your customer compliance, with large institutions spending up to 500 million annually. Artificial intelligence is only enhancing cyber criminals, being used more find vulnerabilities, impersonating someone force her face in a phishing scam much like deep takes that everyone is aware of. It can be used for something called synthetic Identity Fraud, that is where criminals make up fake online identities, by combining real and fake data from lots of different people, along with Social Security number, what they can buy cheaply off the dark web, these identities look completely real and criminals can use them to open new Bank Accounts and financial records of transactions that make the synthetic identity look more real. At the end of this unfortunate common practices the socalled breakout where you simply take out a massive loan you never repay, by a car offshore, the sort of scam happens using his synthetic identities. And, you know, there are a number of things we could do. I was very impressed by the roadmap produced by jeremy grant, one of our witnesses here, his Organization Better identity. Org. If someone only has time to read one document in this space, that is what i found the most useful, it provides a roadmap for what government can do to help, because i think that government has a unique role in provisioning the id. That we ultimately should take the responsibility from obtaining a valid list of citizens and i think that there has been a lot of emotion, birth by government, and emotion in terms of Public Perception of what is needed here. So, this is one of the reasons i am really eager to hear from the witnesses in this hearing and i guess i in light of the fact that we are unlikely to have a large amount of time because votes may be intervening, i think i will cut off my comments here, and turn it over to my colleague representative hill. Thank you mister chairman, for convening the hearing today as part of our task force on Artificial Intelligence. I know this is a topic that you particularly care deeply about, and i am very interested in learning how our systems can be modernized in such a way that protects the privacy of personal information of all of our citizens, i look forward to hearing from the panel today, which we anticipate in a Digital World, where we are distributing Financial Services product to italy through banks and loan banks across the country, obviously, whether it is a mobile app, or through the internet, through the web, this issue of authenticating, someone you are truly doing business with, just granting you the Financial Services company, access for a particular purpose, all this relates to how we identify and authenticate people in the space. A lot of people who are not banks or Financial Service providers are not covered by grand leach, and Service Issue of how do we improve this and offer innovation is so important. If we think about the Digital World, you cannot really have a completely Digital Process in 50 states in this country or internationally, if you dont have the cyber protections we are talking about in terms of data being protected, and also that authentication process, so that individual users identities. So, i think that is why this hearing is so important to the work rear hearing to the task force, and it is so important for our private sector players, and by i think our regulators on how we enhance the robustness of identity, how do we do it, how do we authenticate people into more of a effective way and move beyond username and passwords, but have spent the last 20 years repeating our pets names and 123 et cetera as a way to get into systems, as helpful as may be just a sharing app, or lives online. Here the federal government does not have any better track record in the private sector. We have been in this committee, congress 4 1 2 years, spent a lot of hours in this room talking about the incompetence of the federal government protecting peoples privacy and our data. Obviously this is a key issue for both the public and private sector. Financial Service Company is Doctor Foster a list more for this kind of attack 300 times more frequently for nonfinancial businesses, an admonition that is where the money is but also if you are a state doctor that is where the disruption is the most is a very vulnerable point in the western world. Thanks to advances in technology, such as Artificial Intelligence, Machine Learning it is becoming increasingly easy to authenticate individuals and mitigate that kind of fraud. We must be vigilant as policy makers to ensure that all of our Sensitive Information remains private, i look forward to hearing witnesses help us understand these issues and what we might consider either legislatively or it was torelli to improve this process, and to improve that discussion. With that mister chairman i yield back here to thank you i would know like to yield limited to mister mchenry the Ranking Member of the full committee. Thank you. Equifax, capital one, what is next . How many breeches will it take before Congress Takes appropriate action to view Cyber Security is a top priority in combating Identity Fraud as a top priority. Only a few months ago we had the worlds biggest bank, right to the same panel you are on for Cyber Security chief threats to the financial system, not growth at home, all people in europe or slowdown in china, but Cyber Security. What i appreciate about this panel, and i appreciate the work Mister Foster has brought to the table here, because we begin with a bipartisan challenge, a challenge that we can then seek Bipartisan Solutions for hearing congress. And, new thinking, innovative approach to this really cumbersome dumb password username situation that we are currently in, and a new type of thinking occurring in the private sector, but to ensure the policymakers keep pace with what is happening in the private sector. Moving this along much faster, thanks so much of a forward to your testimony. Valerie append, managing director of venture security, german grant, coordinator of the Better Identity Coalition. Amy walraven, president and founder of turnkey solutions, and and her boys, chief identity officer, security technologies. Witnesses are reminded that your oral testimony will be limited to five minutes, and without objection your full written statements will be made part of the record. Ms. Washington . You are now recognized for five minutes. German foster, Ranking Member hill, task force for Artificial Intelligence im grateful for this opportunity to speak. Before i became a professor i spent eight years in Financial Services, in addition to many years working in support of this chamber, my name is anna washington. Why did i give my name . I gave you my name, because it is an identifier. And digital Financial Services rests on its ability to guess that you are you through identifiers like your name. Artificial intelligence goes further by taking action based on a presumed identity. Those actions have serious consequences. Today, i am going to explain why ai makes mistakes if they are inevitable and what we might do about it. Consider a firm with an ar system that works 99 percent of the time, thats great, right . But actually, in a business of 10 million people, clients, that means it fails on 100,000 people. 100,000 people who cannot get credit in an emergency. 100,000 families that cannot get a Home Mortgage and build wealth. 100,000 entrepreneurs who cannot get a start at a small business. My examples focus on individuals but lets not forget that owner operators who are individual with their own business Face Even Greater financial risk. Much of the Data Technology today was designed for marketing purposes. If i get a wrong coupon or useless ad it is a momentary curiosity. The Financial Services stakes are higher. A digital mistake is detrimental and ongoing. A few items from the news, that Jennifer Norris of boston routinely was in danger of losing her job because of an inability to resolve a dispute about her identity. A teacher in maryland had to give up her livelihood because she was in a profession that required continuous recertification. As depicted on this slide is new york novelist with all of her daily roles, and author, a parent, a friend, she does not see herself primarily as a new york driver. Next slide shows you how her computer sees her. She is the information on the slide, primarily a name and a birthday. Yet someone else in new york has the exact same name and birthday. The lisas have no records to resolve the confusion. No organization can fathom the likelihood of this coincidence. A data double is what the scholar Evelyn Ruppert calls them the facility with the identity the identifiers but is not you. Im a Computer Scientist with a degree in business i will tell you that i think this stuff works but i can often tell you there is little financial incentive to fix these mistakes because mistakes will happen. It is mathematically certain, in fact, you can just go to the final slide. What are the chances you will meet someone with the same birthday . Its actually very high. It only takes 23 people in the same room, probably the members of this committee and your staff , there are two people with the same birthday. If you go up to at least 75 people i dont think we have that many here, it is 99. 