 Welcome everybody to Ask the EFF and meet the EFA in this lovely to be back sort of at DEF CON for for another year we've been doing Ask the EFF for I think since DEF CON 13 taking your questions about the electronic frontier foundation. Sorry I had two things on our channel here so I had to deal with the echo. So it's great to be here. We have a amazing panel for you. And we will be going down the panel so you can get an introduction. Let me introduce myself. My name is Kurt Opsall. I am the deputy executive director and general counsel of the electronic frontier foundation. And I am delighted to be back here. I work on a number of different things at EFF. One of them is the coders rights project along with Hannah, see shortly. The coders rights project is where we provide free legal advice to security researchers like yourselves when they have questions about legality of their research issues that may arise from disclosing it when a vendor gets upset. And these are things that that we often provide to this community. But I always begin this panel with noting that this is not the time for those questions. You need to have those conversations and an attorney client privilege situation, which is not when it's being live streamed at the DEF CON Twitch channel. So we're happy to ask questions including questions about general legal principles, but if it's about your particular situation, and that includes when you're like asking for a friend but it's really you. Those are not the time to ask these sorts of questions, but feel free to ask your more general questions. And we can talk about an addition of the coders right things. We have Hannah here, so we'll introduce yourself in a second. We also have the opportunity to talk about, well, one of the things that come out lately that Eva and I worked on tick talk, and the band also expanding to a band on grants and 10 cent the parent companies, a lot of interesting implications there. You can hear a bit more about our, our activism work through Rory. So we've got a good thing show for you, looking forward to your questions. So why don't we start it out with Rory you want to begin. Hey DEF CON. I'm Rory, I'm the newest member of the EFF activism team. And I came on in March as the grassroots advocacy organizer. In that role, my work on the organizing team which manages the EFA, which is our nationwide network of over 70 local grassroots organizations, not going to spend too much time talking about that because you're going to meet them for yourself in just a little bit. But the gist of it is unfortunately EFF can't be everywhere at once. And these local groups really do a lot of heavy lifting for city and state level issues and are incredibly important for our success. And I'm lucky enough for my role to be building a lot of these relationships with local groups that are either currently members or potential members for the EFA. And I'm actually lucky enough to come to the EFF and this organizing team from an EFA group myself I was a founding member of the site per collective which you'll also meet in a little bit. So I'm really excited to have benefited so much from this network and now I get to give back and help construct and build it further. In addition to that, part of my background, I care a lot about digital security for activists and LGBTQ plus communities that's very much part of my site per background. I'm also technically still a grad student but a former grad student and adjunct professor. So I care a great deal about student rights and teachers rights and concepts like open education, campus privacy, open science. And then finally, we talk a lot about EFA being in kind of three buckets unofficially of the workshop bucket, the advocacy bucket, and the makerspace or hackerspace bucket. And it's that last one that I really am hoping to expand on moving forward. We already have a lot of great hackerspaces in the EFA including several DEF CON groups, shout out to DEF CON 201, 319, 313 and 919. And then also artistic digital art spaces like iBeam and NYC. So I think it's really important that we expand into this creative territory because honestly creativity and fun are really important part of movement building I think the old, if I can't dance it's not my revolution. And I think these issues of freedom of expression and play are one of the best ways to get people engaged in digital rights issues because you might not think about copyright or patent or DRM or right to repair or any of these issues until it becomes a barrier between you and this really cool project you want to do. So I think it's a really important part I'm hoping to expand so I think there's a lot of folks in the audience that are involved in those sort of projects. I'll plug now reach out to me at Rory at EFF.org, or organizing at EFF.org. And then I guess we go to Hannah. Hi, I am Hannah I am a staff attorney at EFF I'm super excited to be virtually part of DEF CON. I'm looking forward to the day when we can attend in person. But I like Rory I started very recently, I only started in April is kind of an unprecedented time and a very unique time to be starting work at EFF there are a lot of issues that have come up in relation to the things that have been going around. Also in 2020 COVID of course being one of the large ones but also the protests that have risen up around the country and indeed around the entire globe for justice, racial justice against police brutality and related topics. My background is actually in criminal justice. So I come from having practiced in criminal defense law for a number of years before joining EFF. So as Kurt mentioned, I am part of the coders rights project and he already gave a really good explanation about that so I won't go into it, but needless to say that it is an important part of our work and I as someone who very long time ago in a different lifetime for undergrad had a computer science degree really appreciate the kind of work that we can do for and the kind of security researchers hackers tinkerers anyone who's interested in poking around in systems and the like, and recently at EFF I guess my most recent cases I've also worked a lot on police tech and forensic technology because law enforcement and prosecutors use a lot of different types of technology from, you know, automatic license plate readers and facial recognition which we hear a lot about two things that we hear slightly less about like forensic probabilistic software which is supposed to do DNA analysis and match DNA of people. And you know you hear these giant numbers like one in three trillion or something like that where that people are imagine actually there's a lot of issues with these technology and what we have seen before is that law enforcement that these kinds of technology should be used against marginalized groups and against the most vulnerable community so we really should make sure that they're constitutional that they're accurate that they're not biased. And if they are they should not be used at all. So I look forward to engaging with the DEF CON community, and to listening to all your questions. Eva. Hi there, I'm Eva Galper and I'm the director of cybersecurity at the electronic frontier foundation. This is extremely not my first DEF CON. I have been coming to DEF CON since somewhere around the year 2000 dinosaurs were roaming DEF CON. I was sort of in this setting that I discovered EFF little, you know, sort of clueless teenage me, but hey, these guys seem to be the good guys I should do that one day, and then I did. So I've been at EFF since 2007. And I have done, I don't even know how many of these SKFF panels. But right now what I do is I run the EFF threat lab, which is a group of researchers who work specifically on issues that affect particularly vulnerable populations. So people who are protesting people in LGBTQ populations, people who have unpopular political opinions, people who are, you know, part of ethnic minorities, where we're interested in having their backs. And I don't know if you have been watching some of these, some of these DEF CON talks at the virtual event, but my colleague Cooper Quinton gave a talk on his project, Carcadal Hunter, which had to do with with tracking fake base stations. And I strongly recommend that it's based on the work that he did with our colleague Yamna. So I can answer questions about that. And also, I can answer questions about TikTok, and about general sort of privacy and security advice, and how to how to reach out to people in a way that moves them to action but does not scare their pants off. All right, well thank you for that. So that is the introduction to our panel. Oh wait, Alexis has, so Alexis a little bit late but still lovely to have you here Alexis you want to give up intro please. Hi, I'm sorry for being late. I'm Alexis Hancock. I'm a staff technologist at the EFF and I've been around. I'm still like working at EFF about two years now. So coming on my two year anniversary actually just just now realized that I work on the project. HTTPS everywhere. And mainly that's my main focus but I also do research on other aspects of consumer privacy and how it impacts different populations. And that's been my focus and as of late, especially with COVID immunity passports which mentioned verify credential technology so dealing with mobile identities research and how that may impact the general public. And that's my intro. All right, well thank you Alexis. So that is our panel we are now going to turn to to your question we've had a few questions come in. So, one question is, what is the strongest and most readily understood argument to support protection of end to end encryption. We're talking with organizations, particularly non technical audience, working to address controversial complex topics, such as the transmission of child sex abuse materials. Do you want to have something to say on that? Yeah, definitely. So this is something that I think comes up a lot when you're engaging different communities on things like end to end encryption or even just the concept of hacking people have this very NCIS kind of concept of what that means that you have this very shady character. But what I usually like to pivot to is say, it's less about being shady and being on the margins, more about being on the margins, that end to end encryption is really important. Yes, sometimes for people with the fairest purposes, but also people with very good just purposes. And these, the power of breaking into encryption or banning it is one that you have to consider. You might be comfortable with the US president having but are you okay with another foreign leader having current leader, future leaders, and thinking about who is on the margin and who are we protecting with this technology. And ultimately, everyone has the right to have that protection right it's part of being able to speak freely and live in a free society to have some privacy. I think that's usually a good hook for folks that are kind of just honestly perplexed by why anyone