 Welcome to IOT Devices as government witnesses. Today we're going to be talking about law enforcement access to data generated by IOT devices, the reasons for this and some of its implications. My name is Jordan Sessler. I am not a programmer. I have no technical background. Instead, I'm an attorney and I practice with Crotone-Levy Cybersecurity and Data Privacy Practice Group. I'm joined today by Anthony Hendricks, who's actually the chair of our group, brilliant mind who's spoken a lot on this topic and is one of my mentors. So I'm really glad that he can be here with me today. Before we start, I want to give you the short overview of what we're talking about and why we're talking about it. There's more data being produced today than ever before. I think most of us know that estimates vary, but there's probably been more data produced in the last three years than the rest of human history combined. And there's more sources of that data, not just phones and computers, but Fitbits and watches and light bulbs and even coffee makers. And these devices carry different expectations of privacy and law enforcement has access to a lot of this data. And many people aren't aware that their 24-7 choices or heart rate can be used by law enforcement. And we want to talk today about why that happens and as well as some of its implications, such as its effect on data security or privacy and even inequalities within the criminal justice system. And so with that being said, the overarching flow of our talk is going to be to talk about a few example cases, the existing law that allows IT data to be used in cases like this, the implications of that data being used in these cases, as well as a few ways forward that could change how we view the privacy of IoT data. With that, I'm going to turn it over to Anthony Hendricks, who's going to kick off by talking about some of these cases. Sure, I first want to start our conversation by looking at some of the recent examples and cases involving IoT devices. And so while most of the examples that we're going to talk about today deal with criminal cases, these techniques and the information that's involved can be applied in civil cases. So I want to start off by talking about Connecticut versus the Baytay. And so this is a case where Richard DeBudget in December 23rd of 2015, he told police officers a story about how a home invader came to his house, kicked in the door, wrapped him up, tortured him and then killed his wife Connie. The police didn't believe Richard's story and he was arrested. Now there's a lot of evidence against Richard, but one of the unexpected pieces of evidence was Connie's Fitbit. Connie's Fitbit gave the police a log of her movements that day. So when Richard initially talked to the police officers, he said that while he was being tortured by the home invader, his wife came home unexpectedly, he told her to run, she ran to the basement to hide, the home invader followed her and then shot her in the basement. And it takes about 120 steps to get from the main house to their basement. But according to Connie's Fitbit, she'd actually logged 1,200 steps in the house instead of that 120 steps that it took to get to the basement. Now the Fitbit alone didn't solve the case, but it allowed police to gather more evidence against Richard. So let's go to this next slide. So early in 2020, the judge in the case decided to admit the Fitbit data as evidence in the trial. Now, Richard's attorney of course pointed to the fact that Fitbits had a 10% error rate in real life. And so what does that mean? It means that in some instances, your Fitbit will overestimate the amount of steps that you've actually taken. And so in addition, this has also faced some class action lawsuits regarding inaccuracies of its device. And despite this argument, the trial judge decided to allow the evidence in and then just said that the jury can decide what type of weight it wants to put on this evidence. So let's go to the next slide. So there are some other examples of Fitbit and we listed two here, cases where Fitbit evidence was used, but I want to just talk about one of them for a moment. And that's California versus IAO. So in September of 2018, 90-year-old defendant Anthony IAO told police officers that he made some homemade marinara and decided to bring it over to his stepdaughter's house. She was so appreciative of that marinara sauce that she gave him two roses as a thank you and he left and went up about his merry way only to find out later on that his stepdaughter had died. Told a different story. The Fitbit that she was wearing showed that her heart rate was elevated while her stepfather was visiting her and that her heart rate actually stopped. Five minutes before Anthony IAO left the house and so they used this evidence in the criminal case against Mr. IAO. And so I want to kind of turn it over to Jordan to talk about one more pretty famous case, Arkansas versus Bates. Right, I think many viewers may have heard about this case indirectly. This case involved prescription drugs, heavy drinking in a football game and then four friends going back to Bates's hot tub afterwards to sort of post game and the night. It's unclear when the two other guests left or when Bates went upstairs and went to bed. He said he went to bed at about 11 PM but the guest in his hot tub turned up dead the next morning. And at first the police thought this may have been an unintentional death but after talking to a few neighbors they heard that there may have been music or noises coming from Bates's house overnight. The utility meter actually showed a lot of water was used about one or two AM in the morning. And so the police started to think that Bates instead of going upstairs and going to bed had actually murdered his friend, used a lot of water to clean out the hot tub or clean off the evidence on the porch and then put him back in the hot tub and gone to sleep. There was some evidence that substantiated this but the evidence that the police were most interested in actually came from the Amazon Echo that Bates used at his house. The police thought that they could use the Echo to prove