Guest well, its a great question and be incredibly topical given the wanna cry Ransomware Attack that is really zipping around the world over the last few days. The ftc is a generalized Consumer Protection enforcer and has also taken on the role of protecting consumer Data Security. And in that context, weve actually brought about 60 cases in the last few years involving whether security practices of companies are adequate to protect the consumer data that theyre holding. So weve been very active in crafting an approach to the security of consumer data that includes our start with Security Initiative and a process that we like to Call Security by design which is building the security principles all along the way. And as you can imagine, a very important part of that is making sure that youre updating software, making sure that you are continuing to maintain and protect against vulnerabilities once theyre disclosed and remediating when situations arise. Now, unfortunately, this Ransomware Attack really is an attack that companies are experiencing and Government Agencies are experiencing around the world partly because its a software that theyre running wasnt adequately patched. Just today the ftc has put out some updated guidance with recommendations about how to handle this particular attack, and thats available on our web site. So i think its a very useful document. I think this underscores some of the really interesting aspects of our cybersecurity debate, right . Which is, first of all, we have to make sure that software, when vulnerabilities are disclosed, is updated and afterred. And who owns that is a big challenge especially as we connect more and more things. So if were just relying on consumers and end users, then we will end up in situations where we have this kind of attack, be able to exploit vulnerabilities that arent patched. And i think it underscores the importance that we all are starting to experience more and more in our daily lives of keeping software and iot devices current in their security. Theres an added challenge here too, and it really is something that comes up in the broader cybersecurity debate which is properly assessing the cost to consumers and our economy of a huge vulnerability. So when we think about the debate around encryption back doors, for example, one of the things that an advocate for Consumer Security like myself really cares deeply about is making sure that when we think about the costs here, we are appropriately costing out to consumers and businesses Something Like a Ransomware Attack using an, ploit that has been made aning exploit that has been made public x. Were seeing the consequence of that right now play out in realtime. So i think its a valuable lesson, and i hope as we think about the policies in this area we continue to really focus on it. The ftcs been focused on ransomware for a while, and one of the areas that were very concerned and really the possibility for i think of them almost as nuisance Ransomware Attacks is the internet of things. So imagine i turn on my television and i, the screen says instead of, you know, game of thrones or whatever my program is i want to watch pay me 50 in bitcoin and then you can watch your program. What is it at that point that the consumer is supposed to do, and how should they handle that issue. And i think thats a real challenge that we havent quite found the right answer to. Host before we go any further, lets bring in david healthcare cape of axios mccabe. You mentioned the ftc had just released guidance, and im wondering for people watching at home, average americans who are not uptodate on every patch, on every exploit, on the shadow brokers, what are the three things that they can do to protect themselves from this type of attack, especially as he said, right, you may have five, ten devices in your house that are all running different versions of Different Software that may have their own vulnerabilities. Guest sure. Well, id say, first, make sure that youre updating your software. Software generally comes with a funk that allows it function that allows it to be automatically updated. If youre worried about whether the update is available, visit the Microsoft Web site. Theyve been putting out specific information specific to this attack which is using a vulnerability in their system. The second advice that i think is important here, and this is good advice not just in dealing with ransomware, but generally in security is backing up your files to a reliable way so that if your system is suddenly encrypted through a Ransomware Attack, you still have another copy of all of that important personal information in a safe place thats disconnected from that computer so that you can recreate it and youre not dependent on that computer. So thats some basic tips. And then i think the last point we would make is that the decision about whether to pay ransom and a Ransomware Attack is, you know, obviously an individual decision. Theres different advice available about whether to pay it, but i think generally in this situation with this attack the advice has been not to pay it because you may not get your information back anyway. So these are some of the challenges that, with ransomware though because sometimes i think people take the decision to go ahead and pay because maybe they dont have the backup, or theyre not sure another way to get their information back. And, of course, we continue to accept consumer complaints about this kind of thing so that if you experience an attack, were happy to take the complaints. And, of course, in this situation this is a wide scale criminal situation that is affecting companies around and countries around the world literally. So, you know, i think there is a large scale Law Enforcement effort underway to try to address it as well. The ftc, we really handle the consumer end of things, not the criminal or investigatory part of it. The president s Homeland Security adviser was just at the White House Press briefing and said while it would be great to catch the person who did this, you know, there are many factors at play. What can the ftc do in terms of going after the people who are behind attacks like this . Guest again, the ftc is a Consumer Protection agency, so we dont really engage in the investigation of criminal enterprise using an exploit like