would support and then to end to end encryption. Thanks, Rory. I think I'll add a little something from that, from my experience I've been to a number of events or conferences where people from the organizations that are trying to stop childhood sexual abuse. And we talked about end to end encryption, and I'd say that you know they actually were understanding about the human rights concerns. You know they have their very strong position they want to be able to do whatever they can to stop child sexual abuse materials. But I would say in terms of like just talking about it, they were a lot more understanding that there were countervailing human rights concerns about breaking encryption than the government people who are at the very same conferences who are often using or pointing to those groups in order to support their arguments. And I think they probably you know we're not going to agree on the the ultimate path for encryption, but I think that they would say, if there's a way to have, you know great strong encryption, you know that that is fine. So long as their needs are addressed, but we can have the conversation at least. Let's get to another one of your questions. What would you say would be the difference between Congress interviewing Mark Zuckerberg in 2018 and Congress interviewing the tech giants a few weeks ago. Anyone been following that, because we don't have our ledge team on. I did watch the anti trust hearing that came up recently. I'm not really able to speak historically to what our ledge team thought of the previous hearing but from what I did some eyes from my colleagues that watch both Zuckerberg generally seems more prepared for these questions from Congress. Normally than the other CEOs that came through with the original intention of what the hearings are about are trying to see like exactly where are the PowerPoints that you can focus in on with these organizations and where exactly are they over this overstepping and the differences between the last one and this one from what I some eyes was that they were just becoming to terms with privacy issues and how the general public are worried about them with Zuckerberg and Facebook, Cambridge Analytica. All those different types of like themes came up with his hearing in particular and he seemed more strained then and then this time around he seemed way more prepared than the other CEOs. So the other CEOs had came and asked about this and we also want to call to the other previous anti trust hearing that Bill Gates attended two years back. That the legislation team also mentioned where that was kind of like the beginning of Congress's thought patterns on how to regulate and what to do when it comes to tech companies gaining such a mass amount of market power. So I do suggest looking back at that hearing as well and seeing what people's opinions were on that, because that was kind of where it started, I believe with Congress's thought patterns on what to do and what to ask when it comes to tech. Mark Zuckerberg's hearing was very much so rife with people who didn't quite understand how the tech and we're asking questions that didn't necessarily get to the meat of the issue on why exactly Facebook has been nefarious and why exactly Facebook practices are a problem versus understanding other things that came up again at this recent anti trust hearing where a couple of Congress members or at least one I remember in particular, who didn't quite understand how BAM email work and kind of tried to like blame Google for that. So that was pretty much what I saw from the recent hearings from Facebook side, Apple was mainly quite around the issues that we wanted them to talk about. But overall, I did like the round of questioning that did happen from some of the representatives on the judicial committee and tried, they tried their best to grill them on the things that did matter at times and it's a balance between the different parties and what their intentions were. It seemed like the Republican Party was more focused this time around on censorship, and that's not anti trust. So it went from good anti trust question to really bad sidetracked censorship questions so not focusing on anti trust was a real big, I think pain point for a lot of people watching who really wanted them to focus on the anti trust portions of the questions. And that's my purple, you know, summation as a non legislative person from the FF. All right, yeah, thank you. And go to our website to get more information because we have blog posts covering the both those their sets of hearings. So another question came in. Does EFF as a US based organization. How does EFF as US based organization see its role internationally I think Eva is one. All right, I can cover this one. I worked as part of EFF's international team for for many years. And if I've started out as an American based organization. And this was largely because we saw ourselves as a group of people who primarily did impact litigation. And so we had a bunch of US based lawyers because the US is where most of the laws that were impacting the internet or impacting the cutting edge of technology were being made and where the court cases were happening. And we are not entirely about impact litigation anymore. And those cases aren't necessarily happening in the United States you're starting to see them in in European courts in Brazilian in, you know, in Russian and Mexican courts, the, you know, the US president apparently would like our internet to look more like China's. And that is a fairly serious problem that will that requires an and international approach in order to fix. So having said that, what we did was we built an international team and we have, we have people who do who do international who understand international human rights, who speak to the UN, who we have people who are not based in the United States, we have people who go and talk to the Hague, and to Brussels, and also people who understand that the internet isn't just the developed world. The world is not divided up into the West and the rest, and that the rules which govern the internet need to be fair, not just to, you know, to Americans and to Europeans, but also to people in the global south and that their voices really to this conversation and often they're the people who get left behind when we talk about privacy and security, because they're the people who are who are using some of the slowest infrastructure, and they're often the people who are using the cheapest products in order in order to get online, or to communicate even if you did not pay extra than you are the product and you're, you're essentially selling either your privacy or your, or your security and we find that very alarming. We also built a set of privacy and security guides, and we have those translated into eight different languages we update them regularly which almost no other security guide does. It has a date on it that tells you when you know that this advice is good as of the state, and we translate it into languages, so the internet in addition to being global is not just English speaking. Okay, another question was any advice for loosely federated national organizations, working to simultaneously prevent doxing while preserving accountability, i.e. doing I am for an organization where the national may not know or want to know all of the locals members. I could take that one or so it's a really interesting question I'd want to know a lot more of the specifics before giving any kind of concrete advice but I will say loosely federated national organization makes my ears ring a little because the EFA is a national organization of a network of people coordinating So I think there's probably a lot of overlap. If you went to ff.org slash fight we have some really useful toolkits. So I think some sample suggestions would be establishing basic principles on the onset and maybe writing up like a simple mission letter and having those groups sign on to it. And I think where it probably diverges a bit is, if you don't necessarily want to know the individual federated instances, particularly closely that on our end it's really important to build those kind of intimate relationships with our members and find these kind of intersections so maybe finding another way of communication among more maybe more anonymized communication among the members of the Federation. So those are some things that come to mind definitely check out the toolkits. It's not exactly the same as coalition building but I definitely see some overlap there. Wonderful thank you very. So, the next question is from DC 201. There are a lot of streaming on the crypto barons right now and did a review of the article about California using blockchain to track people's COVID-19 status under a social credit system, and a secure record. We want to hear straight from you guys your take, keep up the good fight. Alexis you've been working on immunity passport issue what do you have to think about this. Yeah, so actually the immunity passport work came directly from this bill the bill and references AB to 004. And that's been in play for a while and we in the FF opposes for several reasons. One of it is the fact that it's using a technical solution based practice towards a very, very loose dynamic situation. Um, could verify credentials, which is the technology mentioned in the bill is for more static purposes and also immunity passports aren't some isn't something that is actually normalized for the general public to enter buildings to enter their job to enter venues or public spaces. This is not a practice that's been in play and the history in the United States with immuno privilege isn't a good one if you go back and look at the yellow fever. In that position you'll see that US United States is a very bad track record of handling immuno privilege when you have a certain amount of population who can't exactly get testing at equal rates as other people in the population. So, not being able to update your status as much. We don't know, according to health experts, exactly how cove it works still people are getting reinfected. There's other people out there with cove it who may be asymptomatic. There's other and we don't know how the antibody testing will be handled in the future so rolling this out as a technical solution using blockchain for the verify registry in a verified credential. Is it necessarily something that calls to arms where you you're building up something with the technology claims is going to be very secure and very straightforward but at the same time this is not a straightforward time cove it in immunity isn't a straightforward practice at the moment. So trying to build up something and say just because we're using encryption and just because we're using a secure tool doesn't necessarily mean the tool itself is good, or the credential itself is good. Basing people's immunity into a shared health credential with law enforcement or their employer puts people in very precarious positioning in our in our general public and