 And thank you all for coming to what has become an annual tradition here at DEF CON, which is the Ask the EFF panel. We are a selection of EFF employees from all aspects of our organization, and we're here to answer your questions. So first of all, I guess I should say a little bit about the EFF, and let me just quickly find out how many of you are EFF members. Alright, well thank you. Thank you each one of you. We rely on our membership to do what we do, and we really appreciate it. For those who are not, or might not be familiar with the EFF, we are a non-profit organization that is dedicated to defending your civil liberties online. So we fight for free speech, we fight for your right to privacy, we fight for innovation rights so you can make fair uses. If you own a device, you can do with it as you will, and shouldn't have to worry as much about things being locked down. So you have your freedom to tinker with toys and have yourself a good time when you're hacking with them. So briefly, before we get to this, what we're going to do is we're going to have each of the people here give a little introduction. My name is Kurt Oppsall. I'm a senior staff attorney at EFF. I've been there about eight years. I've been coming to DEF CON for most of that time. I specialize in civil liberties and focus a lot on free speech issues, whether that comes up in the form of your rights of freedom of expression or of privacy when you're trying to make anonymous speech and keep your anonymity online or it comes up in the context of say copyright where somebody is trying to stop you from speaking by putting forth a bogus copyright claim. And then a couple of other things before we head down the panel here. First, a brief announcement about EFF's e-voting process. So we have a AccuVote TSX e-voting machine here. And we were going to have Professor Alex Halderman come by who did some of the seminal work in hacking e-voting machines and worked with that to produce a hackable election. Unfortunately, he was not able to make it today. There's been some complications. So we're going to do a little bit of a revision to that where it's what is the coolest thing you can do with access to an e-voting machine. And we've got one. It's over by the hackers with guns booth in the contest area. And so if you're interested in trying to play around with an AccuVote e-voting machine, see what can be done with an LCD screen and have yourself a good time with it. Come by that, Bruce. Talk to us and let's try and make something really fun out of it. Brief word about the format here. So this is going to be a Q&A session after we give brief introductions. Just line up in front of the microphone as soon as we're done introducing ourselves. We'll get to each person in order. Please keep it to one question apiece. And then just go back to the line if you have another question. When you are asking your question, please don't tell us about your particular legal situation. Confidentiality is something we consider to be very important, trying to keep communications privileged. And this is not a confidential or privileged forum. So this is not the place to talk about something you're wondering if it was legal or not. If you do have a specific question and need our help with it, Rebecca Regan, who is our intake coordinator, sort of like a traffic cop to make sure that things go to the right place. She is the right person to talk to and she will help put you in touch with the right people. She'll say a little bit more about that in a second. When we give our answers, please understand that we are not giving you legal advice. This is again not the forum for doing that, but we will give some legal information and just talk about more generalities, information about the law as opposed to things which are specific to your situation. And one other last note, sometimes we may not be able to comment on something. For example, if it was something that we are involved in working on or we have a duty of confidentiality. So from time to time, something may come up if you have a question about a specific legal situation where we're just not in a position to comment and we will say so. We apologize if that, hopefully that won't come up too much, but just to prepare you for it. So without further ado, let me pass it down to Marcia. So we're all just going to very briefly introduce ourselves and give you a sense of the things that we tend to work on so that you know what types of issues might be up for discussion. So I'm Marcia Hoffman. I'm a senior staff attorney at EFF. I am part of EFF's Coders Rights Project, which is a project we introduced here at DEF CON a few years ago that works to help researchers and developers navigate the sometimes confusing legal waters that apply to their work. I also work on privacy, freedom of expression issues, computer crime, and security. Traditionally, I've also done quite a bit of freedom of information act work and so if you have open government questions, I'm happy to take those two. Hey everybody, my name is Hanny Fukuri. I am a staff attorney with EFF. I'm the newest staff attorney. This is my first time at DEF CON. I'm very happy to be here. I also work with Marcia in the Coders Rights Project and my focus is on criminal law. Before coming to EFF, I was a federal public defender for three and a half years and have quite a bit of criminal litigation experience and I hope to use that to help all you find people in this room. Hi everyone, I'm Kevin Bankston. I'm a senior staff attorney at EFF celebrating my eighth year at EFF and my seventh year at DEF CON. I focus on the government's surveillance beats. So in the past year, I've focused on convincing the Third Circuit that courts can require the government to get a warrant before they can seize cell site data about where your phone's been. Convince the Sixth Circuit that your email stored at Google or Yahoo or wherever else is protected by the Fourth Amendment such that the government has to get a warrant if it wants to seize it. And hopefully, thank