This file contains archived live captions of the open meeting of the Federal Election Commission held on June 06, 2019. This file is not a transcript of the meeting, and it has not been reviewed for accuracy or approved by the Federal Election Commission. >> Good afternoon. The open meeting of the Federal election commission for Thursday, June 6, 2019, will come to water. We have a quorum physically and telephonically. The Vice Chairman is with us by phone. The first item on the agenda is correction and approval of the minutes. Commissioner Hunter? Thank you. I'm in approval of the minutes, docket 19/20 2A. Thank you. The discussion on the motion? If not I will call the question? All in favor say I? The motion passes unanimously. The next item on the agenda is draft advisory opinion 2019 07 we have some late submitted documents. Commissioner Hunter? I suspend the rules so the commission may consider agenda documents numbers 19, 23 A and 20 3B. Thank you Commissioner Hunter. We moved to waive the time of the submission document so we can consider the drafts for a visor it is in . But that the documents 19, 23, a and B. Any discussion on the motion? If not I will call the question all in favor say aye? The motion carried unanimously. Mr. when Zager? Good afternoon Commissioner. Agenda 1920 3A art a draft response to emails reaping the request some of the high security request asked by the cyber security services to federal community's proposal because the provision of such services would result in in- kind contribution. [ Indiscernible ] I can answer any questions you have. Thank you. Would you like to come up to the microphone? I think you have some questions. You have your client with you. >> Welcome. Thank you. Is anybody have any questions or comments on the advisory opinion request? Commissioner Hunter? Good morning and welcome back. It's nice to see you. I thought we would get off by asking you to explain the proposal from the beginning, the's mission so, the subsequent comments provide more clarity and there was little bit of a question about some of the representations so if you wouldn't mind giving us an overview that would be helpful in a good way to start. Thank you. As you know we have cemented a request seeks the commissions concurrence that the proposed pricing model that security intends to use in connection with providing specifically contact phishing services to federal candidates and political committees were not in fact amount to an in-kind contribution to the existing framework and rules in place and camping finance. We have the CEO and cofounder of area want security, previously worked at the NSA, as well as the United States cyber command, hitting the highest level of security clearance NSA, and worked on cutting its computer network issues and part of the hacking team. After that he transitioned to private-sector work or he founded area one for the purpose of creating and transforming the way cyber security is provided and specifically with respect to anti-phishing issues. Which is this commission is well aware, is of particular concern with respect to federal candidates and committees which are highly targeted and frankly underprepared potential client. >> He can answer in great detail, questions about the pricing strategy and the service offering so I will leave that to him so I don't mess it up. As to the legal outlined in the request, it's our review we are not here asking for the commission to do anything different than what the law already provides. A yes traction I require an exception to any rule or overturn any prior commission president, is our view what the pricing network is promised on is the business considerations that they use, are within the ordinary and normal course and the kinds of activities that the commission has in the past blessed. As not constituting any kind contribution. At the commission is aware, the legal issue in this case is essentially is this activity and pricing strategy falling within the normal course of the business and other proposing to offer it to federal candidates and committees on the same terms and conditions that they would offer to nonpolitical entities or individuals. Answer is yes. So we can talk about why that is so. The commission has within the last year addressed similar rest the Microsoft AOL 2018 11, is what comes to mind. It seems to us that opinion should be conclusive. The rationale for saying yes there if TwoTech tighten that substantial issues before the same political candidates that it is seeking to revive its free software package to nonetheless an advisory opinion so we can do that for good reason. Specifically the same set of factors that apply there apply to our request in stronger measures because the first factor that was considered in the question relating to Microsoft provision of services to existing customers, that was weighed in the this isn't to say to Microsoft we are looking to provide services to existing customers it's true. To be frank if you look at the request of Microsoft sent in, it doesn't appear that they had existing free service there were political entities were also existing customers. I think the request said that often election sensitive entities and organizations use their products. But they do not say that they were only given this free solution software purchasing client. The rationale in the Microsoft opinion that this was turning on the question of visiting customers related to Microsoft's assertion that they want to protect their brand from damage of the needs of the customer was hacked. That was how that was used in the opinion. Here Area want this one thing, everyone provides anti- phishing services. And that is the particular thing to federal elections and candidates are particularly vulnerable to a particularly fruitful target this is sort of the Ground Zero of the sort of four national battle in cyberspace. For area one, to not be able to allow its employees to work on those issues, damages area one's brand as well. It damages if you think about a rationale here that there's a test, as to which relates to the waterfall of the entity that seeks the services, the longevity of the anticipated provision of services, and of course the research and development benefits that come from providing the services, and also we have some that was the pride factor but it is more complicated than that. Essentially goes to the economic benefit that flows to the entity by having to retain and motivate some of the most sought after highest value tech engineers in the business. In a highly competitive marketplace. For them to be excluded from this particular contest would be --this is the fight that they are preparing that they are prepared to make, it seems completely untrue for them to not be able to do it because of a regulatory regime honestly is not the issue before the does it doesn't relate to what it wants to do. This is an a secret way to make a contribution in order