 EFF's membership team, thanks for joining us for our third edition of At Home with EFF. Today is also Giving Tuesday Now, a global day of support that developed as a direct response to the unprecedented community needs created by COVID-19. Each one of us has felt the impact of the pandemic and this is a day to help the people around you, however you can. In these strange times, we're leaning heavily on the internet to keep us connected to the world. That's why the EFF team is proud to fight for online freedom for everyone. Today, we have a donation goal of $10,000 and we are well on our way there. If you're able to donate, we can use your help. Just pop open another tab and go to EFF.org slash Giving Tuesday Now to support. So today's edition of At Home with EFF is focused on the different ways that we can help our communities. So to start things off, we'll be diving into safe online organizing with EFF's grassroots advocacy organizer, Rory Meager. Rory, take it away. Hey, thanks so much, Aaron. And thank you everyone for tuning in. I'm really excited to be leading this panel on practicing safe online organizing during a pandemic. Obviously, it's very important to be organizing right now and getting help to folks who need it, but these self-organized mutual aid groups are running into the issue of not being able to meet in person. So given the nature of these online tools, there's a lot of security and privacy concerns that come up. So I'm really excited to have these EFF superstars come on the panel to talk about this. First, we have Eva Galperin, EFF's Director of Cybersecurity. Her work is primarily focused on providing privacy and security for vulnerable populations. Thank you so much for joining, Eva. Next, we have Nash, Associate Director of Community Organizing here at the EFF. He leads grassroots student and community organizing efforts, including EFF's own grassroots activism network, the Electric Frontier Alliance. Welcome, Nash. We also have Ben Elam, Assistant Administrator here at EFF and a Community Activist in the San Francisco Bay Area. Hey, Ben. And finally, Sherri Wong, a former EFFer, but current artist researcher working on AI governance and mutual aid organizing. So welcome, everyone. Thank you. And as a reminder to the audience, we'll be taking audience questions throughout this on the Twitch channel. So if you have any questions, put them in and we'll hopefully have time to get to them. So I wanted to kick off this conversation with you, Nash. A lot of folks, as I was saying, are organizing and using all these new online tools, but hopefully you can clarify what exactly is mutual aid and how is that different or similar to charity work? Sure. Yeah, thanks. That's a great question. And I organize as an activist and I include myself in this critique, have a history of taking very common practices and giving them names that divorce them from what they really are, which is in the case of mutual aid is just being a good, responsible member of society. Mutual aid organizing is essentially voluntary. It's community-led, transparent, and driven by the needs of the specific community with an understanding that we may similarly be in need at some point. And then even if we're not supporting those with the greatest need, at any given moment ultimately benefits us all. So you might have experience in it with, if you ever asked your neighbor for a plunger or offered to watch your cousin's kids when they went to the airport to pick up their partner. And the mutual aid is different from charity in that charity is often a top-down system that promotes dependency and maintains power imbalances. And so one of the most widely known examples of mutual aid on a large scale, it was the Black Panther's free breakfast program. And more recently, in the last decade, we can look at, for folks who are from New York and New Jersey, they might be really familiar with the Occupy Sandy program, which is where organizers and community members came together to provide resources and medical care for each other where FEMA wasn't available or those services weren't there. And we should be, it would be great if we could just depend on tax-funded programs to be able to provide those support systems. But lamenting about that isn't gonna help the immunocompromised family get what they need today. And so communities, as they always have, have stepped up and embraced bottom-up strategies for coming together in ways that help for where folks with that have ability or resources or time or what have you are able to provide for the folks that are their community members and their neighbors who are in the greatest need. And all of that is to say that mutual aid is not new. We've always engaged in mutual aid. What is new is that technology has allowed us to do more efficiently and at larger scales, but of course that also comes with greater risks. Thank you so much. And I think that's such an interesting point that mutual aid can kind of be romanticized or kind of segmented from other work, but it really has an intuitive side to it that it's helping people out and where there's deficiencies in the support. So turning to the current moment, I was hoping Sherry as an organizer, could you give us a better idea of what the current landscape is like for organizers in the pandemic? And if you have any examples of mutual aid projects that are active right now? Well, thank you, Rory. So I started working on this with my friends a few weeks before our shelter in place in San Francisco. And mutual aid right now kind of spans the whole pandemic. And I found it to be really uplifting and hopeful when I'm going through this crisis on my own because it can just make you feel a lot more connected to other people. So the first thing that my friends and I did was to make a list for other people to find resources more easily. And they mostly fell into three areas. These were like physical health concerns for people who are like quarantining and they have symptoms and they don't want to go out and you also have people who are in a compromise and they were sharing like health information and ways to stay safe. We also started to have groups that were making masks for the public and groups that are sourcing PPE for medical staff. And then the second kind of big cluster of mutual aid was around the impacts from sheltering in place. So like it's difficult to get items that you might need there's supply chain issues, people don't have food. There's problems with homeschooling support, mental health and isolation support and also support for unhoused communities. And then like the third big cluster that we see are of financial aid because the economic impacts are pretty big. So you've got groups that are giving out grants and fundraisers that are kind of organized as community events. You've got talent shows and online art shows. And there's also people who are offering to help others navigate how to get government aid. It can be really confusing. And then we have like movements like rent strikes. So on top of all these little clusters we've got people who are trying to make it easier for others to organize through digital tools. People who are like building networks between organizers and groups and consolidating and centralizing all these resources. So I think it's like a very diverse collection of efforts. And I've spoken to a lot of these organizers and they have concerns, right? So for example, there are thousands of neighborhood groups with mutual aid spreadsheets on Google Docs. And I've heard organizers discuss like the ethics of data scraping to make these more accessible to more people. They've also been concerned with trying to discern like what kind of information is something that you wanna pawn a billboard and amplify and what kind of information you wanna keep more private like race, sexuality or your health status. So it's complicated because all these organizers have different backgrounds and they have different levels of experience when it comes