[indiscernible conversation] >> good morning and welcome. i would like to thank our witnesses for their testimony and staff for preparing today's hearing, and thank you to the commissioner, it is an honor to co-chair with you today. while this commission deals with a variety of issues in the u.s.-china relationship, today's hearing focuses on a topic that has rightfully emerged at the forefront of the policy debate in both chambers of congress in recent months, technology. while much remains uncertain about the 20 20's and 20 30's, recent events have made it unmistakably clear that

technology will be the indispensable precondition for american prosperity, security, and national sovereignty in the years ahead. president eisenhower once observed there is only one thing i can tell you about war, and it is this, no war ever shows the characteristics that were expected. it is always different. it has now been 79 years since the world last expense the war between great powers. that is the same amount of time that elapsed between the american civil war and world war ii. just think of how different the world of the american civil war was compared to the world on the eve of world war ii. similarly, the world today bears little results to the world of 79 years ago. if a great power war broke out tomorrow, we can't know exactly what shape it would take but we do know as president eisenhower wisely suggested that it would bears little in common with the last great power war. it is therefore essential for

the future of american security and deterrence to fully understand the implications of recent breakthroughs in commercial and military technology. america cannot remain capable of winning great power wars beyond any reasonable doubt if it does not remain superior technologically and conversely, america cannot deter great power wars from happening if the world doubts america's capacity to win them. since the days of david and goliath and troy, the books are full of stories of smarter adversaries outmaneuvering larger foes. the greatest risk to america is we underestimate the importance that intelligence will play in reconfiguring military power in the decade ahead. we can think of a a as a factory for intelligence, a system that can solve any puzzle, find and exploit, predict the next chess move, locate tanks in a satellite image, anticipate an adversaries response option and

so forth. i look forward to discussing a greater length the clinical role of ai in the future of the u.s.-china rivalry in diving deeper into china's adoption of ai intuit's global military strategy. second, technology will be the senior qanon for the u.s. to remain the world's preeminent economic power. in the u.s. china rivalry, the nation with the most advanced technology will also be the nation with the larger economy. look no further than the difference between israel and nigeria today. nigeria has more than 21 times the population of israel and has 37 billion barrels of oil reserves from yet israel has a larger economy and military. the reason is technology. contrary to popular belief, america can in fact stay ahead of china economically, but to do so, it must also stay ahead technologically. with four times our population, if china manages to converge

with us technologically and to get the parody on productivity, it could have four times our gdp and may 4 times or military, making it the dominant power, so parody means the west is losing. parody cannot be the byproduct of american technology policy. technology dominance should be our northstar and that will be my focus today. third, technology is challenging our traditional conceptions of national sovereignty. as china' influence increasess, the internet is giving away two ideological defective techno blocks. the global internet is divided between the decentralized democratic internet familiar to americans in the centrally controlled internet, authoritarian internet built by china. the latter is spreading rapidly in the developing world where countries from southeast asia to latin america have opted to rely on chinese technology from 5g

networks and other critical digital infrastructure. the influence of the authoritarian internet is also expanding and advanced democracies as company susceptible to ccp influence become more central to our online lives. if china's efforts to export the systems abroad are left unchecked, the ccp may enjoy the capacity to involve dozens of countries behind its great firewall, and reconstitute 20th century style sears of influence through 21st century technology. popular chinese platforms like tiktok make a mockery out of free speech and are internationalizing chinese surveillance everywhere, including in the united states. tiktok is a sport attacking our children and social fabric, a threat to national security unlikely the most extensive intelligence operation a foreign power has ever conducted against the united states.

tiktok misled congress and should be held to account. americans deserve to know that the ceo committed perjury on its relationship with the foreign adversary. more importance american security should be protected and it should be fully device difference chinese parent company or be banned entirely. but tiktok is far from an isolated case. america is due for copy into breathing of its technology trading relationship with china. i look forward to discussing actionable ways that commerce can mitigate the urgent security risks posed by chinese hardware and software technologies in the united states. i also look forward to hearing from our expert witnesses and will now turn the floor to my co-chair, commissioner russell, for his opening remarks. commissioner russell: thank you, commissioner, thank you for the engagement and process we have gone through preparing for this hearing. commissioner how berg has deep knowledge and insights on technology issues, which he has brought to the commission, which

we all appreciate. uh, i would also like to thank everyone for joining us in thanking our witnesses for the time and effort they have put into their testimonies in preparation. today's hearing will assess the chinese government's ambitions and progress towards global leadership in several key emerging technology sectors. the commercial applications of these technologies are profound. there adoption and diffusion through the coming years holds the potential to disrupt industries and create new wealth and opportunity. at the same time, the widespread adoption of these technologies and china's competitive position and approaches could undermine u.s. economic national security by creating new dependencies or vectors that attacked the china may seek to exploit, as it has already shown it is willing to do so in certain areas. these disruptive technologies are already shaping our

economies and security interests . china's efforts to gain a decisive edge in emerging technologies are clear, systemic, and underpinned by a raft of government policies and investments. these efforts present significant challenges to u.s. interests across various industries. chinese manufactured equipment embedded in information technology networks poses a threat to our critical infrastructure. china's strides in biotechnology have solidified the parole of chinese drug manufacturers global supply chains for life-saving medications that could make china less dependent on the long run, with the u.s. potentially become dependent on china for certain agricultural inputs such as amino acids, vitamins, and other products using animal feed. china's rapid progress in battery technology and manufacturing has also helped it

dominate critical nodes of the supply chain for new energy systems and potentially is creating unacceptable security risks. we have identified both capital and technology as key facilitating areas where western support often unwittingly has advanced the goals of the chinese communist party. this has been a long-term effort of this commission and we are very proud of the work we have done. the focus on technology is intense, but in my view we are still only scratching the surface. i hope today's hearing and our efforts will advance analysis and provide potential recommendations for consideration by congress. the challenge is immense and controls and investment restrictions have already hindered some of beijing's efforts to require cutting-edge technology, but it continues to capitalize on gaps in these regimes and the relative openness of u.s. academia. an important problem remains in

defining what constitutes emerging and foundational technologies, and linking that definition to export control and investment actions. as a critical issue, we need to understand how ai it is altering and advancing china's military capabilities. in the past, we assessed china's asymmetric warfare approach with its focus on space in the electronic domain as insufficient to challenge u.s. military capabilities. we now need to better understand how china is using ai to challenge our capabilities and alter the balance of power. my co-chair identified many questions that must be addressed regarding the competition that exists between our two great nations. technology is the ability to address some of our greatest problems in areas ranging from medicine to the environment, to agriculture, and many others. in assessing china's approaches