this. Instead, we look at trying to put out the best information possible possible to encourage companies to have the best security process and procedure in place in their organization to protect their consumer data. So ours is one of advocacy. Its one of enforcement. When a company has inadequate Data Security practices and proceed yours, you could say that procedures, you could say that if you were not adequately maintaining your cybersecurity hygiene as an organization, you fell victim to a Ransomware Attack or lost a lot of Consumer Information through an attack that could actually give rise to ftc liability. So this would be if a company that was holding consumer data was the victim of an attack like this, they might open themselves up to some sort of action. Guest potentially. Again, its highly factspecific, and what wed be looking at would be the adequacy of their security procedures. I think it really underscores an important feature of this discussion though which is cybersecurity best practice is no longer a thing that lives purely in an Information Security officer role within an organization. Its something that should be understood at the highest level of organizations and companies. Its something that you need planning around, intensive work around and appropriate investment around. Because what we want to avoid are these situations in which the risk of all of this is shifted on to individuals and away from organizations that have the capacity to invest and protect their cyber resources and data. And thats one of my bigger concerns about whats going on at the fcc as well. Right now we have a situation this which part of the Data Security provisions that were a applying to common carriers have been suspended, and for me thats a huge shifting of the risk away from the broadband providers and on to individuals and this kind of Ransomware Attack really underscores why that can create a huge amount of cost to consumers. Host we recently did an interview with steve case, the founder of aol, and he talked not about the internet of things, but the internet of everything. Are you getting complaints at the ftc about the internet of everything at this point . Guest well, i love the expression the internet of everything because i think it adequately captures the extent and scope of our interconnect it. Interconnectivity. What we have in america is a situation where were no longer just connecting to the internet through a computer, at a desktop or at a web site. Were connecting through our phones, of course, but were connecting to the wearables that we wear on our bodies and a lot of the devices that were filling our homes with. In fact, were connecting through our cars now as well. What were trying to describe with phrases like the internet of things or the internet of everything is that greatly expanding scope of connectivity. And at the ftc, we dont necessarily get complaints about the internet of everything, but we do focus on how do we protect consumers in an environment where they are always connected to this ubiquitous interconnectivity and ecosystem we call the internet. How do we protect their privacy, how do we make sure theyre protected from scams, how to we protect in some situations their agency, how do we protect their Data Security . So these are the issues that were looking at. And they have led us, i think quite realistically, to some of these internet of things devices in recent cases. So we have been look at privacy practices around Smart Televisions, situations of ran. Someware attacks. We have been look at the security of routers, for example, and so were starting to see a lot her cases involving those kinds of a lot more cases involving those kinds of devices. Host are you seeing them there within the u. S. Borders or outside . Guest ing thats a great question. I think its hard to do all of the forensics about where attacks come from. You know, we dont necessarily look at where the attack comes from as much as what happened to the Consumer Information after an attack. And sometimes were looking at what is happening to the Consumer Information even if there isnt an attack, right . So if in our Smart Television case, for example, the television is collecting your secondbysecond Television Viewing information without adequately disclosing that to you as the end user, thats not really an attack situation, but it is a situation in which your private Television Viewing information is being collected and you havent given permission for it. So there we would say you need to be offered the chance to affirmatively consent to that kind of monetization of your tv viewing. Host david mccabe. What would you say the greatest challenges are with policing this whole new landscape of devices . Guest well, i mean, i think the challenge is always going to be keeping pace with the kinds of threats and kinds of innovations that are in the marketplace. Speaking of the fact that over the summer we put out a warning letter about a kind of code called silver bush. And there we said, okay, american app developers, if youre using this, we have some concerns. This is cold that, essentially, sniffs for audio beacons that are coming out of Television Programming and uses your smartphones and turns on mic can essentially captures that kind of information which then is used to sell to you very specific things based on what youre viewing. We expressed concern about whether consumers could adequately consent to that kind of monetization of their information. Is so one of the challenges is always going to be keeping up with the new ways in which technology is being used to, you could say, surveil or monitor or gather very intimate information about people. And as our connections become more intimate as they are in our bedroom and on our body and in our childrens bedrooms and, you know, giving precise geolocation out about us, i think it becomes even more important to protect that kind of consent so that people are aware of whats happening to their information and dont have this sense of having no control over it which is one of the chief complaints that we hear over and over again from the american consumers. Be. Does the ftc have the resources it needs to keep up with these technological changes . Guest well, i think the ftc does a terrific job with the resources that it has. I would argue that it needs