to influence an election. Which is really a bottom-line question. This is the business that they are in, it's just so happens that the entities and the vigils that are targeted falls within the sphere of political candidates as we saw in 2016. It seems strange to exclude them from that and in the other respect the Microsoft opinion is right on target, the same issues, the same concerns the commission stated. They apply with more greater force with respect to our request. On the legal side, it is our view that this falls within the established framework for these kind of activities. The commission should not have to extend a lot more to say yes, it shouldn't have to overrule any past decision. It is consistent with the law so that's why we're looking for a yes here. I know he had comments ready I don't know if you want to do a question-and-answer or -- We are happy to hear his comments. Expect it will be illuminating. I can only hope. Good afternoon. Thank you for allowing me to be here today I'm proud to be representing my company, the mission area one is to eliminate phishing and a phish attack seems to make computer users and individual taken action which causes heart. I want to give some examples. This could be the downloading of a file that attach to an email, this was the case in November 2016 when the Russian GR you sent phishing emails to accounts used by Florida County officials. Another example could be trying to get individual just like you and me to click on the link, and this is the case in 2061 John Podesta the chair of the clean campaign was directed to a web so we thought he was changing his password but was turning over to Russian cyber actors. I cofounder area one after serving for nearly a decade at the national security., The fishing is how foreign cyber afterthoughts the campaigns got it up and organizations around the world conduct the business, it's about 95% of cyber security damages occur. Repeatedly almost exclusively to report on the investigation to Russian interference refers to phishing as the cause of damage inflicted upon the electoral process. It might sound simple these phishing attacks but the reality is as humans we cannot be taught to be a less human. We have an innate curiosity and willingness to trust complete strangers, a childlike interest in a good story and all these worked against us in cyberspace. >> All these work against us. That's what makes it impossible for humans to be independently trained or made aware of how to stop phishing attacks. As such the software that I developed is so by organizations around the world, everyone security has developed and proven solutions for limiting phish attacks today and we're proud to be protecting many of the largest companies in the world and startups like if it's computing, new space, and many nonprofits. We have developed a business strategy that is rooted in accountability and accessibility. Many organizations who desire to protect themselves from phishing have very limited financial resources. They limit the professional cyber security staff, some of the only Opera for short periods of time and as such our strategy considers the needs of these organizations because we get research opportunities often in the revenue growth that comes from better research and development and the pride that we are not protecting them phishing. In a recent letter to shareholders, they suggested it will spend up the central million dollars protecting the bank from similar cyber attacks that candidates receive we cannot expect each campaign organization to pay as much for protection against the same types of nation attacks is large corporations who face similar sophisticated campaigns. >> Candidates seeking federal office have sought or solutions that expressed any personally fears about the unfinished they also share concerns about the cost of cyber security solutions and I hope your visor opinion will provide clarity that the pricing strategy that we provide to everyone on an equal basis is something they can take advantage of. The successful businesses in our economy are data-driven. That means they post recruit and retain except without the computer sciences, experts in big data, mathematics, vision, intelligence, as well as subject matter expertise. They must have access to data and data-driven companies cannot live in a vacuum as the algorithms we develop our depend on more and better data. First to be commercially successful in CyberSecurity there is a need for access to real tax scenarios in that scenario is that you as they relate to elections. The CyberSecurity data 50.3 million times that of uranium 235, relying on historical data is insufficient to progress. Our strategy is not based on patriotism, it's good business. It's within the mainstream of our modern software business. I've been in front of these attacks which you are uniquely prevalent US elections is in a opportunity . I want to be clear we're not offering services to candidates to curry favor I'm not sure what that favor would be because unlike other corporations today to offer free solutions, to candidates, everyone performs in the lobby to make no political contribution when our software used properly it's a notice by 99% of the employees who work. To their software used by hundreds of companies and analyzes billions of evil messages and socks phishing attacks and its remain to specialized staff. We want to stop phish attack I thank you for the time. Thank you. Congratulations on the success of your business. >> Any questions? >> I apologize I cannot be there in person. I appreciate you and make yourself available. The question I have I need some clarity as to how you plan to apply the pricing model. I believe draft is premised on the notion that as a class, you would play to exempt political committees and candidates from having to pay for the services. However subsequent information indicates that might not be correct, can you confirm how you apply this model is it the case that you will be applying the provider model not to political committees in federal candidates as a class but to each individual committee? That may result in particular clients receiving services at lower or no cost. >> Thank you Commissioner Peterson appreciators , thank you. It was kind of you. It is the latter. The proposal is not to carve out special pricing for politically related entities, and candidates, the proposal is to apply our ordinary four factor test that the entity applies whenever it is a fixed fee for services. When it is not the pay for fish model the company also offers. Those instances they look at the save for factors, that's what they look at here for these entities. The issues that from our experience, political actors do not have the expendable funds for this sort of activity or vendor service to pay the same amount as a large commercial entity does. At the same time, there are fewer operators, fewer systems than he to be reviewed, and research