in their efforts to control and dominate so many of these technologies, we must carefully evaluate and respond to the threats, but we must seek to find ways to ensure the technology itself does not become a battlefield that limits the ability to address critical human needs. so far, the ccp's approach undermines that possibility. before we introduce our first panel, i would like to remind our audience that witness testimonies in the hearing transcript is available on our website uscc.gov. our next hearing will take place on march 1. i now turned the gavel over, the microphone over to my co-chair. >> thank you, commissioner russell. our first panel will address the national security risks created by chinese manufactured information technology hardware and software sold in the united states, as well as the legal

tools available to mitigate these risks here at we will start by welcoming back the honorable -- a partner at a law firm who co-chair their national security practice. she previously served as the department of commerce's assistant secretary for industry analysis at the international trade administration and also served as the undersecretary for industry and security at commerce's bureau of industry and security in the trump administration. her testimony will address the risk of chinese i.t. equipment used in commercial and government networks. next, we will hear from the ceo of a data protection and software company. he, his company has reported extensively on the tools used to track user activity online. he would discuss chinese

software products on the risks they posed to users data and privacy. this is his first time testifying before the commission. third, we will hear from mr. jack corrigan, senior research analyst at george kent center for security and emerging technology. prior to joining it, he worked as a journalist covering federal technology and cybersecurity policy. he would discuss the existing policy framework for regulating chinese i.t. product sold in the united states. mr. corgan is a new voice for the commission. thank you all very much for your testimony. the commission is looking forward to your marks. and i ask that all of our witnesses to please keep the remarks to seven minutes. we will begin with you. >> ok, thank you very >> thank you very much, esteemed commissioners and

staff, thank you for holding this hearing, first and foremost, very important topic. thank you for inviting me to testify. i am an attorney and economist. i've been working on the front lines of the u.s.-china technological goods battle for over 20 years. i do need to state that the views and opinions expressed in this testimony are mine only and do not represent the views of any of the firm's clients. let's step back for a second. just over 20 years ago, when china joined the wto, the entire world was excited about taking advantage of china's low cost, nonmarket economy structure and we moved production capacity there. then we moved technology. folks did not think about it much at first. they thought it's the commodity sector. it funds -- it creates the revenue stream for the next technology. the world didn't save very much. china started working up the

value chain. now we find ourselves 20 years later having some of the most critical high-tech goods dependent on the chinese supply chain and technology. when you look at all of the items that are critical to u.s. national security, from raw materials, etc., the list is 700 plus items. which of those items are vital to technology and manufacturing. which of those items are concentrated exclusively or the majority of the production in china. one of the reasons why -- i mentioned some of the reasons why this happens, one of the other reasons is americans have become consumed with this notion of software. we have become coders, app developers, and forgotten how to make the nuts and bolts of goods and that gives china a technological advantage.

when we look at telecommunications hardware, we don't have those discussions. we talk about software development. in terms of innovation, semiconductor design, etc. hardware in china gives china an enormous advantage because it gains the advantages over us. if we don't produce the hardware, we have a huge vulnerability. that's what i'm going to concentrate my testimony on. i don't need to tell you where chinese hardware is embedded in our system. we have in our system -- we have it in our system. it is prevalent. we have the microelectronics program. that is a fraction of the dod systems that use electronic components from china. drones, right?

we should talk about this. they are sort of emblematic of not only the problem but refusing to do anything about the problem. we've got chinese drones, like dji, flying around the country. we've got the american drone securities act. for three years, it is prohibiting the use of federalt dollarso buy drones from foreign countries. over concerns of use.

we are not sanctioning dji. we are good at talking about the problem but it is about exercising the laws. there are a number of developers that want to get into this market but can't because of the chinese low cost structure and we are not doing anything to help them by perpetuating this. we've got issues with telecommunication infrastructure. even when we think about

the china commission -- the select committee on the ccp has flagged these modems in the towers. china's the only producer of these components. it's across the entire world. this is china's dominance. yet we are terrified of replacing it. we are struggling with the money to replace it. if we have tiktok on our phones and we have other applications, that software still infiltrates the telecommunications towers and spreads the cancer, the malign software into other devices. we have the treasury department investment ban through the legal authority. we have the entity list.

the solutions are not complicated. you have companies over and over telling us, i don't know what's in my supply chain. you are going to pass these laws that i can't comply and anybody knows. that is wrong. . i used to be a former auditor for the u.s. government for a number of years. every single company can audit the supply chain. you only focus on the items that can be tempered with. the true hardware that can be tempered with. through several layers of

audit traces, you can find -- a company can find what is in their systems so they can rip and replace it. the legal authoritys exists. the capability exists. but across the board, the world does not exist. thank you. -- will does not exist. thank you. >> thank you very much. we will now move to our next witness. mr. tsarynny. >> thank you very much for inviting me to the hearing today. i am the ceo of feroot security. we help organizations eliminate threats paused by software -- posed by software that secretly tracks people online. my testimony will focus on the risks china poses to americans and data privacy. we've had an unprecedented look

into the techniques our adversaries use to steal sensitive information, therefore i am going to cover these three important areas. number one, what our research has revealed on that tracking that collect sensitive information and make it accessible to entities under china's jurisdiction including the communist party, the chinese intelligence and any other authorities. number two, how software connected hardware has the potential to conduct and has been conducting equally damaging surveillance. and number three policy recommendations along these lines that the commission might make to the congress. i will now start with the first part. we analyzed 3500 websites of major companies and government agencies to establish the baseline of data collection by tracking pixels. a tracking pixel is a piece of code used by websites to track

digital marketing campaigns, ad campaigns and usually remains on websites after the ad campaigns end. we found that bytedance's tiktok collects huge amount of u.s.-based user data even data belonging to people who have never signed up or used tiktok in their life. in fact, we worked with the wall street journal to inform government agencies that the sites were indeed activating tiktok web tracking pixels without their knowledge, so in march of 2023, less than a year ago, tiktok was collecting user data on approximately 7.5% of all the u.s. business and government websites that they looked at. by december of 2023, we found that the presence of tiktok tracking pixels increased by 75% on financial services and banking websitesrising from 5% to 8.5% of all sites and increased by 178% on healthcare service provider websitesrising

from 2% to 5% of websites in just nine months. while tracking pixels collect data for legitimate purposes that data can also be used for nefarious purposes like spying, interference in elections, and legal -- illegal surveillance. for instance, tiktok tracking pixels are silently loaded on webpages where users enter their logins and passwords, schedule an appointment, renew a license or buy an airline ticket. amongst many other things. tiktok sees everything users enter into online forms, and unlike tracking pixels from other similar companies such as meta, we found instances when tiktok tracking pixel also collects information that is shown to users on the pages themselves. such as add information.

