 Thank you, everyone. My name is Andy Wilson-Thompson, and I am a policy analyst at New America's Open Technology Institute. First, I wanted to get some housekeeping information out of the way. We are using the Zoom webinar function for this conversation. But in order to adhere to Zoom best practices and be transparent, I wanted to give you a little bit of info about our process. Angela has said some of this already, but we are using Zoom due to New America's capabilities for live webinars. However, this is the webinar functionality so no viewers can share screens or information or interrupt our presentation. We have closed the chat function, but as Angela said, you can offer Zoom, you can offer questions through Zoom Q&A. That is the only information collected as well as the list of people who are participating, and that information is kept strictly private by New America. You also don't have to use the Zoom to participate. This is going to be an interesting conversation in which Justin from Consumer Reports is probably going to share some information that might be a little concerning for those who use Zoom. So you can also go to New America's YouTube and Angela shared the multiple ways you can submit questions. But as a reminder, you can do Zoom, Q&A, YouTube comments, Twitter comments, or DMs at OTI. So welcome everyone. We're very excited to have this conversation. So approximately 95% of the US population is now living under a state or municipal level stay-at-home order in an attempt to slow the spread of the novel coronavirus. To ease the massive disruptions caused by this sudden shift, businesses and educational institutions are scrambling to find ways to facilitate work or study from home opportunities. While we're fortunate to live in an era when technical tools to facilitate communication are widely available, this sudden shift in the way America works and learns is not without consequences. The exponential increase in the use of online tools and connected devices, often by individuals or organizations without much tech expertise, amplifies and uncovers security risks posed by those technologies, hurting our ability to safely and effectively adapt to this global crisis. I wanted to introduce our participants today, who are all experts on these issues and have a variety of exciting things to share with you. So Justin Brookman is coming to us from Consumer Reports. Katie McInnes is also coming to us from Consumer Reports, and Nat Meisenberg is a technologist at the Open Technology Institute. Justin, I'd like to start with you. Consumer Reports has been doing some really groundbreaking work on Zoom security lately and has caused sort of a ripple throughout the industry. Zoom itself has replied to some of those comments and really taken steps to, in many ways, change their security practices. So we all thank you for the work you've been doing on Zoom, and could you share a little bit about it? Sure. So I think some of our initial looking at Zoom was more about some of their privacy issues. And so one of the first things we were reported about was Zoom's privacy policy. Fairly vanilla and vague and reserve broad rights to do whatever they wanted to do with information generated from video calls or otherwise and share data with third party advertisers. It kind of seems kind of surprising for a paid product like Zoom where people wouldn't necessarily expect that. Another thing we focused early on was how Zoom enabled host tracking or employer tracking. So there's a software feature that allowed a host to see if the Zoom screen was up. There was allowed recording in ways that wasn't always prominent or clear to people. Zoom would allow hosts to get private messages sent back and forth on the platform. And so this is some of our initial reporting, I think, back in March. And to Zoom's credit, I mean, they have been really iterative and responsive in response to a bunch of that stuff. They did substantially revise their privacy policy. They got rid of attention tracking for a host. Unfortunately for the company, I think this has been a cascade of stories ever since. Vice reported about how the Zoom app embedded Facebook functionality and then they quickly turned that off. Since then there's been a lot of attention around Zoom bombing, which is what Andy referenced early on, because a lot of Zoom IDs are completely common, easy to guess, and can be reused. And often people don't use passwords or waiting rooms where hosts get approved stuff or the webinar feature that OTI is doing. There's been a host of like just like attackers just for whatever reason, attacking Zoom sessions. Like last night, for example, there was a charter school event in DC, where a participant came in and broadcast child abuse images. Zoom is trying to address this issue and I think it's changed some defaults, but I think it's still obviously a problem. They've had other security issues around promising end to end encryption, which is where like my channel to Andy is a pipe that no one along the way should be able to see. They were using the term to say it was encrypted to Zoom and then down to Andy, which is not really how end to end encryption works. Just a spate of stories and even yesterday, other stories around Dropbox finding security issues. The company, I think, does seem to be taking it very seriously. It has hired new security personnel. We'll see how quickly they can adapt to these issues. It was, I think, Zoom had been flying under the radar for so long, and then suddenly every questionable product decision they had made over the course of several years, I think became like once the spotlight was shown on them. There's a lot of like catching up to do quickly. The one thing that we're doing now, in addition to looking at Zoom, I think people have not necessarily looked at other platforms and some of the policies and practices in place in there or I think Zoom has made some real improvements, but some of their of Zoom competitors, I think actually now have worse privacy policies where they reserve broad rights to do stuff so hopefully we'll be coming out shortly in a few days with some more information around that. Thanks Justin. I was on a webinar with the CTO of Zoom last week that was run by the Anti-Defamation League and he said that in February there were 10 million daily Zoom users and in March there were 200 million daily Zoom users. So it's April now and I'm sure given the fact that we're having this conversation that has exploded once again and I really appreciate the research and publication that you guys have been doing. I know that you and I have worked together and that Consumer Reports has done some really innovative work on the digital standard with it, which is a methodology for evaluating the privacy and security of connected devices and have done some publications on things like smart TVs. Now that all of us are working in our houses, we may be surprised by the number of connected devices that exist around us and the potential security risks of working in the same room or same home as some connected devices that we never considered before. Would you like to tell me a little bit about some of your concerns on those issues or some of the devices we maybe should be paying a little more attention to now that we are 100% working from home. Yeah, thank you Andy and thank you for having this discussion. I think the two products that come to mind first when I think about the fact that we're all working from home and staying home much more often during the pandemic are connected cameras in or around your home but also voice assistants. In both cases, the voice assistants and the connected cameras are just getting more sensitive personal information about your daily life. The voice assistants obviously that's a little bit more auditory information but it's possibly grabbing more information about your children or your daily activities or work calls. Especially if you're a lawyer you might be concerned about these voices is getting some possibly personal or confidential information. And for the connected cameras are just I know some people use them inside their home or on the privilege of their home in both cases you're to get a little more information about your family's personal activities throughout the day. And as we've seen recently as early as December and January this year there's a number of instances, so bring that wise cameras. So obviously these cameras are highly sensitive and open to attack and so we recommend that for those connected cameras people try to do to factor out medication if possible as a way to make sure that on authorized individuals don't get access to this cameras. But also maybe consider turning them off or changing how often they're on while you're at home all the time. For voice assistants it might even want to start changing the wake word, especially since kids and you are probably spending more time on the new calls with a number of names that might sound a lot like Alexa or Siri. So it might be a good idea to change those wake words and consider reviewing the kinds of recordings that have been placed on those devices. I would also suggest just be examining the security practices or the privacy settings for your net to TV so if I know I'm spending more time in front of all the screens. I recommend looking at those make sure that you're not sharing more information than you would like with those, those TV manufacturers. And we have a bunch of how to that are available they're saying about how to make sure that your cameras and microphones, either on connected camera