that can exacerbate already the inequities that we have seen exacerbated during this pandemic and this would just add to the pile of inequities we have seen by making something like this. The standard when we don't have, we don't even have a plan on like how we're going to handle sending kids to school. So, like, being able to roll out something as coven immunity passwords we're using blockchain. It's a very technical solution, Silicon Valley approach to something that we cannot just roll out something or an app or a technology and say we saw the pandemic, everybody go out and have a good time that's not how this works. So, that's our take generally on it and we oppose this bill still and you will see more recent blog posts if you go on to the site and going over that again we've written several times on this and hopefully they listen and generally I just want this bill to die. And I don't want to see anything go through with this because I just don't think community passports or verify credentials are using blockchain for a verify registry is the solution to this we're going to need a multifaceted policy based approach to this pandemic, and we can't leave it up to, oh we use blockchain, everything's fine. Thank you. And the next question is, what type of rhetoric do you think the force selling and restriction of tick tock and other Chinese apps will set will networks sovereignty be a philosophy will have to fight in the near future. So, as it happens actually right before this, Eva and I were working on an update to talk about the tick tock band, and we've been actually looking very closely on the ban on tick tock and also on 10 cent. The makers of we chat, and also things like League of Legends and a 40% owner of the owners of fortnight. And so this is a very, very hot issue here. And I think, you know, from a, as far as I'm out from a legal and constitutional perspective, this ban is extremely trouble. The authority, the sanction authority that the, the president has an invoked here has an exception for communications, including a implicit prohibition of communications, and a band would stop people from using tick tock would be exactly to be outside the statute, the grass more importantly, on a constitutional level, it is banning a means of expression that the power to say, you know, unilaterally with an executive order that the president could say, you can't use this particular communication channels anymore you can't speak to the audience through that channel has tremendous implications for for free expression. And it goes beyond what what should be tolerated. Now I understand like a lot of people also are concerned about, well, do you know but tick tock their, their together a lot of data they've had some privacy scandals, but I'll turn to even talk a little bit more about the the privacy and security concerns. I will get up in front of everybody and tell you tick tock is totally safe. I will tell you that, for the most part, it uses the same, the same permissions and is has many of the same security and privacy vulnerabilities that you see with similar social media apps. And the only difference is that tick tock is located in China, they are owned by a Chinese company, they have employees in China. They say they do not keep any US data in China. But the real question is how much, how much do you trust tick tock. Is this what tick tock would say, even if they were keeping us data in China, even if they were handing over all of the US data directly to the Chinese government. And I for one, don't trust the Chinese government very much. Having said that. We are deeply opposed to the idea that the president should be able to ban an app via executive order there are a whole lot of, there are a whole lot of legal problems with that. And it really sort of eclipses any kind of real conversation that we should be having about data sovereignty, because after the Snowden allegations one of the very first things that happened was the European working on eventually becoming the GDPR and talking about data sovereignty in a much more serious way because they felt that they couldn't trust US companies to not hand over data to the NSA, and they're right. And we should not be hypocrites who think that it's not okay for companies to hand data over to governments, unless it's ours in which case it's totally fine. You know, we have rule of law and human rights and stuff. My, my willingness to believe in our rule of law and human rights is increasingly strange. So, I think yes we are going to be talking about data sovereignty, and one of the biggest problems we're going to have is that we are going to find ourselves battling xenophobes. People who are appealing to nationalism and to sort of anti Chinese hatred as a way of knocking out the competition, or lashing out at people who are not like them. There are real concerns about tick tock, but these are not the concerns in question, the people who should be really concerned about tick tock, and the people who are worried about having their data fall into the hands of the Chinese government. If you are a Uyghur, if you are a protester in Hong Kong, if you are friends with a protester in Hong Kong, if you're a journalist wants to protect your sources. And you have sources that are of interest to the Chinese government. If you're a COVID-19 researcher, or a fortune 5500 executive, who is worried about having the IP for your company stolen. Yeah, you should really be concerned about tick tock, but a full ban is absolutely not the answer. All right, thank you. I just add on to that and one of the aspects of this is it's vulcanizing the internet. It's sort of the notion of that there will be apps per country. And this is something that is very concerning. One of the benefits of the internet is that it is a worldwide forum. I can see people's real concerns about the privacy and security of data in other countries and whether it is, as he was saying, like the European Union was concerned about data in the United States. Brazil has been concerned about data in the United States. Of course, sometimes, I think like in the case of Brazil, it's not because that they want to protect that data from themselves. They actually want the data locally, so they can be the ones buying on it instead of the NSA. I think the better solution to all of this is to just worldwide have protections against massive buying and that is a hard job. It will take policy will take law and will take technology. But the ultimate goal, I think, is to have a worldwide internet that also has safeguards to protect privacy. And then to the next question, which is, what is EFF's position on spyware such as Proctor U currently being forced on students for exams in some North American universities. Hannah, did you want to introduce that topic. Sure. Of course, and I know others will have stuff to say about Proctor U and other types of software like exam soft as well. But of course, what Proctor U and exam software and all these types of software do is very concerning student privacy is incredibly important, especially since students, the example I believe the questioner gave is at universities in which case, most of them are likely to be over the age of 18 but we know that some of these are also used in classrooms where the majority of the students are under the age of 18 and that carries a lot of implications for their rights and what consent really even means in those situations when they're consented to having their privacy invaded or to installing these apps and using them. It's also important to remember that these, just these programs in the area see me as they are, are not the first instances of how student privacy has been invaded. We know that students use a lot of school owned and school issued devices and we really encourage robust protection for their privacy for their uses of even school devices. This is just another example, I think of invading the privacy of students that ever encroach the ever increasing encroachment into their private lives by having the software and of course, some of these so called softwares and other functionalities are really the type of Trojan horses and spyware that we really rail against when they are from other companies and not exam ones but I think others also had things to add to this. So our security researchers are currently working on a project in which we are looking at a lot of the software which is being rolled out to proctor tests all over the United States, especially as it becomes increasingly clear that teaching is going to move online for a while. Frequently, these apps are incredibly invasive. They are not particularly great about explaining what they do, or asking for consent. Often they can continue to monitor students long after their sort of schoolwork time, and we find that really disturbing so there's research is coming, we will publish research. Yeah, and I just wanted to quickly plug we have a blog post recently about this on our website called University app mandates are the wrong call written by some of our colleagues. And it brings up some really important points I want to echo here. One of the main things is these mandates, not just for proctoring apps but for contact tracing and things like that, make a lot of assumptions about students that are problematic, for example, assuming their devices, a lot of these only work on windows and macOS plenty of Linux users or even Chromebook users have complained about not being able to take their class because of those restrictions. So, plenty of concerns about accessibility, for example, when students have screen reading software, it can become an issue to use these tools. And then just the broader issue of having reliable broadband and schools not offering an alternative to these online proctoring solutions. And then more broadly, it goes against all the stuff of open education that we know and love. Education should be easy and not infringe on your other rates. So, quote the blog group, university should strike down any app mandates and should pledge to not include them in future student commitments. It's something that a lot of EFA student groups have reached out about so far. So I really encourage you to also reach out. It's something I'm very interested in pursuing. Great. So another question we had was about it's also on on the international front. It was about whether there's an EFF affiliate in Canada. And so what was actually going to give you some some background once upon a time in the midst of past, there were international electronic frontiers affiliates. In the 90s, the early years of EFF, we moved away from having an affiliate model, but we didn't kick people out until I had to stop using my name so there actually are a couple of electronic frontiers affiliates left there's electronic frontiers Finland. I think it's probably the most active chapter there's also an electronic frontiers Australia and I believe Italy is still somewhat around. But we do not have a actual affiliate in Canada, but there are a