given this it can capture a personal information such as search keywords that you enter, search results, purchases, transactions, and any other information you exchanged or were shown on a page. this screenshot shows that happening on a health-care book and page for a health care provider. the collection of data is not new overall for social media companies or data brokers. but because tiktok is governed by china's cybersecurity law which requires all genies companies to share the data with china's authority, which are under the ccp's control, it creates a large risk. tiktok admitted in 2023 on using data to spy on journalists. specifically bytedance accessed users' personal data to track --

report its physical movements. additionally a couple of days ago both the journal reported that tiktok workers are sometimes instructed to share data with bytedance, without going through official channels. another channel for china surveillance are the backdoors and smart devices and appliances that can be used to allow someone to turn on the cameras or microphones and some of the modified software without anyone's permission to do whatever the vendor wants to do. smart teepees have been found to have backdoors that enable chinese operators to silently modify software and take screenshots, and upload those screenshots to services in mainland china. last week, radio freedom published findings that there

are tv cameras that still uploaded videos to their servers even after users disabled the feature. also the cameras have been used by russia. [indiscernible] today mainly tv's, refrigerators, think of everything you might have at home or the office, even light switches, are always on, connected to the internet, controlled by software that is and can be and was meant to be loaded by chinese companies that control them. which makes them particularly useful for silent surveillance. what can be done about it? the ccp created a powerful channel to collect data on users. built into our devices. our existing regulations do not adequately protect data against surveillance by china. while creating a nightmare in

terms of compliance and costs for businesses that follow the law. we must establish clear rules for everyone that are compatible with other major regulations. not just a european gdp are and other global rules. number two, prohibiting access -- permitting the rules are compatible with other major regulations. prohibiting granting access to un-transfer of u.s.-based users to entities under the jurisdiction of the government of china. number four companies along with their

executives that collect data from u.s. users should be held accountable in a matter similar to how companies and their executives have personally -- have been personally accountable for compliance with the sarbanes-oxley act. >> thank you. i'm currently a senior research analyst at the center for security and emerging technology at georgetown university where i study the u.s. innovation ecosystem, the flow of tech talent into and around the u.s. and u.s.-china technology competition. the view that i express -- views that i express today on my own. today my testimony will focus on u.s. policies related to the procurement of chinese-manufactured information and communications technology and services i cts across networks. i will discuss the challenges of implement in policies and conclude with recommendations for the commission. u.s. poly -- policy

makeovers have enacted various measures intended to keep potentially compromised technologies out of government and commercial networks. procurement bans. section 889 prohibits federal agencies and contractors from using i cts from five chinese technology companies including huawei and zte. the second is the secure and trusted communications networks act which tasks the sec with maintaining a list of unacceptable national security risks. service providers must inform the fcc one groups that receive funds are prohibited from using this equipment. the laws are too narrow and rigid in today's dynamic threat landscape.

luckily there are existing government bodies that already possess the authorities to implement the broad flexible regulations necessary to keep on safe foreign technologies out of critical u.s. networks. the federal acquisition security council created by the 2018 secure technology act and the commerce department's office of information and communications technology and services. which traces its origins to its 2019 executive order. they can order the removal of such technologies from federal networks. icts has even broader authorities. even though they have the authority to implement procurement bands, they have yet to issue any such orders. this is likely due in part to

the legal difficulties of standing up a new regulatory regime. it takes time to ensure the processes and procedures are robust enough to hold up in court. both groups have recently taken promising steps toward implement endeavor authorities. his government bodies can begin constructing the federal targeted nationwide policy framework needed to mitigate foreign technology risks. even once procurement bands are issued, policy makers will still face obstacles to implementing them. one major challenge is the complexity of the icts supply chain. the relationships are often opaque which makes it difficult to determine where a particular piece of equipment originated. technologies produced by chinese firms may be sold under different brand names or incorporated into other company's products -- other companies' products. enforcing procurement bands in

such a murky product ecosystem will require close monitoring and oversight, especially when the regulations apply to both public and private entities. the second major challenge is the cost. chinese technologies are often significantly less expensive than their counterparts produced in the u.s. and other countries. the low price tag makes chinese technologies attractive to many u.s. customers. especially those facing tight financial constraints such as state and local governments. a cash-strapped school may find itself choosing between buying a hit vision security camera to monitor the playground or going with out any camera at all. prohibiting the use of this trip technology could drive up procurement costs to levels these organizations could not afford. targeting procurement bands --

bans would help avoid placing undue financial burdens on u.s. businesses, and government agencies, and organizations. i'd like to offer three recommendations for how policymakers can build a more effective policy framework. first policymakers should rely on the fast and icts to implement the bans, regulate the use of these technologies across virtually every public and private network in the country. ensuring they have the resources to effectively wield that power will be crucial to securing u.s. digital networks. publish orders in a digital master list of procurement bands would make it easier for entities to keep track of the regulations they must follow. they should design procurement bands that target the sectors, networks and use cases where breaches present the greatest risk to national security and

ensure the regulations don't impose unnecessary compliance costs on businesses and other organizations. striking the balance will be critical for mitigating the risks posed by foreign technologies. progress should -- congress should help offset the high cost of procurement bands. as you procurement bands are enacted, they should collect data to monitor the implementation and effectiveness of the regulations across different sectors, geographies and product categories. this would help inform policymakers on how to proceed with feature regulation and highlight ways to make existing ones more effective. this will mostly require additional staff funding and resources which could be allocated by congress. the federal government can more effectively address the risks posed by certain types of chinese technologies across both public and private networks. thank you and i look forward to your questions. >> thank you. we will now shift over to my colleagues. we will start with commissioner

friedberg. >> thank you very much for your excellent testimony. ms. nikakhtar, you gave a compact description of the problem. the legal authorities exist to deal with it. you've argued the capability exists to deal with it what you said the will does not exist. -- but he said the will does not exist. i'd like you to expand on that. we've come to a recognition of the magnitude of this problem yet you are describing a situation where little has been done to deal with it. >> thank you. it is so frustrating knowing we have the executive order from 2019, we are in 2024, we have done nothing. agencies should not take that long to implement laws and

develop regulations. we have a broad authority that is flexible and can be helpful, since the 1970's, and we still don't use this. to your question, though, we often hear industry advocates -- they usually advocate for doing this in a nuanced way. you have to identify the companies first, the sectors, etc. it creates a whack a mole problem for the u.s. government when we are already spending so many resources playing this walkable game with china and russia, etc. we need a more streamlined way. how do we effectively do this? i will put my trade lawyer hat and say that every time we have nuanced laws, the chinese