you. Thank you very much. And hopefully on August 31st in Seattle in front of the Ninth Circuit we'll be convincing them that our lawsuit against the NSA for its warrantless wiretapping should proceed. So if you could send positive vibes to Seattle on August 31st, I'd appreciate it. My name is Abigail Phillips. I'm a senior staff attorney at the EFF. I focus on copyright and other online content issues. I do some net neutrality work too. That means a lot of intermediary issues, DMCA, circumvention type questions, legislation and Congress, so forth. Thanks. Hi, I'm Rebecca Regan. I'm the legal intake coordinator at EFF which means if you want something and you're not a journalist you have to talk to me first. I love to help people find the right information. I do a lot of traffic directing not only to our various attorneys but also referring people to attorneys who cooperate with EFF. We have a large list of attorneys who come to us because they work in the same area. They love the work we do. I actually just talked to a new one today who's really into what we do and wanted to help out. People whom we can't assist directly, we like to try to refer them. We also have, as you probably know, an amazingly vast and thorough website and I often help people find what they're looking for there. I'm Micah Lee. I'm a web developer at EFF and I also work on several of our many tech projects. A couple of those are HTTPS everywhere. It's a Firefox extension that uses a large list of rules to enforce HTTPS on websites you visit. Version 1.0 was just released yesterday with over 1,000 rules. You should get it. It's pretty awesome. There's also the SSL Observatory which is a project that we did by scanning every IPv4 address on the internet for the HTTPS port and gathered a ton of information about it. It's a giant database that people can do research with. Soon, HTTPS everywhere will include a decentralized observatory component so that if you opt in, you can choose to send certificates that you see to us. There's the open wireless movement where we are trying to convince people to keep wireless networks open and we're trying to help the community come up with guidelines for new standards that let you have wireless networks that are encrypted and open at the same time and other such things like that. Soon, we will be releasing a piece of software called CryptoLog which is a filter that you can use with Apache or other software that basically lets you log IP addresses in an encrypted fashion that you can't decrypt so that you could tell the difference between unique views and page views. Yes, and we have other projects as well. Hi, my name is Eva Galperin. I'm an activist with the Electronic Frontier Foundation. I focus primarily on intellectual property, privacy, and freedom of expression. I am also, I think, the only person here who does international work. So if you have questions about digital civil liberties issues that are focused outside of the United States, you can aim them at me. Okay, thank you very much then. So that's our panel and now let's turn it over to you with the questions. So please line up here in front of the microphone if you have a question and we would love to hear from you and let's start right now. Bill from Los Angeles. Bill working its way through Congress now. It's nicknamed the Internet Kill Switch. Could you just fill us in on the progress of that bill? Sure. There are a number of different cybersecurity initiatives being pushed in Congress right now. In fact, so many that there's kind of a traffic mess. The administration put out a proposal. There are several bills. There was a Lieberman Collins bill in the Senate that did have a component that would have given the President an emergency authority to, pardon me, trying to remember the exact language. But it would have given the President emergency authority to basically cut off systems from the Internet when there was a threat posed to critical infrastructure in response to a lot of public blowback and pressure and the frightening example of what Mr. Mubarak did in Egypt. Lieberman and Collins did remove that language from their bill and actually put in an explicit thing that said nothing in this bill shall be construed to allow the President to shut down the Internet, which was kind of funny. So the White House's proposal itself does not include any new emergency authority for the President, which I think was the right political choice for them. But right now the cybersecurity situation on the Hill is very confused and I'd be surprised if anything passed this year even though a lot of people would like to see something passed this year. Hey, guys. Thanks for being here. I've heard a claim that having or being responsible for an open wireless makes you, or gives you plausible deniability as to the usage if you have no logs. What's the reality of this? So if you have an open wireless, so this is something that I've heard a fair amount of and say is the notion that if I have an open wireless, well, then it's not provable whether it was me or not who did a particular thing. And the reality of the situation is oftentimes there are a lot of other factors other than the open wireless such as things that are on your computer itself or other indicia that will be used in combination with it. On the whole, it is actually a fairly rare circumstance in which somebody has been able to get out of an accusation because they said that their neighbor did it or somebody got onto my Wi-Fi and it wasn't me and more often than not under those circumstances further investigation forensics on their computer and other indicia have shown that it really wasn't the neighbor. There have been a couple of scary instances and there was one that happened in the last couple of months where it really was a neighbor who got onto somebody's Wi-Fi and did some evil things. And in that case, the investigation looking at the situation showed that it was unlikely that it was that person's computer further investigation led it to the neighbor. So there's a