9 percent certain. Coincidences are not as rare as we perceive them to be, so what can be done . Artificial intelligence identifiers built for a global audience needed to scale. That means that you have to respect naming practices that come from different religious traditions are different cultural traditions. Even nonlatin characters. Finally, i will argue that we need a way to get feedback back into identity systems. As a technologist i want to know how i can improve and also incrementally make these systems better. It could also lead to towards procedures and handling exceptions. One example is the midas system in michigan which accused jobless people of fraud without recourse and that is one example of the way that ai systems need a feedback mechanism. Now, i argue that the authority of Human Experience must balance authority data. Because mistakes happen and experience matters. Each of you has someone in your district officer does paperwork. Why is that . Thats a recognition that institutions sometimes obscured the needs of individuals. What will be the process for disputes and Artificial Intelligence . Thank you. You are now recognized for five minutes to present your testimony. Chairman foster, Ranking Member hill, my name is valerie and i lead adventure security practice for north american Financial Services clients. Thank you for the opportunity to join you here today i commend this task force on exploring the importance of Digital Identity and its intersection with intelligence. Digital identity and Access Management is incredibly important to Cyber Security. Enhancing privacy, and ensuring trust in Financial Transactions. We live in a digitally connected world where customers demand for access continues to increase. Im taking a loan or paying my childs babysitters, most of these happen online, and key to these transactions is trust. Trust that the individual we are conducting the business with online is whom they say they are. However, the information we used to validate our identities now, is widely available through social media postings, making us more vulnerable to spearfishing campaigns. Simply put, identifying yourself online through passwords, usernames and security questions is no longer working. I would like to draw the members attention to the slide that lets five global Cyber Threats through Financial Services as outlined in a recent report republished. Identity theft is first because it is at the root of almost every breach. Not only are cyber criminals spearfishing to gain access into enterprises but once they are inside these networks, they compromise other access credentials moving throughout the company, ultimately gaining access to data and systems. I like to call this access inside of systems the machine middle. One of the bestknown examples is the 2016 cyber heist from the Bangladesh Central Bank where attackers stole 81 million, that was more than three years ago, attackers are building new capabilities to commit their attacks in ways we have not even thought of yet. This is why we must use innovations including ai to thwart them at the speed Cyber Attacks occur, attacks leveraging financials in bangladesh will remain possible until we change the way we allow access into tech and responded machine speed when they sense that something is amiss. Today we can use ai enabled to enable Financial Institutions to have a more accurate picture of employee access across a complex enterprise. Through these tools managers can make better decisions to systems and what data is allowed in real time. Customer facing side leading organizations are leveraging biometrics, ai analytics and multifactor authentication to make realtime authentication decisions to approve transactions and set limits around those transactions. In the blink of an eye, a Financial Institution can make clump complex Risk Management decisions about whether a person using their mobile app are in fact their actual customer. This customer Risk Management approach is not just in use in the United States, and other developed countries, but, also in emergency and emerging economies where these new tools are providing secure online identities. For example we at accenture are a parts of the id 20 20 alliance which was formed to develop a reliable Digital Identity were people in developing countries of can confidently receive Government Services and validate their identities for employers, schools, and other service providers. These advances provide individuals with more Security Control over their data, giving them the ability to decide who to share their personal information with, what to share and for how long it can be shared. Congresses help would greatly benefit our nations ability to improve Digital Identity is a cornerstone for better and more safe Online Transactions. First Congress Needs to pass a National Privacy law which will build confidence and trust in the economy while enabling the private sector to gain wider adoption for products and services. A good starting point for this is the framework released by the Business Roundtable last year under the leadership of our ceo, julie suite. Congress should help foster an environment for Digital Identity information through proofs of content which enable the testing of new abilities to scale. I encourage you to design attempts that our Technology Neutral and interoperable with other sectors. In conclusion mister chairman there is much work to be done to be build Digital Identity ecosystem support Cyber Attacks, improves privacy and ensures trust. I want to thank you again for the opportunity to discuss these issues and i look forward to your questions. Thank you, mister grant you are for five minutes. Chairman foster, Ranking Member hill, thank you for the opportunity to testify today. Im here on behalf of the Better Identity Coalition, lost last year to focus on bringing together different firms from sectors to work with policy marketmakers on the way americans establish protect and verify their identities when they are online. Members include recognized leaders in Financial Services, health, technology, payments and security. 22 members are united by common recognition that the way we handle identities in the u. S. Is broken. By a common desire to see public and private sectors each take steps to make identity systems work better. Let me say up front i am grateful for this task force with hearing today. The way we handle identity impacts Security Privacy and liberty. From an economic standpoint particularly as we move to high value transactions in the Digital World, identity can be the great enabler providing a foundation for Digital Transactions and online experiences that are more secure, more enjoyable for the user and ideally more respectable of their privacy. When we dont get identity right reenable a set of attack points for criminals and adversaries. A whopping 80 percent of Cyber Attacks are executed by taking advantage of weaker stolen passwords. 81 percent is in an enormous number which means it is an anomaly today when a breach happens and identity did not provide the attack vector. Outside of that we have seen adversaries steel data sets of american so they have an easier time coming up with compromising questions, a key take away from his committee to understand is that attackers have caught up with many of the firstgeneration tools we have been using to protect, verify, and authenticate identity. There are a lot of reasons for this, there is certainly blame to allocate but the most important question is, what does government and industry do about it now, its a key point, government and industry, because one message i think this task force should take away from the hearing today is that industry has said they cannot solve this alone. We are at a juncture with the government where they will need to stop up and play a bigger role in our Digital Identity fabric. The Coalition Published a blueprint that outlined key initiatives the government should launch to improve identity that are both meaningful in effect practical to implement. A few highlights, first when talking about policy impacts, it is essential to understand identities, number to sort out which jeremy grant i am among the hundreds of us in the u. S. And identity identify which is something i can use to prove i am really me. Ssn should no longer be used as authenticators which means as a country we stop pretending the numbers a secret or that the knowledge of a Social Security number can be used to prove that someone is who they claim to be. That does not mean we need to replace them as identifiers. Instead lets build systems that treat them like widely available numbers as they are today. I have not seen systems that dont involve billions of dollars confusing hundreds of people and do not give security benefits. Second, multistakeholder efforts, the World Wide WebSalt Consortium have developed standards for authentication now being embedded in operating systems and browsers in a way that enhances security and user experience. The past sarah is near, taking advantage of id proving solutions. This is not about national id and we arent recommending one be created we arty have an authoritative drivers id system drivers license passport e ssn. Our challenge here is what we call the identity gap that all of these systems are stuck in the paper world while commerce is moving online. To fix this americas paper based system should be