exploit them with work arounds. we've got to have concrete laws. we ban chinese components and software in our goods. i can hear the argument about, there's going to be compliance costs. this is nothing like -- i think it's astounding the epa feels so comfortable putting out environmental regulations. of course it increase costs for everybody. but everybody does it. that should be a given. much like people don't complain that much about environmental regulation, national security regulation, let's move forward and not listen to the complaints because it is fundamentally no different than the other regulatory bodies that impose burdens on companies. people say, the economy adjusts. we imposed tariffs on 350 plus

billion dollars of goods, collecting revenue of 50 plus billion dollars a year. ni those first few years -- in those first few years, the upper underestimate is .25% of gdp. my point is this, we can do it. we have the laws i mentioned. i would not listen to the cost headache. it's a fraction and it is overstated. >> ok. thank you. what about possible legal objections? you suggested there's concern over legal challenges. could you say more about that? >> yes. 100%. back in 2017 -- don't quote me on the year -- dhs tried to ban kaspersky labs from federal networks. i think it sued the government

in two separate cases. that extended the process of getting rid of this technology for 2, 3, 4 years. the folks that i've talked to within commerce particularly seem to be -- it sounds like they are dotting i's and crossing t's. so measures are implemented effectively. recently, they conducted an investigation into tiktok and found tiktoks ued and -- tiktok sued and there were discrepancies on the exceptions on those authorities, if they would preclude commerce. it is difficult to implement this stuff. they are trying to do due diligence before they do so. >> thank you very much. >> commissioner glass.

>> i just want to take a moment to thank all of you for your testimony. this obviously is a very hot and timely topic with hearings on the hill and a lot of discussions. i'm going to start with you, mr. tsarynny. you noted in your testimony that chinese companies are required to share data under their law with the chinese government, on the data they collect and the risks to american consumers and our national security. just yesterday on cnbc there was an article about meta's future may be dependent on the growth of e-commerce websites like shein and temu which this committee did a report last year related to those sites. how do we manage this moving ahead? what are the risks to american consumers by using these kinds

of chinese e-commerce websites? what are the risks to our national security? what's the kind of data you believe some of these companies may be sharing with the chinese government? what is the liability? >> thank you for your question. there's a lot of important topics you have raised. i will try to address them one by one. firstly, why it is a risk is information and data collected about all of us, it is accessible to any government agency or entity in china. and it has been reported to have been used for spying already. secondly, beyond just spying, it can be used,

i'm speculating, to train ai, and know more about us than we know about ourselves. what can happen at one point is they will know more about us than we know about ourselves and they will always win, just like a chess game. thirdly is, what kind of information we have seen, what information they can collect and we have seen them collecting. it is everything online that you type into forms, that you see on a page. we have seen it being collected. we know everything about you for all of us, today or sometime in the near future, they will know everything. and how that can be used against us, just like in the opening remarks, we heard about eisenhower's

remarks, the next war will not look like the previous war. in their eyes, we are their enemies. they are using that information against us. >> thank you. i have a follow-up. i can sense your frustration having worked on these issues for the last 20 years or so. related to the fact that we have a lot of laws and mechanisms in place. the inability to enforce or the willingness to effectively enforce. i was reading over your recommendations about our various laws related to the prohibition of certain high-risk chinese hardware or software. thinking about the globalized supply chain as the economy and china is transitioning, how difficult this would be

to fully implement. i'm also thinking about american consumers purchasing items internationally shipped, where these items are not expected -- not inspected. how challenging this can be to really addressing the problem. can you comment on that? >> even items that are inspected, we are not doing the kind of inspection we needed to make sure they are not embedded with hardware, software, interfacing threats. but i think one of the ways that makes sense to do this, if we can pull the rug out from overnight. the chinese have the laws that mandate every company in china carry out orders of the ccp and do what is in the ccp's best interests.

i wanted to touch on a worst-case scenario to underscore the fact that these threats are real and they exist. china can easily turn off all the chips in our cars, so we can't get away, turn off the power grid, contaminate the water, and have a captive population so that they can bomb us, this is not unrealistic to think about. also underscoring government is stalling rather than darting the -- dotting the i's and crossing the t's. everyone's yelling about tiktok, but we don't even use the legal authority we have to put bytedance on the entity list which will then atrophy the app over time. this is stalling, punting, because the government doesn't want to be the one responsible for causing sort of economic harm. the only way to mitigate that is blanket restrictions.

we can't have chinese components anywhere. at least over time until the economy adjusts. >> thank you commissioner glass,. i have a lot of questions. in the interest of time, i kindly ask witnesses to keep the responses to yes or no or one sentence where appropriate. 43% of tiktok users get their news from tiktok. policy and content have received more impressions and views on tiktok alone than the total number on all topics combined on the new york times, usa today, fox news, the washington post, cnn, the wall street journal all combined. is it time we start treating tiktok as a news platform in this country? >> should we be treating it as one, you mean? >> given the fact that a majority of americans now get their news from tiktok, and of viewing tiktok as a social media

platform -- instead of viewing tiktok as a social media platform, should we treat tiktok legally as a news platform? >> one thing, the news outlets also figure out what to cover based on what is trending on tiktok. tiktok deserves an ultimate ban. i don't want to treat it as anything except prohibition. thank you. >> would have been the right decision to have restrictions on the foreign ownership of two new stations in this country? we know foreign dictators use media as propaganda to hurt us. . what's the difference between social media and media? isn't it a national security threat to allow our country's's largest news platform to be manipulated and controlled by the chinese communist party? >> we should not allow it. we should have the outright prohibition. this is also, i want to

underscore, where we are falling short, the approach they take is unnecessary, it is a weaker approach. we need to go in with a stronger hand. these are real threats. >> and ms. nikakhtar, is perjury punishable by time in prison? >> yes. >> the ceo of tiktok set american data has always been stored in virginia and singapore. a may 2023 investigation showed substantial u.s. user data on tiktok has been infected and china including the financial information and social security numbers of u.s.-based creators. doesn't that sound like perjury to you? >> 100%. >> audiotapes obtained by buzzfeed contained 14 statements from nine different tiktok employees indicating that engineers in china had access which was september of 2021 in

january of 22 to u.s. user data. help me understand why that is not perjury. >> it is perjury. tiktok just knows that the u.s. government doesn't have the backbone to prosecute it. so it feels emboldened to continue with the misinformation. >> in one tape discussing access to u.s. user data, a tiktok employee also referred to one beijing-based engineer as "a master admin" who has access to everything. it seems to me like perjury sounds like perjury and smells like perjury, does this panel agree? >> absolutely. >> yes. >> china has banned every american content platform in china, and yet we give them unfettered access to our market, our data goes in, our data goes out, and there propaganda comes in, which dozens on the -- their propaganda comes in which doesn't sound like a good deal for the u.s. consumer. should there be a band of

chinese media apps in this country? >> absolutely. >> yes. >> this is outside of my area of expertise. i don't care to comment. >> does this panel agree that our reliance on chinese supply chaind makes -- chains makes our country vulnerable? does the panel believe the congress should consider concrete steps to incentivize u.s. tech companies to reassure their supply chains outside of china? >> we only know the tip of the congress needs to know the executive branch needs to move. >> 100%. we agree. >> i agree. the executive branch should look to restore technology supply chains. >> do you believe tariffs should be part of the consideration for the solution? >> tariffs are part of the solution because it allows the importation, at a higher cost. the threats are grave.