to organizing or knowing about privacy concerns or helping other communities that it might not be part of. And we're also moving really fast which can be kind of problematic. I think if you navigate mutual aid with care it can be really powerful and helpful like in the example of Get Us PPE.org which started off as a local group that just had a spreadsheet of like, do you have an N95 or a Pfizer? And then they were calling up hospitals to see like what they needed and then connecting the two. So they combined a few other groups and it grew in snowball into a national effort to redistribute protective gear to hospitals. Yeah, thank you so much. And that's really cool that there's such a diversity in what sort of tactics people are taking moving into the online space. But yeah, maybe a little scary that there's kind of public spreadsheets and people web scraping all that. So I'd like to actually turn to Ben for more on that. Ben, you and a bunch of others including Sherry worked on a blog post touching on these concerns titled Keeping Each Other Safe when Virtually Organizing Mutual Aid. Could you tell us a little more about that blog post? Yeah, absolutely, thanks Roy. So you can find that post by going to www.eff.org and searching for Mutual Aid. And yeah, I wanna credit like all the key clue but a lot of hard work into that post. It came about after seeing a lot of the sheets that Sherry was referencing that would have included full name, email, phone number, physical address, the pinmail handle and often a note describing how the particular individual situation might be particularly precarious. So we wanted organizers to take away a few things about just like considerations for interacting with the communities that we're supporting. First, like just knowing your audience. If you're soliciting information about someone, you're also taking responsibility for their privacy and understanding their specific risks and needs. So if you aren't sure about what this might be then we encourage you to talk to people and ask and make that part of your community effort. Because if somebody is saying in a note saying like, oh well, like I am like affected in this way by like any number of these things like that I'm like trying to evade, you don't wanna publish that and make that accessible to the wrong people. And so we wanted to present strategies for people to decide what worked for their own effort. And I think the easiest step you can take is that you can't disclose information that you don't have. And so we want people to think really hard about what data you do and don't need to collect. And for what you collect to be mindful of who you're providing that data to. So that would mean first just not assuming that someone trusting you with their data is implicit consent to share it indiscriminately. Avoid public spreadsheets, avoid screenshots, personal information when you're making social media posts and requesting more contributions. Ideally build a process for how you're going to share that information, make that process clear to the people you're collecting it from as best you can. And we talk a lot more in the posts about like how to make decisions about what platforms you're using to store your information and also to connect people with resources to people who need them. But I'm gonna stop there. I'd encourage you to go read more if you're working on this. Yeah, definitely. Thank you so much. And it is important that these organizers are working in good faith. They wanna get information to people who need it. But yeah, there's all these concerns to keep in mind. So again, keeping each other safe when virtually organizing mutual aid. It's on the EFF website, EFF.org slash COVID-19 for it's one of the COVID-19 related posts. But speaking of organizers trying to get their game together, of course I wanna turn to Eva, expert in this area. Could you explain a little bit of how organizers can prepare themselves with a security plan, what that might look like and why it's particularly important for online organizing? Sure. To begin with, one of the things that's really scary about reading our online organizing blog post is that you might feel overwhelmed. You might feel like, oh God, I have to protect everything from everybody all the time. The world is full of bad guys. How am I gonna lock all this stuff down? And so we have this process that we call threat modeling or risk assessment or making a security plan. People have different things that they call this. But essentially, this is just a way of systematically thinking about your risks and what you wanna protect and who you wanna protect it from. So that you don't have to protect everything from everybody all the time. You don't have to constantly be, have your privacy settings turned up to 11. But that you still have privacy and security during the times when it's especially important to you. Or to the people that you're trying to reach out to. So one of the first things that you really wanna think about is who are you reaching out to? What data are you collecting? Is this data necessary? How are you storing it? Where are you storing it? Do you trust the people that you're storing it with? How much do you trust the people that you're storing it with? So this is the sort of process that we encourage people to go through. Likewise, if you are participating in a mutual aid project and they ask you for information that you're uncomfortable with giving, I recommend not giving it. And then finally, if you are putting together a mutual aid project, think very hard about the platforms that you are using, what kind of information you have on them and how much you trust them. In the section on trust from the blog post that Ben worked on, there is a section on cryptography. So you'll spend some time thinking about, is it okay to store this stuff encrypted on somebody else's platform or do I really need to have it sitting on a disk in my house or am I worried about people breaking into my house? So there are all kinds of concerns that you can have like that. And something you mentioned, I wanna expand on a little bit the question of who you're reaching out to in these efforts. And you have a focus on vulnerable populations. I was wondering if you have any additional thoughts or examples of how online organizing needs to adapt for those populations. Well, we all mean well. We all wanna help people. And it is really common when a crisis hits for people to want to reach out to people who are not like them who are in populations that they don't necessarily understand. For example, populations of sex workers are disproportionately affected by the COVID-19 crisis. Illegal immigrants are disproportionately affected. And one of the big problems is that if you are not a member of that community, you may not understand what that community needs. You may not have the trust of that community and you may not understand what kind of information they are willing to give to you and what kind of information could potentially endanger them a great deal. For example, even identifying yourself as a sex worker or an illegal immigrant, a non-documented immigrant is potentially very dangerous for the person who is stepping forward. You know, that's a great point. And I think this issue of reaching out to folks online comes with a lot of privacy and security issues, as you mentioned. There's also the issue of the classic tension of meeting people where they're at, which is usually Facebook, and meeting them in secure or more private spaces. I was wondering, Nash, if you have any thoughts on that conflict and how organizers can navigate that? Yeah, that's a great question. And I think it goes back to what Eva was sharing around threat modeling, right? And really figuring out first, figuring out what is it that you're trying to do? Who is it that you're trying to speak to? And what are the potential risks involved with whatever strategy that you've developed to be able to do that? And so being able to really