and development value skyrockets in this area because this is a hotbed of this kind of hacking attack. When you apply the four factors to these clients, it comes out that it's a generally lower price or no price in some instances. >> Yes. We don't treat a potential customer organization differently. Our commercial teams work with companies that 5000 people employed in using the computer systems or larger. So when nonprofits or startups come to us they fall well outside of our traditional pricing scheme so because there are significant opportunities in those examples, we've been working with the company in the new space arena that's been heavily targeted by Chinese cyber actors and their 30, 40 people. They had a need to use our products and so we created a tier of pricing that was flat for organizations below that 5000 threshold. We intend to do the same for political candidates. >> If I understand you correctly, if you had on the one hit you have a long serving senator who has been in multiple decades has a huge warchest and is likely to be reelected official, the way in which you apply the pricing model may be different in that case then once I candidates is running as an independent and has a shoestring budget and has virtually no chance of winning. >> We don't consider the forecasting of what happens in the ballots the way we observed organizations is by the size. An elected official committee is 100 staff members at just 100 person organization to our business is no different or greater depending on how much is in the warchest. In Enterprises market caps and revenues are not good indicators for budgets for companies and nor are they in the amount of political fundraising that these types of organizations have. People want to use the revenues for intended purposes other than CyberSecurity. As such, we choose to be accessible on that front. Let me follow up on that question. What you say is that you would offer your proposals to offer the services for free to all political committees regardless of the financial resources. No. Not for free. We have a tier of pricing which we would apply in that price is $1337 . >> It's de minimis. Okay that is a question for clarification also are you proposing to offer for free or for 1337? >> We run it through our test, I would say yes for 1337. I guess there are scenarios where there could be an individual that's running west very limited financial resources it was a serious enough opportunity we might call a zero. Recall little to no cost because the distance between 1337 and zero is insignificant to our business. The proposal is -- to offer the services to political committees for 1337 the year. >> All organizations including political committees . Regardless of the size of the warchest , a presidential campaign might have $1 billion. One candidate has stated that as his goal to raise $1 billion. So even if there's one billion- dollar warchest they will get a 1337 a year rate of political committees would get the same rate is that right? Yes. The primary factor for us is size not market caps not warchest. That's not relevant to our process in cost and value we receive The size that you look at, it's number employees that we received phish attacks. In 2016 as eligible the Clinton campaign had a maximum 4000 people working which is below the commercial engagement and the term campaign was about 1/5 of that size so that is not the size of typical companies we engage with. Potentially there could be volunteers working on the campaign. They would also be getting and receiving emails. Volunteers -- anyone who has attended domain would be occluded in our account. Correct. We reconsider. We look at base what's on your website, it looks like 5000 employees is the marker that you use. That's what we train our sales team. Okay. I understood from your request that you are proposing to offer this service for free. No. It is the 1337 flat rate. That is correct. Little to no cost. >> The board members think that's free. I agree that is a great deal. 1337 what you're offering is a great deal. When I look at the four different factors how do they relate to the 1337 rate? It sounds like the clients financial resources which is the first factor doesn't really apply. Yes. Typically abstract pricing as a scenario would equate that 100,000 person enterprise company have certain resources on a per capita head to dedicate to IT services. That's an important element so we make a proxy for employees and financial resources as they are related. Is that clear? Okay. The first factor the resources means how many employees do they have. >> Correct. They are related. >> Let's say that the hedge fund for instance, that 100 people working but has hundreds of billions of dollars in assets. As a company we can look at that company and price gouge them. We are providing services for certain number of people even though they have large financial resources, it's inappropriate to go to them and say you have to pay more because you manage more money our services only for this people that work in that business. >> The second factor that you list this potential longevity of the relationship. That doesn't really apply here either because you have no idea whether or not you have a long- term relationship if you will, it's not going to be a profitable one. You're offering this at 1337. That applies greatly here. We expect our commercial customers engaged for 10 years or more and most candidates the campaigns and committees will not exist for the duration of time. So we don't have those long terms so we give them the startup committee working at the minimus cost to us initially but they may grow to become a multibillion dollar company's we take that as an advantage and grow with them it's unlikely that these candidates will have the same types of growth as our commercial startup businesses would. That makes sense but doesn't that argue for the opposite conclusion? If you're going to have a long- term relationship with someone, I would think would make business sense to offer them a deal at the beginning so you get in the door and you have a long-term relationship with them if you're not expecting to have a long-term relationship than what is the incentive for offering them a deal on the rate? In some cases their specific research and development opportunities some organizations are launching initiatives that will only be experienced for short periods of time and is thus we can afford to take the cost on that because we are getting greater outcomes in advancement of our products and services. That's the one that makes most sense to me. I can see why the R&D potential would make sense. Unless clear on -- you thought this would enhance your brand. I don't see how, you're talking at the Microsoft opinion and in Microsoft they were concerned that the people got hacked while they were easy Microsoft products, that would make them look bad. The city gets hacked none of these people are