devices or computers are a little more protected from hacking. How to change a smart TV snooping features which are extremely hard to find. And then we also have information on how to make your cameras or connected cameras a little more secure by enabling feedback authentication and also just reviewing what settings have been made available to you. Some companies like ring have instituted new dashboards for consumers, allowing them a little bit more nuanced controls over how their information is collected and shared. So just recommend reviewing all those settings to make sure that you're sharing just as much information. Thanks, Katie and FYI for people watching we're going to drop some of those resources on otis Twitter so you can check them out yourself. I really recommend them they're very valuable to everyone who's using this type at home. Now I now that all of us are working from home 100% of the time. We are relying on our residential internet providers to keep us online so I'm used to being in a big office where there's an IT manager who manages the network and sort of implement security features. And now it's me at home trying to keep my Wi Fi signal strong enough to do this all day. But in the past five years we've had multiple complaints against consumer router companies like D link, which the FTC sued based on its false claims for the protection of security and privacy. Can you give us a little bit of an introduction to the router home router and modem space and provide some insight on the privacy and security risks that people working from home might be subject to. So you've probably never given the box that came with your internet connection all that much thought you meant to spend a few minutes, you know, looking at it when you first moved in and set up the internet. Or maybe you were made a partner did that and you aren't even sure it is. And for the most part as long as the internet works like we don't think about the router or the cable modem that came with our internet connection. And we notice it probably about as much as we notice the wire behind our walls. And as Andy said before, we're all working from home. You still went to an office every day where you're connecting to a network that was set up by a professional. And if your IT is being at all well run. It's part of somebody's job to think about the security of your office network at least part of the time. Now, everyone's there a network administrator and it's nobody specific job to watch out for your network. And the state of home networking security has always been kind of bad. There are a lot of reasons for that. And part of it is the invisibility thing that I was just talking about home routers were built to run in closets sit in basements. They're designed to fade into the background of your life and kind of never be thought about. And the effect of that is you've probably ever upgraded the software that runs your router. And as a result, it's probably running software that or it could be running software that has known security holes. For example, how secure wireless is negotiated between devices. There have been lots of high profile vulnerabilities over the last couple of years that have all been fixed, but those fixes are only available if you actually update the software running router. And just as an aside and a reminder, people are most often hacked using known and fixed security holes. And I know if you follow security news closely, you read a lot about target fishing and zero days and these things are important to know about and understand. But I think sometimes all of that discussion can obscure that the, that there's a daily kind of garden variety hacking that happens. And a terrible amount of it is the digital equivalent of walking down street and checking every car handle to see if there's an unlocked car door. So there are other reasons home network security is bad by default, though, either by lack of configuration, or by manufacturers turning off what they considered to be advanced features. Or as Andy was mentioning, router manufacturers claiming a router does something when it actually doesn't. There's a lot of different configurations that end up where your network isn't separating out traffic as well as it should. So what ends up happening is that your smart girl is sitting on the same Wi Fi network is your laptop. And so even if you're really good about running your security updates and restarting your laptop every time. You get the little notification that you need updates and you need to restart. It doesn't mean that your girl maker has released an update or ever will let alone that your girl will ever notify you that it needs an update. So over time that can leave these various Internet of Things devices hackable as things that were reasonable security practice five years ago, because of the kinds of holes that I was just talking about being revealed they're no longer as secure as they were. So it's a good idea to set up your network so that they're not discoverable publicly from the Internet, and so that they can't see the kind of higher level devices on your network like your work laptop or your phone. So what can so all of this is about limiting the number of entry points on your network that attackers can use. And so there's a couple of things you can do like I said run the updates for your router model, and you can find if there's updates by finding the web page for your model, and you can find your model number by looking, picking it up and looking on the back. You can find it on there for FCC reasons and just search that on the Internet. And the web pages will often have the user instructions that came with the router when you when it came and you might have thrown those away or lost them and they're going to be helpful for figuring out how to change the settings to separate out the traffic matter. Your home router is different, and it's hard for me to tell you exactly what to do over a broad webinar like this, but most networks can be set up to do a little better separation. While this sounds too hard you may want to look into a VPN, which will create an encrypted tunnel between your laptop and the VPN provider, your work may provide one, there are a range of options on the Internet, some free some with cost. Look at them review them decide what the trade offs are for you. And I will recommend that there are plenty of resources out there about how to think about choosing the right VPN. I wanted which was written by our friends at consumer reports. And over time so I will leave it at that and follow up in the Q&A. Thanks everyone. Thanks Nat. A question I wanted to provide for everyone but actually maybe Nat can start is a lot of people have said to me or said in general that they aren't going to get hacked that their information isn't interesting that you know why would they be a target for anyone. And if someone ends up reading their emails or communications it's not a big deal because they haven't done anything wrong. Obviously that's something I find very concerning as a privacy professional that everyone should be worried about their privacy. But also that I think people don't necessarily understand the seriousness of the type of intrusions we're talking about, or the type of lack of production of privacy that companies might be doing currently that these things can actually be a big deal for everyone. And Nat could you give me a little bit of an idea of sort of a worst case scenario of what you know for router settings or a lack of security updates could do to someone's home network into their privacy and security. So the big concern with the home router is because that is your literal gateway to the internet that security vulnerabilities and that in the software that runs that could allow an attacker to possibly sit in the middle of you and all of your internet communication. And depending on what you're doing it opens up a whole wide variety of other kinds of attacks. And they come into a few broad categories. One is the kind of network observation and behavioral observation that you can get from networking. The other thing is once you're there you can see what are the insecure devices that happen to be on the network and you can the danger is then an escalation. So it's not just that my home router is insecure. It's now an attacker has gotten onto my home router and sees that I have an insecure smart TV also. And once they're in there they now have access to whatever camera or sensors that might have. So the main fear around around the home router is kind of an escalation as well as an observation of all of your network traffic. And to kind of be broader like oh but why would anyone target me. Like I was saying before, a huge huge amount of internet mischief and malfeasance happens. Not randomly, but it happens as randomly. It happens more like the scenario of somebody checking car doors on a block like I said, it's not specifically that they were targeting you as an individual or necessarily what they saw inside your car. But just the fact that the door being unlocked made it easy to just go in there and root around and see what they can find. And maybe you left something valuable and maybe you didn't. But the overall network effect of everyone leaving their doors on lock just lowers the bar for every other kind of digital attack that can happen on your network with your IOT devices which I can let other people speak to. Katie I know that there have been some scary stories about people you know harnessing home devices with sensors and talking to people or you know kind