number of organizations in Canada that we have worked in. I think even you've worked a lot with some of the citizen lab for example. Next. So the two that I was about to suggest are our civic and citizen lab citizen lab is based out of Toronto and there are all academics and security researchers highly recommend would put on some research with them they're great. And civic mostly does law and policy, which is good because the law and policy in Canada matters just as much as it does in the United States having people. Very good. So another question we have in here. How does the US approach to privacy legislation impact your work. I mean sometimes it is the work, but is there any hope that it may be changing in the next five to 10 years. Is there realistic hope for any more GDPR style approach in the US. Yeah, you want to talk about UCPA and Caliqba. Sure. So, I don't know if there's any realistic hope for a GDPR style federal legislation given the type of gridlock that we see currently in DC it doesn't seem like that kind of tension that prevents something like GDPR being passed will really dissolve anytime soon. But what we know is that it is effective on a state to state level so we do have the federal ECPA, which is electronic communications privacy at, and it's supposed to protect electronic communications and the stuff that you send. It's not nearly as protective as for example, Caliqba, which is the California version of the bill and now the California law Caliqba is much more protective because it also provides a remedy that is a right for the person whose information has been collected, wrongly collected in violation of this law to challenge and have that information suppressed, deleted, which is not something that the federal law offers. A thing that we always joke in lawyer circles is you will have all these laws that have rights. But when they are violated the laws don't tell you what you get to do you don't get money so for example if you were wrongly convicted and you don't get any money from the state for the years that you spent in prison so you can have all these rights but that doesn't mean that those rights come with ways to enforce them and to effectuate them and that's why something like Caliqba is such a monumental law. First of all California being the largest or most populous state in the US, it affects a large number of people second obviously the tech industry centered in California and third because it is the most protective law in the United States of its kind. And thirdly, it requires that the government any branch of government so not just law enforcement but any government entity to have to comply with certain regulations in order to collect electronic data they can't just, you know, pass a law that can say, okay, from now on, we can collect, you know, other, for example schools can collect all this information about students and in fact there was some, some discussion on that and we actually have a case right now on regarding Caliqba because the city of LA passed a law where it required all the scooter renter scooter rental companies to provide real time and historical movement data of every single one of their scooters, and we are challenging as a violation of Caliqba so it really demonstrates that the city legislation can work on a state to state level. So it's still very important to vote for your state representatives your state assembly, people and your state senators, and even if the DC will never see, or it is unlikely that DC will ever see a GDPR style law in the future or foreseeable future, it's still something that you can get passed on the state level, especially one where there may be state legislators who are interested in protecting this kind of thing. Alright, I just add a little bit of that on the CCPA, the California Consumer Privacy Act. So what Hannah was talking about with ECPA is privacy mostly vis-a-vis the government, but there also has been a consumer privacy law passed in California, which provides some rights that are like GDPR. It has a number of exceptions for smaller businesses. It is probably not considered to be as strong as the GDPR. It's not nationwide, of course, just in California. On the other hand, a lot of the tech companies are in California, meaning that it does have a big effect on that industry. Now what's going on there is that the law went into effect at the beginning of this year, but there's also a proposition on the ballot in California that would replace the CCPA. So I guess we will find out in November whether the CCPA will continue or it will be replaced with something else. And I totally agree that the GDPR style thing at the federal level seems unlikely, at least for now, though one effect of the state-by-state process is if, as often happens, different states come up with different rules, that puts additional pressure on the companies to abide by the various rules, and they become perhaps more receptive to having a national standard. On the other hand, they will also, especially if they're like data brokers and such, will want to lobby to make sure that those national standards are a ceiling while the privacy advocates would like to have the national standards be a floor. So that could move, you know, well, it'll become all the more important to be involved, which I think actually you can be involved through the EFA, worry? Yeah, if you're interested in being involved, please reach out to organizing at EFF.org. We're always excited to have more organizations starting the network. But also, if you're not directly related, if your group's a little tangential, but would like to be put in touch with another EFA group that is in the organization, you can see a list of them at, again, EFF.org slash fight, or email us and we'll put you in touch with some local advocates and get you involved. Again, base building, the more people on our side, the better. And especially for local issues, the EFF is only so many people with so many resources. EFA groups really help us address these really local issues as well. And so I mean, there's a lot of actually ways that you can get involved with EFF. So there's the EFA route, you'll get to meet the EFA, and we'll start that in about 10 minutes. There's also the action center, act.eff.org, you can go there and help, we'll try to help you get your voice heard. And you can also get involved. A lot of you in this audience are probably coders, and you can get involved directly with our open source projects. Alexis, you want to speak about that a little bit? Yeah, sure. There's several projects that we have right now that definitely, you know, we're always open to people contributing certain things, especially when you have a certain fringe case that you feel it may apply to others. We bring things like that up in the repo. We pay attention and we do our best to try our best to actually accommodate these scenarios and cases because we know people who use our tools are trying to stay safe online and private online. So there's HTTPS everywhere. That's a project that I'm the lead on. And we have Privacy Badger, which is another web extension that you all may use. We have Serbot and we have PanoptiClick. I don't think PanoptiClick is open source, actually. It may be, but it's another tech project that we have. I mean, people can find this all on GitHub, right? Yeah, um, yeah, GitHub. And if you go on eeff.org under Tools, I believe there's a whole menu that lists our tools that we have and the ways you can use them and how you can download them for yourself or get involved. With HTTPS everywhere in particular, we have community sourced rule sets for sites out there that may support HTTPS. And a lot of those sites don't actually enforce it, as you may know, so a lot of our rules tend to those scenarios in particular. But if you could contribute to those projects and actually, like, be able to contribute quite a bit of pull requests, we pay attention. So people on HTTPS everywhere project, actually, when they contribute over a certain amount of time, we tend to ask them to be rule set maintainers. And those are a higher level privilege of maintainers that help us in the repo and work together with us in the actual organization. And we actually coordinate with our maintainers in HTTPS everywhere. I can't speak to every project, but that's kind of like a little bit of how you can get involved. All right, super. So another question we got here. Can I get free EFF swag like stickers? Well, you know, we are a nonprofit organization. We are supported by people like you who help donate to keep the organization going. So we ask that people make a donation, and then we thank them for that donation with wonderful stag swag, like stickers, but at, you know, fairly low donation amounts, you can get some amazing stickers. supporters.eff.org or just go to the website, the donate page. And, you know, does cost us, especially now when we can't be in person at DEF CON and just hand something to somebody, we have to ship it to you and such. So I think it'll be great if you want to get some of the stickers we'd love for you to have them. But if you just pop by the website and give a donation, we're happy to set you up. Let's see, there was another question here. What kind of risks do non California consumers have when posing as a Californian in hopes they could get CCPA rights. I think in a lot of cases where you're you're asking to say I removed my consent or you're asking for the information. You can do that without really saying where where you are from. And it probably would work out. You know, I can't recommend that that you lie, you know, I can end up being getting to a weird place later. But you can probably get pretty far with just filling out the forms saying you do not consent. And it is, I think for a lot of the companies that are trying to be honorable about this. They are applying it on purpose applying it to to everybody. This is more difficult for them to differentiate between one database and the other of California non Californians. Especially if you're a non California but you happen to be in California you're still protected by the California law it looks like if you're an American citizen and you are in the European Union, you are protected by the GDPR. So it is a lot better for the companies and I urge them to all to just try and be cool about these requests and if somebody says, I withdraw my consent and you were relying upon that consent for processing their data. That would be like a nice thing to do and not be a jerk about. All right. Oh, so that's what other questions. Any biometric data laws like Illinois is brewing in other states. So Illinois, they had a biometric privacy law. Recently, I think it was proposed 600 ish million settlement against Facebook for violating the Illinois of biometric law which is a, you know, Facebook makes a lot of money but you know still 600 million so you'd notice. And it ended up in the, in the annual report. So is turned out to be a very powerful law that case and also that