that he was not asleep but instead potentially downstairs and playing music at two AM instead of being upstairs and asleep. And so the police sought from Amazon a whole bunch of data relating to Bates in general as well as his music choices and his conversations with Alexa that night. Amazon produced some of this data but opposed most of it on a First Amendment basis claiming that Bates's conversations with Alexa were First Amendment protected and therefore the police needed to have a greater showing of need in order to get this data. This caused a lot of national headlines but we never got a resolution of this argument because Bates actually intervened and told Amazon that he would waive his First Amendment rights and that they were free to turn over his conversations with Alexa as well as any other Echo data from that night. Strangely, once this happened the police actually dismissed the charges against Bates which actually shows that some of this IT data could help exonerate people. And as a small footnote to this Bates has since sued the prosecutors and the law enforcement officers who arrested him claiming that they were part of a conspiracy to frame him. Now we've talked about this in these sort of discrete criminal prosecutions particularly murder cases but IoT device data is not used on an isolated basis. There's between 50 and 60,000 requests from law enforcement agencies per year and this can be used in a lot of different contexts. And so we wanted to run down some of the other contexts for you very quickly. Last year when there were protests going on as part of the BLM movement law enforcement used location data to help track and encircle protests. This year the FBI has used a lot of location data not just from phones or Fitbits but also from things like CPAPs to help place suspects either in DC at the time of the January 6th riot or somewhere else. And that can really be indicative of whether these people will get charged. There was also a recent event with Dartmouth medical students where 17 largely low income medical students were accused of having cheated on tests because clickstream data showed that they logged in to the learning portal Canvas while they were supposed to be taking a test. Administrators thought that they were cheating as a result. But it actually turns out that that clickstream data is pretty unreliable. And so you could actually look at other instances of clickstream data suggesting that those students were accessing Canvas when for example their Fitbit might show them on a run two miles away. And that sort of shows that that data is not always reliable. And all 17 of those allegations have since been dropped. Now, I think it's worth pausing here. And I know we're moving pretty quickly but just sort of asking why and how does law enforcement have access to this data? What are the protections that exist? What are the limitations and how is the law interacting with this? And as lawyers that's naturally something we wanna talk about. And so I'm gonna turn it over to Anthony to sort of give you a rundown of the legal framework. So you can't have a presentation with lawyers without having a conversation about the law. So let's talk about the existing legal framework. So overall there's nothing that generally prohibits the use of IOT devices in investigations and in prosecutions. Sure prosecutors are required to comply with evidence laws, with discovery laws to use this evidence in trial but there's no blanket prohibition. In many cases, warrants are not required due to existing Fourth Amendment case law that talks about shared data having no privacy expectations. And so before we get too carried away with this let's just talk about what a warrant is. We've all seen these cop shows with police walking around waving a piece of paper saying that they have a warrant. But I think a better way to view a warrant is not just a piece of paper but as a legal process through which the government can get the evidence in a case. And so when you see people waving around the warrant they're actually just waving around the receipt showing that they went through the proper process to get this evidence. Companies often warrant consumers that their data may be produced subject to legal requests. So if you look at the terms of services on a lot of the websites or a lot of the IOT devices that we use you kind of find that language buried in there. And so sometimes they give you consent when they're gonna produce this information because of a legal request. Sometimes they provide you notice and in other instances they don't. And so while companies generally comply with law enforcement requests for information and for data they're actually not required to comply with criminal defendants requests even if the defendant provides a subpoena. So let's go to the next slide. So let's talk a little bit about the Fourth Amendment and the protections that you have from the Fourth Amendment. The Fourth Amendment protects against unreasonable searches. So what exactly is a unreasonable search? It basically means that you're protected and the police can't come and kick down the door of your house and search through your stuff to find evidence without a warrant. When we talk about Fourth Amendment case law there are a couple of key concepts that will make this presentation a little less painful for you if you kind of just have a basic understanding. So let's talk about reasonable expectation of privacy and you hear this term a lot. And this is the idea that the Fourth Amendment provides you protection where there is a reasonable expectation of privacy. For instance, you have an expectation of privacy when you're sitting in your house with the door closed. You have an expectation that this is your space. You have a reasonable expectation when you're in your car. You're in your car, your door's a lot, your trunk is closed. No one can see what's in your trunk. So you have a reasonable expectation of privacy but you don't have this reasonable expectation of privacy when you're in a crowded bar or when you're shopping. You know that people are watching you that you may be monitored by a video. And