every single tool in our tool chest should be taken out and used. >> this is outside of my area of expertise. >> thank you. commissioner price. >> good morning. thank you all. your testimonies were very helpful. my colleagues have asked some of my questions. i will go back to a few of them. before i do that, mr. tsarynny, i need the remedial explanation about the pixels and tiktok and how it gathers information from people who don't have those apps on their computers and phones. >> thank you for asking. what is a pixel?

it is a term -- a piece of code loaded by the page when you open your browser, and you go to your doctor's appointment page to book an appointment, or you are buying something online or logging into your bank account. companies use pixels to advertise and understand if money is working properly for them. if the advertising campaigns are effective or not effective. there are many other purposes for pixels. they are loaded into the page and they have the ability -- and they do observe what users do. are you scrolling down on the page? clicking on any particular buttons? typing a password or e-mail address, credit card information, and so on. they do see all that information. often they collect and send a copy of that information to themselves. so therefore they will know which websites you visited.

if you use the same email address to log into two different websites, they know which websites you visited. it's a simple example. hopefully that was clear. >> ok. i think the confusing part is how if you don't access it, how it comes through anyway. >> let me clarify that part. pizels are running on website -- pixels are running on websites. they are sending data back to tiktok or other users. if you have never used the app, mr. trump you on every one of those websites you visited that -- they still track you on every one of those websites you visited that has a pixel. you never have to use tiktok itself. maybe now they know your e-mail address, your ip address. everything else around you that's a digital entity, a digital persona. >> those websites that have those pixels hanging out,

for lack of a better word, those who administer those websites, are they aware? do they get compensation through ads? or does it just happen by itself? >> sometimes they are aware. in most cases, they are not aware. those pixels are loaded by intent and forgotten. they are always on an active, sometimes loaded by accident or by incident, or without owners' knowledge. >> to everyone, i think as we continue to have conversations about concerns over all of this technology, collecting all this data, it is clear to most americans why this matters on the security realm. how would you address this

in terms of personal information? what is the impact the ccp -- what is the impact of the ccp having this information on them, where they shop and the kind of things they buy or what music they listen to or what have you? >> our adversaries have talked about information warfare, the information campaign. all the way from what children are exposed to, the kind of news we get, fundamentally what i see is spilling discord into the u.s. if we are fighting within each other, they are sort of infusing inflammatory sentiment into our ecosystem. the more we let that happen, the more we are at each other's throats, by design, we do not come together against a common adversary. >> i completely agree withthat

statement . -- what the information from pixels, what it's been providing his what teenagers or anything else are reading, what pages they follow, what pages they visit. that creates a lot of powerful insight and data about other conflicts in our societies and creating discord. >> i don't have much to add. everything that they said, i would agree with. >> thank you all. >> commissioner schreiber. >> thank you to all witnesses for your excellent statements and contributions today. a quick question for each witness, thanks for your service, ms. nikakhtar. you made an interesting observation. nobody cares about compliance

costs when it's in the realm of protection versus security. is this the only area of compliance? well beyond environmental, there is ada compliance, does this strike you as sui generis? >> the fda is another example. there are areas where there is regulation for human safety, it's astounding how industry accepts it. this is a necessity to get to x, y, and z. juxtapose that in terms of national security and that is outstanding. the industry does that because the narrative works. they know it doesn't work with

the fda, with customs very much. we are emboldening industry with this narrative. and we don't have the capability to understand there's nothing wrong with can science costs -- compliance costs if there is an end game that is national security. >> i'm going to paraphrase one of your recommendations, something to the effect that any entity that will store personal data should bear the responsibility of security and protection of that data. given what we've discussed, the relationship between the party, government, and chinese entities in china, is there any scenario that a chinese entity could meet your standard of, we guarantee protection of this data? >> thank you for the question. the follow-up question will be,

what is there is a clash of rules? chinese law requires companies to disclose that information and another one prevents it, which one will prevail? the people from the pla come and knock on the door, what will that ceo or engineer do? i think the answer is clear here. >> in essence, the chinese will not be able to meet it. >> exactly. >> paraphrasing another recommendation, mr. corrigan said, when it comes to procurement bans, of the regulations -- of the focused on critical sectors, while not infringing or harming non- sensitive business areas, again paraphrasing, that conceptually

makes sense. it's a bit of a goldilocks. some entities protect the others. can you give us a sense of what that will look like -- would look like? >> dhs has identified 16 critical sectors. that would be a good place to start. i think that these determinations -- i am an outsider looking in. as to what the risks are in different situations. the determinations should be based on the real risks that are being faced and the evidence out there for them. going back to some of the compliance costs, financial burdens, i can't speak much to the private sector but i know state and local governments for instance, these are organizations that are vastly resource constrained, i would argue that they do think about security, they just have a limited budget with which they can approach those issues.

when they are figuring out how do allocate the resources, from the folks that i've talked to, many are poor and goes into defending against very pressing immediate threats like ransomware. while they aware in some cases of the risks that foreign technology presents, to them they are fairly abstract, and that is why you see them allocating the resources the way that they do. one other point, i think that a low -- procurement bands should be one thing used to address some of these risks. we have seen chinese actors access government networks unauthorized through u.s.-made technologies as well. i think advocating for basic cyber hygiene, two-factor authentication and strong passwords and that kind of thing will address the risk in a much lower cost way. >> thank you.