monitored modernized around the consumer centric model that allows a consumer to ask a Government Agency that has issued a credential to stand in the online world by validating the information from that credential. How would this work . The animation that is up on the screen from our policy blueprint demonstrate is at the it is about creating a paradigm that starts with the needs of the consumers. Here we will start with someone and stacy tried to open a bank account online. Providing basic identity information but since she is not in person with a physical id the bank does not know if it is her or for that matter whether she is a real person here at all. Here stacy will ask somebody that already knows her the dmv to help her prove she is who she claims to be. Mobile driver license up on her smart phone she will unlock it with a biometric like touch id, that unless a crypt id in the phone that can log into the dmv to make this request. Because that app was securely issued to her phone at the time she got her drivers license because she unlocked it with her biometric on the device, there is now a chain of trust in place that allows the dmv to know it is stacy actually making the request. With secure authentication and authorization the dmv and bank and set up a secure connection in the dmv can validate her identity. This concept was embraced in the 2060 report from the Bipartisan Commission on enhancing Cyber Security published in may. I appreciate the opportunity to talk today, i have submitted copies of the policy. Blueprint pretty thank you, miss walraven you are after five minutes per thank you chairman foster Ranking Member hill and members of the task force the opportunity to appear before you and provide my testimony today to provide discussions on the future of identity in the Financial Services sector is full of challenges and opportunities. Prior to starting my company has been 20 years in Financial Services sector, a lot of institutions for the last 10 years of my career i was at j. P. Morgan chase responsible for establishing business practices, mitigation and remediation of various threats including credit stats, synthetic identities, identity manipulation and cutting abuse. As we consider how to utilize big data to navigate consumers, it is important that we gain a cover has an understanding of what combats of identity identities are i have been asked to provide a overview significant illnesses contribute in to the threats and challenges we are facing. A synthetic identity in its basic form a Social Security number, name, date of birth, it is important to note that creating a synthetic identity is materially different than identity theft. In cases of traditional identity theft, i am impersonating a person to take over an existing relationship. The criminal is using just a limited number of elements of two persons identity, distinct persona. That is intentional, they do not want to comingle with an existing person. Once that synthetic has been created you can use that for anything you can use a conventional identity four. Obvious the product in the Banking Service but you can create a social media account, interns insurance products, rent an apartment obtain utilities, and enroll in benefits programs. You can use it for any purpose that the creator intended, and whatever they are controlling it for. To better understand the threat of synthetic identities it is a burden to understand the landscape influencing them. Technology plays a huge role, speed and convenience but at the same time it is created with anonymity for the fraudsters. In the structure is along time ago constructed to do more things that it was not intended without really being able to keep up with the technology and threats in the landscape today. Consumer awareness, consumers are educated on understanding the importance of their identifiers and being able to stay away from compromising their information. That information is put out to protect phillips is also used by criminal organizations to understand how intersection works and designer impact specifically to exploit those types of avenues. Done a lot to protect against theft victims and have done a lot to make sure that they have ways to remediate when they have been victimized. We have seen those same protections exploited, leveraged and abused by criminals. We have done a lot to try to make sure that we have the ability to erase and eradicate anything related to the identity thief but when it comes down to actually having a synthetic identity, is protections leveraged by them. Data breaches were originally focused on optimizing credit and debit data, and once we in the cards that information was not as useful as it had been in the past, so now we have started to move to pir, more static information, Social Security numbers and dates of birth, these factors play a major role in the use of synthetic identities, specifically engineered to evade existing controls while avoiding vulnerabilities in the Financial Services demand beyond. Many groups committing this type of fraud or highly organized sophisticated and intended to be transnational in nature. These adversaries are focused, committed, wellfunded, and have access to the same technological advances as we do. As an industry, we must be proactive in actions unified into fences and effective in applications of evolving technologies including Artificial Intelligence as we seek to deliver unprecedented speed and convenience to mobile Technology Dependent consumers and businesses we must remain vigilant in understanding threats to our interest and infrastructure. Synthetic identity thought any fraud in the United States and around the world is widespread and conceivably pervasive. It is being amplified by products and processes coupled with the proliferation of available data synthetic Identity Fraud operates across all dimensions providing access to programs making it essential that we act in a unified manner to protect the integrity of our infrastructure. In order to do so we must recognize the complicity of these frauds and be informed on the severity and scope advances in technology alone cannot identify or resolve these issues. Mitigation efforts from industry must be fluid and nimble to ensure we have the ability to effectively address these issues with urgency they deserve. Our framework needs to be upgraded to address Identity Fraud and be universally defined for institutions to detect report and remediated. Thank you very much i appreciate the opportunity and look forward to questions pretty thank you. Mister boys and youre now recognized for five minutes. Chairman foster, Ranking Member hill, members of the community thank you for inviting me to discuss the future of Digital Identity with you today. I look forward to sharing our experience in building a nationwide Digital Identity network with consumers that works across the economy. A Canadian Company that is a world leader in providing Technology Solutions for citizens to easily access high value digital services. We focus on the intersection of the citizen, public and private sectors, privacy and content. Digital identity is not just about system expectations. Companies, governments, and other organizations have strong incentives to list transactions online to realize cost savings and Customer Experiences and increase business integrity. An organizations ability to to do this hinges on a single question, can i trust the person or Digital Identity at the other end of the transaction. As jeremy has artie said identity is broken and it is deeply problematic for citizens and business. To recognize clients and provide trusted access to Services Online organizations typically deploy a mix of analog and Digital Measures to mitigate risk. As we have seen the solutions tend to be complex, and are not fully effective. A continuously changing kaleidoscope of edification message methods to satisfy the on boarding needs of the organizations receiving services from a while we read stories every day about data breaches and online and present it as there is reason to be concerned. Fraudsters are collecting information to know as much as a more as then the citizens they are impersonating. Counterfeited and also often impossible to check. The document with the issuing sources but even biometrics method which are presented as a solution to digital fraud, increasingly being targeted by hackers, you cannot change biometrics and easily be tracked. Our collection of systems are too hard for consumers to use, it is not solving the problem, and too expensive to be sustained. If every web service for itself. Consider the ceos of twitter and facebook, dorsey and zuckerberg. These two leaders know how the system works, understand identity best practices and other resources in the world at their fingertips it even they have problems controlling and managing fraudulent access to their digital identities. Mister zuckerbergs problem was selfinflicted while Mister Dorsey became the victim of fraud. If they cannot manage and be protected in the current digital landscapes, how are the rest of us supposed to manage . Urging greater Online Security vigilance has passed a point of diminishing returns but it needs to be said that there is no organization on the planet that can solve Digital Identity on its own but it takes a village to make Digital Identity work. Each player