mitigate and find out the proper balance between making sure that you're as accessible and is available to the communities and folks that you're hoping to work with and be able to support, while making sure that you are not creating a vector of vulnerability for them. So it really comes back down to really like effectively threat modeling and having a familiarity with the community that you're trying to work with and know what their barriers are. Whether those barriers be language, whether they be technology, or whether they be other associated risks, and effectively strategizing with that community, with members of that community, in how do you meet those needs in the way that provides the safest, most accessible method for support? Great, thank you. And I think before we go to any audience questions, as a reminder, you have to go into the Twitch stream and you can ask questions there. But before getting into that, I wanted to end this in parting some sort of call to action or some knowledge for folks watching if they wanna get involved or get help. So hopefully we can just go through each of you real quick with your advice. I'd like to start with Sherry. For individuals looking to get help from community organizations, what sort of tips do you offer? Yeah, so I mean, right now, I think every single person on the planet needs some form of help and we all deserve the right to ask for it safely. Your consent and privacy matter and when you're sharing your information, try to share the least amount possible necessary. And I think Ava had just really great questions that people could ask before they are offering help. But you can ask the organizers those exact same questions she had and find out what kind of work that they've been doing. See if you can contact them directly. See if they're local. And if you wanna know if this has been shared, grab that URL and look for it. You can see like where else it's been. Great. And Ben, the other side for folks looking to get involved in mutual aid groups as contributors, what sort of advice do you have though? I think what Sherry just described also applies pretty equally to potential contributors. A lot of these lists do include like, just like we've seen lists of people need of resources, we've also seen lists of people who have resources to share. And so being careful about what information you provide is a big step. And also just finding out what the organizers, like what their plan is for that information and how they expect to share it. Seeing if they like describe that publicly and if they don't encourage them to make a public statement both for potential contributors and potential folks who might be need of aid. I think that's a great point, something to look out for when you're joining a group. For folks that are feeling mobilized and maybe can't find a group, I was wondering, Nash, if you have any thoughts or advice for people that are starting a new group and are maybe trying to initiate a new mutual aid project? Yeah, I mean, there's an old saying, it's essentially like if you wanna organize, find out who's doing that organizing within your community and if they're not there, then start your own group, right? And so one of the ways that folks can do, if they go to eff.org slash fight, they can find out if there are electronic frontier alliance groups in their area that are potentially engaging in similar work or might know other organizers in their community that are engaging in that work. And if there are and if there's not a group in your community, you can always reach out to us at organizing at eff.org and we can either point you in the right direction or maybe folks that you're not aware of or give you some tools and resources and ideas on ways to develop a network of people within your community that have similar interests and are motivated to support that work. And speaking of tools and resources, Eva, what are your thoughts on how organizations can really step up their security game and make sure they're meeting the need in this new crisis? Well, if I had to give just one piece of advice for everybody who is trying to sort of start a mutual aid organization right now, it would be lock your accounts down, lock them down, lock them down. And this means that you may be tempted to share accounts or share passwords among the members of your team, among the people that you trust. This is a terrible idea. Your administrative account should be a separate account. It should have the highest level of two factor authentication you can reasonably put on it. And it should also have a long, strong and unique password. There are situations under which you may want to share passwords, but there are password managers for this very purpose where you can have all of the passwords shared in a vault and they can all be changed from one central location and they can all be managed from one central location. But having passwords on sticky notes right above your computer where they're next to your screen, where you're sending them to your friends, where you're texting your friends, this is a really good way to end up with compromised accounts and to potentially compromise all of the data that you are gathering and sharing. Yeah, that's such great advice. And I think it segues really well into our first audience question. This is for anyone who'd be interested in offering their advice. Someone asks, I'm just getting started with mutual aid organizing to help my community. And this all sounds pretty overwhelming. Where do I begin? I think that's pretty relatable. It feels like you have to climb a mountain before doing things. Does anyone have any thoughts on that? Well, I'll start and then the other folks will build on after that. I think that really, as many things do, a good search engine search will help you. Think about the key things that you're trying to support in your community and run a search for those things with a name of your town or your city and see what pops up. See if there are any groups that come up that might already be engaged in that work, whether they be traditional nonprofit organizations or whether they be community-led mutual aid systems. Even the folks who are at the traditional nonprofit by reaching out to them, they might be able to plug you into work that's already in that community that you can support. And if that doesn't give you the results that you're looking for, you can use some of those same social media platforms that you might use to amplify those networks to be able to create a group and invite people in your community that you know that are like-minded and start spreading out the network. Similarly to the way that other things spread, each time you reach out to someone and they reach out to a couple more folks, you can quickly spread the effort and knowledge of the work that you're trying to advance in your community. Yeah, I think that's such a good point that those small steps really add up very quickly. Any other thoughts? I think that in just sort of in terms of how to think about security if you're just getting started, we provide a lot of thoughts. If you read the blog post, a lot of the attention given is it even covers situations where you might even be developing a website or something with kind of like a longer view in mind. We don't want people to not get started doing something impactful for the community for fear of doing it wrong. The, it's like just getting started, keep it simple and just default to not keeping everything like not opening your information up by default and being and just like continuing to ask questions as you proceed about like, what information am I collecting? How much do I really need to just get needs met? And to limit it to that and to be, to communicate with the people you're working with about what you're collecting, what you're sharing. And you can kind of figure it out from there as is appropriate to your own situation which you're gonna know a lot better than we will. Okay. And I think we only have