lot of things that are going to go into an investigation and if you're going to be relying upon the notion that I have an open Wi-Fi so it wasn't me, make sure that that's true because they'll be looking at things other than just the question of whether or not you have an open Wi-Fi. It's a quick follow-up. So you guys overall would say that having an open Wi-Fi is not a danger to being falsely accused of something. I didn't hear you say that. Well, so having an open Wi-Fi, there are a lot of things that could happen. How frequent they are is a question that you have to consider. And if a lot of people have open Wi-Fis, then that will make it available to a lot of people and it will make it so that the incidents of people who are using them for ill won't be concentrated. So one of the advantages of having a lot of people having open Wi-Fi and making it available is to spread around the risk and make greater availability for all. There are some things that you might do if you want to have a free Wi-Fi available to the people as a good Samaritan but still have your own system. You could also have an open Wi-Fi and plus you have your own system which is separate from that. And so you're helping the world out by allowing for connectivity and then you have your own traffic go through a separate system. Hi. My question actually has a slight connection to that. If someone has a criminal background, let's say hacking or fraud or something along those lines, they've completed their sentencing but they want to get involved in the community. Are there specific things they should avoid such as maybe running a tour exit node or having open Wi-Fi because if somebody were to do something illegal over that they may be instantly suspected as the person committing that crime. Should they avoid things like that and get involved in other ways? So if you have a prior criminal conviction for some sort of hacking activity, I think common sense would say be very careful what you do in the future because as you said, the way a person's background does matter to the government when they're trying to determine who is and who is not responsible for a crime. So if they have between two people who are doing the same exact action if one person's got a prior record for the same exact thing and one person doesn't, obviously they're going to focus their attention onto that person. I wouldn't say that means you should never do anything and you should live in a bunker and never touch a computer. I just think that you need to be very, very careful with what you do and take whatever necessary precautions that exist to avoid getting yourself to be the subject of scrutiny. I would also say that if you do end up finding yourself convicted again, the penalties are going to be increased because of your prior record in a number of ways. The maximum penalties can be increased under the statute and then under the kind of complicated sentencing scheme that is kind of parallel to the maximum penalties, your criminal record is taken into account so you will find yourself in more trouble and so the penalties do increase. To the extent of you're thinking about doing an open Wi-Fi or running a Tor Exit node, your background should be something you should absolutely keep in mind before you do something that could be potentially risky. I'd like to follow up just quickly also, particularly on the Tor Exit node point. There are a number of things that you can do if you run a Tor Exit node to decrease the amount of risk that you face from being mistakenly identified as the source of traffic that comes from that node and the Tor project actually has a really excellent blog post on its website that talks about some of the things that you can do to be a little more careful and if you take a look at our legal FAQ, we link to that post but we have some thoughts about it too. So there are certainly things that you can do to do something like support the Tor network by running an Exit node or another type of relay or help the community at large and take certain actions yourself that make your behavior a little less risky than it might otherwise be and that's certainly a good idea if you have a prior criminal record. And last of all, I would add that if you're not comfortable running a Tor Exit node, especially after reading our legal FAQ and the blog post on the Tor website, that you should consider running one of the middle relays instead. Hello. First I'd like to thank you for helping independent security researchers like myself tackle a lot of the legal issues. Your work helps a lot of us sleep at all at night. Thank you. Second of all, I'd like to ask a little bit of information. I know that there's a case in Colorado regarding an encrypted laptop and the government seizing that laptop and trying to get the user to disclose that password and forcing them to basically unencrypt their data for the purposes of furthering their criminal investigation. Could you tell us a little bit about that case and the work that you're doing with that case? Absolutely. And actually, I'm curious, how many people in the room are interested in that case? That's what I thought. So if it's okay with you guys, I would just like to take a few minutes to chat a little bit about this and kind of lay out the background and all of this and this may answer some other questions that some of you may be in line to ask. So I'm going to start with a little bit of legal background, okay? There is a Fifth Amendment right in the U.S. Constitution to not be forced to be a witness against yourself. And basically what that means is that the government cannot compel you to testify in a manner that would incriminate you. So we're talking about three factors here. Compel, testimony that's incriminating. And, you know, shorthand, sometimes we call this the right against self-incrimination, okay? Now, one important question here is, you know, what is testimony? And basically what this means is that you can't be forced to communicate something in your mind, you know, knowledge that you