so you don't have that expectation of privacy. Another concept that's important for us to understand is this third-party doctrine. There are a lot of case law talking about the third-party doctrine and we're not gonna get into all of that. Instead I just wanna give you just a quick and dirty version. If you have a piece of paper in your home, it's yours. It's in your house, it's safe. You have a reasonable expectation of privacy on that piece of paper. But then you decided to give your piece of paper to your friend Bob. Now Bob has your stuff. You no longer have an expectation of privacy. So when we view this from a modern technology lens, this will be the equivalent of you having your phone records or your email records being held by your service provider or by your wireless provider. So AT&T having your phone records. You don't have an expectation of privacy where you gave this information to a third-party customer that now, third-party company that now has your data. Another concept I wanna talk about is a more recent Supreme Court case and this is Carpenter versus US. And in this case, the Supreme Court held that you have a reasonable expectation of privacy to historical cell phone location data. So let's just talk about really, really briefly the facts of this case. So what happened? In this case, there were a group of men who were committing multiple robberies on phone source. One of the robbers got caught and confessed and then he snitched on all of the other robbers. He even gave the police his accomplices phone numbers and the police took that phone numbers and began looking for historical location information to try to pinpoint where these criminals had been in the past to see if they had actually committed these crimes. The court held that you have an expectation of privacy when that information, for that information. So law enforcement needs to get a warrant which sounds like a great victory. Well, it kind of is. But the problem is getting a warrant is pretty easy. So despite what all those cop shows talk about, it's pretty easy for law enforcement to get a warrant and subjecting most IOT devices to government surveillance because it's so easy to get a warrant. I kind of want to hand this back to Jordan to just kind of just walk us through now that we kind of have a basic understanding of the Fourth Amendment about other types of protections that are available. Yeah, thanks, Anthony. I mean, I think just, I always like to zoom out for a second and I think it's worth zooming out here and saying that as we approach this talk and we say that government has near unlimited access to data generated by IOT devices, that seems scary or it may for some of us set off alarm bells about privacy, but it's important to remember that as Anthony's described, that's largely legal. There's nothing nefarious about it. The Fourth Amendment says that if you share data, the government can access it without a warrant and even where you might have a privacy expectation, the government can access it with a warrant. But because IOT data is so uniquely personal and there's so much more of it than we've ever seen of any other data in human history, I think it's worth talking about other potential protections from government, whether they're active or whether there's something that could be resuscitated by courts. The first, and I think maybe the one that we're most familiar with is the first, sorry, the fifth, I mix up my numbers apparently, the Fifth Amendment protection from self-incrimination. We've all seen, I think on court shows, people plead the fifth where they don't have to testify against themselves. And a long time ago, the Fifth Amendment protection from self-incrimination meant you didn't have to testify against yourself and you didn't really have to help law enforcement prosecute you. So if you had an incriminating document, you didn't have to hand it over. Now in the last hundred years, the Fifth Amendment has very clearly evolved to say that you have no self-incrimination right as to your documents. You have to give them to people and they can be used against you. You just don't have to testify against yourself. And so even though IoT data is much more personal and you might even have conversations with Alexa that could be played against you in court, you don't have a Fifth Amendment right to withhold that data. And so the way I like to remember this is that your statements to Alexa can and will be used against you. There's also a potential Sixth Amendment protection, which says you have the right to confront your accuser or any witnesses. But again, because IoT data is still considered a document, it's not testimonial. It's not someone testifying against you. And so you don't have a Sixth Amendment right to sort of rebut that data. And so again, IoT devices are not technically government witnesses, even if that's the topic of this conversation. Now we've talked about the Fourth Amendment, the Fifth Amendment, the Sixth Amendment. There's also the First Amendment. And this is maybe the most salient protection that is being argued in courts about IoT data. The First Amendment protects your right to do what you want, to say what you want. Now there are restrictions on it, but some courts, including the court about a decade ago in Amazon Delay, have said that the First Amendment protects your privacy and actions enough that there should be a heightened showing of cause before deep personal information, such as your reading habits, your listening habits, your conversations with Alexa are turned over. And so this, it's not quite clear what this heightened showing would be. And that court case, Amazon Delay was a federal district court case, so it's not binding on other courts. Other courts can choose to follow it, but unlike a Supreme Court decision, they don't have to follow it. But in general, law enforcement would still have access to First Amendment protected IoT data. It just would require law enforcement to show that they couldn't access that data from another place, that there was a real need, and that a criminal investigation might be frustrated if they didn't have access to that