law is being used for suit against clear view, the company that scooped up all the photos they could find online to make a massive facial recognition database. I actually don't know is anybody know if there are any similar bills moving forward outside of Illinois. I guess we don't have a member of the ledge team on today's program. One of the things that we, we have seen a lot of for biometrics is facial recognition bands. These are usually at the municipal level so there's a lot of municipalities that have banned their their governments and especially their police departments from using facial recognition. And a lot of the EFA groups have been been supportive of that effort. And this is a C cops is the general name of it. Community control over police surveillance ordinances, which is basically the idea that the elected representative the city council should have control over what surveillance techniques are being used or should be used against their, their citizens, and with, you know, all the police departments getting pressure to add more surveillance, getting funding from DHS to buy more surveillance, getting deals proposed by companies like ring to get more surveillance installed by the consumers. It's very important to have these kinds of ordinance. And again, the EFA has worked a lot with that. So maybe this makes this a wonderful moment to begin our transition over to the meet the EFA portion of our program tonight. So I would like to please join me in thanking our panelists, Hannah Rory Eva and Alexis. And wonderful doing another as the EFF with with DEF CON again. I miss you all so much. I wish I was there in person to say hello to you all. Indeed, indeed. But we will hopefully see you next year. And thank you and then panelist you want to say any last, last comments. Thank you. All right, well let's let's do the the transition to the meet the EFA panel. Hello, thank you. Thank you. Thanks. Thanks, all of you. So yes, I'm Nash. I am the associate director of community organizing at the electronic frontier Foundation, where I lead the organizing team. Rory joins me also as a well as a member of the organizing team, and we help coordinate the electronic frontier Alliance, which is a network of over 70 community and student led and grassroots organizations around the country. I want to jump in that I were just first like going to join everyone else there's been everyone in the chats been really excellent about it I also want to join them in thanking Alexis and Rory and Hannah and Eva and Kurt for everything that they shared it's really an honor to work alongside inspiring folks like you, and the rest of our colleagues at EFF. I also want to thank everyone here who supported EFF I seen in the chat there's lots of folks that are talking about you know the different swag and this and donations and support that you're given that you're that you've given us throughout the years and that hopefully you'll will continue to do the work that inspires you to do that going forward. So thanks so thanks to all of you for the last 30 years and in advance for your support as we continue to fight for digital rights and free expression for decades to come. One of the things that I enjoy the most about my role at EFF is supporting grassroots and student led organizations around the country that are working to preserve digital rights in their communities and empowering their neighbors with the information that they need to make informed choices about the way that they interact with technology and the internet. In this next portion of our time together we're going to speak with representatives from four electronic frontier alliance affiliated groups. And then I think that the folks that are joining now would agree with me when I say that the work that they do isn't easy work but it's work that all of us can be engaging in wherever we are and then you know it's great to you know folks like Eva and Kurt and Alexis and Rory you're all brilliant experts that are doing inspiring work but really all of you are the experts in what the potential is and the ways to support and the threats in your own community. So I hope that in addition to learning from the folks that you're that we're going to hear from now it may also inspire you to either join into the work that's already happening if there's a group in your community or to launch a group that could also be joining them in that fight based in your area. So so welcome to the meet the FA portion of our session. And first person I want to introduce this Tracy Rosenberg who I'm you know Kurt spoke a little bit about community control over police surveillance, and the local bands that have been passed on on on face surveillance. And Tracy is in addition to being the executive executive director of media alliance is a member of Oakland privacy and Oakland privacy was instrumental in passing some of the first and some of the strongest community control over police surveillance as well as bands on face around. And so, yeah, so Tracy, Oakland privacy really has a remarkable origin story, as well as a unique organizing model and stunning list of successful campaigns. Can you tell us a bit about Oakland privacy's mission and how the group was formed and maybe divulge a little bit of the secret sauce that makes Oakland privacy so successful. Absolutely Nash. First of all, I just want to say I'm sorry my camera is acting up. So I'm going to go ahead and say a couple of things and then hopefully I'll be able to see everyone in person. As we work through the panel. Sorry about that. I don't know, technology. Oakland privacy was originally the privacy wing of the Occupy Oakland encampment, which some of you probably know is a fairly militant and fairly late Occupy encampment back in 2011. Folks were basically wanting to sort of understand all of the equipment and devices and technology that was being used on them by the very many police that were in the proximity. So once Occupy Oakland broke up, you know, you can never be too paranoid because we were doing PRA is and taking a look at stuff. And we found a homeland security project called the DAC or domain awareness center was a citywide surveillance gauntlet that essentially was about 30% of the way implemented and nobody knew that that it was going on at all. We mobilized the entire city we stopped it in the spring of 2014. And then we devoted ourselves to trying to make sure that nothing like this would ever happen again here or anywhere else. So we were talking a bit about C cops ordinances. And basically we've been trying to implement that framework, which allows for reporting and consent, and when necessary, bands and we are at about 11 or 12 cities nationwide. And I believe the 11 facial recognition band just went into place last week in Portland, Maine. Awesome. That's, yeah, I'm so eager to I would do so much of that I want to dig more into but first I want to make sure we get a chance to speak with the rest of their panelists. And so the next person I want to introduce is Elliot from Cypert collective, and he's a motion artist and a creative coder who works in interactive fabrication and large scale immersive experiences. And Elliot plans visual work with an interest in mutual aid security and privacy online. And so it's funny in Elliot's in Elliot's bio it also mentions that Elliot is based in Brooklyn Cypert collective is one of the earliest members of electronic frontier alliance and they're based in Brooklyn. I always think as someone who's also from Brooklyn, I always think it's funny how, you know, when when you're, it doesn't take very long to know when someone is from Brooklyn because they tell you almost immediately. And so I want to welcome I want to welcome Elliot to Elliot to the to the panel here. And so thanks for for represent in Brooklyn and thanks for all the Cypert collective out there doing works and inform folks and give them the information that they need to make certain choices in their technology. And we're all gathering right now in safe mode today because of the need to protect ourselves and our communities from the global pandemic, but in normal non covert time Cypert collective puts on a range of workshops socials and other events. Elliot what why, why is that why not just stick to one format. Well, I guess I should start by saying that I am from Brooklyn. Brooklyn is in the house. Yeah. It's, it's, it's the least I could do. So, to your question, I think that you know a big part of Cyprus mission and what we've been trying to do over the last few years is to make security accessible to everyone and I think that that is key to why we have so many different types of events, because, you know, we're trying to rather than kind of present one way to learn about security that some people might work for some people and it might not work for others. We want to have, we want to be able to meet in the way that they're comfortable. And I think that part of that is having a lot of events so that we can teach in ways that people are comfortable learning, and also to kind of, you know, bring a social aspect to security and try and build a community around it. I think all of which makes it easier for the average person to feel comfortable with and then being comfortable start to educate themselves about security. Absolutely. I couldn't agree with that more. And so, next I'm going to introduce Abbi. And Abbi is with Black Movement Law Project. We use the abbreviation BMLP. And in full disclosure, Abbi and I have worked together for a number of years. And in fact, after years of doing legal support work in a range of contexts, Abbi, also international human rights attorney Nicole Lee and myself started BMLP to support the building of Black Legal Support Infrastructure in the US. And it was actually Abbi's idea, way before I joined the team at EFF, for BMLP to join the electronic frontier alliance and for us to do our first round of digital security workshops. In addition to work with BMLP, Abbi is an attorney and technologist. He's currently a partner at O'Neill and Hassan LLP, a law practice focused on indigent criminal defense. And prior to his work with BMLP and some of the other work that he's been teaching right now, he was the mass defense coordinator at the National Lawyers Guild. Shout out to National Lawyers Guild and all the work that they're doing across the country to support folks that are raising their voices to call for justice and then to police violence. And Abbi has also worked as a political campaign manager and strategist, union organizer and community organizer. And Abbi conducts training, speaks and writes on topics of race, technology and justice and the law. Now Abbi, a lot of the EFA groups fit into one of three boxes, are they, are they, are some are some of them span like Lucy Parsons lab does digital security trainings as well as advocacy work. But those, but those boxes generally fall into ones that are popular, like cyber collective that focus on popular education about technology and privacy. There's