of things that might freak you out but might not necessarily be something you think of about work from home. You know generally your life you might be concerned of someone hacks your lock so but when you're working from home it's a different set of concerns. Do you have any sort of worst case scenario or way to articulate what this right might really need for someone's experience. Well some of the some of the camera hacking that we saw in December mostly revolved around kind of terrorizing individuals within their home especially children. Sometimes the hackers pose a Santa or just taught to children at length and they're in their bedrooms over the period of many days. So in the case where you can't leave home and your kids are in some theory working from home. The idea that your house is now a place that you fear I think is a primary concern when you're talking about connected camera hacking. You want to feel safe and secure. Many people put up these cameras in part because they feel that having more surveillance in their home and around their home will add to the security. So if you're not examining those passwords making sure that to better authentication is turned on and that automatic updates are going to your camera you could be opening up your home to the very kinds of dangers that you were hoping to prevent by putting up cameras. So it's more of a sense of security that we're getting at there. Obviously if you were a specific kind of individual had a higher threat matrix you are important person in government or business someone could have those cameras. For a specific instance to get some sort of specific information from you. But like you mentioned in the question that's unlikely to be true for most people. So we just suggest looking at those settings making sure it's as protective as it can be and as far as voice assistants go. I don't think that it's really so much a security concern as a privacy invasive concern because now you're at home or often just more parts of your life are going to be captured by these voice assistants. In addition you would you should also be thinking about the power dynamics here when we talk about smart TVs and the smart speakers getting more information about you and your daily consumption habits. This information is going to large companies who already have a pretty firm stake in the marketplace and could be using that information to further monetize and serve you with ads. That just strikes me as unfair if you're buying these voice assistants or smart TVs make your life a little little a little more easy that then you're providing these companies with information that is valuable to them. That's a dynamic that I think you should reconsider if you're spending so much time at home and all of your consumption is now at home instead of being at theaters or live performances. You should also consider just looking at settings on your phone as well. I know most of us are spending more time at home than ever but perhaps we're also sharing some additional information with some other apps that you've downloaded. I know Justin's been talking about video conferencing tools but some friend to friend kind of confidence and tools that aren't designed for business like House Party also collects a lot of information about you from your phone so you should consider checking those settings as well. But in all cases what we're talking about here is mostly an invasion of your privacy and a feeling of being unsafe along with monetization of your data. But you should also consider that a lot of people reuse the same passwords again and again so someone gains access to your account and gains access to that password that possibly could make a lot of other accounts unsafe. So it might be a good idea at this time especially with older adults in your family to talk to them about password managers as a way to further secure all the accounts they use. And also practice better security practices since these password managers often try to push you to have more complex passwords and will remind you if you're reusing the same password from any sites. Thanks Katie and Justin I appreciate the fact that at the beginning when I was talking a little bit about your work on zoom you did highlight that you know especially the early work was about the privacy policy and specifically the you know ways zoom handles privacy. Which might not be as easily grasped to someone as zoom bombing or you know zoom harassment. Could you give me a little bit of an idea about how those privacy policies could actually really affect zoom users. Yeah, so I think you know I think a lot of people just had a visceral reaction to the idea that zoom reserves the right to sell information about people the fact that we are connected right I mean I think people don't really understand the data broker industry. Super well, but they again when they when they they think about the core idea. You know I think they they react. Really strongly and think you know that that it violates like the relationship they have with zoom. Again, I don't necessarily think that zoom is my monetizing data I don't think they have to me they have a paid service and their stock probably has increased to the three fold. In recent months weeks. But you know other companies in this space you know I think like Google for example people increasingly use hangouts. I think they might have concerns or wonder, you know, Google is primarily funded by advertising. Is information that from the session being used for for Tony will offers to give me are you looking in my background to learn about me to see what books I have to try to categorize me in certain ways. So, again, I think hopefully a lot of that's not necessarily happening but because companies aren't really required to be transparent about it. And then to have these mealy mouth privacy policy they don't provide a lot of information. I think that it's worthwhile thinking that you know I think the, what actually maybe the most direct threat model to a lot of people in this new era we are in is probably just embarrassment right I mean the fact that we're forced to talk to our employers and our friends and our homes and so you know this. Like, nearly cropped my bedroom here but like I think people are just not used to it right it's this very new scenario, and aren't necessarily thinking about where they're plugging things in and so I think that that directs like possibility of like offending or damaging your with coworkers or employer employers or friends is probably the thing that practically people should be most aware of. And you know that you can be careful about you know how you crop stuff I think zoom for example offers the ability to fuzz your background or have a custom background. But I think you know there's lots of different things people need to be thinking about here but I think that's definitely one of them. And I really appreciate I know we're going to talk about this a little bit later, but the way that specifically some of the consumer reports work has caused companies to react. I think people working in security and privacy that's always our goal is to when we say stuff have people make things better. I'm going to ask a little bit about that, but for everyone. We've mentioned different professions or we've especially mentioned children or elderly people. Are there specific communities of people or types of occupations that we think should be specifically concerned and pay extra attention to maybe implementing some of these privacy and security features. So, yes, there are definitely types of users that we should be particularly concerned about this. Everything switching to work from home has brought all kinds of jobs out of offices and into homes that really does bring up a lot of concerns about the people actually making these connections. And on top of my mind, the shift, the, the, the land speed risk to telemedicine and the number, the, it worries me that so I spent the early part of my career in tech doing hippocomplain systems, and the, it worries me that are all of these pieces that are being thoroughly vetted for their HIPAA compliance. And what is the ongoing, what is the nature of that and, and are we letting some of the regulations in HIPAA kind of fall by the wayside in the name of this crisis. That worries me. And then, like below the direct healthcare provision, you have mental health and social work has also been moved into these kinds of online spaces. And so a lack of security for those providers who are now providing these kinds of services from home. Any, and this I mean goes for anybody who works with any kind of vulnerable population and where they were previously interacting in offices and in community centers and in these like anchored physical spaces. Teachers are another great example of this where, where all of their work happened in these physical spaces where you don't need to worry about as much about someone is dropping on your conversation with children. In a school compared to trying to do teaching from your living room. I mean, in a beyond my general, everyone should be a little bit worried there are very specific communities that I worry more about than than just, you know, your average clerical office worker. Katie, do you have something you want to bring in. Yeah, I think so as not mentioned, I think children are a vulnerable population to be concerned about especially since they're turning to zoom and other platforms to communicate with their teachers or classmates or friends. So just making sure that parents say part of that equation I think