of the risks are viewed as abstract, we need to do more of this type of hearing. thank you you two are cochairs for doing this. thank you. >> >> thank you. commissioner wessell. >> thank you all for your testimony and your long-term work. it is deeply appreciated. we know how complex this is. we have been pushing for years in various ways, each of you has been pushing for years to try and enhance security, abate risks, etc. but we are still having this hearing today. there's a lot of action that needs to occur. this is sort of like trying to nail jello to the wall, in some ways. in thinking about what we -- about the collection issues, pixelated surveillance, i am

reminded of pixelated viruses, which has not been discussed for a while. we can go into that today as well. but it seems to me like the old line of, capitalists will hang themselves, looking at these issues for this hearing, it seems like we are also creating the problem ourselves. by that i mean that i looked at data brokers. here we have -- again,you talked about tiktok . the ability through pixels to collect information, without knowledge. we have data brokers who are selling this data to the chinese. and we also have now an entirely new threat vector that is rising. which is autonomous vehicles. which some liken to, you are

sitting inside an iphone. your eye movements, whatever you are talking to, collecting, communicating with is being collected. help us understand what acts of comission we are engaged in. i will turn to you first, mr. tsarynny. because of your work on pixelated collection. where do data brokers in the actual -- and the actual transmission come into this? health care or otherwise? >> thank you for the question. you are correct, tiktok is one of the vendors, one of the data brokers that collects information. >> what we have u.s. data brokers -- >> but we have u.s. data brokers that are collecting tens of thousands of data points on each of us and they are able to sell

that to the chinese were anyone, correct? >> that is correct. also like you said, we are creating our own problem. we are here because of the last 20 years of keeping a blind eye on that issue. in waking up in today's world where we are surveyed through data broker technologists. some of them are owned by tiktok, like the pixels. but many are not owned by tiktok, we've seen kaspersky and others on the ban list. we've created a problem by ignoring it and not preventing it. my recommendation would be act sooner rather than later. >> i'm speaking for myself, not my colleagues. i'm asking questions to gather data.

not to impose anything on this commission. we, i think, appreciate the fact that most of our reports are unanimous, and the recommendations usually reflect broad consensus. but we have -- for example, i use a vpn, i don't know thati should divulge this , i use european websites, because i know i'm going to be covered by gdpl. i get pop-ups to be able to stop all the collection, other than pure analytic data, anything else. what kind of system -- is there a systemic way we can guard against what's happening with tiktok, but also our own data brokers? should we be treating data as a greater intelligence, military security, economic security asset than we are today? >> i would say there are two

main parts to it. part one is the technology part. anything technology-wise can be eventually solved. we have a lot of smart people that can solve it over time, sooner rather than later. the second part is accountability. when companies don't have consequences, they don't act. if they have a consequence, like a hefty penalty, like under gdpr, or under prison time, they read the financial statements. because of the responsibility -- the personal response ability that executives carry. >> my time is lapsed. i think we have time for a second round. back to you. >> since commissioner cleveland has joined us, i want to give her the opportunity to speak. alright. we can move on to the

second round of questions. does anyone have further question? mr. friedberg. >> wanted to follow -- >> i wanted to follow commissioner wessel's line of questioning. my correct in understanding, tiktok is not unique in the techniques it is using or data it is collecting on americans, is that right? >> it is very similar to others. there is some uniqueness we have observed. it sometimes collects more information than other vendors or data brokers to. -- or data brokers do. >> what is concerning about it is the volume, is at 70 -- you said 75% or something like that. are there others in the same league in terms of the amount of information? >> absolutely. other companies collect on even more websites. there are dominant players,

others. the concern with tiktok and bytedance specifically is everything they collect isaccessible to the ccp and china. >> it is about who it goes to and who can exploited at the other end. >> and the impact of the use of that data, yes. >> rate. further, if i understand correctly, what they are doing is not illegal under current laws, is that right? >> mostly -- that's why i'm pausing. every industry has different regulations. mostly, it is legal, and often companies, from our experience, speaking with organizations that have to comply with hipa, they tell me, tell us if we have an analytics tool or a pixel on any of these pages, we have to get rid of them, so they are paying a lot of attention. other industries are almost

ignorant. not paying attention to that issue at all. >> but if tomorrow, we wanted to get rid of this, it would have to either be a blanket regulation that would prohibit the collection of this kind of information, or specifically targeting a company like tiktok, cutting its link to concerns? >> there are two very related issues. one is general information privacy. that is blanket to all data brokers. and the second one is information security when it comes to espionage and foreign parties, for example, tiktok. >> the collection of information, for example, you mentioned passwords, bank account numbers, regardless of who is doing it, tiktok or another company, that is not illegal? >> depending on the industry,

depending on which law -- which jurisdiction the company operates in, for example, in the u.s., 17 states brought up their own private regulations, because there is no single blanket privacy regulation, sometimes, it is illegal, sometimes, it is legal, sometimes, organizations are not even aware of what is happening, that their information is being collected without their permission. >> one last question on this, to make sure i understand, you said there are things tiktok is doing that are different than others? >> yes. >> can you say more about that? >> yes. what we've seen is, for example, not to put meta on the spot, i will just compare the two, meta will collect information related to marketing campaigns, broadly, did you see the ad? did you visit the page? what we see tiktok do is

the same plus also sent a copy of everything presented to you on the page, including whatever company -- including whatever sensitive information is on the page, history, transactions or anything else, and they send a copy back to themselves. >> time is short, but i wanted to ask another question about hardware. to mr. corrigan and ms. nikakhtar. the obstacles to making the changes you've described, you talked about cost, label obstacle -- legal obstacles. there are alternative sources of supply. the lack of capacity to produce the things now being purchased in such volumes from china. is that correct? how big a part of the problem is this? >> i think it's a huge part of the problem and why the costs are so high, you don't have an alternative source that is

within 50% of the price. >> so we're just not making a lot of the stuff? >> yes. i think this is a bit outside of my area of expertise but it varies a lot when you look at different product categories so in some of the research i have done, we look at security cameras and there is nothing within -- nothing of comparable performance within the same price range. >> this is a chicken or egg problem. we are preventing innovations, preventing companies from getting into the marketplace so that is part of the problem and i also just, very quickly on the data transfer, everybody knows export control laws extend to goods, software, and technology. data is transferred through software so we can use export controls to prevent the export

of sensitive information and privacy laws are mainly consent based so people do not know what they are consenting to. that is why it depends on the lawmakers to protect them so i am not a fan of consent based national security measures. we should be using export controls. thank you. >> thank you. commissioner, did you have anything to share? let's thank you. now that i have recovered from traffic, i gather the commissioner asked about the tractor but i would like to follow-up to understand a little better. i gather it is something that is embedded in a webpage, email, or ad. could you explain the process of how tiktok would have access to a non-tiktok platform? that is what i am lost on. >> so how tiktok gets onto the

websites, here is an example. company x wants to buy advertising campaign onto top. they pay money to tiktok, and tiktok and company like them tells them -- tells company x you will install this little pixel that will track the effectiveness of the marketing campaign or advertising campaign to tell you if you -- if the dollars made are worth the spend. the company installs the pixel and it usually remains on the website way beyond the end of the campaign and because it is still there, it still collects all of this information that it has access to. so that is how they get through a legitimate way and we often have seen where it gets there by accident or through other

unintended consequences such as somebody loads a tool called a tag manager that loads many other tools and that is the dynamic nature of the websites we all use today is they are not coded by the developers. they are almost like assembled in real-time from pieces of code that are loaded from any country in the world, so for multiple countries. that is the reality of the internet we live in today. it is not coded or prepared. it is loaded dynamically at the moment you load the page into your browser. >> virtually every company does the same thing but as you point out, it is where it is going in the end, which raises -- the commission has looked at temu and shein in terms of weight the--- the way they approach the american market so i'm curious as to whether you looked at other large marketing

platforms that sell products other than tiktok because i think tiktok is the problem of the day but i think there are other ones on the horizon. i'm interested in all of your perspectives. while we are obsessed with tiktok and what it does and does not do, what other companies do you see as emerging as similar kinds of risks? >> outside of risks, national security risk, security data privacy risks, this is public information. google or alphabet technologists are the top two with microsoft being -- advertising platforms. there is a snapshot, adobe cloud, or adobe marketing technologies are also very popular and common. that is the norm. this is how the internet works today.