data. So again, in cases like Dabate or Bates, where there was other evidence, this might actually be a reason to not provide IoT data and keep that privacy interest protected. But in cases where there was no other information, government might still have access to that data. Now there are, beyond the Constitution, a few other potential protections, and they're real, but they don't always have the results that they're intended. And so I wanna hand it back to Anthony for a second to talk about these protections. Sure, Jordan. There are other types of protections found in state and federal law, but beyond just the constitutional ones that we talked about briefly. So when we talk about this third party doctrine that I kind of walked you through, the Store Communications Act replaces the requirements on government to access store communications that are held by third parties. And so we have this law because there is no fourth amendment protection when you're dealing with third party information. Along with this federal law, we also have some protections found in state constitutions and state statutes. So most states have constitutions that kind of echo or rely on the fourth amendment rights that we discussed. But they generally don't have any additional protections. Along with that, there are some states who are taking the initiative to add privacy laws that can extend this expectation of privacy. And we've seen that in California and Virginia and some other states, but unfortunately not all states have these types of laws in place. And even when you do have these things in place, most contain carve-outs to allow people to still produce this information in response to a warrant from the government. And so I'll just have Jordan kind of walk us through some of the protections from defending access to IoT information. That's right. I think that in some ways you were mentioned to state privacy laws is pretty apt because the state privacy laws are often intended to protect our data against third parties. And while they recognize that the government might need access to that data for legal process, they often don't recognize that third parties may need that access. And so the result of this is that the government can often access IoT or cloud data with or without a warrant, but criminal defendants can't even with a subpoena. The Store Communications Act is a great example. As Anthony said, it tried to step into the shoes of the Fourth Amendment and create a privacy expectation. And so 2702A of that law creates that privacy expectation and says you shouldn't disclose anything because it would violate people's privacy. The next section, 2702B says that you can release that data if the government is asking for it, but it's silent as to criminal defendants. And so courts have often found that the government has a right to get your data, but criminal defendants don't. And this leads to a pretty massive inequality where IoT data can be obtained by law enforcement to prosecute someone, but it can't be obtained by a criminal defendant to defend themselves. And so we actually see this in real life. And we don't have time to talk about all the examples, but we have time to talk about two. And I want to talk about the first one, which was USV Amin. Amin was an Iraqi refugee who came to the US after the Iraq war. And he was living a happy life here when one day he was notified that he might be deported and extradited to Iraqi court for participating in an ISIS convoy that killed innocent civilians. And this is obviously a big deal to him. The US began a proceeding to extradite him. He opposed it. His argument was that he couldn't have done this because he was located 600 miles away. And that if he had access to social media accounts and other account information, he could show that he was located far away and he could show that he was engaging with people not near the crime scene. Now he made a request for some of this data under the Store Communications Act, but the tech companies that held the data refused to produce it, saying that it would violate privacy protections and it would potentially violate third party privacy protections. The government didn't ask for this data because it would have negated their case. And so this is sort of an example of how this poor guy thought he could prove his innocence but wasn't given location data that could have helped him do it under the Store Communications Act. There's actually a happy ending here in sort of a strange way. Three days before judgment was entered was going to be entered against a meme and he would have been extradited to Iraq. The Turkish government came forward with his cell phone records showing that he was in Turkey, not in Iraq at the time of the ISIS convoy. And in fact, he had been in Turkey for two years prior to the attack. So he ended up, as a result of the Turkish government, not our legal process or the US government or the tech companies, he ended up being allowed to stay in the US. I think another case worth talking about is Facebook v. Wint, and I want Anthony to discuss that. Sure, so you probably heard about Facebook versus Wint. In this case, Darren Wint was charged with quadruple homicide. And so during his case, he requested from Facebook and Instagram information on one of the government's witnesses. Wint's believes that the witness was lying and that the trial court found that this information was both material and important for his case. And so they allowed his request and they required Facebook to produce this information. He sends the request under the Store Communication Act to Facebook and Facebook declines to produce the information citing privacy concerns. And they take the case up to the DC court of appeals and the appeals court agrees with Facebook. And so the reasoning behind this is pretty important. The court, when looking at the Store Communications Act, they said that it contained certain carbouts for production of information. But none of those exceptions included a defendant subpoena asking for information. And so as a result, the law didn't contemplate defendants actually being able to get information through a