is the best protection. And I know that we're all balancing more burdens and ever and that means often that kids are using tablets and other other devices with screens a little more than they used to. But it's important to try to keep parents as part of that loop and check in every now and then on what kids are viewing since, you know, many sites like YouTube depend on parents to report videos as an important part of their content moderation loop. So just checking in when possible but I know I'm asking more parents who are already working around the clock. I would also say again I think elder adults as we as not mentioned as we mentioned are another vulnerable population. They're trying to use these new technologies and often you were explaining how to use these technologies from afar. So I think that that's another important moment of possibly a good moment of intervention and talk to your grandparents or your parents about how they manage their accounts. What passwords are using and also reminding them as not mentioned where and where not HIPAA applies. We know that under the pandemic there has been some relaxation of the HIPAA compliance and privacy rules in part to encourage telehealth solutions which we definitely appreciate since like 16% of Americans as Pew have used the internet or some other online service like emails to connect with with doctors and other health professionals. We know this is a critical service but reminding people the HIPAA only applies in certain certain circumstances where it's a healthcare provider insurance provider and doesn't apply to Twitter and other places where you might want to be talking about and sharing your symptoms and sharing your experience with COVID. But you must remember that these these communications are not as protective as they would be if you're talking directly with your doctor and a doctor's office. And I think also in general you should just try to be more sensitive about the all the other things in your home that have sensors. Often robotic vacuums come with video capabilities now which is definitely helpful since you can double that object as a security device or checking in your pets. But just double checking the number of things that you have collecting data about you throughout the home I think is very helpful. Especially since it's not mentioned all of our all of our internet capabilities are being quite strained at this time so seeing what you can turn off when possible is another great solution. And then again just trying to be as careful as you can as you use these websites and other other other accounts try to make sure that your passwords are complex and long and that you're using a password manager. As that mentioned consider using a virtual private network VPN where your communications may be more concerning and also TOR is another great but another great way of accessing internet that protects your identity. So if you are someone who has more critical use case you're more concerned about being hacked or snooped upon those are some excellent tools and I know access now has a lot of other tools to help people especially reporters use internet safely. Justin did you have a thought that you wanted to interject. Yeah, I think I think I think Nat and Katie covered it well like people have a confidentiality obligations like doctors and lawyers, vulnerable populations who I think are intact in other scenarios. And the other one I just might add since we're talking to folks in DC is actually a powerful people right or a lot more interesting than perhaps some other people and you are seeing. I mean you've seen the large scale hacks in the past that like the opium hack and the epifax hack which was done by nation state actors. I think not necessarily for broad application but maybe for like looking for really interesting things and as a lot of government work goes online. I think they're the example of Boris Johnson like you know showing a screenshot of a zoom meeting which has like the ID right there available for anyone to then join and reuse. If you are transacting like interesting information you're thinking interesting target to because we are sharing in new ways and putting cameras in new places and just working differently where we don't have the defenses built up internally so be aware that you may be more likely to expose yourself and in other times. That's great so I wanted to have a bit of a conversation about some of the work that civil society and consumer boards have been doing which is really pushing users to be to you know try and consider security features and privacy features when they purchase devices or use products. And to think critically about you know what they should choose when given a range of options. Katie do you want to tell me a little bit of the work that consumer reports is done on consumer education and those kind of issues. Thank you. So in response to the many attacks we saw in December and January. We contacted the manufacturers of 25 25 different manufacturers of connected camera doorbell and DIY security devices. Basically telling them we think that these are some really good practices such as instituting two factor authentication and checking against checking the credentials individuals use make sure that they already haven't been published in a database. And we just notified them of this and asked them for more information about their security practices. And the same time we've been rescoring some of our connected cameras that we rated last year for privacy and security. And so we hope to have those published in the next month or two and then we also plan to meet with connected camera manufacturers to talk to them about the kinds of security practices we think are critical. Out of this work we found that enabling automatic software and firmware updates was one of the most important important safety precautions that connected camera manufacturers can put in place. And luckily we're seeing that more often than not being instituted but we also think that two factor authentication which I think many consumers still are not as comfortable with as they can be or should be is another really important method of securing these devices. So we're still figuring out how we're going to score and wait our connected camera work now but we're definitely paying attention to some of the security precautions and hoping that they're instituting more widely in the marketplace. Due to pressure from groups like consumer reports and Mozilla companies like ring have been pretty responsive and instituting more controls and more transparency measures for their users, which is incredibly helpful. But we also have been reading we read a password managers recently, which is great because a lot of that, you know, it's hard to use the password managers and first time users who rated it for usability but we also rated it for data security and data privacy. And one of the best password managers out of that comparative reading was one password. So recommend talking to your to your family members if they're interested about that service. But we also have we radius more TV is a couple years ago found some possibilities for hacking and a model or two. Luckily that they have fixed those concerns but we also are still always looking at how difficult it is for a consumer to actually change the controls on their TV that affect their own privacy. So we recently published a study showing that in many cases these these security settings are highly buried are used by a variety different names and so it's extremely difficult for consumers to find them. And so working more on these kinds of not not necessarily deceptive but like a dark pattern a way of like hiding the protections that consumers may want. And that's one of the ways that we've been documenting dark patterns by looking at smart TVs, where we're definitely always looking to making sure that consumers can easily find the tools they need to make their products more private and secure. Thanks Justin I saw some good nodding were you supporting Katie's consumer reports plug or did you have something you want to share. You know, Katie covered it quite well. I think I mean the problem is it's really hard right now for people to make informed market choices around privacy, you know, even if they wanted to buy the most privacy protective smart TV like, I don't know. I think it's asking too much of people to try to read a privacy policy, but even if they did even they spent like the like hour and a half would take to read five to 10 smart TV privacy policies, they're not going to come away and form they're you know they all reserve the same rights isn't sort of sharing with affiliates which maybe is okay but also with partners and who are they. And so that's just not a lot of actionable information so I think a lot of what we try to do is to take it and digest it down it doesn't mean that they've got more like a score or scorecard where people can kind of understand the features. I think one thing we're interesting in doing over time is around issue of product support for IOT right you buy an IOT product is connected to the internet, but it may not ever get a security update right and like people always finding vulnerabilities and stuff. There's a great example of that talks about there's no clear norms around how long products are going to be supported, you know desktop software like like window and Apple like gets supported for like 10 years. Mobile phones is hit or miss right some phones get a lot of security updates and some not at all, and I would tell you is a total mess right