do they collect a lot of information? absolutely, they do collect a lot of information. do they collect more information in the u.s. of americans, for example, when you compare to europe? yes, we do collect more information on americans than europe because europe has more stricter regulations and laws around it. >> the united states is also a bigger market so that makes sense but i think i was interested in chinese companies that are potentially the same kind of -- they provide a consumer product like tiktok does. have you looked at any other company or have any of you looked at other companies to present similar data risks in terms of the u.s. consumer? >> yes, we have seen other companies that are chinese or are associated with china. tiktok specifically, the giant

amongst them in terms of the volume of the data they collect, but yes, other companies are also present. >> what my those other companies be? --what might those other companies be? >> specific brand names are escaping me. hard to pronounce and remember them. >> perhaps you could provide it. that would be helpful. we are behind the curve on tiktok, right? it had massively infiltrated whatever age demographic and market and so it is a question of closing the barn door after the horse's outcome as it were. i'm just curious what is on the horizon in terms of the next company that is a problem. >> may i just add that it's the apps, the photo editing apps, the videogame apps. every time i see them, i thought i would look at the ownership. it is the clothing app

marketing. it goes beyond what those apps do. those apps can actually draw code into your phone and that code can then extend to all of the activities of your phone, your microphone, your camera, and it is in your phone and that code can also transfer malicious code into the router of your home and connect to the telecom infrastructure and it spreads. by just one app being able to drop code in your phone, the malicious code can spread across the system like cancer. and who has assessed the risk? that is very helpful, that sequence of events. who has assessed the risks of the top 10 chinese companies that are engaged in this kind of marketing and then obviously respond to the ccp's guidance? has anybody looked at -- i would

also flag hourly pay -- alipay. that is a problem and you have that app on your phone and it works beyond a payments app with all of the other threats that i mentioned so it is certainly these dominant ones. man, alipay, that's another want to look at. >> i can add a few company names. i have some of them. 10 sent, alibaba, alipay, obviously, we chat, tencent, pub t-mobile commanders other apps that are doing that. >> we did a paper on this. at the time, the administration assessed it was a problem largely contains two chinese citizens that were here studying, traveling, and therefore using alipay, because like you, i had that reaction

when i walked into cvs. has it changed, do you think, in terms of who is actually using alipay, or all the ones you just listed? i don't think of them as having access to the american market the way that tiktok does. >> from a legal standpoint, i have not done the forensics to see if it is happening but of course, one would say it is what the ccp mandates. there is no legal prohibition. if there is no legal prohibition in china has the desire and motivation to command its companies to do that, let's make our lives easier and assume it is happening, right, and get on with it and try addressing the problem through solutions. >> thank you for those excellent comments. i have a follow-up question for our witnesses. isn't it true that bytedance has an internal ccp committee and isn't it also true that the tiktok ceo reports to the

bytedance ceo and therefore is also accountable to that bytedance ccp committee? >> yes. >> yes. >> is there a single other large social media platform in this country that is internally governed by a ccp committee? >> we chat is going to certainly be one of them. alibaba alipay is certainly one of them. any company that is of any relevance to the ccp is going to have ccp board members. that is part of the chinese laws, the mandate. >> and is the bytedance ccp committee they are to maximize shareholder value or do you think it is there to advance the ccp's political objectives? >> 100% the ccp's objectives. the ccp does not care about money. it cares about power and influence. >> so there is a substantive difference between the corporate incentives at american tech companies like alphabet,

snapchat, and the like, and chinese companies which have a dual mandate to also advance the ccp's political objectives. >> americans motivation is money. china's motivation is to infiltrate, cripple our system, and gain the upper hand, without question. >> do you think the ccp committee is instructing the second of management of tiktok -- executive management of tiktok to make sure it is fully compliant with the unfair and deceptive practices clause of the sec acts -- sec acts? >> absolutely. they know they are insulated in large part from legal recourse. we don't have the will to be much about it, but if the chinese individuals are there, they know we can't bring them to justice here. >> some of you said earlier that -- i think it was you that mentioned earlier that there is a contradiction in our laws and

the expectations that we have on personal privacy and free speech with the laws of the chinese communist party, the expectations that they have on the extraterritorial applications of their censorship norms as well as their surveillance norms. can you elaborate a little bit more on that and could you walk us through a potential scenario, if you are a tiktok operating in the u.s. but accountable to a foreign government? i would love to hear your thoughts as well. if you have thoughts, feel free to weigh in. >> thank you for the question. i will share from personal experience first, i was born in the communist country. i grew up in the soviet union. i remember what it was like under communism. my family tried to escape and finally escaped so from my personal experience, i will tell you that in a communist country, no laws make a difference except for what the communist boss

wants to get done. and under that premise, i will suggest respectfully that in a scenario where a ceo of bytedance were tiktok is in a room with a ccp official, and they want that person to do whatever they want, what will -- the ceo will comply with it. he or she does not have a choice. i believe, no, they don't have a choice. they will comply with the chinese law. >> thank you. >> and i will add to the earlier question about profitability, i mean, chinese government owns the radisson hotel chain, publicly available. -- the ccp is interested in hotel profitability or is it sort of another surveillance capability? but china has the corporate credit rating system which is like the social credit rating system.

corporations cannot function in china, much like the rest of the world, but there's more hurdles for corporations, without the government's approval for x, y, and z. even if the chinese government doesn't go to a corporation and say i need you to behave in line with these goals, when it is the corporations time to come in and ask for something, they are going to look at what have you done for the ccp? have what you done in the ccp's best interest? that is a tool when a company knows it cannot get certain licenses, permits, etc., from the government, if it does not comply in any respect to advance the ccp's agenda. of course, it will engage in nefarious behavior. that is what is expected. companies know what is expected even if the ccp does not tell them do x, they know they have to if they want permits, etc. >> anything to add? >> nothing to add.