have in your mind. So if it's something that already exists, like if it's something that you, you know, a document that you wrote that's sitting on your laptop, that in and of itself does not implicate the privilege, all right? This is a privilege that only comes into play when you're being forced to communicate knowledge that you have in your mind. And, you know, another interesting question is what does it mean to incriminate, okay? So incriminating information is information that would provide a link in a chain of evidence that the government might use to charge you with a crime in the future. So it's not even necessarily something that, you know, it indicates that you committed a crime. I mean, it's something that might lead the government to charge you, all right? So that's kind of like the basic concept that we're talking about. And in the past few years there have been very few handful of cases that have come up in relatively low level courts. Dealing with the question of how this privilege applies to encryption passwords. So basically, can you be forced to turn over your password? Can you be forced to speak it? Can you be forced to type it into your computer? Can you be forced to unencrypt your data and hand it over to the government? Or does the Fifth Amendment protect you against that? And, you know, the courts have, you know, kind of been struggling to figure out how this works. There was a case in Vermont that was the first, you know, we've talked about this at prior DEF CONs, you know, the first to talk about this issue. And it involved a man who was coming over the Canadian border and his car was searched by a border agent and he had a laptop in there that was on. And the border agent wanted to look at the laptop and the guy said that he could. And so the, you know, agent, you know, with the man's consent, you know, took a look around at some of his files and he found some stuff that he thought looked like child porn. So he seized the computer, shut it down. Later, when he, you know, the government tried to boot the computer back up, it turned out that the drive that contained those files was encrypted. And so they asked a court to force this man to type his password into the laptop to unencrypt the data. And, you know, a magistrate judge, a magistrate judge is kind of, you know, a fairly low level judge actually about as low level as they get, said, you know what, I think that violates this guy's right against self-incrimination because, you know, the password exists in his mind and basically you're forcing him to perform an act that communicates that knowledge. And when he types that password into the laptop, it's going to show that he has control over those files, which is an incriminating fact. And so, no. So then the government comes back and says, okay, okay, okay, but what if the court were just to compel him to decrypt his laptop and just to provide a decrypted version of the information? How about that? And the judge looked at that, actually, a district court judge, a little higher level, looked at that and said, well, okay, it's not quite the same situation. And in a situation like this, actually, like, the government's already seen these files anyway, and they know exactly where they exist. They exist in a certain drive. And if he provides that unencrypted data, then the government isn't going to learn any more than they already know. And so basically the gap between this man's knowledge and the government's knowledge is not really, there's nothing, there's no gap there. So, you know, basically he's not really being forced to be a witness against himself. So in that case, he had to turn over the data, all right? And then, you know, there have been a couple of other cases, you know, where judges have looked at this, analyzed it all that carefully. You know, there's one in Michigan where, you know, the government wanted an individual to be forced to turn over his password, and the court said no. So that takes us to this most recent case. There's this case in Colorado. It's called United States versus Forkosu. It involves a situation where two people, they used to be married to each other, so they're now husband and ex-wife, and they've been indicted on charges involving mortgage fraud. Before the indictment came down, the police served a search warrant to search the home where they used to live together and where, you know, the woman now lives with her family. And they seized several computers, including an encrypted laptop from her bedroom. And after that stuff was seized, this woman had a conversation over the phone with her ex-husband, who at the time was in prison. And, you know, when you're in prison, they record your phone conversations. And so the government has a record of this conversation. And in this conversation, you know, she discussed the computers that had been seized and mentioned that there was an encrypted laptop and that, you know, there might be some stuff on there that the government might be interested in. So the government went to the judge and said, we would like you to order her to enter her password into the laptop or provide an unencrypted version of the data. And this is a situation like, you know, the one in Vermont basically, because we have this telephone conversation where she talked about the fact that, you know, there's stuff on there that is probably of interest to us in incriminating. And so we know that it's there. And it's just a matter of her turning it over at this point. And, you know, when we saw this case, we thought, wow, you know, that's potentially a really interesting case. And, you know, it looks better than that Vermont one. So we've gotten involved as an amicus. What that means is that we don't represent her directly. We don't represent any party, really. We represent EFF and we're basically saying, hey, you know, we think that there are certain issues that the judge should be careful of here because they're going to have big implications for a lot of people. And so this was our take on it. We said, you