playing to their strengths and combining to create trust greater than the sum of their parts. Modeling the Publicprivate Partnership between Financial Institutions and other trusted partners. It is a gift to get model. For example, governments are the foundational issuers of identity documents, in the form of registry and immigration documents. Governments also link their records with a fighter to a living person by issuing a drivers license or passport. The government is not as adept at the commercial sector knowing if a person is at the end of a given digital transaction. The irs has a file on everyone in his room but they would be hard for us to point any of us out in a crowd. That is why they use kba. This brings us to Financial Institutions competing billions of its indications per year. Organizations only rarely act interact with governments, maybe renewing drivers license or passport every five years but they will log into their bank account several times per week. This increases the integrity in transactions for banks. And our mobile devices are always within reach. Carriers have some security features that are important and tied to cyber account. Technologies built on open standards. Verified developed in cooperation with several major Financial Operations in canada, the first of its kind approach to solve Digital Identity problems we have been talking about today with prayers and positive, higher integrity, greater cost efficiency and better privacy. With the Information Services already available we have developed a model we think will work around the world. The u. S. Department of Homeland Security defines technology directive directorate under neil john, and the Authentication Council of canada, thank you for the opportunity to share my comments with you today. Thank you. I will now recognized five minutes for questions. Mister graham, one of the things that impressed me in your testimony is the bipartisan nature of the support for this. You were very involved in the obama ad ministrations initiative on secure online digital id. And, it appears as though omb and the Current Administration is actually strengthening those initiatives. Could you briefly outline what the recent history of government involvement is in strengthening and augmenting themselves online . Sure. Leading an Obama Administration initiative for trusted identities in cyberspace although i was a Civil Servant when i was there and stationed up the road where i served as their Senior Advisor for the management and ran the program. This has never been a partisan issue as you point out and expect to see that issue continuing today in the task force hearing much of the program as it was known was focused on how to catalyze a marketplace, the idea was the governments role, the way things are in the u. S. Should be limited, but government should play a role where there might be gaps to fill, and, there was a lot of good work done then that i would say is now flowing into the work that is driving the Better Identity Coalition in terms of looking to carve out an appropriate role for the government, without one where there is too much of a role for the government. So, as i mentioned in my written statement, and Opening Statement in may, the office of management and budget signed memorandum 19 17 into effect, thats 13 pages updating a lot of the governments Cyber Security policy as it impacts identity and we were excited to see they took one of our key recommendations, basically calling for agencies to create privacy enhanced apis which would allow consumers to ask an agency validate identity information about the cells either public or private sector applications. And, so, i think now that that is in place. There is a good policy foundation in place for the first time for the u. S. To start to bring government playing more of this role for consumers. Thank you. And ms. Washington, you both touch on your testimony the fact that the lack of a way to authenticate yourself falls most heavily on those who are not wealthy. In developing countries one of the real improvements in the quality of a citizens life comes from having a way to dictate to themselves and prove who they are. I was wondering, this is counterintuitive i was wondering if you could add a bit about why this is. It is interesting, that what we have found if you look at some of the things even the chair of the fdic has said recently about how Public Comments about how individuals who are on bank for under banked have cell phones, and they use those funds to conduct their Financial Transactions. And, so, if we could establish the kind of confidence by having as i put in the recommendations, the National Privacy law, i think we would go a long way to engender trust, so that they have certain protections through the National Privacy law, and, you know, a much less complex way of understanding what those protections are while also being able to use the tool in their hand, to be able to validate themselves for Financial Transactions. Through this process that would give them access to Financial Transactions in a safe and sound manner. Miss washington, anything to add . I just want to say that right now, without a standard way or standard procedure for disputing authentication issues, people who feel less powerful in society are not going to figure out how to do this. So by default, we will not have people involved in disputes. Is budgeting that there is also probably a tendency for wealthy people to have a more established financial transaction records that can be used in a sort of secondary way to make sure that the person is real, and so on. Ms. Walraven do you have anything to add there . Is and we also have to take into consideration, that all the things that we are putting in place to protect consumers, which are all very valid, there are much easier way to take a step back and go through and negotiate with the system. I think all the controls we are putting on for Artificial Intelligence and authentication, you need to know who that person is and then you can you can go through and do the a syndication, you need to go further up the chain, and make sure that identity is actually fascicle factual first and then can build controls behind it but we need to get to the root of the issue instead of just addressing in some cases the symptoms. And, i think that is really how we can get much more collaborative between industry and government, and i definitely think we need to do that because the current instructor is doing a good job with what it can, but we need to reshape the issue and look at it from a different lens. Thank you. The gentleman from arkansas mister hill is now identified for five minutes 30 before i begin my questions i would like to ask something be submitted for the record, one area that has been concerning to our industries across the country, is business email compromise, which is just another commercial form of fraud, and in that regard, i would like to submit a letter from chairman powell, as well as the response he had on this issue and how important it is and i would like to submit that for the record 30 without objections from the room . This has been a really good panel and as i said, we are trying to correct the world we live in, and prepare for the world of the future and we cannot do that, without this strict privacy standard, and the ability to authenticate who it is we are doing business with, i thought each of you gave great opening comments and i am grateful and i was pleased to hear, mister grant you talk a little bit about ombs issues because one of the things this panel has had her dinner task force consistently of the dangers of data scraping, which is not a best practice out of the same tech world for accessing customer data, can you reflect will ombs policy impacts that in the government sector and is it a good standard for the private sector, too . Splitting the new policy assumes there is some followup to get more agencies to start providing validation Services Online which will help to contribute to some of the challenges we have seen in open banking rehab different syntax you might want to scrape Financial Data but i have been impressed by the work of the Financial Data exchange is a group that was incubated in the fsi socks, the Financial Services doing a lot of Cyber Security work they brought together banks and firms to work on coming up with a standard api, which leverages wellknown standards like open id connect that will allow consumers to decide to essentially securely grant certain access rights to some of their Financial Data and because identity is that core control, if we were able to enhance, some of the ways we do Identity Verification through that api with some of the things that the government can provide and we will have more Robust Solutions across the board. That is very helpful. And, ms. Walraven walraven, this issue of synthetic identity , could you explain that a little more in your testimony, are you suggesting that people are just aggravating a good address of a different name, different Social Security numbers so they are not imitating the exact person, they are creating a synthetic individual, so they are using all validated information is that what you are sick justin . Similar. Basically, a synthetic can use someones real information, lets say Social Security number, yours are a child