just the customers so if somebody gets hacked and they are not using your product, that cannot affect your brand. >> What is the brand issue? >> I mentioned that I was trying to equate the price factor in some sense is similar to the explanation the commission offered in approving the Microsoft AO on the brand point so I wasn't saying area one and the brand is in jeopardy right now when they're not servicing these clients. They are employees and the morale is in jeopardy when they're not servicing these clients. As the leading technological solution to this particular problem and needs, for them to be pushed out of the ability to address that, would be harmful to area one. That's why we are here. As an example one that the NSA one of the draws is not often Seshan is that you get to work on the most important mission and solve the hardest problems in mathematics and computer science. It's the same for all the people have to are economy so if we move from the department the ability to do that mission, nobody would be there and that's true for site security companies if there is no opportunity to do the work and protect the people most at risk, people would find other opportunities. I get that. I find that factor to be the most problematic for me. For reason I think you can guess. If we are going to say that a company can offer free services discounted services to campaigns because it will improve morale for the employees, what am I going to do when the next comet comes in the door and says our employees are really worked up about the selection, we think it would really improve morale if we give everybody one free day off a week and we will pay them to work on the campaign of their choice. That would do wonders for our morale. That would really does -- stepping back for a minute, we are proposing sounds like a great idea. The reason that you are here is because there's a law that says corporations are not allowed to give freebies or things that are offered at a lower rate than the give to other clients to political committees because it's a corporate campaign contribution. And that is against the law. Congress could create an extension in the law, they could say CyberSecurity doesn't count if you're offering such security services are exempt from the corporate contribution band. They could do that. I'm not sure we could do that. Marshall we have the statutory authority to go that far. The big picture question is, can we say yes to you without going back that far without opening the door to every other corporation in America who might say, it's going to improve morale of our employees to do all sorts of nice things for candidates that are employees feel strongly about or to notch it up a bit, I can imagine CEOs coming in and saying, my employees would really love to support my favorite candidate so I will give them all a lot of time off at the company expense to work for the success of my favorite candidate. In any event This seems to me, this price factor and happy pride month everybody, this factor strikes me as potentially opening up a colossal loophole so tell me how that is not the case or how that could be however we said yes to you under the circumstances it would not open up that loophole. >> It is a four factor test. I think that a couple buckets, the commission has in the past said no it's not a legitimate business justification to do something for goodwill for civic duty or pride. It's not what we're talking about here. The question I think to the other market is how closely business justification tied to particular services that are offered. I think here, which I think would not open a loophole and would have to be applied if someone else is going to make the same argument, the particular services involve are more image to what it is area one was designed to do . The problem it was designed to do nothing to do with elections, everything to do with anti- phishing services. The staff that we are talking about invigorating by being able to work on this problem though specifically this and nothing but. This is the organizational purpose of area one. It aligns perfectly with the services area one is talking about offering. >> Any company can make the same argument. A car company could come in and say, it would give all we do is make cars we are proud of our cars with the of the best cars and if the campaign national campaign were to use our cars as the official vehicle of the campaign, that would make all of our employees so proud they would want to work for our car company and not another one. I don't think he gets you there to say is the nature of your business because there are sorts of products and services that campaigns would want to use. I could benefit from that of the sole and exclusive business of all sorts of corporations. >> I understand. Here it is different. Your multi factor test, is a sliding scale, one element is this is the specific purpose of the entity, it is not an entity that is the trillion dollar company, it's a small company and doesn't have anything to do with influencing an election which is the bottom line question. It's a different story if somebody says, I'm giving you the day off the campaign, or I will give that they'll to campaign for my favorite candidate, that's an easy one. This is a different element. This is the idea that we will lose employees or the employees will not have the motivation to work long hours, to create the patentable products, the measurable elements of morale building within a company that does this service. >> I'm confused about why we are --talking about the pride aspect of this because you said you will charge certain size of political committees if they are small the 1337 but for political committees and nonpolitical committees. That's what we do today. You're thinking about making it lower if the pride element is high? No. We intend to apply the same pricing to everyone as we do today with many companies that take it vantage of that rate through a personal interactions with some campaigns they said -- they had some reticence about that is whether or not there be there to step to come before you to provide clarity so we hope --we hope that your approval provide the clarity that extends our normal business practices today. We're not discounting anything nor provide particular elections and pricing does what we provide to everyone of this size. I don't even think you need to be here. If you are just -- You need to talk to the candidates themselves. They will not adopt these technologies without that clarity and that is why we are here. Okay. If we can say you provide the same service to political committees and nonpolitical committees and you may charge them the 1337, I don't know where the pride is coming in. It's in your request but it seems to me that may not even have to be a factor that we need to get into because of the subjective nature, it makes some people nervous and I understand why. I agree with what you