know, we think that providing the password, either typing it in or providing an unencrypted version of the data, is protected by the Fifth Amendment because it is an act with testimonial aspects. Basically it would tend to show that she has control over those files and it would also tend to authenticate that data. Now the government has said that they want to give her immunity for the act of typing her password into the computer and what the effect of that would be is, you know, they can't use it against her. And often that will actually nullify the Fifth Amendment privilege against self-incrimination because if they're not going to use it against you, it's not incriminating, okay? We think that the immunity that the government has offered her, which is to, you know, the immunity for the act of typing it in, isn't enough. You know, we think that the immunity in order to actually, you know, be the same in scope as her privilege would have to also extend to, you know, any derivative use of the information. So, you know, we think that the immunity covers not only the entering of the password as an act, but would also, you know, protect the data that is stored on the computer. So, you know, that's kind of where the case stands at the moment. There was a hearing on the issue a couple of weeks ago and a few days later the judge said that he is pretty skeptical of the government's argument and in fact his big skepticism at this point is that the government has really shown that the computer that they want, that they expect her to unencrypt is the computer that was discussed in that conversation. You know, the judge says that he wants to hear more evidence about that and so that's going to happen in October and we'll see if the government, you know, has any more to say on that point, aside from what they heard her, you know, say in this conversation with her ex-husband. So yeah, so that's the deal and if you all have follow-up questions, you know, feel free to bring them up and we'll talk about it more. Also, thank you for the work that you do and it's very much appreciated. A couple of years ago there was a lot of focus on frivolous software patents and the abuse of those patents to suppress open source software and things like that and I believe you guys were involved a little bit in that trying to open it up a little bit but I haven't heard anything since then and I was just wondering if you might be able to comment on where that stands if you've been able to gain any ground in suppressing those kinds of frivolous patents. So software patents and business method patents are some of the great concerns that have come out of the patent system. The patent system has a lot of problems because it locks up an idea and a lot of times people are getting these patents by bringing them to the patent office who doesn't have the time or the resources to really look at what the prior art is and allowing people to get legal rights into an idea that actually had been known within the industry previously to that or is sort of not an advancement on the art is an obvious thing to do and some of these patents then can be used to stop innovation and say that you can't have it be an open source software because it has to be licensed from the patent holder or that it even implements this method. So we don't have on the panel today Julie Samuels who is our patent lead but I can tell you just a little bit about it and you can go to our website for more information. So we have a patent busting project and that is going through the process of looking at what we consider to be some of the worst patents out there and go through the patent and trademark office to explain to them why those patents were improperly issued and this is called a re-examination. Now the re-examination process is actually not a particularly speedy process it requires a lot of work a lot of gathering information and then you have to present that to the patent office and wait for them to deal with it so we started this project a number of years ago with ten patents in mind we are working our way through them we're not through that set left there's a number of them left I'm not sure exactly how many but if you go to our website the patent busting project will give a nice graphic of where these various things are and we also have been interested in patent reform ideas there's a lot of notion out there that maybe putting some reforms on the patent office to make them less likely to grant bad patents and also through the case law system by trying to explain to courts that some of these principles in how they're applying the patent law to make it a little bit better for innovation So to answer the question a little more directly yes we're working on a lot of stuff but specifically what we are working on over the summer and which we're hoping to launch early in the fall is an entire campaign revolving around education about software patents where we hope to give people tools to understand the software patent system give them some idea of what the problem is with patents and what they can do if they're in various places in the innovation stack for example if you are an engineer and you're working for a startup and your boss comes to you and asks you, you know, hey what are you working on because we need to patent as much of this stuff as possible so that we can show it to our VCs we give you a whole little worksheet that will help you understand what your options are and what kind of suggestions you can make to the people running your company so that you don't wind up having to patent all of your work especially with meaningless gobbledygook patents that are essentially just being used to impress VCs and get money we also are working on a little FAQ for students who are doing academic research and we're working on an FAQ for VCs who we think really need to be educated about how these patents work and why a large portfolio of patents is actually not a good idea for startups or large companies and winds up hurting innovation rather than helping to foster