Social Security number in and what they will do is they will take that, at a name which is different than the real persons name, date of birth and if they are going to go in person somewhere, they would probably make it closer to what is likely for them and put it in an address they can control and from there, they create legally separate and distinct identity, so it is not real, per se, as far as it has been a real person, it is a real person doing it potentially, but it is not a real identity. But, it functions in a digital and paperless area exactly like a real identity. And, when they creates that they know their mothers maiden name, they now userid and password, they now the different security questions, because they created them. So when you go to do the authentication afterwards, you want to catch them, because those credentials are known to them. Thank you for your contribution. Mister grant, i am interested recently about the beginning of a limitation of the california statute. For the 4 1 2 years i have been in congress with privacy and data beach data breach navigation here, and witness the battle between retailers and the Financial Services industry which grows tiresome here on this committee. As a desire to have a 50 state solution, which would be great in a Digital World if we could do that. Now california has acted, i am interested in your views is positive for the consumer, is it a decent basis in terms of the definitions they struck, the approach they took for the federal government to consider . I think is a cpa writ large we will have to see how the implication goes and whether it is a positive for the consumer. There are a couple of things on the identity side i have been very concerned about. Including the fact that it took kind of an ambiguous approach to whether you can use data for Fraud Prevention background over in europe did a pretty good job saying you can use data for marketing purposes, all these rules apply. But, if i am analyzing data i am able to capture about the way you are interacting with the device, that is for security or Fraud Prevention only, that is okay. In california, they took a bit of a different approach, i think some of this might have been because the law was written in a week the history of it was trying to head off a ballot initiative, and so, they said the consumer cannot go to a company that has information being used for security and Fraud Prevention and ask that that information be deleted which is good. But, they did not go ahead, you could not go to a company adopt out of the information being used at all. The concern there is that if even two percent of people go to companies and tell them to turn off the Security Analytics control, that are some of the best tools we have today to prevent things like credential stopping attacks or other spoofed identities, it will put people at risk, consumers at risk and business is at risk. Thank you very much. We will come back to that. Distracted come in from North Carolina is recognized for five minutes. Thank you, it has been a great testimony and informative panel, which i think is quite constructive again, quite constructive for what has been as mister hillel, a rather tiresome debate, between retailers and banks on who holds the bank without talking about progress or fixing the problem they Want Congress to intervene and make the decision on who gets sued. So, lets get beyond that, solution set. I would like to hear the story of what your company is doing in canada, to verify identity. And, the undertaking you and your company have had. Thank you. Theres two generations of services relaunched in canada the first was in 2012, that without the problem canada had, i look for Tax Authority every single time i forgot the password, so the challenge was how to deal with an email password recess they have to send mail to my house being a canadian i solve my tax problems with them another way and they sent me a fee two weeks later i dont type it back and im back here next year and do the same thing. That cost 40 a shot. 2004 through 2012 i spent they spent 5 million canadian. Subsequent hearing 2012 through 2018 the cost of come down to roughly 200 million, an order of magnitude in savings. The reason is, canadians now are able to use the bank account of the government, this has been transformational. The reader this works better is because canadians are in their bank account every week, so they are not the password. More importantly, if they do forget they are on devcon five and have to run down to the bank right now because theyre terrified her money will be lost. Thats all fisting which is increasing the integrity of the transaction. Authentication only did not solve the event identity problem so this year all the major banks and canada, relaunched the Identity Service which allows me to prove my identity based on banks, tortured and Government Data that i authenticate with each of those providers myself and then i am able to under my control give that when i want to sign up for any service. So this actually increases integrity for all of those endpoints and takes their cost on it gets better results, too. Okay. Verify me. Right blocking technology, walk us through that point yeah. So, we did not start off saying blocking is cool, we came at it from a different point of view. Any organization consuming work from the identity, requirements number one, is becoming an authoritative server source, someone we would know and trust the government is uid, the second requirement they wanted now is that the data has not been altered since it was written by that source,s the cook didnt take my information at the photo on it. The third requirement is they want to know that it applies to the person presenting it, let me ask you a question about why block chamfered block industry very specific things. It allows us a thing we call triple blind privacy. The bank does not get to see my online destination when i use it to get to the government for the government in its place know that i came from a tier 1 bank in canada but not which one. And our company which operates the network does not know who you are pretty triple blind privacy is not the bank or the complete user journey. When we try to do that with identity up the middle were going to get the field luck we want to figure out a way to do triple blind identity so i can send my identity to the irs without anyone knowing who else is involved. It allows us to meet the integrity challenge to meet those requirements we talked about, the third side benefit is we get resiliency because people know it is hard to not a denial of service attack. Broadly, the cryptography, block chain cryptography has leapt forward, in order to ensure you can have that movement of data. Heres a different question. Is there a different cultural assumption between the folks in United States versus folks in canada, about their Digital Identity, and that willingness to share their data . I would say the stance between the two is very similar on this front, privacy regulations in canada are generally better, that bolsters canadians confidence when they are doing it, when something negative happens they have somewhere to go and get himself sorted. So i would say the model would work hereto. Excellence. Lets get at it. Pitter patter, lets get at it, lets make some progress thank you for a great panel highly informative about three hours more questions but every one of your top notch, thank you for being here. Thank you. The gentleman from georgia is recognized for five minutes. Thank you mister chairman. Thank you to all of you on the panel here, this is intriguing coming from an i. T. Background, weve been dealing with cyber issues quite some time, dealing with Intelligence Data all the way up through even protecting businesses, it is an ongoing challenge, and transactions that happen especially in Financial Services sector, are and incredible speed, verification for those who is, i like using cash, i like reading a printed book. I like going to a store and putting my hands on what im going to buy. Im unique in the world today. As i found out, the younger you are, the more you are relying on the technology. So, we have to be exploring these areas. But, before i get to my questions mister chairman i would like to submit for the record a letter from the consumer first correlation, addressing concerns and congressional oversight over the electronic consent base Social Security verification system as they move forward. Without objection. Thank you mister chairman. Ms. Washington brought up an interesting scenario at the beginning of this which i think illustrates some of the challenges, but we do face. But ive got one, but i have found quite unique. I was taking a group to the white house. If youve ever visited the white house, they have quite a verification system you go, if theres one thing wrong you get pulled out and put in the holding area. The young lady i was with, probably in her early 30s was pulled out and put in the holding area was surprised me so i went to talk to her and she said oh, this happens all the time. Really. Yeah. I have an identical twin sister. Im on did not realize that she was going to have twins and she had already chosen the name, so she gave us both the exact same name. And im going to use a different name but it was Elizabeth Grace smith, one was