and so you just don't know what's going to happen I think, you know, Sonos for example, actually I think makes a promise that if you buy a sonos speaker, it'll be supported for at least like five years after we stop selling it. You know query whether that's the right number or not but I would love to get to a place there where there was more reliable information about that where companies are either required to disclose how long they're going to do it, or at least make it, you know, make it open source or fixable support otherwise. Right now we're not there but I think as a we need to get there there need to be more clear expectations for consumers around product support. Yeah, I think this is a really interesting conversation that is unlike some of the conversations we have about IOT security and about product security in the fact that work from home and learn from home or not choices at this point right so we can't say, you know choose not to use this product we can't say maybe think twice before you do something because you know your living space and your working space have been integrated and you know your consumer might force you to have conversations with clients over zoom even though that's something that you might be uncomfortable with. Nat, can I start with you people, you know, when you're sort of forced to use technology from home we've gotten some questions before about when people you know don't have control over their wifi network to secure it maybe someone else manages it maybe they live in someone else's house when you have fewer capabilities and less access, maybe because an employer manages something what types of things can individuals do in order to protect their security. Sure. So, one of the things I always like to remind people is that security is more than just a product you buy or it is a practice it is a process. You have to engage in security thinking, which means that, you know, in the physical world that means you think about locking your door, because a lock is remarkably effective and it is completely ineffective if you forget to lock your door. And similarly, just thinking about some of the simple ways, and not all of these are super high tech. I mean, if you, if you're baffled by the security concerns of your smart speaker unplug it and plug it back in when you're ready to use it again. So, there's not always a high tech high tech fix isn't always much better than the low tech fix. I mean, like, I have now have a webcam, like mounted to the wall behind my desk, but when I'm not using it, I have a high tech business card blocker business card to just block the camera and just like you have each of these devices might have various sensors that you're concerned about, unplugging them, covering them up, removing them from the area where you're conducting sensitive business or all really remarkably effective low tech solutions that kind of step aside from the fact that your home webcam or might not have received a security update in two years. So, I think that that's one thing. There seems to be like also a cottage industry of like third party devices to do things like block the microphone on your smart speaker. You could go into the direction of looking into that stuff. I think that it starts with a kind of thinking about all of the ways that information could leak out and easy ways to plug those leaks, even before you start thinking about the next level tech steps. I agree with all that. Yeah, one being mindful of where stuff is right again this is a new world for a lot of us. There's going to be some period of adjustment adaptation to the extent that you can be a little, and we're going to we're not used to the threats for learning about the threats in real time. And but to the extent you can be mindful and conscious of where there's a camera where there's a microphone when it might be on. It sounds simple, but I think is something that we're going to have to get used to over time. I'll make a plug one more time but updating your software right is one of the most like important things you can do is kind of a big four routers it can be a little bit of a pain is worth taking the 10 minutes to figure it out. I will say for video conferencing specifically, you know for for users you're kind of at the at the mercy of the host and so the best you can do is going to be aware of the camera or background, if possible. But the host have a lot of options and a lot of control and I know like you know Andy you were very thoughtful about how, okay webinar we're going to have some participants who want to be engaged and ask questions but we don't want to be attacked as you've been attacked right. And so like you know webinars a good function where there are some ways to have public participation but are limited. You know, using unique numbers not using numbers requiring passwords, you know, maybe in some cases requiring a waiting room. And we're adjusting to a lot of this I know like you know some things where there are more public participation, especially for kind of government things are super hard. Because you do want to give people a platform but when they're kind of hiding behind a computer, there's less accountability for for bad behavior and so I think it's just as a host it's not as simple as just you know, sending around a dial in these days, because they're just for better or worse, a cottage industry of people who just want to harass people. Yeah, I think that's really important. The seminar I mentioned that I watched last week with zoom run by the adl was specifically from civil society organizations and educational organizations who were worried about harassment and had seen that you know dramatically increase in their industry and that was their biggest concern not just privacy and security but harassment. We benefit as an organization by the fact that we can use this webinar function, but if we had to use a meeting function, the security risks are just more complicated in order to allow participation. I wanted to move on a little bit. I know OTI has been doing some work and I'm not sure if it's out yet on Wi Fi sharing. One of the biggest concerns. No, okay, one of the biggest concerns that has been raised by many organizations, especially educational experts is the digital divide when it comes to working and learning from home. Not everyone has an established, you know, high quality Wi Fi system in their house or could afford for their kids to be able to implement some of these features and so, you know, we have pushed in organizations in general for companies like Verizon for there to be free Wi Fi hotspots for users around the country. But obviously we don't have a ton of control over the process over the settings. Nat, could you give a little bit of an idea about when people are using public Wi Fi, which is applicable now but also in general how do you make that more secure. Well, yeah, using public Wi Fi is definitely a Wi Fi sharing is definitely a thing that's happening a lot more now. I just heard this morning that like, for instance, the libraries in Baltimore County have implemented a come use Wi Fi in our parking lots policy and libraries around the country are doing similar things. So when you're on a public network like that. And even, you know, when things when times go back to a little more normal and you're sitting in a coffee shop, my advice would be roughly the same which is get a VPN. That is the best and most sound advice, because what that does is it means that you have to trust your network provider that much less because you're all of your traffic from your device to your VPN provider is just one encrypted intelligible blob of traffic that the, you know, whoever is Wi Fi that you're connecting to can't analyze the traffic that's the most basic thing you should look into doing that if you're the kind of person who uses public Wi Fi lots anyway. And yeah, that's the number one thing, but then on a on a lower level just when you're using websites and web services just make sure that they're using the HTTPS version will lock on top of your screen. Because again, that will at least make sure that the connection between your web browser and that website is encrypted and not observable to the network owner. And as Katie suggested earlier, another option is to use tour. And so just like look up and download the tour browser for that. And those are probably the like top three pieces of advice I could give one using public Wi Fi up the fourth piece of advice, if they offer a user password version and a don't use a password version. Use the one with a password because that will, when you're not using a password on Wi Fi, not only is all of the traffic visible to the person controlling the network. It's also visible to anyone who can hear the radio signal of your Wi Fi card, which means all of your neighbors if you live in Yeah, I think I wanted to drop in quickly. We've been getting lots of questions and so I'm just going to integrate them into the conversation, rather than stopping and doing a Q&A. But not one of the things that was just mentioned is obviously there's a cost problem for people that you know maybe can't afford Wi Fi in their house maybe also can't afford to pay for a VPN or various other services. Could you and I think Katie I know that you guys have done some work on password managers mentioned just highlight. I know a lot of them are free but some specific names that we can leave our viewers with or specific things they should look for maybe when picking a free product, because we would worry they're not as high quality as