it I just wanted to say thank you for your work I had an account on the Illuminati bulletin board back in the day when it was seized so I've been following you guys for a long time my question is on copyright law if you tilt the mic up it might catch you a little bit more my question is on copyright law I remember back when the last set of copyright extensions went through some of my friends were referring to them as the Steamboat Willie copyright extensions because every time Steamboat Willie was about to go out of copyright it's not quite yet but we're coming up on that date do you have a sense is there a set of lobbying coming up to try and extend copyright law some more or are we going to finally see some things slip into the public domain I'm not aware of anything at the moment I mean I expect that we'll see it when the time comes like you said one thing we have seen is a study by Congress that's looking at sound recordings specifically in copyright for sound recordings pre-1972 aren't covered by federal copyright law and that actually means that those don't fall into the public domain as a group until 2067 which is really long time from now and one of the proposals on the table and again this is being studied and lots of folks have had input including EFF one of the proposals would be to bring it out of state copyright law under federal copyright law which would actually mean that those works would go into the public domain sooner which would be interesting so that's potentially a positive result on the horizon but as far as the general copyright term extensions sorry yeah not aware of anything going on at the moment hi again thank you for your work much appreciated my question is about the police seizing your cell phone when you videotape something that happened in particular there was a shooting on Miami Beach a couple weeks ago where a bystander videotaped the cops shooting some people in a car and then they seized his phone searched it and gave him a receipt or whatever of seizing it my question is if you're a bystander can the police seize your phone as evidence and also on the same lines I hope it's not too much but with the TSA starting to do searches at train stations, Amtrakts and Metro can you walk away if the TSA wants to search you is there any remedy for any what I would consider a random search at that moment because it's kind of the same thing well I can speak to the videotaping of the of the arrest and I'm not familiar with the incident you mentioned in Florida but generally speaking there have been attempts by the police to kind of forcefully seize cell phones that have been used to capture like arrests made on the streets and technically speaking that's improper there's really no prohibition necessarily on videotaping there are a separate set of laws and rules regarding the recording of audio transmissions which fall under the wire tap act and Kevin's the expert on that and I can defer to him on that issue but with respect to videotaping there isn't necessarily any you know at least there's no federal crime that I'm aware of and every state obviously has its own set of rules but there aren't as far as I know of and again I could be wrong but as far as I know there aren't any laws that specifically prohibit the videotaping of what's essentially a public encounter now can the police seize that cell phone as evidence would the search warrant absolutely without a search warrant it's a little bit of a trickier question typically the police you know the fourth amendment they need a warrant in order to seize and search any sort of item including electronic devices including your cell phone there are always exceptions to that if you consent to the search they could search it if they have probable cause to believe that there's evidence of a crime that is under an imminent threat of destruction that may be an instance where they may be able to you know take that phone and seize it if they take it under that pretext they can't then decide well now that we found the video of the shooting let's also go rifle through all of his text messages and see what else he's got on there and you would have a remedy for that under if you ultimately get you know charged with a crime it would be through a suppression motion where you try to get the evidence thrown out if you're not charged with a crime you could have a remedy through a 1983 suit that's basically like a lawsuit where you claim that the government has somehow violated your civil rights so that would be your right to be free from an unreasonable search and seizure now the practical reality is oftentimes the police just take what they want to take and then you know in those instances in the heat of the moment I think police tend to make kind of snap decisions like that and so you know you would still have those same remedies I discussed in terms of like a 1983 suit with respect to your question about TSA and walking away from a search you know again like if you know if you walk away you walk away you're not going to get searched but you're not going to board your train either in all likelihood do you have a remedy again you could potentially bring a civil rights suit if you feel like the search was intrusive but I think unfortunately they probably have a hard time making that argument because the courts have generally recognized that the government has a very strong compelling interest in requiring passengers on mass transit trains and airplanes and what not to be searched in order to protect the safety of everybody else I'll add to that I haven't looked at this issue in a few years I'll admit but I do remember there was at least one case and possibly more where I should back up a little bit so there is this administrative search doctrine where the government can search you for purposes other than criminal law enforcement for example when they stop you you know when they do drunk checkpoints that's an administrative search because the main purpose is not to catch the it's not to give you a ticket for being drunk it's