said this is part of what you do. It has nothing to do with trying to influence an election, this is where you get to show that you are the best in the business if your dermatologist you will provide the services for free to someone who has a really bad form of something to show you can handle that. It's the same concept I understand it doesn't cause me any concern but to the extent it does others, I'm not sure we need to look at the pride element. Respond. I thought that we had a path. Basil look at your website, and points to my summer intern, the request talks about the four factors, and the request doesn't seem to line up with what it says on your website and what I think I am hearing you say today. If the request was we offer 3037 flat rate pricing to all nonprofit organizations, regardless of we do it for political committees, we can do it for committees if they will take it with you or for other nonprofit organizations, you may think about state and local governments they could use your help. That's another question you have to come to us for. Its uniform, we have are for- profit pricing and other nonprofit prices the phone to nonprofit, we would be the usual and normal charge for all nonprofit customers. It would be easier than the way it was framed in your written request. In your most recent comments we reached out to you today we found this on the website, and you got back to us and said, the discussion of the pricing is not comprehensive the pricing determination for customer is handled according to the four factors identified. >> I think there could be a path forward here but I'm not sure it is the answer to the request that you gave us. I will throw another possibility because we told the DC that they could accept from C corporations cash and in-kind assistance, you can work with them if you want to do it that way. We're willing to work with anyone but candidates are coming to us. They are asking specifically because of the specific challenge they face as it relates to phishing. The standups suck at pricing. What we're trying to do is give you the broad framework for how we treat everyone. When we think about the world we think about large companies, the largest banks in the world and pharmaceuticals, we apply all those criteria continuously sometimes there are great opportunities to test a new feature, new product to make a different decision the key things we do that consistently what I found is folks in the area of influence that you oversee, they are looking for clarity. Without the clarity, we are stuck and that's why we want to take this step to outline what it is we do in the broadest terms possible, so that clarity can be provided to them we do the same for everyone. We have many organizations that are using all these pricing strategies today. We want candidates to feel confident that they will not be referred or have some action taken against them to move forward. >> Thank you. The question I had was elementary, why you attracted to the legal profession ? Excuse me, the political realm . What it is about that that engenders extra pride ? >> Is this something that we provide 24 hours a day all the time? Is it during elections? What happens when there's an advancement in your technology, how do you apply that? Do you charge more for more sophistication? A phish is a phish and there is no distinguishing factors. It will cause harm and seeks to get individual to interact with it clicking on that, that's phishing attacks and that's what we had to stop it there are no grades of bad so it's a mistake that people make to try to wait them in some way. Is it more difficult to get rid of the phish or preventive phish with some types of approaches? >> Is yours uniform? >> It's a great question. There are some advanced algorithms we develop a more computationally intensive or that chimes the imagination of our engineers in different ways. At the end of the day, stopping one particular attack is stopping one attack. We treated no differently in our pricing scheme. The pricing often includes will be called paper phish request will pay is $10 per phish we don't distinguish this one is bad or not good. As I mentioned companies in today's economy are based on using data to drive advancements in the world. A federal candidate in particular is acutely attacked by a nationstate actor in the ways that commercial entities are not or may not be for some time. It's an opportunity not that we are attracted to it it's an opportunity to confront a new tack types that are novel that might have benefit for the commercial clients at some later time. We cannot go materialize these attacks we have to be in the place and time where they exist and we know they will happen in these elections may have. When you identify a new approach towards avoiding a phish , is this something you do electronically? >> Our software is in the class called software or service meaning all the customers receive the same product and is continuously updated. Just like the Google web browser. You don't have to download or recognize that, just update across the world. We identify new algorithms every single day those are pushed to our customers and as I mentioned prior, a large company maybe five or 10 people interact with our software even though it is there. The vast majority of the people I just now receiving the phishing emails. We don't expect the federal candidates we work with would have this existential realization that we have come to save the day. That which is probably move on as if nothing happened and we will know that we solve the problem. If you have some intrusion in something you did not catch, how do you amend what you did? >> What I would say is it's common. We would not be here today if the existing software solution offered by cloud inbox providers like Google and Microsoft caught the phish that caused the damage. I am sure you have read the special counsel's report and hundreds of these things are passing through. We work to solve the problem but secondly when there are things that are missed or new capabilities, we interact with the customers and we will say here is what might be suspicious in your something we have warned about. And our team continuously works on that. We make improvements around accuracy, timeliness and the ability to stop the attacks. What about the case in a federal system that the candidates have different computers and different people coming and going ? We had some issue regarding whether or not we could assist in financing for certain aspects of activity. Do you have the same kind of anti-phishing device or algorithm in the government? Doing with the Russians, Chinese? I'm not sure I understand the question. I get the impression you modify as you go along with new approaches . Continuously. >> I'm thinking of political parties that might be when they working on one thing and they are looking at something else and some have different levels of sophistication. Are you