called liz the other one is called grace. They have the same name, the same birthday, the same birth location, the same hair and height and weight. What triggered the secret service was their Social Security numbers were off by one digit. So there was this delineated. This is an illustration of the type of thing that we are going to encounter, we have got to find a path to get there. One of the things, i am big on innovation. I am big on sandboxes, so we can go out and explore ways to do this, but it has to be done in a controlled environment to protect consumers and have the ability to do these things. It took us a while to adopt the chip Payment System. Traveling in europe and headed a long time before we were able to adopt it here, but, from what i understand it is reducing counterfeit fraud by about 87 percent, but the bad players, the criminals now focus on Digital Payments. Which involve digital identities. Solutions, Cyber Security solutions, we need to combat these Digital Payment frauds. Are we heading in the right direction . Do we have the sandbox available to develop these . That is an excellent question. And, i remember distinctly when i was actually back working at the office of comptroller currency, when the deadline was approaching for a chip and pin, and the conversations, because we had just please target and had to appear before congress to testify i am a member distinctive having this conversation about, what it would do and what it would not do. And as we have seen overseas, card not present fraud is through the roof. Bad guys now, on these trying Online Transactions card not present. And that means they are missing that authentication aspect of being present with that chip and pin. And i think that while it was a step in the right direction, and it was just a layer on the fact that most most of our transactions are increasingly online and need to happen at the speed that we have discussed here, we do need to create an environment that fosters more innovation, that figures out a way to improve the state of synthetic ideas, as my colleague here has talked about, to create the trust we have talked about here and do it in a way to protect all consumers and originally that everyone can use that system. I think that is why my colleague jeremy in the Business Roundtable i mentioned that has over 200 ceos, have a lot of alignment around what needs to be done to create stats transparency for consumers, with privacy, National Privacy law. While also creating a better ecosystem, where we prove people in to enable Online Transactions. Thank you. As the Ranking Member i have tons of questions this is intriguing but i am already out of time, i will submit the others for the record but i think there is some i agree with ms. Washington on her concerns but i think the solution, because those in low income are using electronic transactions as much or more as some others are and we got to be able to find the way to positively protect them as well. Thank you. Gentleman from ohio recognized for five minutes point thank you mister chairman. Thank you for the panel, for your outstanding participation today i think this has been a great setting so far. Mister boys and i want to drill down to mister henrys questions around block chain specifically. So we will spend some time there if you dont mind. As you were innovating in the space, whats legal impediments existed in canada that prevented you from developing on the block chain, and what has had to change, walk me through what it was like as you were innovating at how did you get there . Sure. One of the Biggest Challenges in practice, when you look at across the economy, when you go to a bank, innovative process ky cna while in canada are organizations that have a certain set of interpretations that are used to interpret the legislation, to say what banks can and cannot do. The problem when we started this service it did not include digital methods so it took a long time to talk about the advantages of doing digital methods, and i want to pick up on valeries comments around this one of the things we were able to convince the regulators is what we were doing with our service was actually creating card present identity. When i take my service, the bank is defenseless against attack because they cannot check the issuer. With our service all of our data is checked in real time. That is giving the regulators and committees understand this is better than what we do in person it took a long time but they said this is more powerful. Was that a regulatory fixer alliterative . The interpretation bulletins were updated to include digital message methods legislatively. As you look at the u. S. , where do you see similar holes where we should be legislating, to enable technology. An advantage in trying to get a scheme like is going because they had a small set of banks, we have a small set of provinces, and a small set of telcos so we could get everybody in a room. Your situation is different, 3000 banks in 50 states but a small set of telecodes. I do think the system can be applied to a u. S. Model. So i will say that there is a lot of work being done to launch a Similar Service as the one we have in canada here in the u. S. Down the tracks. But, more work needs to be done. I think there will be similar challenges where the regulatory updates are going to be required to support it. Do you have any specifics in mind how the fcc is interpreting this or anybody else . I can provide followup to the money for the record, Legal Counsel has done a lot of work here after the record and you can review that. That would be fantastic. Despite i would say so if you look at our membership about half of them are firms and banks, one of the things i called for was the legislators to do more here. They have been receptive to discussions with us, you have seen a barrier for Digital Identity innovation please let us know, marshall billingsly who i think is assistant secretary, financing the treasury announced that treasury was to be working to bring regulators and innovators together. I continue to ask regulars every month are we running into things precluding innovations particularly with Financial Services, i think the biggest answer be get is sometimes there is ambiguity in the clients people, we need a little more effort, talking about the omb memo which is a nice start, office of management and budget and getting ignored. We need a formal governmentwide initiative, figuring out how to take this to the next step. I think more work needs to be done at my old agency. , standards to put a foundation in place, and i think agencies can benefit from a center of excellence in government is all that can actually help the Security Administration right now with validation service, Congress Told to do so last year. With me they will need technical help. Little steps around the edges that can make a big difference to help in this problem. Thank you. Again, i want to thank everybody for the time and energy on this. We will follow up and i yield back point thank you. The gentleman from virginia, mister riggleman is recognized for five minutes. Thank you mister chairman i hope i can have 60 minutes to question the panel please. And you. Its good to be here, miss washington, thanks at the beginning when you talked about mybirthday is march 17 to michelle vance, st. Patricks day . Look at that. Anyway. No one. So, my goodness. So, i want to get my background really quickly, because i am actually excited about this stuff, my background was, military intelligence, 26 years combined in the military doing this, tracking identities without them volunteering information. So i might come at us a little differently. It is also a bridge between technology and operations and how this could happen. My questions might be more esoteric and more fun i would hope. So, right now, i have about 50 written down i would try to go quickly i always have too many to go quickly and, miss alban had said something beforehand i will start line of questioning there, and, i want to start with the bottom line up front, and then we go back to the technology. The fbi would be a critical part in securing Digital Identity i want to know if we should be concerned that this kind of technology could be cost prohibitive. We are otherwise unavailable to smaller Financial Institutions or even companies. He think that is something we have to worry about . Anytime we do with animation is it interesting, some of the Smallest Companies in the world are really creative and a partner with accenture to make this possible and scale. But i do think we need to find ways to actually help Smaller Companies actually be able to leverage some of these capabilities that you are pointing out. Ai being one of them. And, to that end, we commend the Ranking Members effort in his own district. In little rock arkansas to actually create an innovation hub, where Community Institutions can learn how to take advantage of these things. I think the other way to actually help them scale to the benefit particularly of smaller entities in the Community Institutions is to actually help them do that with third parties largescale Technology Service providers. That is why i get excited about this because we are all sort of creating our own unique identifiers, i dont want to be mistaken for my refrigerator. As we go forward, do you see private