>> would you say that it would be accurate to characterize that effectively the claim by the tiktok ceo with project texas amounts to him trying to describe that he created a one company, two systems approach with project texas and do we -- should our policymakers have any more faith in the one company, two systems model he is professing to have created than the one country, two systems model that epically failed in china? >> something fun that would be worth doing that you just said, the u.s. government has a defense production act survey. it is compulsory. it would be kinda fun if the u.s. government decided to issue that survey to tiktok and ask all of these sort of -- if i'm going to believe you on your texas project, what are all the things you are doing? you get the responses and follow-up by doing audit because if the responses are compulsory, the government can go artery --

audit whether the responses are true and the government should take some forensic auditors and i think it would be really fun to see what the governments find. and of course, we are going to find a lot of violations with the u.s. law which then means you are not going to comply with other prohibitions that we are putting on you. but that is another instance where the government has the legal authority to assess safety as a high-risk actor that is already operating in the united states. nobody has decided to do it. we are still waiting for somebody to step up and take action. have the authority and i think it would be fun actually to exercise it in the way your question was getting at and i had just mentioned. >> thank you. any further questions? commissioner? >> hi, i just have one other question for mr. corrigan. i'm going back to some of your recommendations, which are very

helpful. one of them, number two, fully fund with the program. how much money are we talking about? >> so the program which initially focused simply on replacing huawei equipment in social networks was funded at 1.9 billion dollars. the initial wave of applications for replace funding was around $5 billion and this is after they reviewed everything. the one that got approved was $5 billion so that is a $3.1 billion shortfall for the first round of applications for two companies. if procurement bands were expanded and -- bans were expanded and they would help offset the costs, as i think they should, we would be talking in the order of at least tens of billions of dollars to do so. >> um. i have one more question.

a third one was to target procurement bans in high-risk sectors. how would you triage where to start? >> i mean, it's a great question. i'm kind of -- this is a bit outside my area of expertise. we have a lot of great people who work in the national security apparatus who would be able to figure that out. i would say that it is probably somewhere between a local government parks department and a nuclear power plant. i think it is really context dependent. i think it depends on what the specific technology is, the kinds of capabilities that it would offer bad actors who were able to breach it and access the networks of wherever it is deployed and i think that those are determinations that need to be made by the regulators that oversee these entities, and right now, the way that i cts authority is set up, there is a

range of variables that can be taken into account when they are making a determination. these orders they can issue can be as targeted or as broad as they see fit. and the same with the federal acquisition security council when they are looking at federal networks. one thing i would add, i do think -- i don't mean to come off as saying procurement bans are not warranted. i think they are warranted in these situations. i just think that when we are doing so, we need to be thinking about the impact that it will have on the organization that needs to comply and in some cases, i mean, there will be compliance costs everywhere. in some cases, those costs will be very warranted and those are the areas where we want to have potentially federal funding coming into make up any of that gap but if you have a situation where, say, you have a public transit authority and in complying with a procurement ban, they are going to have to shut down 50% of their bus lines, rail lines, that is a really large cost.

they can comply with it but there will be massive costs to them and the users of that service and i think in those cases, you want to see some government stepping in. i hope that answers your question. >> thank you. and you know, i think we probably have hours of questions so you may be expecting some written questions -- i hope you will be able to help us. i share the concern about tiktok and with the volume of collection and the ccp authorities written, unwritten -- persuasive as they are -- to me, creates a real risk, that factor. but i think we have to look at this in two ways. one, what is the platform risk? tiktok proposes an enormous platform risk. you talked about pixelated interception. i mentioned related viruses.

we have the car whisperer platform that can listen in on any bluetooth conversation. a high gain bluetooth antenna works for a mile, not just 30 feet. there are so many opportunities and vectors and attack surfaces, etc., to collect data. shouldn't we also be looking at whether there are kinds of data that should not be subject to mass collection? or should be anonymized? geolocation data, for example. which, you know, when you have a security clearance, you cannot wear a fitbit into a secure location because that data can be collected and then they can determine, you know, where you live and follow you, etc., etc., so should we be looking at this from two angles? one, what are the platforms for collection? but two, what kind

of data gives us the biggest concern? and how can that data be aggregated to create profiles and risks? risks in a very real sense in terms of intelligence gathering, in terms of -- as you pointed out about water systems, all the various things, it seems we have an incomplete matrix now. we are playing catch-up and we are not doing it very well. this commission for years ago identified logging as an example of a ccp sponsored platform being used in ports around the globe that collects all data on ship cargoes and 90% of u.s. military cargo travels on commercial ships. it seems to me, you know, and again, i want to stop tiktok's collection, but i don't think

that is success. i think success is much broader. any comments from the panelists? >> thank you. yes. definitely. like you mentioned, there's a couple of issues and they aren't layered type of issues. one is what kind of information is collected or should be collectible or un-collectible or prohibited from being collected, second, what is that formation used for? what is the impact? what is the likelihood that it is going to be used for that impact? what kind of harm can it cause us? and third is actually should there be any kind of rules to govern the first two? what controls making sure those rules are followed? no laws are useful unless they are followed. no regulation is useful unless it is really followed so to answer the first one, yes. a lot of information is

collected and you can call it broadly -- the way data brokers for any other companies look at it, they want to collect as much as possible to monetize it for commercial purposes and then for some cases, it can be used for espionage. what can it be used for? like you mentioned, the cameras tracking the cargo in the ports. now, the cameras are on the street. they can track personnel. they know where everyone is at any point in time so if somebody wants to strike -- find the best time to strike, they can find it because they know where the least personnel is present, and the third point is is really at this time very little accountability, little to no accountability in most jurisdictions, in most aspects of data collection. >> let me also add that i have zero faith in the government's ability to keep our information secure and clear screening at

the airport now, the information of the social security administration, department of motor vehicles, etc. government systems have a lot of chinese software in it and our government cannot even safeguard our information, and you know, genetics has been covered a lot but the other thing i wanted to mention is just am a graphic information. if the chinese, for example, get information from a sporting goods store, they will know the amount -- likely, the number of children in that population by how many kids bikes and t-shirts and stuff. we don't want the ccp to have that kind of information. it could target attacks based on demographic information. >> may i add one more point? >> go ahead. >> one point to add is, like you mentioned, creating discord. we have seen information being collected about health conditions, miscarriages, abortion information, and so on, which is very sensitive and can

be used to create discord. >> i think that all bleeds into our next panel as well as we look at ai and large language modules, etc. -- models. so my time has elapsed. i think the panel -- i will turn it back to the chair. >> thank you. thank you to our witnesses for their excellent testimonies today. we are at time so we are going to break for 10 minutes and then we will resume with panel two. >> hmm? [chatter]