additional resources. I would also argue that it needs to expand the number of technologists that we use in our enforcement mission. Weve been growing our bureau of technology to help us keep pace with Understanding Technology if expanding our labs to that we can create some of the things that are happening out in the marketplace and understand what, how the Technology Actually works. But that kind of thing is going to be more important for us Going Forward because were really going to need to understand how the Technology Works in order to understand whether its harming consumers or whether theres a deception element to how its operating. So its a big challenge keeping pace with the marketplace, and, you know, we are also increasingly working with other Government Agencies that are expert regulators. So, for example, in the spring well be doing a workshop with nhtsa on connected cars where well be talking a lot about privacy and security of connected vehicles but with the expert regulator thats also working in that space and has a lot of understanding about the engineering and all of the safety features in vehicles which is a thing that the ftc doesnt necessarily have a lot of expertise on. Host commissioner mcsweeny, you talked earlier about the rules of the road and how theyre a little bit unclear when it come toss the fcc and the ftc. Give us a snapshot of the current landscape and how youd like to see that change. Guest sure. Well, the current landscape is that the federal trade commission as a generalized Consumer Protection enforcer does not have a lot of specific jurisdiction over the activities of common carriers, and the fcc as the telecommunications and internet regulator does. Now, youre smiling, quite appropriately, because this gets complicated very quickly. But suffice it to say i think there is, there are a couple of areas that im particularly concerned about. So, first, is the fact that right now because of the congressional action on broadband privacy we dont have any federal agency with jurisdiction over the privacy practices of broadband providers. Very concerned about that. I think its a huge gap, and i would like to see Congress Step in and give the ftc jurisdiction very clearly which they could do by passing legislation. Now, it gets far more complicated when we talk about protecting and preserving nondiscrimination on the internet host Net Neutrality. Guest Net Neutrality, the open internet, if you will. Be now there i would argue the federal Communications Commission ought to continue to protect Net Neutrality through its open internet order. But with we need an expert regulator with clear rules in order to protect that innovation ecosystem. Because if we rely just on an Enforcement Agency like ftc, we cant really guarantee protections to innovators and entrepreneurs or consumers. Drilling in a little bit on that, is there any way that a Net Neutrality landscape regulated by the ftc would work in anything other than name . Guest is there any way i mean, is there any way that that kind of regime based in ftc Authority Guest i think of this as the enforcementonly voluntary approach to protecting the open internet. Thats one thing thats been raised by chairman pai, yeah. Guest i think that you, i think its important to step back for a second and think about the current reality. Two things. One, the current reality is in america and really for the last decade has been of an open internet. An internet in which a entrepreneur sitting at the edge can come up with a great idea and connect to a global audience without having to pay to access the bandwidth and pipes to get there. S that is the status quo, and what if we undo the open internet order, we potentially upend that status quo. And what we do in that situation is dramatically tilt the Playing Field towards a few very large, incumbent broadband providers that are also vertically integrated and have a lot of market power and incentive to try to prioritize their own content and potentially harm competition. But in an enforcementonly approach, youre relying on an enforcer thats going to take assuming they can even detect the conduct several years to investigate it to then bring an enforcement action. And, ultimately, its unclear whether you have an adequate remedy in that situation to protect innovation or entrepreneurs that hay be harmed. So that may be harmed. So i think you really cannot guarantee the same kind of open and level Playing Field of the internet ecosystem the youre merely relying on an enforcementonly approach and youre eliminating what has actually been the status quo with of how the internet ecosystem has worked. Relatedly, i think if youre eliing just relying just on promises being made to consumers about protecting access to content or stopping blocking or throttling and that kind of thing, you may suffer some of the same problems, detection, that kind of thing could be very hard. But then you have no protections necessarily for the edge entrepreneur or innovator which is why i think you see very quickly a lot of the Startup Ecosystem quite actively engaged in this conversation. Because they understand that they have a lot to lose here. And they understand, i think, a little bit what theyre up against. I would argue since weve been talking about the internet of everything that theres a huge number of Iot Companies that dont even understand they have an open internet problem and might be very surprised when they tart to encounter start to encounter some of these challenges in their industries. Think about a connected car, for example, and the amount of data a car might need to be putting on and off of networks and how well handle those kinds of questions. Im curious how you think the recent ninth Circuit Decision to rehear, effect effectively, a case that dealt with your agencys ruling over common carriage. Guest so this is a very important case for us. In this case the underlying ninth Circuit Panel decided that if a company had status of common carrier under the federal communications act, then the ftc did not have jurisdiction. Now, thats obviously a huge gap for us the if that is upheld. But whats very encouraging is the ninth circuit has decided to rehear this case and, in fact, they have vacated the underlying decision pending their review. So im verien encouraged that very encouraged