subpoena using the Store Communications Act. So let's talk about the implications. What are the implications of all of the things that we've been talking about today? So I first wanna start this conversation by talking about the implications related to privacy. Law is behind technology. Our founding fathers didn't and couldn't contemplate a world with 24-7 data and companies having an addiction to consumer data information. And so the law is constantly trying to catch up with these new innovations. Even if we look at our more recent Fourth Amendment case, which was Carpenter, which we discussed previously, the case was decided in 2018, but it's looking back to things that happened in 2011. And so our most recent case is only addressing things from 10 years ago. And so there's this idea that the Fourth Amendment kind of lags behind technology. And even our other laws that we have in place, like the Store Communications Act, is decades old. And so it wasn't really crafted for what our current world looks like. And so these raise some concerns and Justice Soto Mayor, Intercurrent Currents, and U.S. President Jones said some things that I just wanna read just a little bit of that so that we can kind of get an idea of her concerns. I would ask whether people reasonably expect that their movement will be recorded and aggregated in a manner that enables the government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on. And so what Justice Soto Mayor is getting at is that for one piece of evidence, one piece of information, we might not have a reasonable expectation of privacy in that. And people are okay with maybe one piece of evidence or information about them being known, but our current law allows the government to take that one piece of information and then add other points of data in there to get a bigger picture of who we are, of our beliefs, of our habits, of our activities. And if people understood that, do you think they would say, oh, I do have a reasonable expectation of privacy because the government can take all this information about me from different points of time and to create a bigger picture of me. And so I kind of just wanna move this back to Jordan to talk about a few more concerns. Yeah, thanks, Anthony. I think to that point, we're seeing the limitations of the law dealing with something as comprehensive as data generated by IoT devices. The Fourth Amendment still engages with data as if it's a sales receipt handwritten from 1910 and it doesn't really account for just how private some of the data that we're now generating is, right? And so I think it's worth, again, zooming out and thinking about what should our privacy interest be in our data, in our coffee maker time set to go off at 7.30 AM and our conversations with Alexa in our 24-7 location. Is this something that we can willingly give to third parties? Is it something that even if we do, or even if we're held to have a privacy expectation should ever be subject to government access by a warrant? Or are there some cases where it's justified and others that it's not? I think this is a situation where there's a possibility that Fourth Amendment protections are not sufficient given the privacy interest in the personal element that IoT data involves. And so maybe these choices are expressions that should be more robustly covered under the First Amendment. Maybe Amazon VLA is correct that there should be a heightened standard for getting some of this information and maybe that would help. But maybe some of our interactions with IoT devices are just so reflective of our personhood, whether we're asleep at a given time or awake, whether our heart's beating or it's not, that they should be protected by the Fifth Amendment. Maybe having an IoT device essentially testify that I had an elevated heart rate at a given moment is really a part of me being used to incriminate myself. And so the Fifth Amendment protection against self-incrimination is appropriate. But beyond privacy, there's also this inequality threat in that this IoT device data is available to prosecutors, but often not to criminal defendants. We assume, and it's codified in many places, that prosecution and defendants should have equal access to data. But that's not the case here. And so this questions as to whether this undermines due process or fair process. There's also, you know, I think questions of systemic bias or racism, and that particularly poor defendants simply don't have the money to try to fight this issue up to the Supreme Court. More importantly though, I think, is question of whether IoT data would be exonerative. We've seen prosecutions use IoT data to track down suspects and put them in prison, but we've also now seen IoT data let people off the hook from Arkansas v. Bates to USV Amin with the Turkish cell phone data to even the Dartmouth medical students. And I think that there's sort of almost a DNA evidence type question here, where when DNA evidence first came in, prosecutions used it all the time to track down suspects and put them in jail. But since then, DNA evidence has been really powerful about letting people out. And I think IoT data is the same way. Yes, it can be used to put people in jail, but it may also be able to get a lot of people out of jail. And if so, it's even more important to ensure that criminal defendants have the same access to evidence and IoT evidence as prosecutors. And we would be remiss as lawyers not mention a few other concerns. We won't spend a lot of time on them. There's an economic concern, which is that Europeans generally have a greater expectation of privacy. So the EU and regulatory bodies have raised real concerns about IoT device data coming from Europe, going to cloud services on the US and then being accessible by the law enforcement. And for many people who work with them, the data privacy sphere, this is a real headache because it means that you may not be able to ship your data from one place to another. And that has real life economic implications. There's also this reliability concern, which is that IoT data is not foolproof. And so when prosecutions are really relying on it, that may