time for one last question. So I'd like to start with Eva and then anyone can join. Should I be worried about joining a Facebook group to help my neighbors or any other Facebook group? What are your thoughts on the threats of joining a Facebook group? Well, this really comes down to the question of meeting people where they're at. It is really common for people in information security to tell activists and organizers, don't use Facebook. If you're using Facebook, Facebook is sharing all kinds of information about you. It's tracking all kinds of information about you. They are evil. And if you use Facebook, you get what you deserve. You have no expectation of privacy. And this feels really good. This fills one with self-righteousness. But if you've ever tried to do activism without going to where your people are, it's simply not possible. And so you do have to, to some extent, meet people where they're at. If the people that you're targeting are on Facebook, you go to Facebook. When you join a group, do keep in mind that even if the group may be secret, in which case only the other people in the group can see who is a member of the group. Or it may be a public group, in which case, everybody knows that you have seen it. So, or that you're a member of the group. If, for example, somebody starts a sex worker support group on Facebook and you join it, they may come away with the impression that you are a sex worker. Or if somebody starts a cancer support group, people may come away with the impression that you may be a cancer survivor, or you may be fighting cancer. So it can give away a lot of really personal information about you. So just think about that when you're joining a group. But don't let that stop you all the time. And don't let the tech industries views that if you use these tools, you don't deserve privacy stop you from organizing. Totally. And I'd like to end things with Sherry. Your thoughts on the same question as someone involved in this organizing efforts. So I have an internet confession. But the very first thing I did was start the Facebook group. Because, you know, it's not really about the platform at all. I don't like using social media, except I have a newfound addiction. Thank you, pandemic. But that's where everyone is. That's where people are asking for help and providing help. So we did that. And then Facebook gave us a call and they wanted to see how they could help us more. And I was like, look, I'm gonna give you some information, but only if it's used for these certain purposes. But we found it to be pretty effective of getting the word out, because it's got most people on there. And there's also other places that I normally wouldn't go. I started going on next door to find all these other spreadsheets and try to, you know, get them connected to each other. So. No, thank you so much. I think we all have similar confessions of using Facebook and similar. But thank you so much to everyone on the panel. It was really great talking to you all. Bye, everyone. Yes, thanks, Ray. As a quick update, we are so close to our fundraising goal today. If you wanna help put us over the top, check out eff.org slash giving Tuesday now. So really hoping to reach that goal very soon. And then if you're interested in other works, stick around for our next panel where the activism team not only like this supports these grassroots groups is also involved in larger campaigns for such as save.org. So that'll be the topic of the next panel. But first we're gonna have Brad Barton, reality thief. Brad's been a student of magic for over 30 years and for the past five years he has been performing his personal blend of mind reading, magic and humor at San Francisco's Hidden Theater Lost Church and super lucky for us. He's now bringing the show online. So I'm really excited for this. So I believe Eva's gonna be the participant. So I hope everyone sticks around for that in the next panel. All right, great. Hello, everyone. I'm Brad Barton, reality thief. I wanna thank everybody here at EFF. First of all, for having me. For those of you who just watched the panel you may notice his backdrop looks very similar or familiar. That's because my wife is the one and only Sherry Wong. So thank you guys again for having me. I do magic full-time mixture of magic, mind reading and mentalism, full-time reality thief. And one of the things that I like to do the most is connect with people. That's why I've chosen this profession. It gives me an opportunity to really interact with people. That being said, obviously given this format it's not as easy to interact with everyone but I would like to start off with doing something with everyone present. So everyone who's watching this, please feel free to take part in this. As a matter of fact, what I'd like everybody to do is to watch me closely and do exactly as I do. So if everybody would just put their hands out in front of them like this, that's perfect. And then watch me closely on turning my thumbs down towards the ground. I'm going left hand over right, that's perfect guys. And then everybody interlaces your fingers like that. That's great. Erin, Erin, you might wanna put your thumbs out, thumbs out please, like this. There you go, perfect, watch my thumbs. Everybody watch my thumbs, everybody go like this. And there we go. Oh, look at that. I know a little difficult there. And that's just a little bit of what I do as you can see. Now, I did wanna start off by trying to give you, I know that EFF is mainly concerned with online security. My job has given me kind of an outlook on how people are taking advantage of in the real world, not necessarily online, but in the real world. I've studied scams and all sorts of shenanigans. And so I wanted to show you all how to test for counterfeit money at home using basically a pencil. This is a rose art, number two pencil, and then any bill at home. So if you're confused or maybe not sure about whether or not you have real money, I'm gonna show you right now how to test for a counterfeit. So watch closely, what you wanna do is take the bill that you're concerned about, give it a little fold, just like so. And then what you're gonna wanna do is you're gonna wanna mark the bill with your pencil, right about in the middle, right about here. I don't know if you can see that. So again, you're gonna wanna take it, mark it in the middle with the pencil, right about here. And when I say market, what I mean is give it a little pierce right about there. Now, you do have to make the whole, that's just science guys. And if there are any kids watching at home, please don't try this with your own money. But if it is like mom or dad's $50 or $100 bill, just go for it, what do you care? It's not your money, right? So this is how you can tell if it's real or not. If it's a real bill, it'll rip. So if it's a real bill, it'll rip, listen carefully. All right, I think that was a real one. Actually, what I wanted you to see what was to happen with counter, oh, wait, yep, there you go, look at that. See with the counterfeits, you can see that. This must actually be a counterfeit. I don't know if you can see that or not, but this bill will actually, the counterfeits will heal right back up. Check that out. Self healing bills and dig. As a matter of fact, I'm gonna show everybody how that works. Yeah, right. Well, I'll explain it, I'll explain it. See, for those of you who are watching, you did see the pencil going through the bill. The thing was, it wasn't ripping through, it was melting through. And I know that's hard to believe. So I'm gonna show you that again in slow motion. Try to do this so everybody can see it nice and clear. You have to put the pencil inside the bill, just create a little inside. Now watch closely. If I just put a little pressure on the pencil, you'll see it start to melt. Oh yeah, check that out, my friends. And it'll just melt all the way through. You can check out that bill, you can check out that pencil and you're welcome. Now, moving