to keep the drunks off the road and keep everyone else safe this has turned into a very broad exception for searches it's also used to justify searches at for example the airport because the purpose is not to catch criminals it is to stop bombs and other weapons from getting on the planes and the case that I recall did involve someone who had entered the security area and then decided oh no wait I don't actually want to go through this search and was like no that's okay I'm not going to get on the plane and they insisted on searching him anyway and the court did uphold that search you know once you had entered the area where the searches are occurring you've essentially consented they sort of mixed up the doctrines of administrative search and consent to search but either way they did uphold that search in many ways you know as handy says but the authority figure will make a snap decision and ultimately unless you want to physically resist which is not a good idea it's not really going to matter what the law is what the law is is going to matter if and when you sue them or they prosecute you afterwards and if you are going to be photographing or videotaping police in a situation where they might seize your phone I think a technical solution is good and not just relying on cops not breaking laws or anything like that and there is a smartphone app right now called OpenWatch which you can record audio or video and it uploads it to the internet immediately and I think that there's other apps and cop watch type apps getting developed for smartphones and I think even the Google Plus app lets you upload pictures immediately so that might be a good idea to enable so that if your device does get seized you have a copy of it so thank you let me add one thing real fast and I'm sorry to interrupt but like I said there is no federal law that covers the crime of videotaping an officer now that doesn't mean that state laws will always have their own contours but there can be other instances where state law can be a different state law impeding an investigation or obstruction or any of those things can be used and try to stretch to fit into those facts a useful resource the reporters committee for freedom of the press rcfp.org they have some various FAQs and 50 state surveys where they try and provide information to journalists about these sort of issues whether they can tape what the law is in a particular state it's a valuable resource so check it out for your own state I second that it's great it's called can I record so just google or yahoo for can I record and you'll find it actually that was a good segue for my question is your foundation doing anything to defend a journalist named Julian Assange do you have any general observations about wiki leaks do we want to start with twitter our most direct involvement go ahead start with twitter our most direct involvement in the controversy over wiki leaks is the government issued a court order to twitter to obtain logs regarding a number of people related to wiki leaks including mr. Assange and we represent one of those people and are working with the lawyers who represent several of the other targets of that order in resisting that order twitter did a mitzvah did a wonderful thing in pushing the government to consent to the feeling of that order such that we could come in and challenge it and that case is ongoing in terms of general observations I think one of our main general observations which we posted on our blog is that ultimately wiki leaks is a publisher the first amendment protects publishers whether or not you agree with wiki leaks tactics or politics is beside the point legally speaking the first amendment protects the publication of true information and the supreme court in the pentagon papers case made clear that in terms of the government wanting to exert a prior restraint on that publication the fate of the nation would have to turn on it basically they have yet to explicate in a particular standard yet that pentagon papers decision was somewhat fractured but it was clear that government would have to meet a very very very high standard if they wanted to legally compel the stoppage of publication of the wiki leaks material any other thoughts or comments I just want to note that this is a subject that we've been watching very very carefully and speaking from the perspective of the legal team you know we're often looking for legal disputes to arise and figure out the best way to get involved in them and you know at this point this is an ongoing criminal investigation and you know we will be very interested to see if any legal case actually ever comes of it but you know at this point we've been as involved in the criminal investigation as we've had an opportunity to be so it's something that we're continuing to keep an eye on and you know we expect to watch very closely for developments I was excited to hear that you're working on standards really into having Wi-Fi networks that are both open and encrypted because that's such a ridiculous hole in technology right now can you talk a little bit more about those efforts and most importantly what's the current prediction for how soon we might see that like wide scale and you know consumer equipment so at the moment we are so what we're trying to do is convince other people to work on these standards and maybe work on them ourselves if possible but but some things that we want to come out of it is have open networks that you don't need a password to connect to but that has encrypted communications and we want to make it so that you can segment your network so that people from the public can connect to your network but not actually have access to not be able to create routes to your hosts so that you don't have to worry about people hacking you because you're providing open networks and bandwidth prioritization so that if people are like using a ton of bandwidth that your bandwidth gets priority and all these things and so we want to come up with new standards and hopefully sometime get them