asking how is it -- how we work with them? We pay careful attention to the state-of-the-art in computer science, and the trends that are happening. As I mentioned, to build a successful company that we are focused on it takes a multiple team and that's why we employee experts in artificial intelligence, of its mathematicians, the computational diversity that we bring to bear allows us to make sure we can solve many problems. Think of it this way, when he worked at the national security agency things like high- performance computers like supercomputers they can be designed to perform one algorithm like code breaking so to speak. That can be akin to a Formula One race card. It's perfect it does one thing. If you want to check the price of corn and 100 stores here in the Washington area, the car is the worst you can have in our approach is to have 1000 four focuses we have approaches for thousands of different things and in combination allows us to cover the broader space possible in phishing and that is why customers are on the cusp of seeking solutions and some of those highly contentious areas. Is this something that is installed permanently? It is a cloud-based service. >> Thank you. >> Mr. Vice Chairman, I think I interrupted you. Were starting to ask questions. Did you have any other questions? This has been helpful discussion. I just want to follow up, get more --I heard the discussion regarding the factor pricing model I think I got a better feel for what you are doing. Let me make sure I understand. >> The way I understood your explanation when I give my hypothetical comparing the shoestring candidate with a longshot chance of winning, versus the long-standing incumbent, you said what may seem like a large disparity to us in the political world and the larger business world that you are operating in, where you are looking at companies, that have hundreds of thousand employees are dealing in billions of dollars. When you look at campaigns, what may look like a disparity between poor candidates and rich candidates isn't that big of a deal in your spirit. For that reason, you would offer the 1337 to the long-standing incumbent with a big warchest just the same as you would the shoestring candidate. >> Do I understand that correctly? That is correct. We look at the size of the organization if your 10 people, that is in the course for processing your email and the phish attacks against you. We don't dictate to customers based on the financial market caps were warchest how they should apply those dollars. We do it evenly based on a per unit initial setup. >> Okay. Is also fair to say when you apply this pricing model that not every factor is weighted the same in each application? It seems like from the discussion today, the research and development opportunities presented by being able to provide services to political committees and candidates would be viable to your company and in terms of developing brand recognition and also in developing sophisticated mechanisms for repelling phishing attacks. Is it accurate to say that in the application of the factors in some instances one factor may be a greater weight than another X >> The research and development is the greatest value to our business. To the extent the pride factor is related to that and you need that talented set of people to conduct research and development and if we did not have the best linguistic computer scientist and experts, we cannot attract them there would be no research and development to do but the R&D is the thing to be successful and have commercial value in the long term. >> If we were developing a cancer drug, unique cancer patients to experiment on . >> Okay. I thought the analogy would be the researchers and the cancer doctors. I misspoke. >> A final question, is it the case that similarly sized and capitalized organizations that are nonpolitical for some were on par with what political committees is typically is that you provide them the same $1,337 pricing model and candidates are coming to you saying can we get that same pricing model. Absolutely. We provide this pricing today too many organizations. It is the standard practice. Candidates have come to us and so we have heard good things about your product, we are worried about being fished back as we have engage with them to legal counsel have said we're unsure if this pricing is some sort of I don't know what the word is, and we said corporate incline. We said no, it is not we have many customers who looked very much like to you from our perspective, 20, 30 people. They are being attacked by nation state governments have real concerned and to have a full-time staff and they will not be spending $600 million like J.P. Morgan Chase or other large companies . We offer a solution because it is in the interest to develop the best product you can be a partner on the fronts we do that today, we work with many people this round we proposed offer nothing different for federal candidates copy of no federal candidates CyberSecurity program if candidates and so choose, to use our products, we want them to have the clarity with your approval that falls within our standard practice we can move forward. >> That's helpful to know. From what he described the submission, I think have a better understanding of how your company is moving forward and how it will operate. It seems to me, I know if there are other interests on the commission about having further discussions about fine whether or not there might be a way we could garner votes for a yes, is there a possibility for further discussion on this issue? Approaches for reaching a consensus on a yes? >> From my perspective, I am open to finding a path forward I think it might require a revised request or a withdrawal and a resubmission of the request. I still a couple more questions about the facts but I'm not sure the facts are either understood them on a first solar and submissions and when they drafted the different responses, I'm not sure the responses are actually based on the facts as I think I understand them now although I said I will have a couple more questions. Commissioner Hunter? I was going to suggest something similar. That might be useful while the request was very helpful and detailed, if followed our case law, I'm not sure we need it. It would be a simple think we provide this to everyone, so therefore it is not a corporate contribution have a nice day. I don't think we need to get into the other stuff for the business model you describe. It's a lot more simple than what we thought. I agree. If think it would be helpful to have a fresh request with the streamlined facts I think we would agree and commit to insuring it in a much shorter time frame we usually require a 60 day timeframe in this case I don't think we need 60 days. It might be useful to flush out your questions. >> Perhaps we can help you write a request that answers everybody's questions and come back again. I was going to do that. You