something that's paid. So I would suggest checking out one password for a password manager this one we break the highest I think they a lot of the password managers have a free option that you can use for both VPNs and password managers and any other free service that you're looking to help protect your privacy. I would try to find out as much as you can about them, reading either reports from some reports or another third party who's looked at compared and looked at them comparatively. Often the concern with VPNs if you're not paying for the service then they're using your information to monetize the service. So looking for companies that offer monetize monetize VPN service or have have some sort of higher level that you can use maybe a good idea. But I do agree that the situation is a little tougher if you if you can't afford these services but some iPhone some phone providers like iPhone provide a kind of key chain that will help store passwords. Even just changing your passwords and keeping a written log of it would be helpful written log hopefully analog not in your computer stored under a document called passwords. And checking to make sure that you are visiting sites that have HTTPS is also another critical thing to do, no matter how you're accessing the internet. But those are the services I recommend and since many of us are working from home using your works VPN if you're concerned when you're at a public Wi Fi or the hotspot is also another way of using that protection possibly just to check your bank account or another ancillary service that isn't necessarily tied to work. Yeah, I would just add to me I don't want to really scare people I mean it's obviously astounding and terrible that schools are telling people to go to parking lots and like that that's that's the way people are forced to do school work these days. But I wouldn't want to tell people that you know the only safe way to do it is to spend $10 a month on a password manager and then $7 a month for VPN. And if that means like you're just not going to you know the kids not going to have a chance to do their work or you know I think like the threat model of against depressing, but you know it being you know doing it in a laptop like doing your math homework I think you know what was what what attack is going to happen and you know unfortunately those a lot of like the educational software is not encrypted and so it's possible your friend will see your score is but that seems unlikely. And, and I think I wouldn't want to force people to contort their behavior based on theoretical concerns. Because again the core is like, it's hard enough to get by right now right we're all kind of scrambling and trying to figure out and adding on more, you know, asking for more cycles and more bandwidth for folks asking a lot. But I think just being cognizant if it is like not password protected, and the sites not encrypted there are threats and they're all vulnerabilities. You know, and just to be to be aware of that I think and you know to be aware of what could be used against you, but not necessarily that to overly scare people into not participating. Just as right the threat model that you know we should be concerned about the same one we have when we started using internet early odds like are you entering in your financial information, or otherwise really important information that can be used to steal your identity or access other accounts to kind of concern that people should be having when they're using Wi Fi, especially it's just mentioned we're all just trying to get along so whatever you can do to make sure that you can enter in those kinds of critical details over a more secure connection when possible. I appreciate that I know this is sort of a different world when it comes to digital security in many ways where these things just aren't options right it's do is that like as best as we can. And you know figure out the rest because our top priority is often just, you know, being able to continue to communicate and hopefully have a job and go to school and keep learning for as long as this. Now, we've gotten a couple questions about any sort of visible evaluation like I'm, you know, a label or a stamp I know this is a very common question that could be put on products I know consumer reports this is something you especially work on, you know, people want to number some sort of evaluation that is visible to say this is a good product and this is a bad product. Where should they be looking or their specific specific information they should be looking at to handle effort. It's something that we're obviously working on like where we are trying to put out more and more scores regard to these sort of things and so we have like a corpus you know around like security for payment apps and password managers and you know smart TV ratings to be coming out soon and so I think it's our role to provide more and more information out there about it. You know I know I know other folks have like tried to, you know, Mozilla has a holiday guide they try to highlight you know, here are good products and here are bad products. It'd be great there's more of a marketplace for I think one downside is there's a fair amount of privacy and security greenwashing out there, where a company will say like, this is like military grade encryption or like we are certified like privacy America now, like, and you know, I think the FTC has brought some cases against companies for making unsubstantiated claims and for like, again, like Ashley Madison, for example, who lost a lot of very sensitive personal information. One of the counts against them was they had a seal that was effectively meaningless, right and so I hopefully as the market evolves for this there will be more reliable sources of information out there and maybe if you know, again, if regulators have more capacity to chase down fake seals or seals that are meaningless. You know, right now they're just not enough enforcement out there the FTC is relatively underpowered doesn't have the ability to do much state AGs are under resourced. And right now a lot of attention is going to to a lot of you know, COVID specific stuff. So empowering regulators to to make that information important I think is important. I do think though the market is evolving to provide more reliable information is not there yet though. And as Justin kind of mentioned as we've been hinting at all through this conversation to you know these starts are evolving quite quickly so having any sort of static like seal of approval I think it's going to be a tough, a tough barrier for us to get over. And I think also you know what we're really talking about here is a kind of unexpected uses of your data that really should be more curtailed by regulation and law or laws like we do have in some states now like California. It is a tough situation and I definitely understand that people don't know what to do. If you have kids I recommend looking at common sense media site they read a lot of products. They have a lot of resources for parents, and they also have helpful resources and like what age be really worried about your children online. And you know we're going to continue to rate products and services, but I think also just looking at whatever privacy settings you have on the products you own. That's a really great place to start to try to protect your privacy, especially since many of us probably don't have extra money right now to go buy some new connected products. Just ensuring that the settings are as safe as you want them or as what you thought you they should be. I think it's a great first step and then hopefully the market consumer of course can help you make those decisions. Thank you I really appreciate that I know that a lot of the questions we tend to get are around students and around schools, because you know that's a whole new world for for teachers and educational institutions. So given remote learning, and we've talked about the digital divide, what about the actual platforms that educators are using to provide the materials are there more. Either are there platforms that are more secure than others or there are things that are questions that should specifically be asked when students are pointed to a platform, does it have certain features is it transparent in certain ways. So that's a little bit of a tough situation so although consumer reports of course works on issues related to children and families we don't necessarily focus on children's privacy in the school context. But I do think that parents should be basically starting off at a kind of skeptical mindset when when schools try to have their kids use some specific platform. And certainly I think we're in kind of a little bit of a situation was on being a lot of compromise or change. As a result of these parents concerns but I think this is also maybe making us all more aware of what kind of services children are using at school and also using now for distance learning. And certainly schools will get a little more funding in the future to either better provide information resources to parents, but also perhaps not use a larger commercial products that may or may not be as compliant with copper as we would like. I think a lot of that is also in fluxes we are looking as copper you know has been under a reevaluation at the FTC. That's an open question. But as I mentioned earlier, I do think the parents have to be part of the loop, since that's the basis of a lot of our copper enforcement. And it's also the basis for a lot of content moderation on a bunch of sites