also hacker spaces I know there's folks in the chat right now from Crash Space in Los Angeles thanks, thanks y'all for joining us and all the work that you're doing out there. And then there's also, and so the hacker space where folks are sharing tools and skills and resources, and obviously the advocacy groups like Oakland Privacy. And but BMLP is a bit of an outlier as as the movement is changing and and what are some of the ways that that movement law can expand to meet the need of growing social movements and why is for a group like BMLP that is focusing on, you know, providing legal support and important infrastructure to support folks that are engaged in first and then protected activity. Why is digital security and privacy important how does how does how did that become such an integral part of your work. Yeah, so, um, yeah, thank you, Nash. That's, thank you for the very nice introduction. I mean, look, I got a preference as we're saying, none of us know what we're doing, right, we're in an unprecedented moment where we all have to rethink and be on our toes and be flexible in how we're engaging with everything right and so that you know that's my disclaimer, but like, you know, as far as the work that we've done you know we like as you mentioned started doing this kind of legal support work, specifically, you know, in 2015 2016. And we just, you know, responded with kind of the grassroots calls we got for I mean we joined the FA because people were asking us about digital security and so we had to develop a digital security plan we partnered with the F with the FF and help with, you know, EFA and and all of the like really great work that FF has been doing to build on that digital security trading infrastructure. But like, now we're in this point where it's like we're, you know, I want to, I think that that space of digital security trading has grown and like, you know, because of cyber EFA FF and other organizations. It's like, that space has grown and I think that we need to also start expanding what we're doing as movement technology people like and start thinking bigger right like also like we need to do that. That kind of core organizing work and that core digital security work but I think we also need to think about how we building at a different level, movement infrastructure how we building at a different level, the types of, you know, how we incorporate technology in a holistic way with how we build movements and like that is more than that that is a big project and so that's kind of where I see us going where we're like, not where we're thinking about how we can build mass scale infrastructure and how we can, and how we can engage just at different levels more more than just that digital security level. And so that's kind of what I want to see us going and that's what I hope be able to keep it can be part of building. Yeah, and I appreciate you know speaking of in terms of movement and encouraged in terms of the ways that that work is essentially to support work that people are doing to knock down systems you know traditional and more systems of modernization and oppression. And that part of that is making sure that they're able to keep their information and their communication secure and that technologists are communicating in effective ways with the folks that are doing that work. And keeping with that actually, it's a great opportunity to introduce Emily St. Pierre, it's really my honor, and Emily is the security ambassador for future Ada Spokane based nonprofit advocating for diversity and inclusion and steams. I don't think I need to tell folks here security technology engineering arts and mathematics this is defcon for the past six years Emily has used her experience as an offensive security professionals provide privacy and security education within her community. Now though her work with future now through through it through Emily's work with the trader rather Emily has established free regular workshops and one on one technical support to the Spokane communities to speak so Spokesman Spokane Washington definitely look out for future Ada. Now Emily's focus has been to make sure that these resources are explicitly available to underrepresented and under supported members of the public. Now Emily future it is like it's one of my favorite names in the alliance to be honest I don't know don't play famous but it's one of my favorite names. Can you start off by telling us a bit about the significance of that name and what need in your community future Ada was launched to address. Thanks Nash, I have to say speaking of favorite names. I love cyber as well. So future Ada you know is named after the count of lovelace or Ada lovelace who was you know a mathematician and a writer. She's often recognized as the first computer programmer and future Ada was founded by my wonderful colleague Rebecca long in 2017. And so, after facing, you know many challenges in the industry in it, you know, she had a vision to start a nonprofit, which would help promote you know diversity and inclusion, you know within those areas esteem as you mentioned. And this is all in the hopes you know of helping the future Ada lovelaces of tomorrow, you know realize their potential, no matter their background, no matter how they identify and present themselves you know, everyone deserves to be and feel included and to thrive within the esteem. Our nonprofit also puts on and participates in events to help promote interest in these areas around spoken Washington and some nice quarterly night home. And my role as security ambassador is really to, you know, first and foremost, a promote interest in privacy and security within our community. And, you know, secondly to provide access to privacy and security professionals to underrepresented groups, but also, you know, we are open to the general public because we feel that security and privacy is something that should be available to everyone. Emily, you know, given that we are here at DEF CON I have a question for you in that like what are the what are some of the things in your experience and given your unique perspective. What are some of the things that folks in the hacker community and folks in DEF CON could like what are some things you'd like to see them doing and being able to support the work that you're engaged in and some of the other work to give folks the information and power to be able to engage responsibly with their tech and with the larger sector. I have a question. I thought about that a lot this week, you know, and I'd love to see hackers building more bridges with other communities outside of info sec. I've seen amazing projects come out of these types of collaborations, such as, you know, this paper presented at the, it was the USNICS Security Symposium last year by Sam Heyren, and Heyren and other researchers, you know, from Cornell Tech and NYU. They came up with a model where security professionals, you know, are integrated into the support infrastructure, you know, for victims of intimate partner violence. You know, so they can help, you know, those victims or clients as they call them in the model, they can help them assess whether or not their devices or accounts are being used or have the potential to be used for surveillance. You know, by their abusive partner, and we love that model so much that we actually implement kind of a version of it to all of our, you know, one on one consultations. And if there's anything I can do to, like, I really want to encourage everyone who's listening to be a security and privacy advocate, you know, and you can do that by, you know, volunteering. And there are plenty of organizations around you that would benefit from having a professional work with them to help them understand and address their privacy and security concerns. Kind of like the example I just talked about, you know, and that can be, you know, your local youth center, your local shelter, you know, any organization nearby. And if you don't have time, you know, to volunteer, you know, even doing something as simple as having conversations about security and privacy with people around you. Not only will that be a great opportunity to teach folks about these topics, but it will help you learn about and better understand threat models and privacy and security needs that you may not be aware of. And I really want to encourage everyone to that. So not just help teach, but also help understand and listen. Thanks, Emily. And that so that actually, and one of the things that the, that the Alliance does is creates an opportunity for groups that are working across the country to be able to share skills and tools and resources. And in that way, so they can so they can be more effective at being that person in their community. So, and so I think that gives us an opportunity to address one of the questions that's that came up in the chat. And which is, the question is, can I make my colleges cyber security club and EFA group and I can answer that and I can say yes, if you have more than three folks, and you are and you have openly accessible meetings that folks that create an opportunity for folks to connect and support the work that your group is doing. Obviously, in, you know, before March of this year that meant like having an opportunity to know having a space where folks could come in enjoy a training or meet and connect with folks. Now we have to obviously be much like you know the safe mode of defcon be a lot more creative and how we create opportunities for that. So, actually, so I hope that that's answered the question around the connect can someone make their colleges cyber security club and EFA group absolutely reach out to us at organizing at EFF.org. Check out EFF.org slash fight to find out more about the Alliance, but I also want to like kind of rephrase that question and put it out to the panelists here. And, you know, what, what were some of the things that like, why did your group decide to become a part of the Alliance and you know and what was the, what, how did you how did you I know it's like cyber collective organized is like very horizontally right and so so they they work in a way that you know make sure that everyone's voices heard in the decisions that they're making. So I'm curious, you know what was the, you know, if you if you have some insight into how your group decided to join the Alliance, but also like what are some of the things that the opportunities and reasons that you might if someone was asking if they should join the Alliance what are some of the things that you would share. And so maybe I'll start off with with you Elliott and then we cannot work work around. So, I mean, I think it's a big topic but I think that one of the reasons we wanted to join the EFA was to kind of expand upon sort of one of our organizing principles, which is, you know, a big thing that we've always tried to do is be big and have participation be an important thing. So that instead of us just saying like you know we kind of had this knowledge, and we're just