companies, private companies rejecting individual or business transactions with other entities based on insufficient authentication of identity. When i look at how people are going back and forth and utilizing the signatures, my question is are we going to get to a point, where i get a little bit excited, my head starts to explode, are you going to see private companies actually creating their own unique id set of criteria, and do you see them ensuring that criteria, ensuring that identity with transsexual issues and companies, that is the thing i know mister grant, i have listened to what you have been doing in canada, i wonder if we will get to a point where companies are judged based on the criteria for how they protect their identity, and other companies rejecting that entity based on new ideas. You guys see that happening in the future . Mister grant, go ahead. For years one of the things we have been trying to do in the u. S. And abroad is looking at whether we could have Certification Programs for private issuers of identity. So, i talked today about the role of government. But my bank knows me, that is the patient for what is happening in canada as well as i think see in u. S. They know who i am before i open an account that they vouch for me other places that i walk in with my bank somewhere, to the Social Security demonstration. There are programs in place today from organizations, the most wellknown is called concurrent recognized by the General Services administration as they certify the way a private sector entity issues and identity. Going forward, i talk about the concept of an entity ecosystem, i think we will be able to create hybrid solutions to bring in the best innovation the private sector can deliver but that access to the authoritative data sources that only government has. The only entity that can authoritatively confer identity. You can merge those together, giving people something that is portable they can use every place they go. That is in my head. Can you believe creating this identity token you are creating about standards, we are dealing with unstructured data and natural language processing, do you think this is a time where we will be able to customize our token, where the only way we can find our identity or make it known is if we actually customize that identity customizing our own information within the token . Theres a lot of how you can reveal people to only reveal certain things about themselves without revealing everything there are great models in place these days to grade give granular choice about what they share online, we talk about privacy debates in this country getting a lot of attention on the hill, so much is tied identity what information is collected without what do i want to be collected when what i want the company to know these four things are not the seven, having a really strong tool you can use to manage that, and in some cases revoke certain things, i think is going to be key. Despite thank you so much, i apologize for how quick that was thank you so much you guys are fantastic i appreciate it. Thank you. Without objection the Ranking Member and i will each have an additional five minutes for question and closing. With that i would let you recognize mister hill. Thank you again Doctor Foster for sharing, i think you heard a good discussion and the panel has been appreciated. I want to go back to finish our conversation about california proposed statute, and may broaden that to the panel as well to compare, as you said it is a rushed set of parameters with a more thoughtful approach the eu took and have a compare and contrast. The wall street journal last week reported that private businesses could face have a billiondollar compliance burden, trying to comply with the california law. So, talk about that and then finish your thought i think youre going to make on it was rushed or you have some concern outlining. The main point i was making might be a drafting error, there might be proposals to clarify that. This is the information the use for fraud, customer service. The backup on this is that identity solutions, many are using ai, one of the most powerful tools we have today to prevent fraud. Just to give you a number on that, microsoft started talking about the publics, they manage billions of logins per day, two years ago they received 10 million attacks per day. One year ago they were seeing 100 million attacks per day, this year they are seeing 300 million attacks per day trying to compromise login systems, to get them to do all sorts of bad things, that is a 30 times increase in two years. The way they are combating this, as with database analytics systems, some of which i might fall under the definition of personal data under different proposals. As long as you have a method that says its okay if you have security and Fraud Protection but you cannot take a date and you did someplace else we are good. In fact in europe, because gdp are as clear on is the European Banking Authority is promoting the use of transaction risk analysis under the psc to directive for open banking. I think the concern here is if it is more ambiguous, certainly if we are considering federal privacy legislation, that is not stated clearly, two percent of people start calling at microsoft to get the example i suggested, dont use the systems, turn that off, what are they supposed to do 10 times next year . Thats my concern. Does anybody else but, in california . On a privacy directives in europe, what you have done in canada, europe and the uk your knowledge to solve this password authentication process in order to make open banking be a safe activity. Clearly here that would be an open question, i would think about open banking. Open banking is a singular term but the way it manifests in each country turned out to be different. Some organizations and some country is compulsory in other countries it is optional. In some places it includes the ability to do push payments in others it doesnt so it is not a uniform application of how it works. What i will say, however, is one of the fears and banking is that it will cause assets to drop what will happen if the banks are forced to open up their apis, give up the data at no cost, and then consumers will give this to some new startup or does not have the same patrol the bank does, impact will get breached and then the consumer will come back to the bank and see how you let this happen, and so, rather than giving away the data, giving which is the data so consumers can give it away at a granular level rather than giving at all, so that is kind of the approach that we are looking at in canada. I took the approach it is reciprocal, you got to be dissipating open banking, he also have to create an address to share data back to the network, thats the different jurisdictions. I am interested in what we need to do regulatory lee, and limiting our conversation for Financial Services about how we handle this requirement of an api approach and discrete approach instead of just allowing the startup entrepreneurs, well, you are disturbing the customer environment unit, the Customer Experience by doing that. But, i would argue the customers experience is getting really messed up when everything is stolen from them. So, that is not a good idea too. Is there something specific regulatory agencies could do in this area . I would submit that you cannot do open banking with open structure it cannot be done because the consumer this is the problem, im a consumer, you are the bank is trying to represent me, hes got my permission to get this data, you have the threeway triangle of authentication trying to go on, very complex and the consumer will never get it, so the only way to solve this is allowing them to have Digital Identity infrastructure and feed line by line the way it goes. Think you yield to you mister chairman. Thank you. I think the Technological Solutions were properly designed to have on cell phones, and the future of this is not an identity dongle dongle but probably a advanced cell phone with secure enclave on an iphone which can store private cues, it is my impression, even against having a cell phone completely hacked, capturing the screen and see passwords being transmitted but you cannot actually steal from the secure enclave and use the private key, which is a tremendous advantage of that approach, and you can still have this threeway conversation under the control of a properly designed app. Leading to the use of a block chain, one of the great advantages of block chain which provides an unfalsifiable ledger, is there a way to develop a Witness Protection Program which is essentially digital Identity Fraud is not something people have thought about, and come up with solutions to . I dont have a great answer here, i will say one of the challenges is that what we are getting with these longitudinal records is that you cannot go back in time and insert witness protection rights it is difficult to do so you have to find some other method to bring that and identity along. If it is a publicly available block chain point hours are not, there is that protection but still, going through his heart, with the government could do is have a set of identities on standby to use for the future so they have the longevity required to pass muster. Thats tough because this has to be has all sorts of secondary