that children use. I haven't had I haven't been the thorough evaluation of like the purple or the students specific issues there. And again I think there's a lot of evolution going on I mean I think you like the zoom is that you know we were designed for business to business we didn't necessarily think through some of these, you know, as use cases, very Silicon Valley answer and not think through the way their services could be attacked and used for evil, or misuse not contrary to their terms of service but I think you know they've also adjusted some some with that and three thinking about you know, unique high entropy, you know, meeting advice and whatnot so I think the platforms will need to adjust as again in response to evolving threat models. And also just seeing you know the schools will need to adjust to like you know my kids are doing a learning and again there are privacy and security concerns there. I'm also like intensely grateful that they have a way to see their classmates and to kind of make a, you know, they're reading the tale of Desperot in a group yesterday and again wave them to interact. But even then like I've seen my school like change like you know again but now they're not reusing the same meeting advice or having passwords. So maybe there are limitations on like everyone not necessarily everyone can share their screen. Again, like, you know, it really is like context specific, but schools will have to like learn the, you know, how to use the platform, more effectively and to break down to protect from attacks. Quick for those who are not privacy lawyers in the audience, Kappa and Furpa are Kappa is the Children's Online Privacy Protection Act and Furpa is someone. I lose track. Yeah, it's about how schools can work with third party entities help individuals learn at school and so in some cases it gives the school the ability to say yes on behalf of the student. And in some cases it requires parental permission for these kinds of services be used. The Federal Trade Commission is reviewing especially that parental permission aspect. So I know that we're all overloaded now but when the world goes back to normal at some point. It's important to keep in mind that parents should and have to be part of that kind of conversation and so we hope that the Federal Trade Commission does not roll back that protection. So I think Bill Fitzgerald knows a lot more about Furpa and education privacy than either Katie or me, but he's not currently on this call. Or maybe he is. He's not a presenter. So one of the questions that's come past and this has made me want to bring it up is given the state of the world and also the state of Congress. I think there are some comprehensive privacy legislation to come through at the federal level anytime soon. But are there some short term policies or short term wins that people should maybe calling their representatives about saying hey hold this company to account. Hey, you know, you should maybe require this specific feature or consideration, any short term wins because we're not going to get a long term one for a while. I mean, again, I think you've seen progress on security right so like you know a couple dozen states have passed various varying degrees of laws requiring companies to use reasonable security. I think we'll need to get flashed out over time what that means, especially in terms of product support. And you know California passed most of the information security California past past one year or so ago around cybersecurity way that cameras can be misused or cars plowed into things. So you are seeing states continue to expand those they're constantly expanding data breach notification laws to include other things. I have seen interest in getting more information about product support period and security updates over time. I've seen legislation designed to try to get to that. So we'll see as on the privacy front I mean again the California law goes into effect. California have new privacy law that was inactive a couple years ago it goes it will be start being enforced this summer. You know, I think that how the Attorney General of California enforces that I think will be really important and meaningful final regulations should be out on that soon. And I think there will be efforts based on how that plays out to tweak California's law. So either in terms of like California itself but other we've seen other states continue to have interest. So I think it will, we'll still see, especially at the state level of federal government's trickier people trying to iterate to address a lot of these issues with the caveat that again, I think trouble meeting to right now right there's just there's more limited bandwidth and as they try to adjust to how to enact legislation and hold hearings in this environment. Yeah, I think this is an important moment where we're a little more focused on local government than ever before. So I know that there's something we can really do in the near term but one reason why we're having a lot of broadband access issues because a deregulation of the cable industry the local level. So keeping that in mind as you go to possible primaries of summer or go to the polls in November to the Senate that decides local elections and you can find out their stances on telecom and other access issues I'd recommend looking into that. The Federal Communications Commission which regulates broadband access across the US is accountable to Congress so if you're lucky enough not to live in DC and have federal representation I recommend contacting your representatives about the importance that broadband plays in your life. I think overwhelmingly in this period we're seeing that Internet is obviously treated and feels like a utility to the individuals that access it you and me accessing it to continue our jobs to access healthcare to access job opportunities. So I think that's another important thing and then you know Children's Online Privacy Protection Act remains a law so using that act to see what kinds of recordings have been made by your children on their Alexa devices either the kid version or the adult version or viewing what kind of data has been collected about them from other apps and services this is the time if you have any extra time to review that. And then of course I recommend, you know, keeping in mind that a lot of these secondary uses that we've been talking about that most people are upset about is a federal issue so looking to what presidential candidates have on their policy issues around net neutrality and other access and privacy issues I think is important and to the extent that that comes up in your primary or November electorate as well that's important as well. And I will note that as much as we would like Congress to keep doing stuff in general, the type of work that consumer reports has been doing on zoom has made a lot of organizations including the federal government more hesitant to use those tools for secure and private conversations and not good discussions about what this actually means and what risks are actually faced by, you know, all of us who feel like we rely on these tools. Yeah, I, I, in addition to the kinds of things that have been talked about I also want to say that one of the things that kind of excites me in all of this is, is that even before everyone was working from home there are outside of the traditional policy channels there, the secure update of Internet of Things devices is something that's actively being worked on at like the protocol level. So people are trying to figure out how to do this right and standardize it in the same way that things like email and gtps are standardized. And so that's one place where you can look for actual movement that actually doesn't rely on politics at all. And this kind of encouragement of companies using is really helpful. The fact that you have seen zoom move so far in a month is super encouraging to me. And I think that in a lot of ways, you can look at that same social lever in a local politics way. So if you're not really happy with the way that your local school board is running remote learning right now, maybe call your city council person or whatever they're called in your jurisdiction and see if they can work with you to turn up the pressure on the school board. Because maybe it's just that there's that the person whose job it is to care about how the school system is implementing zoom hasn't been hasn't thought about it or hasn't been aware about it doesn't have the right institutional support to make those kinds of sweeping changes. So you so one of the public policy things you can do is to just work in the smaller levels to local level to find out who has the power that you can get the like the same kind of social levers to to to, you know, you may not have the same bullet hole that the consumer reports does, but that doesn't mean that you're talking to your council person can't get the same kind of satisfaction out of your school board. So I think one of the conversations we have around, you know, when we have these conversations are in digital security a lot of people say, What are the, you know, what are the short things what are the recommendations for everyone. We'd love to start with recommendations for companies who implement or make these products. What are some quick steps, you know, we're in a very urgent situation right now that they could take to overall make their products more secure and private. Well, it's just mentioned earlier a lot of startups and companies that come out of Silicon Valley often don't think about quote