pushing it out, sort of not so sensitive to the context or accessibility or any of those things have kind of be more of a sharing that allows for a lot of collaboration and allows us to learn as well. And I think that, you know, the opportunity to join the EFA really gave us an opportunity to collaborate with a lot of other fantastic groups around the country and the world. And so, in that way we saw it as just sort of a natural extension of what we were trying to do at the local, at the local level. Thank you. Tracy, I know Oakland Privacy was in was in the Alliance before I before I started at EFF and so I'm wondering how did the Oakland Privacy originally become part of the EFA and what's that relationship been like for y'all. We may have lost Tracy and Tracy was having some problems with the with the camera so maybe I'll pass that question to Emily before I've got another great question I want to ask Abby so I'll pass it to Emily and then yeah what are your thoughts. Okay, so we joined the EFA because we, you know, there's plenty of smart and creative and wonderful people part of the Alliance. And so, we knew there was so much we could learn, you know, from other folks and other organizations, and we definitely have, you know, I definitely was not as well as an activism until we joined the EFA. And I've learned of so many different resources, thanks to being a member. And we're also so can Washington is pretty small, not everyone knows where we are like, we're pretty small community and it's really helped us, you know, get our message across and you know, tell our community about, you know, everything that we offer the workshops we offer. So it's been really helpful for that. And I know long now I've been finding out more about future a to keep your eyes out for a blog that I'm going to be releasing soon with a profile and future a to the amazing work that they do. And so it sounds like Tracy sound like you're back on did you want to did you want to speak to Oakland Privacy in the EFA. Yeah, totally. I think what's been exciting for us about EFA is just seeing so many models in terms of how people do work because the challenge of course is that one way or the other you're a fairly small collective. And you're, you're dealing with these big heavy weighty important issues and challenges. Really, you know, everything about internet freedom and digital security. It's a huge range of issues. And there's so many different and interesting and creative ways of sort of groups of people get their mind around sort of how to tackle it and how to approach it. And what to do first, and EFA is really just like an encyclopedia of what, you know, five or eight or 10 people can come up with in terms of, okay, what should we do first. Thank you. Yeah, and that's actually that's the favorite, my favorite part of the job is like working with folks to figure out like what is going to be not you know not that like it's like a one size fits all like what we did here is going to work there but like how do we take lessons that in one area and be able to figure out how they can adapt and be most effective for a different community in the context of that community is working in. So absolutely. Thank you, Tracy. I'm going to give you a different question. Did you want to speak to that one because I want to give you a different question. Just real quick, I just want to say that that's really like people who are thinking about joining FAA and getting involved and and and trying to apply their technical skills to larger political projects, I think that it's crucial to understand that the skills you develop if you're actually doing threat monitoring if you're actually doing analysis, you are actually doing a form of political analysis as well. You are doing an act like if you're doing a good threat model you are doing a material analysis of the like organizational and institutional opponents to like human freedom basically and so like you really like you. Again, I want to warn the tech people you don't actually know it all already but like you have if you've developed those skills you've developed some insight and the ability to collaborate and coordinate with more overtly political organizations and why those like actual material reality assessing skills can be incredibly valuable, especially if you approach it with like a kind of like humility and openness, you know, so that's all I'll say about that. That's right and when you're saying that it made me think about the security education companion which is like a really an example of a tool that we were getting at EFF we were getting lots of folks that were asking us especially you know quaddling the last presidential election cycle that we're concerned about the impact that there was going to have on their communities and want to make sure that folks had information and we thought about you know what could EFF just like you know parachute into different communities and have the answer and be able to provide and we realize that that wasn't a responsible or sustainable model. And so we hopped up with with help of groups in the EFF helped develop the security education companion which helps folks that are either maybe great teachers and facilitators but need some help in making sure their trainings effectively convey the intricacies of the technology, or the other way around where they're technologists and need help to be able to adapt their pedagogy skills and what have you and so security education companion is also great because if you're in your community and want to be a resource for folks in your community, that's a great tool and resource. And, and I'll be the question that I want to ask you that that that fits right perfectly on top of that is how would you recommend. This is this comes from the chat and so I'm going to read it the way it's worded. How would you recommend those of us who may not be members of the communities that most need security. Build trust and truly collaborative relationships with communities who most need security. I mean, you know, that's, that's, that's a tough question. I mean, I don't think there's one answer. I think building off what I just said is kind of like it's really about how you approach the issue right like what are you like, again, like, you have something to offer, you have something to learn. And if you approach things with that perspective, you know, you're going to do much better than if you approach things from the perspective of I know everything or whatever. But, you know, I think that the name of the game is, is how do we build solidarity right how do we build relationships and networks that that are collaborative like across. across different identities and different communities right I mean like, if, if we're all completely siloed forever, we will be divided and conquered I mean that is just that is like almost a fact of history right so. You know, there's not one simple solution to that conundrum right, but I do think that like, building long lasting relationships sustaining relationships, approaching the work with humility approaching the work with like an interest in learning and like but also approaching the work as. You know, it's a hard line right how do you, how do you approach work as an equal, but also recognizing difference right that is a hard thing to figure out because like, you know, I think that we often get caught up like, it wasn't allies that it was a civil war right it was warrior to fighters right like we need like actual people engage in actual struggle we don't need people on the sideline, but we also don't need people, telling us what to do, and domineering and and dominating So, you know, being very conscious and open and engaging in that struggle even internally and with other people and hashing it out and not and being open and honest about what you don't know, like that's, that's the only that's all I can say it's like constantly engaging constantly questioning and constantly building networks and relationships of truck. Gotcha. Yeah, and I, I mean obviously I've worked I've been I have worked really closely together and have that challenge this question together and so I absolutely couldn't agree more with what I would I would I be shared. So I part collective has an interesting thing that they do. And I'm hoping Ellie you'll speak a little bit because I think that's one of the things about creating that trust and an opportunity to for folks to share kind of like the things that they're most concerned about and like their and their things that they feel the most vulnerable about is like creating a space in an environment that that that makes that possible that helps create a comfortability and an affinity to foster that. And I always whenever I think about creating that environment I think about security. And so I'm hoping maybe you'll show a little bit about what that is and and why that model is effective that way if it is effective that way I think it is but I want to hear from you it's your it's your event. It might be effective and I think security and also a lot of other events that we have, they kind of all share in common that you know while I think the overall topic might be security and definitely is security. It's sort of the only thing that we do and I think that one of the, you know, like at some points we have security, and the whole session might not even be about security at all. And then you know we also have moving nights, you know where it might not even be discussed. And I think that the reason we do that is to create a community but I think that something that people should be aware of is that many of us come to security because we find it to be looking that's intellectually or you know we have kind of a general moral feeling about it. But I think that something that's important to realize is that many people come to security workshops, because I guess to put it in the most simple way they've had something bad happen to them. You know, it could be, as was mentioned earlier, intimate partner violence, it could be that they feel like the place of where they work or the place where they go to school has taken advantage of them or made them feel vulnerable. So it's coming from a place where people already have had something happen to them that has gives them a problem in trusting people. And so I think that, you know, many of the things that we do that are more social are for fun but I think it's also sort of, you know, to build an open relationship with people so that they feel comfortable really opening up about, you know, what they're looking for help with. And so I think that that is kind of why we try and do the range of events that we have to help people feel comfortable and build trust. Thank you. And so we are at time but I want to give everyone an opportunity to kind of like leave them with their closing message. And so I'm going to go around the way y'all are on my screen which is Tracy, Abby, Emily and Elliot. And so Tracy, I want to give you an opportunity, especially since Oakland