may overcomplicated request. Sometimes of the problem when you know too much. >> I used to go to you for advice. I'm looking at the webpage. There are three categories, of pricing. Pay for phish, enterprise license agreement, both of which appear to apply for the larger companies that have 5000 employees and there is little to no cost. That is great I'm sure everybody was to fall into that category. In your email you said little to no cost is a subset of the fixed term approach identified on the website as enterprise licensing agreement. Enterprise licensing to the website is a fixed price for three-year terms, 5000 employees or more, it doesn't sound like it is a subset of that. First question, is it or is it not a subset? Is that a separate category? >> What is this deal with the 5000 employees? >> We have the CEO here. He is much more closely aligned to the facts . That being said, it's my understanding , there's really one strategy. You have to pay for phish with the variability risk is absorbed by the person who agrees to do it that way and you have no, will do a fixed price set up and that is X were little to no cost that will determine the factors and whether they qualify as an appropriate recipient of that kind of approach. That's as far as I will go. Lenny handed over. >> Do you wish to elaborate? That was okay. >> I thought when I looked at this, you might have , if you are a nonprofit organization, you get the 1337 rate. Is that true or is that there is a 1337 rate that's available based on the factors and we think political committees and nonprofits might also satisfy the four factors. >> Many companies would fall into that little or no cost startups, in biotech companies, maybe 100 people, we don't have a nonprofit pricing we just say if you are an organization that is the category we can work with you. >> We're back to the four factors? >> I'm unclear on this. I don't know what you are saying that there's a category for nonprofits which could include political committees, and startups, small organizations, and by category would've fit into this little or no cost or you look at every single person comes to you and asks for services and you evaluate them under the factors and if they meet the four factor test then they get the little or no cost price. The way you said that is correct. Startups, nonprofits, humanitarian organizations gap they fall into that bucket. That's a good answer for me. They fall into that bucket. Can you give me an estimate of what percentage of your clients fall into that bucket? I would not give a percentage but is considerable. Not as a percentage but it's a number of organizations that we work with on the front and we are proud to do so and I can tell you in every single instance, or we have worked with the startup or nonprofit, we have earned a immense research and development value and we have issued new patents based on the learnings. They are of considerable value we have developed do product features that are applicable to everyone it has been viable to us we have new features, that would want to test, we need specific scenarios some folks fall into that bucket and its viable and that is supported with Global 2000 and the Fortune 500 companies is the ability to work with the organization so it is helpful to us. When you say considerable numbers, you are potentially going to be offering this if we said yes, thousands of political committees. Yes. >> Would then be thousands of political committees and 27 other groups? Hundreds of other groups? Thousands of other groups? I'm trying to figure out whether the political committees would be part of a larger category or would be most of the category. Typically today we do not market into this space . These organizations come to us. We offer it. Perhaps this will entice thousands , thousands of political committees would be fantastic, that would certainly be more than the numbers but we are not seeking to any kind of sales and marketing efforts nonprofits or startups and typically are inbound responding to people and that's the formation of our request today, residential candidates who happen coming to us and want to make sure that the clarity to move forward, thousands would be more than we have today. Not considerably. >> To make sure I am clear, if you were to reformulate the request, if I understand this properly, we already offer $1,337 pricing to this category of nonprofits, startups, human attorney organizations, we think that political committees would fit into the same bucket and we were proposed to treat them in the same way that we treat all these other groups that we offer our discount price too. They would be part of our normal and usual practice with this broader group. That is the framework that I can deal with. If the answer is actually, it's not a broader category, it's every single entity or person who comes in the door and look at them under these factors and we decide whether it will make our employees proud to come to work every day, that's a heavier lift for me. Okay? You know what the facts are. By all means, I'm not suggesting that you misrepresent anything but I think I understand that there is a path forward in identifying the political committees as part of a larger category of entities you offer. You offer the same pricing and that would fit squarely into our precedents. >> I think in this regard that perhaps Commissioner Hunter and I are on the same page on this. A simple request along those lines would be easier for us to answer. >> Commissioner Hunter? Correct. We are saying the same thing with just doesn't happen all the time. Little to no cost. The only thing I want to add , to make it even more simple, you are saying there is no way that you would charge a political committee more than that $1,337 because high watermark you mentioned earlier was Hillary Clinton's campaign was 4000 employees. That's even lower than your small people anyway. We want -- we do not want to put words in your mouth. Conceptually that is correct. It is below our typical -- It seems as though every political campaign even the large ones fit into the bucket with makes it more simple. >> You don't have to go to any factors. I could imagine a presidential campaign if they had a whole lot of volunteers throughout the country -- They don't usually give volunteers their email address. >> I'm just saying, it's not impossible for me to envision the national campaign could cross the 5000 threshold. I don't know how much you want to wedge yourself to that but certainly it would be a national committee. >> In the little to no cost you say for qualified organizations what is qualified? >> The four factors that we are talking about. They are the criteria. Certain size, they fall into that bucket. >> What prevents you from raising that limit after a period of time? >> Things can change in you charge more. Any stability in terms of that? >> They sign up for certain period of time at a fixed