that, hopefully, the ninth circuit sitting en banc will actually fix what was, in my view, an error that was made by the panel in this case. I think it underscores this problem weve been talking about though which is that if the ftc is going to take on a much more expanded role this protecting consumers in the entire internet ecosystem or even protecting consumer broadband privacy, then we should have our jurisdiction clarified by congress once and for all to make it clear that this exemption from ftc jurisdiction is antiquated and irrelevant in the current environment. So im really looking to congress to try to help clarify our authority here, not simply relying on the ninth circuit which im hopeful will correct its error. But i think the error itself really underscores how quickly an agency like the ftc can find itself in trouble in the courts if it doesnt have proper clarity about its jurisdiction. Really we have to look to congress to that. Switching gears a little bit, you mentioned keeping up with changes in technology, is i want to talk about sort of one of the Big Companies of the moment which is uber. Guest yes. It was reported earlier year that uber was running a program that would effectively tag the iphones of City Employees andregulaters in cities where they were fighting battles with local officials, and it would do that so that they could track them and provide sort of a fake version of the application. Basically saying they wont be able to get a car. A complaint has been filed over this with the ftc. Im wondering what your reaction was to that reported program which uber has con to firmed but says wasnt used for any untoward purposes. Guest well, i read the media reports, and, i mean, i think that kind of program raised a number of questions for me. As i understand it, there are a number of different enforcement agencies that are interested in it. [laughter] so i understand that from the media. So, you know, i dont think i can get into detailed comments since i dont have all of the facts in front of he, but i think this front of me, but it reminds me a little bit of some of the cases that the federal trade commission has focused on recently in our enforcement program. Weve been looking very carefully at some of the ways in which technology is used to thwart Consumer Privacy choices. This our case involving turn were looking at situations in which a consumer has made a choice. For example, dont this app, dont check my, dont track my geolocation. And the app itself is Running Technology that is, essentially, thwarting that choice by doing something. So in mobys situation, its triangulating your location based on your wifi connection. So i think were looking at ways in which this tech is being used to trick people and taking quite a dim view on that kind of contact in the marketplace. As an agency with authority over protecting consumers from deceptive practices, i dont think thats all that surprising. But i think it really underscores the fact that we want to be able to make sure that peoples choices about their data are being properly honored by the technology that theyre using. Host and finally, commissioner mcsweeny, what are the rules of the road when it comes to working with the fcc . Can you what are your working relationships with chairman pai and commissioners reilly and clyburn . Guest well, weve certainly had a very good working leadership. The ftc actually engaged extensively with the fcc when it was crafting its broadband privacying rules, and we continue to work with them in sharing authority and expertise in this area. I think its really important to recognize some of the wayses in which the ftc can work with expert regulators. So we talked a little bit about nhtsa and connected cars. The fcc is the the expert regulator of networks, telecommunication information, broadband, etc. , so we need a lot of that exer tease in order to understand maybe whats happening to the consumers. So its or very important that the agencies continue to work together, in my view. And i do hope we will. I think i have a are different view a very different view than chairman pai about how to go about protecting consumers in the open internet. I have a lot of concerns, obviously, about the fact that consumer broadband privacy is currently unprotected in the United States at the federal level. Im really concerned that consumer Data Security is weakened when we dont have isps under anybodys jurisdiction. And im deeply worried about how we go about protecting the open internet order. Those are all substantive areas of disagreement, but it doesnt mean the agencies cant work together. And i think in the past they have, and im hopeful in the future they will. Host terrell mcsweeny, david mccabe. Cspan where history unfolds daily. In 1979, cspan was created as a Public Service by americas Cable Television companies and is brought to you today by your cable or satellite provider. Today representatives from california and Washington State participate in a discussion on how to get more women to run for political office. The center for American Progress action fund event is live at 10 a. M. Eastern here on cspan2. And live at 1 p. M. Eastern well show you a conversation on finding solutions to global poverty. Well hear from Barbara Pearce bush, ceo and cocofounder of Global Health corpses, transportation secretary elaine chao and chelsea clinton. Its part of a conference hosted by a group that implements antipoverty programs. Watch both events live today here on cspan2. Never let anyone define you. And that is the fist lesson i the first lesson i want to leave you with. Only you define who you are. Only you. Our hearts should be open not just to falling in love, but to the world. We need to look. We need to care, and we need to contribute. Dont ever let anyone tell you that your dreams are silly. And if you have to hook back on your life to look back on your life, regret the things that you did and not what you didnt do. Nothing stays still. Things will change. The question more you is whether and how you will participate in the process of creative change. Just a few past commencement speeches from the cspan video library. And and watch more of this years commencement speeches on saturday, may 27th, monday, may 29th memorial day and june 3rd on cspan and cspan. Org. The house armed services