is such a diverse community and y'all have done such amazing advocacy work there. If you want to build on to the question around like how building that trust and building that affinity and maybe even saying something about building coalition. And so if you so if you want to talk to that and also like what is like the one thing that like, if folks were wanted to wanted to recreate or to model the work that Oakland privacy has done in your community what's the like the most important message you want them to take. Right. I think the most. Well, the simplest thing that I could probably say is that, you know, the trust of your community is everything. We did a lot of listening, we did a lot of, you know, what do you want to see happen here. We really saw ourselves as kind of the advocacy consultants, not so much. Not so much coming in with a solution but coming in with a here's what the community wants. And here are some tools that we can provide to sort of help us get to where we want to be together and as we go out of Oakland to other places. That's even more important. And so we just kind of try to look for the advocacy opportunities, the thing that's happening that gives us an opportunity to sort of step up and say something and then sort of turn to the locals in partnership and say, you know, here are some things that we can try to achieve the goal. And the goal is, is almost always we want to have an impact on what happens. And when it comes to stuff like the spread of surveillance, it's, it's, it's all about consent. We want them to ask us and we and we want the opportunity to say no. Absolutely. And yeah, and so and again, like the current mentioned earlier and Tracy's touched on it and really like the community control over police surveillance ordinances are very much, you know, banning face surveillance because face surveillance the even if it worked perfectly the first amendment and fourth amendment implications would be, would be to stop the stop the harm before it grows. But with the others with the other seven minutes really about making sure the power goes back into the community to have a voice in it and for their elected officials to make the decision so really thanks to open privacy for all the amazing work that you've done making that a thing, not just in Oakland but in many cities, and the support that you've given to folks throughout the alliance and throughout our neighboring communities. What is like what is the what is you spoke a lot about technologists facilitating and helping working build building the tools and developing things as a support folks that are engaged in movement work. If there's one thing that you want folks who are thinking about engaging that work could like what would it be. And then if you want to we had one question I didn't get in, I didn't get get a chance to respond to so this will be an optional this will be bonus points and I'll talk a little bit about the successes and failures of the GDP are in the limited time that we have. Go. Okay, look, so, you know you said one thing I'll give you three. I mean, like, I think you one framework I find useful to looking at this is, you know, I'm going to preach a holy Trinity right of movement work right or of, you know, it's the holy Trinity of space and information, right. Those are the three things that we can look at, look at everything through right and so where when we're approaching the work. What of those three can we offer and what can we bring to building right and they're all kind of work in a dynamic with each other where if you have more space, you can kind of have less time and you know you can actually have more information and they all work kind of together, but like thinking about like what how we're engaging through through that lens I think it's very helpful in thinking about how we build because like that's how we, those are that's how we create the bricks and mortar of, of building organization of building all the things I said before about networks connections. And that's what we need right like our kind of opposition or like the forces that are working against us, have those things in spades. And we are very lacking, especially in any kind of holistic vision of how we have those three things working together so that's kind of time space information is my holy Trinity. Thank you. And Emily and I didn't I really I think that you. Yeah, I don't think there's enough praise I could get to the work that your that feature eight is doing and also the work that you're doing pre coven and with coven and make and trying to also not lose count of the folks who are not able to connect like virtually right folks that like when you were doing events and libraries, it was easier for them to connect and to be able to do that work and so the fact that you're keeping. You know you're all thinking about who's not in the room is really important right and so I really want to like lift up lift up that work and and say, what are if there's anything that you could offer to folks around like being able to do that work effectively, and to center the folks who who who needed the most effectively in their communities if there's some some suggestions or guidance or that you can offer there and we'd love to hear it. Yeah, absolutely. You know, I think there's a lot of organizations around you that you know have also, you know, done their work of understanding what are the some of the issues within the community that they also wish to address. So to kind of cross pollinate with other organizations will be a great way to learn really fast and effectively some of the issues that you know might be going on that you meet need perhaps maybe more of an expertise like on from someone or you want you know a little bit more depth or understanding of an issue. And so to, I really come to depend on my communications with other folks that do great work in our communities to ask them questions to learn and to see also kind of how we can address the issues that I hadn't thought about. And just to be that open line of communication when they need, you know, objective security and privacy advice as objective as I can humanly give, you know, so that they don't have to get it from a source. You know, you might be a vendor or just like not known is not an information secret professional so I, I do advise to do that. If you can. Absolutely coalition building and working directly with the folks who were impacted and recognizing that you know there's, you don't you don't have to reinvent the wheel every time you have to figure out the way that you can be most supportive in the system that's that's there to provide for the support for you and so much Emily, and Elliot, I want to give you an opportunity to like whatever you think that folks should leave knowing about cyber but I hope that you'll also talk a little bit about one of the things I really like about cyber is the focus that you all put on making like learning accessible. So I was so I wonder if there's any guidance you could leave for you could also offer the folks that would want to replicate side porch work around how to at least be thinking through making sure that you're the work that you're doing is accessible for the broadest breadth of your community as possible. Yeah, totally. I think that I guess I'll say two things about that and then just one thing sort of in response to what other people have said kind of agree with them. I think that if there's two things that help and are important to making something accessible. It's first, don't feel blocked into or limited to trying to teach something in one way. I think that there's like a variety of different ways to teach a specific topic, and you know a way that works for some people might not work for other people. Right. And I think even preferable to have like a variety of different approaches that somebody can take to understand the material. I'd say that's the first thing and making it accessible. And I think the second thing is to listen to the people that you're trying to communicate with as you're putting together a presentation or even just organizing your thoughts, because I think they sort of checking in with your audience before you start to put something together. It's just going to be huge because everybody's got an opinion. I mean, I guess I'm from Brooklyn so everybody really does. But only ours count that at least everybody's going to tell you exactly what they're thinking at all moments of the day or night. So it's like, you know, if you just check in with people before you go away and put something together, often, you know, they'll tell you exactly what they need. And that's why sort of community building beforehand is so important. I think the only other thing I wanted to quickly say was, I think that what you know for people who want to set up EFA organizations, the great thing about the EFA is that it's all over the place. So, you know, I think that one of the great things to ask yourself is, you know, how is security or privacy relevant to me in Brooklyn and Spokane in Baltimore in Philadelphia in St. Louis. You know, how can it grow out of your local community, your city, your town, and I think that that will always, you know, be hugely helpful both to yourself and to the community in general. Okay, so I can't thank you all enough. This has been this has been excellent and unsurprisingly and I know you all well and well enough to know that that's what it would be. And so I really want to thank you for the work that you're doing and remind folks that you know there's everyone that's on here is amazing but also like they are amazing because they did the work they showed up and they and they work with folks in their community, you can also be providing that kind of support and engaging your community and that you you are the expert in the needs of your particular community from the perspective that you're able to see it and understanding you know that you can work with other folks that have different perspectives in your community, and that there's a number of folks all the folks that are here today as well as the rest of the folks that you'll find at EFF.org slash fight that are part of electronic frontier Alliance associated groups. Reach out to us email organizing at EFF.org reach out to all you'll find links on that website to all of the groups that are in the Alliance. And so there's folks here that really like inspired you and you want to be able to replicate their work. You can either reach out to organizing at EFF.org and we'll try to put you in touch, or go to the website and their links are there and you can contact them through the the opportunity avenues that are available there as well. Yeah, and thanks again everybody deaf con. This has been amazing thanks again to curtain even Alexis and Hannah and Rory of course, and, and just everyone have a good night. And you know whatever your whatever you want wine, take advantage of it and just keep continuing loving and take care of each other. Alright, thanks everybody.