unquote edge cases or how they can be abused or misused. So I think, you know, to look back and possibly just as a company, not assume this tech paternalism and instead assume what it could be used and how how it could be misused. And the point of product creation would be extremely helpful. We're also implementing some security controls that may establish some friction which you know we've all heard from, you know, Uber is a very upsetting thing but actually maybe would keep your participants much safer. So having a sort of waiting room as we talked about from video conferencing services. That's a that's a moment of friction but that actually helps protect a lot of individuals. So we can see that implicated across the spectrum where like I do are you sure you want to send this to this email let's enter in the email twice over these kinds of double checks are easy to implement but help help individuals think twice about what they're about to do one information they're about to share. I think that's incredibly helpful. I think also in the day like we've mentioned a couple of times that some of the HIPAA privacy rules have been rolled back under under the pandemic in order to help tell health solutions but companies should just make more prominent disclaimers as companies like Verley who opened a COVID testing portal make more prominent disclosures that they are they are not regulated by HIPAA and your information is not as protected as it would be if he taught to a doctor and a doctor's office. So again, just helping consumers think more carefully about the kind of information they're sharing. But also we've pushed companies to stand by the claims that are the privacy policies if you say some things in the encrypted, it should either be in the encrypted or you should explain exactly how it is protected. So, some of those like kind of easy, what we see is like kind of no brainer here on the other side where we're trying to troubleshoot and search for problems. Hopefully companies will start thinking about that in a more holistic manner where they're creating the product and before it goes to market. Yeah, I mean, you know, we have like a our document called the digital standard which kind of evinces like our best practices around privacy and security and I think it has like lots of tips on like the things we'd like to see on both privacy and security and also things like ownership right IoT devices, you know, can you resell it can you pair it. And I think there are some other important policy issues there do you really own a device if it is going to be hold into some other companies software. So we have a lot of detailed recommendations there. You know, just summarize like things can be can do short term around this I think it's you know, clarify that they're, they're, or limit the secondary usage and sharing of information right and you know I don't like zoom I think doesn't need to monetize data. In the way it's a lot of online, a lot of like online advertising fuels a lot of the web for better or worse. But I think like zoom is I don't think really actually planning on selling data, they did update their policies to clarify that but I think it's not consistent in teleconferencing software and also IoT like I think there's often a lot of vagueness there and so they could reassure us that that's not what they're trying to do. You know, I think some IoT devices like smart TVs I think are trying to monetize data in ways I think are not transparent and a little sketchy. But most I think are not I mean most like I think just want to work you pay for them and like that's the value proposition so I think clarifying that I think would be super useful and then again the, as I said before, one of the other devices you know, assuring some level of support like you know this this thing will work for X period of time, we will update it with both functionality and and and security updates over time. You know the flip side I think you know regulators should be more aggressive that you know it's companies like flips a switch and bricks something that that should be considered illegal or unfair, you know under the law. And, you know, we did some work around that. The smart home hub called reveal, which was then bought by nest which is then bought by Google, and at some point reveal which was like plenty of people paid $300 for. They just turned it off because like, also that was already supporting to at least other product lines. And that case like the, the FTC send a closing letter saying we're not bringing a case because you, you, you, you're refunding people. But I think, you know, but with the policy message being that if you didn't refund people, you can make a case that it was unfair to people that they, you know, they paid money and suddenly the device doesn't work anymore. I think regulators need to bring more of those types of cases again to help establish norms of like, when I buy it device would have actually mean long term. So I think the most common question we've received, and that I would really like to close with is, I would say we're going to be in this for a while. You know, many states at least said that school districts are going to be closed till next year. The offices are now existing on a month's not weeks timeline of when people might be physically back. But at the same time, a lot of the security is now just in the hands of all of us who are living at home and working from home and studying from home and maybe a little frustrated and want to get outside. So what is one step or, you know, a couple short steps that people at home can take to make themselves more secure people want like a, you know, one step two steps kind of what can they do right now. I think we're going to do it with reiterating that thing we said over and over again which is run updates on everything that can run an update. So your laptop your phone your Xbox your Roku, whatever. A lot of these devices and the clear market trend is that they're moving towards self update. So let them do that. But yeah, update everything that's, that's the the shortest answer that I can give is the is update everything and be aware when things are no longer receiving updates if you're so lucky to have a manufacturer will tell you. I think I mean that the update obviously, you know, be mindful right I think is incredibly important and adjust right I mean I think we're all in a period of adjustment here that we're all learning a fair amount I mean both the companies and and I think us. For example, I think I was like, you know, when zoom started being used in schools a lot, you know, a lot of teachers to be like, here's a picture of all my kids and zoom isn't this adorable they put around social media. And then like zoom, like, like, oh, we're going to retweet this because it is super cute. Without necessarily thinking like, oh, I just shared like all my, you know, these kids pictures their names, like on the internet. And again, people just like adjusting. You know, I think this happened, you know, when when social media first, you know, became popular. You know, I think people didn't quite think through long term implications and like, you know, people like their profile would be like them, you know, chugging a beer as they're applying the jobs, people, you know, I mean, I think policy interventions are going to be needed here. But I also think there's going to be some adjustment and so I think just trying to extend you can again a lot of being asked to people right now, but to be mindful and thoughtful and like before you turn the camera on like, look around or we cool here. I think is an important piece of hygiene people it's going to need to learn. And now we haven't mentioned this because I know we've been focused mostly on IOT, but I think phishing scams have been up during this time, especially around COVID and coronavirus related treatment scams, etc. So just being suspicious and skeptical when you're certain links like that. And I think that applies also to Justin's example like try to think through exactly like we're asking the Silicon Valley creators try to think through the possible poor use cases of the information you're about to share or the information you're about to enter. I would also suggest, you know, as I've mentioned a couple times before I think a password manager is incredibly important and helpful at this time. And having these conversations with your friends and family, I think is also probably one of the most helpful things you can do. If you're thinking about this and you're on this webinar and guarantee that you're probably putting more thought into your online digital practices and someone in your family is so sharing the information and helping them through the process I think would be incredibly helpful and sharing also that people are going to be trying to robocall or email or come at your family members with phishing schemes around coronavirus related information. That's a really helpful moment to just intervene with them and talk to them about being careful online. Thank you everyone. I know that I am spending more time online with my family than I ever have in the many years I've lived far away from them because everyone is, you know, trying to use all of these tools to stay connected and stay close and do whatever they can to get through this challenging time. So, Justin, Katie and Nat, I want to thank you for participating. We've had great engagement online and I really, really appreciate you bringing your expertise to this conversation. So, thank you and have a nice day everyone. Stay safe.