forward, I would like to do something now. I did ask the folks at EFF to help me out here. As I said, I do like to connect with people during this. I don't want this to just be everybody just watching me. So I know they've chosen someone for me to interact with. And if that person's ready, just state your name for me. I am Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation. Well, hello Eva, thank you for taking place in this and being a part of this. Now, just for everybody at home watching this Eva, you and I haven't met before. We didn't discuss what we were gonna do ahead of time. You have no idea where this is going, is that correct? I do not. Wonderful, wonderful. Okay, so I have here just off to the side, if you can see that, a giant manila envelope with a prediction inside. Now, of course, nothing says magic like a giant blank manila envelope. Now Eva, there is a prediction inside. For those of you who don't know, prediction is, I believe it's a French word. It's a prediction, prediction. Oui, oui. Now Eva, what I'd like you to do is I'd like for you to clear your mind. Am I saying your name correctly? It is Eva. Eva, I want you to clear your mind. What I want you to do now, once your mind is clear, is I'd like for you to think of a card, any card in the deck of cards. However, it is important that you don't think of like the Queen of Hearts or the Ace of Spades, mainly because those are commonly thought of cards. So what I'd rather you do is I'd rather you think of a card that you think that I wouldn't think that you would think. Truly, you have a dizzying intellect. Of, I apologize. I think we've got it. So let me know, do you have a card in mind Eva? I do. You have a card in mind and it's not an obvious one like Queen of Hearts or Ace of Spades you went out there. So nice and clear for everyone out there in TV land, what card are you thinking of? Wait a minute. The two of diamonds. The two of diamonds. And as I said, ladies and gentlemen, inside I have a prediction. As to what card Eva would be thinking of, wouldn't it be amazing Eva if your card was on here? I would be amazed. Yeah, well, be amazed Eva because it's gotta be on there somewhere. As a matter of fact, yep, there it is right up there, right up there, the two of diamonds. I had to do every card in the deck just to be safe. But now Eva, all joking aside. Here's what I want you to do. I want you to clear your mind and we're gonna have you think of a different card that's on here, okay? So I'm gonna flip it over. Eva, if you will just look on here and pick one out visually. Again, don't pick like the Ace of Spades. Do you see a card on there that sticks out to you? Do you have one in your mind? Great, I do have one more prediction left inside this envelope. So all right, so now you're thinking of a card that even you didn't think that you would think of. And ladies and gentlemen, wouldn't it be amazing that inside this envelope was her card? So nice and loud Eva, what card were you thinking of? The Nine of Spades. The Nine of Spades. The Nine of Spades. Wonderful. All right, well, you know what Eva? I tell you what, I don't want you to say it out loud this time before I remove it. So let's have you think of one last card. Go ahead, look on there, pick one out mentally. Do you see one on there that stands out to you besides the Nine of Spades? Did you get one? All right, great, great. Final time here, without you saying it out loud this time, ladies and gentlemen, her card. There it is, her card. No? All right, what card were you thinking of this time, Eva? Just out of curiosity, what card were you thinking of? Two of Hearts. The Two of Hearts, ladies and gentlemen, The Two of Hearts. Give it up for Eva, give it up for me. Guys, that's all the time I have for you. Thank you all so much for having me here. Before I go though, I just wanted to say, as you all know, the VFF team takes pride in fighting towards the internet freedom for all of us. And it's during these challenging times that we're reminded just how important it is to protect our online rights. So please support their work by donating if and what you can at eff.org slash giving Tuesday now. Again, my name's been Brad Barton, Reality Thief, I had a blast with you all. Thank you all so much. Thank you Eva. And now back to you, Erin, thank you guys. Thank you. Many thanks to EFF friend, Brad Barton. That is very much what I needed today. So thank you for that. You can find out more about Brad's mentalism and illusions at realitythief.com. That's realitythief.com. I wanna give you a quick update on our donation goal for this stream. We had set a total goal of $10,000 today. And right now we are at $9,767.21. Whoever included 21 cents, I appreciate you and I thank you. I really just wanna say thanks to all the members who make our work possible every day. And don't forget to contribute. If you haven't yet, you can do so and help us reach our Giving Tuesday Now goal of $10,000. Just go to eff.org slash giving Tuesday now. And now, just a few days ago, we saw a major win for nonprofits everywhere in the fight against the sale of the worlds.org registry. Next, we're gonna learn what's on the horizon for dot org with EFF Analyst and Senior Media Relations Specialist, Karen Gullo. Karen. Thank you, Karen. Welcome everyone. We're gonna talk about what happened last week. It was very important for the world of nonprofits and for organizations that use the dot org domain name. We have a panel of experts who are going to be joining us. That includes Staff Attorney Kara Gagliano, Lead Policy Analyst, Catherine Tren de Costa, and Senior Staff Attorney Mitch Stoltz. So what I'd like to do is kick it off by asking what actually happened last week and what decision was made by ICANN about the sale of the dot org registry to a venture capital firm. Kara, Kara, you're muted. Sorry, I was muted on both my phone and computer, held in suspenders. No problem. So I'll start off by kind of setting us up with an intro to who the different players involved were here. Unfortunately, there are a number of acronyms, so I think it's good we get this out of the way. So the public interest registry or PIR is the registry operator for the dot org domain and has been since 2002. And in 2002, the source of PIR's power to run dot org came from a contract that it was assigned by ICANN, which is the internet corporation for assigned names and numbers. We'll just stick with ICANN, which is a California nonprofit that oversees the entire domain name system. So it's the one that contracts with the registries for every top level domain, dot com, dot org, dot biz, et cetera. Currently, PIR is essentially a subsidiary of a nonprofit called the Internet Society or ISOC. And this past November, ISOC announced its intent to sell PIR for $1.1 billion to a newly formed private equity firm called Ethos Capital, which was founded last spring by former ICANN executives and domain industry investors. So that's who was involved here in kind of the basic backdrop that we have. In terms of what happened last Thursday, ICANN's board effectively shut down the deal. So after the announcement of the deal, PIR and Ethos and ISOC weren't really able to go straight ahead with it because under the contract with ICANN, which is the only source of PIR's power to run the registry at all, ICANN has a right to review any change of control of the registry, which would include this. And if it determines that it would not be in the public interest or it would not be reasonable, they can withhold that approval. And so that's what we have been advocating to ICANN to do for the past several months since November, trying to make ICANN understand for reasons that Mitch will talk about in a minute, why this deal really would not be in the public's interest. And finally, that moment after months of investigation and back and forth and a lot of trying to get answers and not getting a whole lot of answers, the information we did get raising more questions. Finally, ICANN