built into routers and network cards what are your expectations right now not yet it's we haven't done all that much so far but yeah cool I just want to say props EFF and my girl Jennifer back in the day my question is based on sort of some recent current events where a Middle Eastern country took a database of people of interest and ran this against a social networking site based on this information they identified potential sympathizers of a controversial flotilla I was wondering if there was any protection under US law that may allow or prevent activity like this and I'd cite examples such as world trade meetings and things like that where people are being denied entrance based on their associations rather than proven information well one of the things that actually was kind of an interesting talk that occurred earlier this week was a study showing about facial recognition and using that by comparing it with social networking people were able to use facial recognition and look at the database of faces that were up on Facebook and other sites to find out a lot about people and this is one of the things that happens when a lot of information is made public we're just going to keep this sort of general legal information as opposed to sort of specifically about a particular flotilla or not but the issue that arises here is like in the United States law which is a lot of where we're focused you have some privacy rights and they're about public disclosure of private facts but it's not a very good argument that a picture of yourself that you post on a social network is a particularly private fact the private facts that is generally considered sort of the intimate details of your relationships with your significant other whether or not you're gay these sort of private facts that somebody might know about you and then they publicize that that could be the public disclosure of private facts when it is something that is available to the public very widely you're not going to get a lot of traction on saying that that is a private piece of information that can't be used and this creates a lot of issues I mean not just in this sort of the sphere where people are using the information to ban somebody from a particular thing it can also be used by government one of the things that is the test for whether your fourth amendment rights and how they interplay is the reasonable expectation of privacy as more things become public then there's sort of a different set of arguments about the reasonable expectation of privacy one of the things that we push for with social networks is to make sure that people are doing good practices by making sure the customers the users of the service know what they're doing know what information is going to be public and which information is not going to be public so making informed decisions we don't like it when something is required to be public so that you can't put a setting that is more restrictive than public on it but this is an ongoing an ongoing battle sir good afternoon my question is someone in alignment with the gentleman I think for ahead of me talking about random searches at public transportation areas but mine is about an American citizen a US citizen coming into the country from overseas from Canada, Mexico and being required to provide a laptop and then provide a decryption key if the laptop is encrypted what about the constitutional you know fourth amendment unreasonable search and seizure protections and things like that thank you so the fourth amendment generally protects against unreasonable government searches and seizures and what that means is that you know if searches as a general matter the government has to get a warrant in order to do a search this is not the case at the border at the border the courts have decided that a search is reasonable because it's at the border and so no warrant is needed and in fact for the most part they can search your stuff and you know most of your you know person without you know a modicum of suspicion you know they need reasonable suspicion when it's an unusually intrusive search and when I mean unusually intrusive I mean like the interior of your body now there have been several court cases that have examined how this applies to laptops and you know there are lawyers who have made very valiant attempts to argue that a laptop is not like a suitcase it's not like a briefcase it contains a whole lot more information and it is a very intimate portrait of a person's life and it is a very intrusive search and unfortunately the courts have not agreed and the state of the law as sad as it is is that the government doesn't need any suspicion of wrongdoing whatsoever to search your laptop in order and in fact they can just do it randomly in fact if they wanted to they could probably search everyone if they had the capability they might and so you know I think at this point in time the best solutions are probably technical ones and not legal ones or legal remedies that is and in fact one of my colleagues that's shown one of our senior staff technologists and we're working on a white paper that is a comprehensive examination of the technical solutions that are available for people who want to protect their data at the border he's going to be discussing that at CCC in Berlin later this month and if any of you are going to be there you should go check it out and for those of you who won't be there keep an eye out for our white paper which we plan to post on our website soon but technology solutions aside what I'm hearing is that an American citizen has no rights at the border unfortunately you have very few rights at the border even American citizens so we are out of time thank you for all the great questions we're now going to move on to the Q&A room also just one last plug of those of you who might be interested in playing around with an e-voting machine we have one set up over at the back the gun hackers with guns booth in the contest area so check that out we will see you soon in the Q&A and see you around the clock