rate? >> Yes. Typically, when we contract with the organizations it is for a fixed period of time and it is renegotiated at the end of that term. We would withhold the right to change pricing continuously. >> How big is your company? Five years. How long is the average contract? No more than five years. >> Typically customers engage with us contractually for one or three years. Then they will renew the terms of the contracts in those intervals. >> Commissioner Hunter? Who is qualified, is it something along want to what you said earlier which is 5000 or less are qualified for the little to no $1,337 cost? Yes. Okay. >> Have to get the facts right. The facts are complicated. Anybody wants less than 5000 employees, fewer than 5000 employees and factors to three and four? The four factor test is somewhat problematic for me. In part because of the precedent that it sets for other organizations would come in and say, we also would be highly motivated if we can do this work for political committees for free. Congress could change the law but they have not so we're stuck with the law that we have which was written in a time before their cyber attacks because it was before there was cyber. Yes. The way you phrase that is correct. I apologize for creating any confusion I'm trying to create clarity. Startups mostly second pricing. >> Mr. Petalas? The question is who qualifies. In setting prices, they take a number of things into consideration. The primary for the priorities are how big is this organization not in dollars but in size that matters to area one's interests. And then the R&D element is considerable because the product they offer is a math manifestation of Remus station it's a cloud-based software, that is what is driving the decision . You have a small organization relative to what is large in this context. High-value to develop of the product that they sell, it's nice to have the pride factor also. It's nice, it is of value to morale and the quality of the employees you can get when you offer interesting work to highly credentialed people can make more elsewhere. Kerri Owen takes advantage of that. That's not really the driver here. In any request in assessing who fits into this bucket, if the user for the commission is the squishy pride issue, that doesn't have to be taken into account. It strikes me that I don't know to what extent that is required it sounds like to me to fit into that bucket so that's the question. >> That's correct. >> I think that Mr. Petalas understands my concerns. I think I understand the facts. Which I don't think are fairly represented in the draft that we have in front of us. I don't want to -- vote on either of the draft that we have in front of us because I'm not sure the accurately reflect the actual facts the business plan of the organization. If having been informed by this conversation you want to withdraw your request and submit a reformulated request, that you think based on our conversation might be easier to answer, I would encourage you to do so. I think we are proposing to do would be valuable and important and if there's a way to say yes without doing damage to the law, I would be inclined to try to do so. You know the facts better. Mr. Petalas is well-versed in the law and you hear what I am saying. I will leave it up to you what you think that would be a productive exercise. >> You say low-cost, implementation with little IT involvement, if you have not minimal IT involvement, you go to another category? Small companies have a concern that enterprise software is complex to the ploy but it takes less than 10 minutes to deploy the software from the largest company to the smallest. It's an indication for groups that might be exploring the services that this is a simple thing to do. That's the criteria that a fortune 500 company concerned themselves with because they have hundreds of people working for them so we want them to know this is straightforward. It takes 10 minutes. It doesn't affect the classes. Is the same for everyone. >> In terms of research and development, how much research and develop do you gain ? >> We get no value from understanding how a political campaign works will be given by you from is that specific cyber attacks that happen at the organizations and customers that we work with. Political campaigns are uniquely situated to be attacked by nationstates , commercial entities are uniquely situated to be attacked by criminal gain so the value is in the attacks not any organizations. We seek to know nothing about how the campaigns work. >> Thanks. >> Any further questions? Comments? >> In listening to the discussion, it sounds like there's a way forward and I hope we can get the opportunity to figure out a consensus. I think there's a path forward in light of the value that discovery offers to provide it would be worthwhile if we could find that path. I agree with that sentiment. >> We go with this and we have your phishing software. Along comes X company and says we have better phishing software. That sounds attractive. Can they run together? Do you have to take yours out? >> Chances are they can say we think this is a great job but we are more sophisticated. >> Not knowing the specifics yes. It is possible to use our software with other complementary services. That is part of the reason why we have the pricing model called pay for phish which is the say if you have something, will charge you for the things we catch it turns out we catch a lot of things because we are great at what we do. The day, as an aside, companies are spending billions of dollars on cyber security solutions and the results are not really getting any better for them. We have taken this approach around accountability is to say, our value is in stopping attacks and you should pay for that on a per unit basis. If you invested in things today, you should pay for the specific value we provide and that is the Genesis of how we got there. >> How do you calculate differently that one invades? >> If the phish is successful in intruding, and another phish might never get in, how does that work? Any attempt to make the user click on the link and download a file, transfer money or send the document unwittingly as a result of a phish is what we will stop. >> Hearing no other questions, this has been interesting and illuminating. Thank you for coming in. It was helpful to have you here. Thank you. I am sure that Mr. Petalas understands your product. He knows the law. I think between the two of you, you can craft a better request that might be more likely to achieve success here. I hope we can go forward. I hope we can find a path forward. It will allow you to provide a valuable service to other people and does not do damage to the law. >> I don't have anything else to say about this. Anything else? >> Thank you. We look forward to hearing further from you. Thank you. Thank you. Staff director? Any management matters? There are no matters. The meeting is adjourned.