voted last Thursday night that the deal would not be in the public interest and voted to reject the transaction. So that doesn't have to be the final word, but from what we're hearing from ISOC and PIR, it sounds like this effectively might be the end of the road for them on this particular deal. Mitch, can you talk about why EFF and many other nonprofits opposed the deal? What would it have meant? Yeah, thanks, Karen. The circumstances of this deal meant that PIR, once it was sold to Ethos Capital, would have essentially had a billion dollar hole to fill because they were planning to go into debt to complete this transaction and they still would have to earn a return for their investors. And there's only so many ways they could have done that. And most of those would have been harmful to the rights of nonprofit organizations that use .org. And first of all, why is that important? Why do those three letters matter? Because that's the foundation of the online identity for millions of organizations, nonprofits, international NGOs, museums, religious organizations, clubs, unincorporated groups, all sorts of people who are mission driven rather than profit driven. And for most of those folks, especially if they've been around a long time, it's really hard to change your domain name. It means people stop reaching your website, lose your search engine placement, your email addresses stop working. It's next to impossible really for a large established organizations or even smaller ones that have been around for a long time. Now, essentially a captive audience. So what could ethos and PIR have done that would harm nonprofits? One of the things that we were concerned about was price hikes. The cost of running these registries goes down every year. It's not really technically advanced. It's essentially the online version of a telephone book. And the cost doesn't go up year to year, it goes down. But there was a potential for them to raise the annual cost of keeping a domain name. And that would have been pure profit, taken from the nonprofit world to a for-profit investor. So there's a fairness question there. The other thing we were concerned about, and this is one of the core issues in EFF's mission was about censorship. And that's because we've seen other for-profit registries toy with the idea of engaging in censorship for profit. Certainly look at this happens in the broader internet world and that's powerful companies or industries or governments asking the people who control the choke points of the internet to make the people that they don't like disappear from the internet a domain registries can do that. By suspending a domain name, your again, your website essentially goes dark becomes impossible to find your email addresses stop working. There was, I think a real danger that private equity owned.org registry would have made these sorts of deals as a source of funding or at least a source of goodwill with whomever their investors wanted to have goodwill with. And then finally, the other sort of obvious way for them to make up that 1.1 billion dollars that still earn a return for their investors that it would be to skimp on technical upkeep. So I said it's a simple system, but it does have to be online and available and reachable around the world very quickly. And if that's not the case, then websites don't load. The websites of, for example, disaster relief organizations and international organizations, they are more susceptible to hijacking or spoofing if the registry operator.org PIR should start to skimp on technical upkeep. They could even go insolvent. They could go bankrupt and sort of leave a big mess on their hands that the nonprofit world would have to deal with. So these are the reasons why we and so many other nonprofit organizations were opposed to this sale. I see, thanks for the explanation. I was just looking back at the blog post that we did after ICANN announced its decision. And it said that the sale would fundamentally change PIR into an entity bound to serve the interests of its corporate stakeholders with quote, no meaningful plan to protect or serve the.org community. I thought that was important to point out because to me, those are pretty strong words. Catherine, can you talk about who are partners with us in this campaign to oppose the sale? Who was in the coalition? Sure, thanks, Karen. So we and a number of other nonprofits started this conversation to sound the alarm about something that we thought was dangerous and scary and has been impact anyone that had a dot word address. This message reached far and wide. We were heard by attorneys general and by senators. And this was a huge moment for the nonprofit sector and for dot org as a solidarity movement. One of the things we started very early along with our partners at Access Now and N10 National Council of Nonprofits and the Americans for financial reform but key amongst this was an open letter to ICANN, ICANN, ISOC. Ooh, all of the acronyms are now in a soup in my brain. And that open letter in addition to the petition that individuals could sign, we had an open letter for organizations. And as of last week or last count, the last time I checked, which was yesterday and the last time we updated it, I believe was yesterday slash late last week, 870 organizations had signed on to our open letter asking what was going on and demanding more transparency. And I think the diversity and the breadth of those organizations really speaks to how important this was for the nonprofit community. I see. Thanks for filling us in with the latest numbers. I would like to also address another important issue. There was a concern by a couple of state attorney generals to the deal. And Kara, I was wondering if you could provide some information about that. How did they get involved? Who were they and what was their, what did they say? Sure. So the two state attorney generals that were kind of most central to everything that was happening were the California attorney general and his office and the Pennsylvania attorney general's office. So the California attorney general had an interest here because ICANN is incorporated as a nonprofit in California and is headquartered in California. So the California AG has authority to make sure that California nonprofits are actually staying true to their nonprofit missions. So nonprofits actually have in their charters, their articles, certain charitable missions that they have to uphold. And also the California attorney general had an interest in protecting the many California nonprofits that are also.org registrants. So their interest, there was kind of twofold. We know they began investigating relatively early on, made some requests for information to ICANN and all of that investigation culminated in a letter to ICANN on April 15. So just a couple weeks before the decision that urged ICANN to reject the deal and that letter, I think the conclusions that the attorney general reached about the problems with the deal were really very similar to the same issues that Mitch was talking about in terms of the profit incentives, the potential financial instability and also a lot of the lack of transparency around how the deal had really gone down. Then on the other side of the country, the Pennsylvania attorney general was involved because PIR, the actual registry, is a nonprofit incorporated in Pennsylvania. So this is getting a little bit into legal weeds but because the transaction would have involved a major sale of charitable assets and the conversion of PIR actually from a nonprofit to a for-profit company, that would have required approval from a Pennsylvania court that has jurisdiction over basically nonprofit corporation issues. And so that was being reviewed by the Pennsylvania attorney general. That office never ended up speaking publicly about the transaction, but we know they were investigating it carefully and that might not be necessary any longer for them to stay involved if Ethos and ISOC choose not