not be a sufficiently reliable basis for a conviction. Now we're running out of time, but I do want to at least discuss, sort of given what the law is and its implications and potentially some of the problems, do we need a different approach? And if so, what could that approach look like? And I think Anthony is going to speak on this. Sure. So we shouldn't just give you a whole presentation about problems in doom and gloom without looking at some possible types of solutions. So what are our options? What are those options look like? So our first option is to just do nothing. We can just sit back and chill and do nothing. Because things are cool. The status quo is okay. People should be aware that they're voluntarily waiving their privacy rights when they have all of these IoT devices. And shouldn't law enforcement simply be able to use all of this information and have all the tools to protect us? If criminals are going to be using 21st century technology, shouldn't our law enforcement have those same types of capabilities? We can also look to states as our solution. States are often seen as laboratories for democracy where an idea starts at a state level and then it's successful and then it spreads to other states and causes Congress to respond and create a federal level type of protection. And so we could do something at the state level by requiring state law enforcement to have a heightened standard to obtain certain types of IoT data from third parties. We could place limits on IoT data being stored for how long we can provide users with additional privacy rights in various states. And so that's one path. Another path would be to ask Congress to do something. I don't know how successful that would be, but we could ask Congress to strengthen federal privacy laws. We could update the Store Communications Act to allow more equal access to data to allow defendants to be able to make requests via subpoena for information that the prosecutors would be able to get through the Store Communications Act. We could also pass new legislation that would increase protections for certain IoT device data that goes beyond just the minimum requirements that are currently in place under the Fourth Amendment. Along with that, well, we could also look to the courts and we could just trust the courts and trust the process and look to them to monitor our law to reflect the raw amount of IoT data being available. So we could just look to the judges to kind of examine these issues as we move forward. And so that's another option that's available for us. And so, Jordan, I want you to chime in here and talk about some other key things. Yeah, I think that's right. I mean, I think all of these potential solutions could have some traction, but some of them may take a lot of time. I mean, we've seen the courts wrestle with this issue and it's going to be a big lift and it could take a decade to get a case to the Supreme Court and have the Supreme Court conclude that IoT data should be subject to some sort of different protection than every other type of data that the Supreme Court has looked at in preceding parts of US history. And so I think that maybe the most direct way to effect change is to let industry lead as industry has done so often in the technology sphere. And that could include protecting privacy by design, policy, or even contract. And what do I mean by that? I mean, I think most people are familiar with privacy by design, but it doesn't have to just be not retaining data or storing data in a certain way or encrypting data. It could even be having a policy in place to send data for cloud processing or storage in Europe where it wouldn't be reachable by US authorities, or it could include privacy by contract, telling users explicitly that they're gonna have continuing control over their data so that there is a reasonable expectation of privacy under the Fourth Amendment, or even telling consumers that they're gonna shell out their data in response to any legal request, including criminal defense requests. And that could help eliminate the inequality issue with the Store Communications Act that we've talked about. And so I think that there's various ways for industry to do it, but I think the most important thing we can all do and the reason why we're giving this speech today is communicate, speak up, especially in an interdisciplinary way. Frankly, one of the reasons why policy lags technology is because many lawyers and judges and lawmakers don't understand technology. They have no idea just how much IoT or cloud data there is. They have no idea how it's different from other points in time, and they don't even know what IoT stands for. Then there's also plenty of companies and programmers who work so hard to bring this technology forward, come up with better technology and protect data security, and they may not realize that despite all of those efforts, you're still having user data that's being turned over to the government very easily. And I think sometimes that can create a frustration where you have people working very hard on the technology side, but not feeling like the policy side of it is protecting the good work that they're doing. And so I think that as we move forward on this topic, the best thing we can all do is just communicate a little bit better and at least understand this topic. And so frankly, that's it for us for today. I do wanna say a quick thanks to DEFCON29, IoT Village for having us, for our firm for letting us speak on this, as well as to two excellent law review articles that sort of bring forward the academic components of this discussion, Aaron James in the Arkansas Law Review and Rebecca Wexler in Harvard Law Review. And finally, I do wanna put our contact information on the screen because this is a conversation. The only thing we're trying to do today is start it and help educate people on what the protections or non-protections are. And we would love to continue this conversation either from a legal perspective or a policy perspective. So please feel free to reach out and we look forward to speaking with you either at the Q&A or via email. Thank you so much everybody.