verifications. Anyway, you should put that into your to do list when we come up with the perfect example here. Now, it also seems to me that, coming up with the ultimate solution here, there has to be a role of government, to be uniquely identified using biometrics. Using security dongle or the cell phone equivalent of one. Extremely low friction transactions. Is there any logical alternative to every citizen who wants this to be able to identify identikit themselves security securely knowing there is no one else using the credentials, any alternative to having them present themselves in front of the trusted government authority. David burch has a famous phrase that identity is the new money and comparing identity to money, there are a lot of things to learn. When you look at the global Payment System with mvp cards we have 6 billion cards in circulation that have never been compromised. What is good about this model is that you can have your Favorite Bank and i can have my Favorite Bank and go to any merchant on the planet with no prior relationship and get what they want. More importantly when we lose the card call the bank right away because we are terrified of being responsible for purchases if we dont that integrity is what makes the process works. These things make the goal of the Payment System work, the first thing is we made it super simple for the consumer and we had the complexity away so they dont have to understand anything. Thing number two, we have a trusted network operator. Crooks cant say im a cook i take visa, you have to apply to get in that network and stay in a network. The third most important thing to keep it safe is user behavior. When i look at my wallet into my card is gone i will be on devcon five run down to the bank and turned the thing off, because i am terrified i will be on. I think ms. Walraven would feel i dont want to put words in your mouth, but the system is not perfect, but he just described. A synthetic Identity Fraud can still permeate such a system. Agreed. But i think that is when it comes down to understanding, knowing your real customer because you do have, you know, controls in place that are supposed to do that, we all assume that banks know who their customers are and i know that they are all coming from the Banking Industry i know that everybody is trying to do that, but considering the fact that synthetics are as prolific as they are, considering they are as widespread as they are and going at a force multiplier we contend that they do not actually know the customers producer, i feel like if you have an issue here, that is not right at the root and then you compound on top of that, you just make the issue later worse because you get this false sense of trust, this false sense of security and does not allow you to actually really be able to contend with those types of individuals, that goes to exactly what theyre looking for, they want to be seen as a regular traditional customer, they dont want to set up any red flags, because they dont want to get caught to navigate the system and currently theyre not getting pretty well unfettered for the most part. If you think of the example that he gave her the identical twins, with identical names, you know, they differ only in their fingerprints. At some point in their lives, it seems like they have to present themselves to some organization almost urgently a government, who has to go and look and duple of the people who has that name i dont think there is an alternative to very advanced biometrics of some kind. You know, this could be an optional system but if youre going to provide citizens who want one with a secure means of authenticating themselves, youre going to have to have this moment in their lives, do you have any comments . I worry about saying there is a solution, creating essential databases of biometrics in part because of there is one thing we have learned it is that any other type of valuable data, we are not really good at protecting them. Exhibit a for that was the breach of 2015, where if i have topsecret clearance all of that information are now in china, and i think at least two thirds of his room probably has the same thing understanding who is here today. Which means that i would never want to use a matched finger print system online really didnt know i was there to protect anything of value, because a nationstate can spruce a fingerprint based off of those images. That said there are some really helpful tools, dmvs these days are using face recognition, so if i were to go in as chairman grant to the dmv, and show three months later under a different name variable to say oh, looks like you were here before, lets at least, face recognition is not perfect, but can toss that to a fraud investigator to see if they need to issue a second credential. Leveraging that process i think is really important. One of the things we point out in our policy but blueprint, drivers license is the one thing that most americans get in their lifetime where they have a robust inperson of the identity proofing process. And, it is really valuable everything people should be able to reuse it, dmv will play a role, one thing we are seeing these days is it is harder to get things like the real id act of 2005, which on one hand, there were good security reasons for it and has put her very robust federal standard in place for identity proofing, the flipside is if you are on the margins of society, in and out of homelessness, lets you were evicted and your license and birth certificate and Social Security card were left in a box by the side of the road soaking rain and lost, it is really hard for people to restart their lives again because they are lacking lot they used to have to the points that we are seeing in many places, there are a couple of churches like the idea ministered at this that works with people im afraid im going to have to gavel myself my time out here. Lets see, without objection i would like the report from the Better Identity Coalition to be included in the record. Without objection so argued. I want to thank the witnesses for their testimony. This is the root of so many problems that we have that we are facing. Without objection, members will have five legislative days with which to submit additional written questions for the witnesses and to the chair which will be forwarded to the witnesses for their response, i ask our witnesses to please respond as promptly as you are able. Thank you again. Adjourned. 11 00 p. M. Eastern Supreme Court justice neil gorges discusses his book republic if you can keep it. And then on monday at nine a clock is and afterwards in his latest book sentinel inc. Journalist ben west off reports on how labs in china manufacture drugs. He is interviewed by New Hampshire democratic woman and mclean custer. Founding cochair of the bipartisan opioids task force. In the old days if you are a scientist at the university, you are in some University Library obscure hard to find but in the internet age, all of these papers were published online, public available. Exactly. These rogue chemists began looking for going through these papers to appropriate the chemical formulas, learning how to make new drugs. A splash at 10 eastern, jeff markley provides his firsthand account of canadas conditions for migrant families at the southern border in his book america is better than this. Advocates have said hundreds of boys separated from parents were being warehoused in a walmart. I want to find out about it. And, they decided they did not want me to see what was going on, and they instead called the police, and the video went viral, suddenly all over america folks were hearing about cages and secret warehousing of migrant children. Watch book tv every weekend on cspan two. Heres a look at life coverage, friday, on cspan and 10 00 a. M. Eastern, a discussion about countering irans illicit Financial Network with assistant treasury secretary for terrorist financing marshall billingsly. In the morning on cspan two, House Republicans will hold a News Conference in baltimore, where they are meeting for the second day of their annual policy retreat. Then, later, the u. S. Institute of peace is hosting a discussion on the u. S. Taliban peace process, and the potential for sustainable talks in the future. Hence, on cspan three, the Pew Charitable trust talks about the importance of federal state coordination during a recession. And the Overall Economic outlook. Thats it 45 eastern. Cspans washington journal live every day with news and policy issues that impact you. Coming up friday morning, we are getting your reaction to the third democratic president ial debates. Join the conversation all morning with your phone calls emails Facebook Comments and tweets. Awardwinning documentary filmmaker ken burns talks about his latest project for pbs on the history of country music. Explore our nations past on American History tv every weekend on cspan3. Interior secretary David Bernhardt explained the Trump Administration plan to move the bureau of Land Management headquarters from washington, d. C. To colorados western slope. During an appearance at the annual steam boat Freedom Conference in colorado, he talked about new rules changing how the endangered species act is applied making easier to remove a species from the endangered list. Good morning, can you all hear me . Im a little deaf, a