to go forward with the deal. I see. Thank you for that explanation. The next thing that I wanna talk about, I wanna invite our panelists to talk about is what happens next but and how did the pandemic potentially affect this sale? But first I wanted to remind everyone to get involved with EFF and don't forget to donate at ef.org slash giving Tuesday now. Catherine, can you talk a little bit about how COVID-19 impacted the sale and if it did and what were the concerns? Thanks, Karen. Cheers. As with a lot of things, the COVID-19 crisis has sort of brought into stark relief a number of situations that we may not have realized were as tenuous as they were or were as needed to be solid. So in the case of EFF.org, in this time you can see how important NGOs are, how important information is, how important stability on the internet is for any organization. And that's always true, but it becomes clear. I'm so sorry about my cat. It becomes very clear when you're seeing a lot of people desperately trying to get information and aid from nonprofits. And this isn't a time to be thinking about changing ownership. This isn't a time to introduce any instability. What organizations needed was their websites to work and to work just as they had and to be just as predictable in their functionality. And the idea of anything by the censorship, as was mentioned earlier, or the loss of your email or the loss of any information or any access or the ability to suddenly have to, when people work coming to you, suddenly have to switch to a different domain. All of that is a cost that in times of crisis really can't be borne. And really what we needed right now is for things to stay stable and understandable for NGOs. Sorry. You're muted here. Yeah. Thanks, Catherine. The next topic really is what happens now? What's next? ICANN has rejected the deal. What happens now? Mitch, can you address that? So it's not entirely clear what's going to happen now except that the internet society has made an announcement that.org is no longer for sale. They're going to continue to be the parent organization of PIR and PIR will continue to run.org. But in a larger sense, what was really, one of the amazing things about this fight was that the world sat up and took notice of this obscure group of organizations, this alphabet soup that Carl laid out for us, that actually turns out to have a very strong impact on how the internet runs. So for a non-profit organization or a club or an individual using.org, you may go to your favorite registry, register that domain name for a year or five years. You don't really think about what goes on behind that, but you're actually giving these organizations the some power over your website because they're providing that key piece of infrastructure. And folks have really stood up and noticed that now and know who these folks are, a little bit about how they're governed or misgoverned. So what's really important now is that people stay involved, remind ICANN that they need to serve the interests of internet users, not just the interests of these registry operators and also remind PIR to keep putting nonprofits first and resist that cult censorship. So there's some amazing people today who do the work of being watchdogs on those organizations, but even the watchdogs, they sometimes get kind of inward facing and it's really important for them to hear from the real world from time to time, to hear from people who use .org, other domain names, about what their needs are, what their priorities are. So EFF is gonna keep making those connections, keep piercing that bubble of the internet governance world when that's needed, but we need your help for that as well. Thanks, Mitch. I think it really leaves the question, who should run .org? You said that for now, it's not for sale, but going forward, what is the expectation for ultimately who should be running it? And I was wondering if Catherine, you could address that. Yes, absolutely. There are a number of sort of questions about who should run it. .org is the home of millions of nonprofit organizations, international NGOs, other mission-driven groups, local societies, there are so many people who rely on .org and it needs to be run by an organization that will put the needs of those groups first ahead of any profit consideration, ahead of any experimental consideration. The operator of .org doesn't have to be a nonprofit, it doesn't have to be any specific shape, I would say, other than that it is going to be putting those groups ahead of its choices or including those groups and its choices. And a nonprofit is the most likely set up to have goals aligned with that of the nonprofit sector. This fight has made incredibly clear how important an open process is to any future decision about .org and how important including the .org community and getting their feedback and honestly getting their feedback, not proclaiming that you're getting it, but actually looking it out and bringing forth for any future changes to .org. I see. I was thinking about whether people really understand about .org, it is something that a lot of nonprofits and NGOs use. We have a question about why hasn't other domain names like .ngo and .ong caught on yet. Does anybody have any thoughts about that? Yeah, so I think we aren't in a position to say exactly why, but I think a big part of that is attributable to what Mitch was talking about before, that .org is a known domain name. It already has a reputation and trust built up behind it and also as Mitch was highlighting, it's very difficult to transition from one domain name to another. So if you wanted to have, I think what my understanding is of what's been seen most often with .ngo and .ong is that it's more so than organizations having it just as their one domain name. They would have it as kind of an alternative that might redirect to .org or one would redirect to the other. And that just worth mentioning that those two domains are also operated by PIR. So they switching over to those wouldn't have been the solution anyway. And in terms of having it as a secondary domain, especially for smaller nonprofits, that's just multiplying the yearly costs. There are a lot of other domain names that people know maybe not well. For instance, .edu, who governs that? Mitch, do you know the answer? Yeah, an organization called EduCause runs the .edu domain. This issue has never come up in the .edu domain as far as I know, but it was really important to us that ICANN and PIR not set that precedent, that basic infrastructure of mission-driven organizations, not-for-profit organizations should suddenly become an asset like a building that's up for sale by anyone. I guess that also raises a question about the .org saga. Who was supposed to benefit from that? I think you pointed out before that we really knew very little about the investors of the private equity firm. I don't know how clear it is to people who stood to benefit from this sale. Anyone care to jump in, Kara? Yeah, so exactly like you said, Karen, part of the problem really was that we never entirely knew who would be benefiting, who would be profiting. Ethos was very secretive, the stakeholders were, they had even this whole complicated corporate structure that was going to be set up as part of the transaction where between PIR and Ethos, there would be like four or five layers of Delaware shell companies all nested within one another. So PIR held by purpose domains direct, held by purpose domains limited, et cetera. And they weren't providing the names even of who would be on the boards there, weren't providing names of investors, anything along those lines. So that already raises big concerns. But from what we do know, we know that ISOC would have received over a billion dollars true to it would remain a nonprofit and would be using that money for nonprofit purposes, but this was over a billion dollars at the expense of.org registrants that would have been paid to it for something that was given to it to operate in the public interest. So ISOC did not have to pay ICANN or anyone else to get the, to have it subsidiary PIR get the.org contract. Actually, the previous registry operator, Verisign, gave a $10 million endowment to PIR. So they actually received money. And it was because ISOC was chosen and PIR was chosen to be a steward to run this domain as a nonprofit for nonprofits in the public interest. And they would have exited, you know, $1.1 billion richer. And then of course, you also have ethos and its investors who we might not know who all was involved, but we do know that ethos and its advisors were all former ICANN executives and domain industry investors. PIR, by contrast, the actual registry operator being acquired would have been saddled with hundreds of millions of dollars in debt. The ethos was proposing to have $360 million in loans to help finance the purchase of PIR. And the terms of the deal would have had PIR being the one actually on the hook for retaining those loans. So the question of who stood to benefit really was a big part of our concerns here. You see, we have a question coming in about ICANN. Do we have any insight about why ICANN decided that the deal should not be supported? I don't know if that calls for too much speculation, but Catherine, do you have any thoughts on that? Yeah, Catherine, we might have lost her. I can take that one, Karen. Okay, you can take it. Yeah, we certainly don't know all the deliberations. We know that it was a close vote and that it came after several delays. We also are pretty sure that the letter from the California Attorney General was the final straw that caused them to break in the direction of stopping this deal. But that letter itself would never have happened without this community really making this a public issue, getting it in the press. Some folks even held a protest in front of ICANN's headquarters in Los Angeles back in January when we could still gather in crowds outside. But so all of these built on one another and eventually led to that board decision, I think. Let me see, we have a question about should we expect to see more for-profit organizations taking a run at domain registries or organizations trying to start up their own domain registries like Google or what have you? Is there anyone who has thoughts about that? Sure, I have thoughts about that. I think that the very least, if anyone is to learn something from what happened and I very much hope they do, it is that.org isn't for sale. That was the rallying cry, that's what we said. And that's not to say that like, there's no transfer or whatever, but the bigger point is, I think the nonprofit community took a stand and that seeing for-profit companies get into this business. And in particular, private equity, which runs very much on a mode the tension for want, the risk that they probably didn't mix. You're breaking up a little bit, Catherine. How about now? Yes, better. But this community that spoke up and spoke loudly and that the number of people who spoke will continue not take into it domain names. And there are a number of other domains that are for-profit, there are a number of domain registries. I'm with my previous life, I was a writer. Most of us bought it on like GoDaddy or Google or whatever. And for some of the, for some domain names, that works fine, it works exactly as intended. But for certain ones, there are protections that are needed. And this, I think, hopefully either stemmed the type of a for-run or at least showed that there are guardrails and guarantees for any sort of attention at that. Mm-hmm. Are there ways that the public and the.org community can keep pressure on ICANN to be accountable for these kinds of potential takeovers? Mitch? Yeah. ICANN is an organization that takes public participation. They don't make it easy for the public to participate, but there are very frequently public comment opportunities or folks can just simply send letters to ICANN about one decision or another. Again, EFF tries to highlight these when the important ones come along. There's also other folks doing really important work, but there are definitely opportunities to write in to them. And really, when they hear from folks outside of the community that regularly participates in those processes, that really can make a big splash. Ultimately, that's what happened here. We really worked with a number of partners in this. And I was wondering if someone can give people an idea of the other organizations that worked very closely and very hard to keep the pressure on. Sure. Oh, please go ahead. No. Hi, Kara. Oh, I think I tried to mention some of them up at the, but the people who led the charge us and the National Council of Nonprofits, we got a lot of support in terms of an area in which we are not experts, which is models that were coming up in the United States. You're raking up a little bit, Kara. I'm sorry, I think we might have missed a few of those names. I think that was Catherine, actually. This is Kara. Oh, hi, I'm sorry. Some of the ones that I know, I wasn't able to hear from Catherine, so thank you, poor internet Catherine. N10 was a huge force in this, partnered very closely with us, the National Council of Nonprofits, Americans for Financial Reform, were a huge help on helping educate us private equity savvy attorneys at EFS, not our usual focus on a lot of the intricacies there and why exactly the financial picture was so scary. Access Now also was a really huge force on this and a great partner. There are so many people we worked with, I'm sure Mitch has even more, but. Well, there were quite a few signs of petition. I'm sorry, would you also mention some of the organizations that signed on to our petition to oppose the sale? I think there were quite a number of large organizations, household name kinds of organizations. There were nearly 900 of them, so I couldn't name them all, but I know they included the Girl Scouts of America, Farm Aid, Oxfam, the Sierra Club, Greenpeace, various religious organizations, National Public Radio, all of these folks were really from any number of different political, ideological areas and backgrounds and purposes that just really united the nonprofit world. Great. Do we have any last minute questions coming in from our audience? If not, I think that maybe we might close out the .org segment of this webcast with some final words just from the three of our panelists. Kara, do you wanna start? Can you hear me? I think you're. Sorry, yeah, I was muted. Could you repeat the cut eye a little for me? Actually, I'm being told that we need to wrap things up. So I wanna thank our panelists for their hard work on this issue and for participating in the panel. And I wanna hand things back to Aaron at EFF. Hey, thanks everyone. Thank you guys. That was a really enlightening look at EFF's work, but wait, I have a awesome announcement. We set our goal of $10,000 for today for Giving Tuesday Now. We have beat that goal. We are now at $10,285.52. So thank you very much everyone out there for supporting our work. Definitely somebody gave $13.37. I see what you did, giving $8. Thank you so much. And again, if you haven't had a chance, I encourage you to support EFF's work with a small donation or you can even become a member and get some fun perks. Just go to eff.org slash Giving Tuesday Now. Makes a huge difference to us. Thank you. So a few notes brought the video and transcripts of today's program will be available soon after broadcast. And I wanna thank the folks behind the scenes of this edition of At Home with EFF. Do a podcast, they say. It'll be easy, they say. That's not true, it's a lot of work. So thank you so much to Hannah Diaz, Jason Kelly, Soraya Okuda and Will Greenberg. Thank you so much for doing that. And thank all of you for joining us today. So as we bid farewell, I wanna invite you to stick around for a little while and enjoy some of the calming sounds and the natural beauty of our hometown of San Francisco. Thank you for coming.